sharedworker-connect-src.sub.html (1270B)
1 <!DOCTYPE html> 2 <script src="/resources/testharness.js"></script> 3 <script src="/resources/testharnessreport.js"></script> 4 <!-- Test the 'connect-src' directive on shared workers --> 5 <meta http-equiv="content-security-policy" content="connect-src 'self'"> 6 <script> 7 promise_test(async () => { 8 // Shared workers do not inherit CSP. 9 await fetch_tests_from_worker( 10 new SharedWorker("./support/connect-src-allow.sub.js")); 11 12 // Shared workers honor CSP received in their response headers. 13 await fetch_tests_from_worker( 14 new SharedWorker( 15 "./support/connect-src-self.sub.js?id={{$id1:uuid()}}" + 16 "&test-name=connect-src 'self'" + 17 "&pipe=sub|header(Content-Security-Policy," + 18 "connect-src 'self' ; report-uri " + 19 "/reporting/resources/report.py?op=put%26reportID={{$id1}})")); 20 21 // Also test that connect-src falls back to default-src. 22 await fetch_tests_from_worker( 23 new SharedWorker( 24 "./support/connect-src-self.sub.js?id={{$id2:uuid()}}" + 25 "&test-name=default-src 'self'" + 26 "&pipe=sub|header(Content-Security-Policy," + 27 "default-src 'self' ; report-uri " + 28 "/reporting/resources/report.py?op=put%26reportID={{$id2}})")); 29 }); 30 </script>