worker-src-none.sub.js (993B)
1 importScripts("{{location[server]}}/resources/testharness.js"); 2 importScripts("{{location[server]}}/content-security-policy/support/testharness-helper.js"); 3 4 let cspEventFiredInDocument = false; 5 self.addEventListener("message", e => { 6 if (e.data == "SecurityPolicyViolation from Document") { 7 cspEventFiredInDocument = true; 8 } 9 }); 10 11 async_test(t => { 12 const url = new URL("{{location[server]}}/content-security-policy/support/ping.js").toString(); 13 const w = new Worker(url); 14 w.onmessage = t.unreached_func("Ping should not be sent."); 15 Promise.all([ 16 waitUntilCSPEventForURL(t, url) 17 .then(t.step_func_done(e => { 18 assert_equals(e.blockedURI, url); 19 assert_equals(e.violatedDirective, "worker-src"); 20 assert_equals(e.effectiveDirective, "worker-src"); 21 assert_false(cspEventFiredInDocument, "Should not have fired event on document"); 22 })), 23 waitUntilEvent(w, "error"), 24 ]); 25 }, "Nested worker with worker-src is disallowed."); 26 27 done();