Source code
Revision control
Copy as Markdown
Other Tools
Test Info:
- This WPT test may be referenced by the following Test IDs:
- /speculation-rules/prerender/csp-form-action.https.html - WPT Dashboard Interop Dashboard
<!DOCTYPE html>
<title>Prerender initial navigation as form submission is blocked by CSP form-action 'none'</title>
<meta name="timeout" content="long">
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
<script src="/common/utils.js"></script>
<script src="/common/dispatcher/dispatcher.js"></script>
<script src="/html/browsers/browsing-the-web/remote-context-helper/resources/remote-context-helper.js"></script>
<script src="../resources/utils.js"></script>
<script src="resources/utils.js"></script>
<body>
<script>
setup(() => assertSpeculationRulesIsSupported());
promise_test(async t => {
const rcHelper = new PrerenderingRemoteContextHelper();
// Create an initiator window with the form-action 'none' CSP.
const referrerRC = await rcHelper.addWindow({
headers: [['Content-Security-Policy', "form-action 'none'"]]
}, { features: 'noopener' });
// Setup CSP violation listener synchronously and store the promise globally.
await referrerRC.executeScript(() => {
window.violationPromise = new Promise(resolve => {
window.addEventListener('securitypolicyviolation', e => {
resolve(e.violatedDirective);
});
});
});
// Add a prerendered page as a form submission.
// The prerender initial navigation should be treated as a form submission
// and be blocked by the CSP.
await referrerRC.addPreload('prerender', {
extrasInSpeculationRule: { form_submission: true }
});
const violatedDirective = await referrerRC.executeScript(() => window.violationPromise);
assert_equals(violatedDirective, 'form-action', 'Prerender initial navigation should violate form-action CSP.');
}, "Prerender initial navigation with form_submission is blocked by CSP form-action 'none'");
</script>