Source code
Revision control
Copy as Markdown
Other Tools
Test Info:
- This WPT test may be referenced by the following Test IDs:
- /web-bundle/subresource-loading/csp-blockes-bundle.https.tentative.html - WPT Dashboard Interop Dashboard
<!DOCTYPE html>
<title>CSP blocks WebBundle</title>
<link
rel="help"
/>
<meta
http-equiv="Content-Security-Policy"
content="
default-src
'unsafe-inline';
img-src
/>
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
<script src="../resources/test-helpers.js"></script>
<body>
<script>
// This bundle should be blocked because its URL is not listed in CSP directive.
const bundle_url =
const subresource_url =
promise_test(() => {
// if a WebBundle is blocked by CSP,
// - A request for the WebBundle should fail.
// - A subresource request associated with the bundle should fail.
// - A window.load should be fired. In other words, any request shouldn't remain
// pending forever.
const window_load = new Promise((resolve) => {
window.addEventListener("load", () => {
resolve();
});
});
const script_webbundle = createWebBundleElement(bundle_url, [
subresource_url,
]);
const webbundle_error = new Promise((resolve) => {
script_webbundle.addEventListener("error", () => {
resolve();
});
});
document.body.appendChild(script_webbundle);
const script_js = document.createElement("script");
script_js.src = subresource_url;
const script_js_error = new Promise((resolve) => {
script_js.addEventListener("error", () => {
resolve();
});
});
document.body.appendChild(script_js);
return Promise.all([window_load, webbundle_error, script_js_error]);
}, "WebBundle and subresource loadings should fail when CSP blocks a WebBundle");
</script>
</body>