link-header-preload-nonce.html (1498B)
1 <!DOCTYPE html> 2 <script src="/resources/testharness.js"></script> 3 <script src="/resources/testharnessreport.js"></script> 4 <script src="/common/utils.js"></script> 5 <script src="/preload/resources/preload_helper.js"></script> 6 <body> 7 <script> 8 9 async_test(t => { 10 const id = token(); 11 const pageUrl = 12 '/common/blank.html?pipe=' + 13 '|header(content-security-policy, script-src \'nonce-abc\')' + 14 `|header(link, <${encodedStashPutUrl(id)}>;rel=preload;as=script)`; 15 16 const w = window.open(pageUrl); 17 t.add_cleanup(() => w.close()); 18 19 step_timeout(async () => { 20 try { 21 const arrived = await hasArrivedAtServer(id); 22 assert_false(arrived, 'The preload should be blocked.'); 23 t.done(); 24 } catch (e) { 25 t.step(() => {throw e;}); 26 } 27 }, 3000); 28 }, 'without nonce'); 29 30 async_test(t => { 31 const id = token(); 32 const pageUrl = 33 '/common/blank.html?pipe=' + 34 '|header(content-security-policy, script-src \'nonce-az\')' + 35 `|header(link, <${encodedStashPutUrl(id)}>;rel=preload;as=script;nonce=az)`; 36 const w = window.open(pageUrl); 37 t.add_cleanup(() => w.close()); 38 39 // TODO: Use step_wait after 40 // https://github.com/web-platform-tests/wpt/pull/34289 is merged. 41 step_timeout(async () => { 42 try { 43 const arrived = await hasArrivedAtServer(id); 44 assert_true(arrived, 'The preload should have arrived at the server.'); 45 t.done(); 46 } catch (e) { 47 t.step(() => {throw e;}); 48 } 49 }, 3000); 50 }, 'with nonce'); 51 52 </script> 53 </body>