blockeduri-ws-wss-scheme.html (1867B)
1 <script src="/resources/testharness.js"></script> 2 <script src="/resources/testharnessreport.js"></script> 3 <script src="/common/get-host-info.sub.js"></script> 4 <script> 5 6 const info = get_host_info(); 7 8 const nextCSPViolation = (test) => { 9 return new Promise((resolve, reject) => { 10 document.addEventListener("securitypolicyviolation", resolve, {once: true}); 11 test.step_timeout(() => reject("timeout"), 3000); 12 }); 13 }; 14 15 const redirector = get_host_info().HTTP_REMOTE_ORIGIN.replace("http", "wss") + 16 "/common/redirect.py"; 17 18 promise_setup(async () => { 19 const meta = document.createElement('meta'); 20 meta.httpEquiv = "Content-Security-Policy"; 21 meta.content = "connect-src " + redirector; 22 document.getElementsByTagName('head')[0].appendChild(meta); 23 }, "Install <meta> CSP"); 24 25 promise_test(async test => { 26 const url = get_host_info().HTTP_ORIGIN.replace("http", "ws") + "/path"; 27 const violation = nextCSPViolation(test); 28 try { new WebSocket(url); } catch (e) {} 29 assert_equals((await violation).blockedURI, url); 30 }, "ws"); 31 32 promise_test(async test => { 33 const url = get_host_info().HTTP_ORIGIN.replace("http", "wss") + "/path"; 34 const violation = nextCSPViolation(test); 35 try { new WebSocket(url); } catch (e) {} 36 assert_equals((await violation).blockedURI, url); 37 }, "wss"); 38 39 promise_test(async test => { 40 const url = get_host_info().HTTP_REMOTE_ORIGIN.replace("http", "wss") + "/path"; 41 const violation = nextCSPViolation(test); 42 try { new WebSocket(url); } catch (e) {} 43 assert_equals((await violation).blockedURI, url); 44 }, "cross-origin"); 45 46 promise_test(async test => { 47 const url = get_host_info().HTTP_ORIGIN.replace("http", "wss") + "/path"; 48 const violation = nextCSPViolation(test); 49 try {new WebSocket(redirector + "?location=" + url); } catch (e) {} 50 assert_equals((await violation).blockedURI, url); 51 }, "redirect"); 52 53 </script>