prefetch-allowed-by-any-directive.sub.html (1439B)
1 <!DOCTYPE html> 2 <html> 3 <head> 4 <script src="/resources/testharness.js"></script> 5 <script src="/resources/testharnessreport.js"></script> 6 <script src="/common/utils.js"></script> 7 <script src="/common/get-host-info.sub.js"></script> 8 <script src="/content-security-policy/support/testharness-helper.js"></script> 9 <script src="/content-security-policy/support/prefetch-helper.js"></script> 10 <meta http-equiv="Content-Security-Policy" content="default-src 'none'; script-src 'self' 'unsafe-inline'; style-src 'unsafe-inline'; img-src http://{{domains[www2]}}:{{ports[http][0]}}"/> 11 12 <script> 13 const { OTHER_ORIGIN, REMOTE_ORIGIN } = get_host_info(); 14 15 promise_test(async (t) => { 16 const url = new URL("/common/dummy.xml", location.href); 17 assert_true(await try_to_prefetch(url, t)); 18 }, "Prefetch should succeed when restricted by default-src but allowed by " + 19 "other directive"); 20 21 promise_test(async (t) => { 22 const url = new URL("/common/dummy.xml", REMOTE_ORIGIN); 23 assert_false(await try_to_prefetch(url, t)); 24 }, "Prefetch should fail when restricted by default-src and different " + 25 "origin allowed by other directive"); 26 27 promise_test(async (t) => { 28 const url = new URL("/common/dummy.xml", OTHER_ORIGIN); 29 assert_true(await try_to_prefetch(url, t)); 30 }, "Prefetch should succeed when restricted by default-src but origin " + 31 "allowed by other directive"); 32 </script> 33 </head> 34 <body></body> 35 </html>