tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

csp-allowed.https.window.js (866B)

      1 // META: title=FetchLater: allowed by CSP
      2 // META: script=/common/utils.js
      3 // META: script=/common/get-host-info.sub.js
      4 // META: script=/fetch/fetch-later/resources/fetch-later-helper.js
      5 'use strict';
      6 
      7 const {
      8  HTTPS_NOTSAMESITE_ORIGIN,
      9 } = get_host_info();
     10 
     11 // FetchLater requests allowed by Content Security Policy.
     12 // https://w3c.github.io/webappsec-csp/#should-block-request
     13 
     14 const meta = document.createElement('meta');
     15 meta.setAttribute('http-equiv', 'Content-Security-Policy');
     16 meta.setAttribute('content', `connect-src 'self' ${HTTPS_NOTSAMESITE_ORIGIN}`);
     17 document.head.appendChild(meta);
     18 
     19 promise_test(async t => {
     20  const uuid = token();
     21  const url = generateSetBeaconURL(uuid, {host: HTTPS_NOTSAMESITE_ORIGIN});
     22  fetchLater(url, {activateAfter: 0});
     23 
     24  await expectBeacon(uuid, {count: 1});
     25  t.done();
     26 }, 'FetchLater allowed by CSP should succeed');