Loading testing/web-platform/tests/content-security-policy/inside-worker/support/connect-src-allow.sub.js +11 −0 Original line number Diff line number Diff line Loading @@ -68,4 +68,15 @@ promise_test(t => { }, "Same-origin => cross-origin 'fetch()' in " + self.location.protocol + " without CSP"); // WebSocket promise_test(async function(t) { let url = "wss://{{host}}:{{ports[wss][0]}}/echo"; assert_no_csp_event_for_url(t, url); return new Promise(resolve => { let ws = new WebSocket(url); ws.onopen = resolve; }); }, "WebSocket without CSP"); done(); testing/web-platform/tests/content-security-policy/inside-worker/support/connect-src-self-report-only.sub.js +15 −2 Original line number Diff line number Diff line Loading @@ -77,9 +77,22 @@ promise_test(t => { ]); }, "Same-origin => cross-origin 'fetch()'."); let websocket_url = "wss://{{host}}:{{ports[wss][0]}}/echo"; // The WebSocket URL is not the same as 'self' promise_test(t => { return Promise.all([ waitUntilCSPEventForURL(t, websocket_url), new Promise(resolve => { let ws = new WebSocket(websocket_url); ws.onopen = resolve; }) ]); }, "WebSocket."); let expected_blocked_urls = self.XMLHttpRequest ? [ fetch_cross_origin_url, xhr_cross_origin_url, redirect_url ] : [ fetch_cross_origin_url, redirect_url ]; ? [ fetch_cross_origin_url, xhr_cross_origin_url, redirect_url, websocket_url ] : [ fetch_cross_origin_url, redirect_url, websocket_url ]; promise_test(async t => { let report_url = `{{location[server]}}/reporting/resources/report.py?` + Loading testing/web-platform/tests/content-security-policy/inside-worker/support/connect-src-self.sub.js +22 −2 Original line number Diff line number Diff line Loading @@ -88,9 +88,29 @@ promise_test(t => { }, "Same-origin => cross-origin 'fetch()' in " + self.location.protocol + " with {{GET[test-name]}}"); let websocket_url = "wss://{{host}}:{{ports[wss][0]}}/echo"; // The WebSocket URL is not the same as 'self' promise_test(t => { return Promise.all([ waitUntilCSPEventForURL(t, websocket_url), new Promise((resolve, reject) => { // Firefox throws in the constructor, Chrome triggers the error event. try { let ws = new WebSocket(websocket_url); ws.onerror = resolve; ws.onopen = reject; // unexpected } catch (e) { resolve(); } }) ]); }, "WebSocket in " + self.location.protocol + " with {{GET[test-name]}}"); let expected_blocked_urls = self.XMLHttpRequest ? [ fetch_cross_origin_url, xhr_cross_origin_url, redirect_url ] : [ fetch_cross_origin_url, redirect_url ]; ? [ fetch_cross_origin_url, xhr_cross_origin_url, redirect_url, websocket_url ] : [ fetch_cross_origin_url, redirect_url, websocket_url ]; promise_test(async t => { let report_url = `{{location[server]}}/reporting/resources/report.py` + Loading Loading
testing/web-platform/tests/content-security-policy/inside-worker/support/connect-src-allow.sub.js +11 −0 Original line number Diff line number Diff line Loading @@ -68,4 +68,15 @@ promise_test(t => { }, "Same-origin => cross-origin 'fetch()' in " + self.location.protocol + " without CSP"); // WebSocket promise_test(async function(t) { let url = "wss://{{host}}:{{ports[wss][0]}}/echo"; assert_no_csp_event_for_url(t, url); return new Promise(resolve => { let ws = new WebSocket(url); ws.onopen = resolve; }); }, "WebSocket without CSP"); done();
testing/web-platform/tests/content-security-policy/inside-worker/support/connect-src-self-report-only.sub.js +15 −2 Original line number Diff line number Diff line Loading @@ -77,9 +77,22 @@ promise_test(t => { ]); }, "Same-origin => cross-origin 'fetch()'."); let websocket_url = "wss://{{host}}:{{ports[wss][0]}}/echo"; // The WebSocket URL is not the same as 'self' promise_test(t => { return Promise.all([ waitUntilCSPEventForURL(t, websocket_url), new Promise(resolve => { let ws = new WebSocket(websocket_url); ws.onopen = resolve; }) ]); }, "WebSocket."); let expected_blocked_urls = self.XMLHttpRequest ? [ fetch_cross_origin_url, xhr_cross_origin_url, redirect_url ] : [ fetch_cross_origin_url, redirect_url ]; ? [ fetch_cross_origin_url, xhr_cross_origin_url, redirect_url, websocket_url ] : [ fetch_cross_origin_url, redirect_url, websocket_url ]; promise_test(async t => { let report_url = `{{location[server]}}/reporting/resources/report.py?` + Loading
testing/web-platform/tests/content-security-policy/inside-worker/support/connect-src-self.sub.js +22 −2 Original line number Diff line number Diff line Loading @@ -88,9 +88,29 @@ promise_test(t => { }, "Same-origin => cross-origin 'fetch()' in " + self.location.protocol + " with {{GET[test-name]}}"); let websocket_url = "wss://{{host}}:{{ports[wss][0]}}/echo"; // The WebSocket URL is not the same as 'self' promise_test(t => { return Promise.all([ waitUntilCSPEventForURL(t, websocket_url), new Promise((resolve, reject) => { // Firefox throws in the constructor, Chrome triggers the error event. try { let ws = new WebSocket(websocket_url); ws.onerror = resolve; ws.onopen = reject; // unexpected } catch (e) { resolve(); } }) ]); }, "WebSocket in " + self.location.protocol + " with {{GET[test-name]}}"); let expected_blocked_urls = self.XMLHttpRequest ? [ fetch_cross_origin_url, xhr_cross_origin_url, redirect_url ] : [ fetch_cross_origin_url, redirect_url ]; ? [ fetch_cross_origin_url, xhr_cross_origin_url, redirect_url, websocket_url ] : [ fetch_cross_origin_url, redirect_url, websocket_url ]; promise_test(async t => { let report_url = `{{location[server]}}/reporting/resources/report.py` + Loading
