csp-blocked.tentative.https.window.js

Enable keyboard shortcuts

This test has a WPT meta file that expects 1 subtest issues.
This WPT test may be referenced by the following Test IDs:
- /fetch/fetch-later/policies/csp-blocked.tentative.https.window.html - WPT Dashboard Interop Dashboard

// META: title=FetchLater: blocked by CSP

// META: script=/common/utils.js

// META: script=/common/get-host-info.sub.js

// META: script=/fetch/fetch-later/resources/fetch-later-helper.js

'use strict';

const {

  HTTPS_NOTSAMESITE_ORIGIN,

} = get_host_info();

// FetchLater requests blocked by Content Security Policy are rejected.

// https://w3c.github.io/webappsec-csp/#should-block-request

const meta = document.createElement('meta');

meta.setAttribute('http-equiv', 'Content-Security-Policy');

meta.setAttribute('content', 'connect-src \'self\'');

document.head.appendChild(meta);

promise_test(async t => {

  const uuid = token();

  const cspViolationUrl =

      generateSetBeaconURL(uuid, {host: HTTPS_NOTSAMESITE_ORIGIN});

  fetchLater(cspViolationUrl, {activateAfter: 0});

  await new Promise(

      resolve => window.addEventListener('securitypolicyviolation', e => {

        assert_equals(e.violatedDirective, 'connect-src');

        resolve();

      }));

  t.done();

}, 'FetchLater blocked by CSP should reject');