sharedworker-script-src.sub.html (1302B)
1 <!DOCTYPE html> 2 <script src="/resources/testharness.js"></script> 3 <script src="/resources/testharnessreport.js"></script> 4 <!-- Test the 'script-src' directive on shared workers --> 5 <meta http-equiv="content-security-policy" content="script-src 'self' 'nonce-a' blob: filesystem:"> 6 <script nonce="a"> 7 promise_test(async () => { 8 // Shared workers do not inherit CSP. 9 await fetch_tests_from_worker( 10 new SharedWorker("./support/script-src-allow.sub.js")); 11 12 // Service workers honor CSP received in their response headers. 13 await fetch_tests_from_worker( 14 new SharedWorker( 15 "./support/script-src-self.sub.js?id={{$id1:uuid()}}" + 16 "&test-name=script-src 'self'" + 17 "&pipe=sub|header(Content-Security-Policy," + 18 "script-src 'self' ; report-uri " + 19 "/reporting/resources/report.py?op=put%26reportID={{$id1}})")); 20 21 // Also check that script-src falls back to default-src. 22 await fetch_tests_from_worker( 23 new SharedWorker( 24 "./support/script-src-self.sub.js?id={{$id2:uuid()}}" + 25 "&test-name=default-src 'self'" + 26 "&pipe=sub|header(Content-Security-Policy," + 27 "default-src 'self' ; report-uri " + 28 "/reporting/resources/report.py?op=put%26reportID={{$id2}})")); 29 }); 30 </script>