reporting-isolated-across-navigations.https.sub.html (2646B)
1 <!DOCTYPE html> 2 <meta charset="utf-8"> 3 <title>Bug test page 1</title> 4 <script src="/resources/testharness.js"></script> 5 <script src="/resources/testharnessreport.js"></script> 6 <script src="resources/report-helper.js"></script> 7 <script> 8 promise_test(async t => { 9 await new Promise(resolve => { 10 window.addEventListener("message", resolve); 11 }); 12 // At this point, the reporting endpoint should have received all three 13 // reports. Ensure that reports from the first page are not batched with 14 // those from the second, or sent to its endpoint. 15 const csp1_uuid = "112868aa-4b59-57c7-a388-db909ef24295"; 16 const csp2_uuid = "612bf2ee-b9b8-5f8d-a239-0981c6ff057e"; 17 const reports1 = await pollReports('/reporting/resources/report.py', csp1_uuid); 18 const reports2 = await pollReports('/reporting/resources/report.py', csp2_uuid); 19 20 const url_prefix = "https://{{location[host]}}/reporting/resources/"; 21 22 // Validate that both received reports were CSP img-src violations from the 23 // same reporting source. Each image should be represented once, although the 24 // order does not matter. 25 26 assert_equals(reports1.length, 2, "First endpoint should receive two reports"); 27 28 assert_equals(reports1[0].type, "csp-violation"); 29 assert_equals(reports1[0].url, url_prefix + "first-csp-report.https.sub.html"); 30 assert_equals(reports1[0].body.disposition, "enforce"); 31 assert_equals(reports1[0].body.effectiveDirective, "img-src"); 32 33 assert_equals(reports1[1].type, "csp-violation"); 34 assert_equals(reports1[1].url, url_prefix + "first-csp-report.https.sub.html"); 35 assert_equals(reports1[1].body.disposition, "enforce"); 36 assert_equals(reports1[1].body.effectiveDirective, "img-src"); 37 38 var image_sources = [reports1[0].body.blockedURL, reports1[1].body.blockedURL].sort(); 39 assert_equals(image_sources[0], url_prefix + "missing1.png"); 40 assert_equals(image_sources[1], url_prefix + "missing2.png"); 41 42 // Validate that the report received from the second endpoint was also a CSP 43 // img-source violation, from a different URL. 44 45 assert_equals(reports2.length, 1, "Second endpoint should reecive one report"); 46 assert_equals(reports2[0].type, "csp-violation"); 47 assert_equals(reports2[0].url, url_prefix + "second-csp-report.https.sub.html"); 48 assert_equals(reports2[0].body.disposition, "enforce"); 49 assert_equals(reports2[0].body.effectiveDirective, "img-src"); 50 assert_equals(reports2[0].body.blockedURL, url_prefix + "missing3.png"); 51 }, "Reports should be sent to the correct endpoints"); 52 </script> 53 <body> 54 <h1>Bug test main frame</h1> 55 <iframe id="frame" src="resources/first-csp-report.https.sub.html"></iframe> 56 </body>