csp-document-disallow.html (948B)
1 <!DOCTYPE html> 2 <meta charset=utf-8> 3 <meta http-equiv="Content-Security-Policy" content="script-src 'self' 'unsafe-inline'"> 4 <script src="/resources/testharness.js"></script> 5 <script src="/resources/testharnessreport.js"></script> 6 <script src="early-hints-helpers.sub.js"></script> 7 <body> 8 <script> 9 const SEARCH_PARAMS = new URLSearchParams(window.location.search); 10 const POLICY = SEARCH_PARAMS.get("early-hints-policy"); 11 12 promise_test(async (t) => { 13 const resource_url = SEARCH_PARAMS.get("resource-url"); 14 15 // Resume the delayed preload. 16 const resume_url = SEARCH_PARAMS.get("resume-url"); 17 await fetch(resume_url); 18 19 // Wait for the preload to finish. 20 await new Promise(resolve => t.step_timeout(resolve, 300)); 21 22 // The preload should be denied by CSP. 23 await promise_rejects_js(t, Error, fetchScript(resource_url)); 24 }, `Early hints preload CSP = ${POLICY}, document disallowed the preload later.`); 25 </script> 26 </body>