mozilla-central/testing/web-platform/tests/content-security-policy/inside-worker/support/connect-src-allow.sub.js (file symbol)

Source code

Revision control

Copy as Markdown

Other Tools

importScripts("{{location[server]}}/resources/testharness.js");
importScripts("{{location[server]}}/content-security-policy/support/testharness-helper.js");
let base_same_origin_url =
"{{location[server]}}/content-security-policy/support/resource.py";
let base_cross_origin_url =
"/content-security-policy/support/resource.py";
// Same-origin
promise_test(t => {
let url = `${base_same_origin_url}?same-origin-fetch`;
assert_no_csp_event_for_url(t, url);
return fetch(url)
.then(t.step_func(r => assert_equals(r.status, 200)));
}, "Same-origin 'fetch()' in " + self.location.protocol + " without CSP");
// XHR is not available in service workers.
if (self.XMLHttpRequest) {
promise_test(t => {
let url = `${base_same_origin_url}?same-origin-xhr`;
assert_no_csp_event_for_url(t, url);
return new Promise((resolve, reject) => {
let xhr = new XMLHttpRequest();
xhr.open("GET", url);
xhr.onload = resolve;
xhr.onerror = _ => reject("xhr.open should success.");
xhr.send();
});
}, "Same-origin XHR in " + self.location.protocol + " without CSP");
}
// Cross-origin
promise_test(t => {
let url = `${base_cross_origin_url}?cross-origin-fetch`;
assert_no_csp_event_for_url(t, url);
return fetch(url)
.then(t.step_func(r => assert_equals(r.status, 200)));
}, "Cross-origin 'fetch()' in " + self.location.protocol + " without CSP");
// XHR is not available in service workers.
if (self.XMLHttpRequest) {
promise_test(t => {
let url = `${base_cross_origin_url}?cross-origin-xhr`;
assert_no_csp_event_for_url(t, url);
return new Promise((resolve, reject) => {
let xhr = new XMLHttpRequest();
xhr.open("GET", url);
xhr.onload = resolve;
xhr.onerror = _ => reject("xhr.open should success.");
xhr.send();
});
}, "Cross-origin XHR in " + self.location.protocol + " without CSP");
}
// Same-origin redirecting to cross-origin
promise_test(t => {
let url = `{{location[server]}}/common/redirect-opt-in.py?` +
`status=307&location=${base_cross_origin_url}?cross-origin-fetch`;
assert_no_csp_event_for_url(t, url);
return fetch(url)
.then(t.step_func(r => assert_equals(r.status, 200)));
}, "Same-origin => cross-origin 'fetch()' in " + self.location.protocol +
" without CSP");
// WebSocket
promise_test(async function(t) {
assert_no_csp_event_for_url(t, url);
return new Promise(resolve => {
let ws = new WebSocket(url);
ws.onopen = resolve;
});
}, "WebSocket without CSP");
done();