inside-worker.sub.js

mozilla-central/testing/web-platform/tests/content-security-policy/securitypolicyviolation/support/inside-worker.sub.js (file symbol)

Enable keyboard shortcuts

Source code

File a bug in Core :: DOM: Security

Revision control

Copy as Markdown

Other Tools

importScripts("{{location[scheme]}}://{{host}}:{{location[port]}}/resources/testharness.js");

importScripts("{{location[scheme]}}://{{host}}:{{location[port]}}/content-security-policy/support/testharness-helper.js");

var cspEventFiredInDocument = false;

// ServiceWorker and Worker

self.addEventListener("message", e => {

  if (e.data == "SecurityPolicyViolation from Document")

    cspEventFiredInDocument = true;

});

// SharedWorker

self.addEventListener("connect", c => {

  c.ports[0].addEventListener("message", m => {

    if (m.data == "SecurityPolicyViolation from Document")

      cspEventFiredInDocument = true;

});

});

async_test(t => {

  var url = "{{location[scheme]}}://{{host}}:{{location[port]}}/content-security-policy/support/resource.py";

  assert_no_csp_event_for_url(t, url);

  fetch(url)

    .catch(t.unreached_func("Fetch should succeed."))

    .then(t.step_func_done(r => {

      assert_equals(r.status, 200);

      assert_false(cspEventFiredInDocument);

    }));

}, "No SecurityPolicyViolation event fired for successful load.");

async_test(t => {

  var url = "{{location[scheme]}}://{{domains[www2]}}:{{location[port]}}/content-security-policy/support/resource.py";

  waitUntilCSPEventForURL(t, url)

    .then(t.step_func_done(e => {

      assert_equals(e.blockedURI, url);

      assert_false(cspEventFiredInDocument);

    }));

  fetch(url)

    .then(t.unreached_func("Fetch should not succeed."))

    .catch(t.step_func(e => assert_true(e instanceof TypeError)));

}, "SecurityPolicyViolation event fired on global.");

async_test(t => {

  var url = "{{location[scheme]}}://{{host}}:{{location[port]}}/common/redirect.py?location={{location[scheme]}}://{{domains[www]}}:{{location[port]}}/content-security-policy/support/ping.js";

  waitUntilCSPEventForURL(t, url)

    .then(t.step_func_done(e => {

      assert_equals(e.blockedURI, url);

      assert_false(cspEventFiredInDocument);

    }));

  fetch(url)

    .then(t.unreached_func("Fetch should not succeed."))

    .catch(t.step_func(e => assert_true(e instanceof TypeError)));

}, "SecurityPolicyViolation event fired on global with the correct blockedURI.");

// Worker tests need an explicit `done()`.

done();