Source code
Revision control
Copy as Markdown
Other Tools
Test Info: Warnings
- This test has a WPT meta file that expects 1 subtest issues.
- This WPT test may be referenced by the following Test IDs:
- /content-security-policy/securitypolicyviolation/blockeduri-ws-wss-scheme.html - WPT Dashboard Interop Dashboard
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
<script src="/common/get-host-info.sub.js"></script>
<script>
const info = get_host_info();
const nextCSPViolation = (test) => {
return new Promise((resolve, reject) => {
document.addEventListener("securitypolicyviolation", resolve, {once: true});
test.step_timeout(() => reject("timeout"), 3000);
});
};
const redirector = get_host_info().HTTP_REMOTE_ORIGIN.replace("http", "wss") +
"/common/redirect.py";
promise_setup(async () => {
const meta = document.createElement('meta');
meta.httpEquiv = "Content-Security-Policy";
meta.content = "connect-src " + redirector;
document.getElementsByTagName('head')[0].appendChild(meta);
}, "Install <meta> CSP");
promise_test(async test => {
const url = get_host_info().HTTP_ORIGIN.replace("http", "ws") + "/path";
const violation = nextCSPViolation(test);
try { new WebSocket(url); } catch (e) {}
assert_equals((await violation).blockedURI, url);
}, "ws");
promise_test(async test => {
const url = get_host_info().HTTP_ORIGIN.replace("http", "wss") + "/path";
const violation = nextCSPViolation(test);
try { new WebSocket(url); } catch (e) {}
assert_equals((await violation).blockedURI, url);
}, "wss");
promise_test(async test => {
const url = get_host_info().HTTP_REMOTE_ORIGIN.replace("http", "wss") + "/path";
const violation = nextCSPViolation(test);
try { new WebSocket(url); } catch (e) {}
assert_equals((await violation).blockedURI, url);
}, "cross-origin");
promise_test(async test => {
const url = get_host_info().HTTP_ORIGIN.replace("http", "wss") + "/path";
const violation = nextCSPViolation(test);
try {new WebSocket(redirector + "?location=" + url); } catch (e) {}
assert_equals((await violation).blockedURI, url);
}, "redirect");
</script>