Mirrors/servo
1
0
Fork 0
mirror of https://github.com/servo/servo.git synced 2025-08-13 01:15:34 +01:00
Code Issues Projects Releases Packages Wiki Activity

Update web-platform-tests to revision 14cfa4d648cc1c853b4153268df672d21425f8c1

Browse source
This commit is contained in:
Josh Matthews 2017-10-30 09:31:22 -04:00
parent 1b73cf3352
commit 75736751d9
1213 changed files with 19434 additions and 12344 deletions
Download patch file Download diff file Expand all files Collapse all files

39
tests/wpt/web-platform-tests/content-security-policy/connect-src/connect-src-beacon-allowed.sub.html Normal file
View file

@ -0,0 +1,39 @@
<!DOCTYPE html>
<html>
<head>
<!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.-->
<meta http-equiv="Content-Security-Policy" content="connect-src 'self' http://{{host}}:{{ports[http][0]}}; script-src 'self' 'unsafe-inline';">
<title>connect-src-beacon-allowed</title>
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
<script src='../support/logTest.sub.js?logs=["Pass"]'></script>
<script src="../support/alertAssert.sub.js?alerts=[]"></script>
<!-- enforcing policy:
connect-src 'self' http://{{host}}:{{ports[http][0]}}; script-src 'self' 'unsafe-inline';
-->
</head>
<body>
<script>
window.addEventListener('securitypolicyviolation', function(e) {
log("FAIL");
});
if (typeof navigator.sendBeacon != 'function') {
t_log.set_status(t_log.NOTRUN, "No navigator.sendBeacon, cannot run test.");
t_log.phase = t_log.phases.HAS_RESULT;
t_log.done();
} else {
try {
var es = navigator.sendBeacon("http://{{host}}:{{ports[http][0]}}/cors/resources/status.py");
log("Pass");
} catch (e) {
log("Fail");
}
}
</script>
<div id="log"></div>
</body>
</html>

58
tests/wpt/web-platform-tests/content-security-policy/connect-src/connect-src-beacon-blocked.sub.html
View file

@ -1,27 +1,39 @@
<!DOCTYPE html>
<meta http-equiv="Content-Security-Policy" content="connect-src 'self'">
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
<script>
async_test(t => {
document.addEventListener("securitypolicyviolation", t.step_func_done(e => {
if (e.blockedURI != "http://{{domains[www]}}:{{ports[http][0]}}/common/text-plain.txt")
return;
<html>
assert_equals(e.violatedDirective, "connect-src");
}));
<head>
<!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.-->
<meta http-equiv="Content-Security-Policy" content="connect-src 'self'; script-src 'self' 'unsafe-inline';">
<title>connect-src-beacon-blocked</title>
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
<script src='../support/logTest.sub.js?logs=["Pass", "violated-directive=connect-src"]'></script>
<script src="../support/alertAssert.sub.js?alerts=[]"></script>
<!-- enforcing policy:
connect-src 'self' http://{{host}}:{{ports[http][0]}}; script-src 'self' 'unsafe-inline';
-->
</head>
assert_true(navigator.sendBeacon("http://{{domains[www]}}:{{ports[http][0]}}/common/text-plain.txt"));
}, "sendBeacon should not throw.");
<body>
<script>
window.addEventListener('securitypolicyviolation', function(e) {
log("violated-directive=" + e.violatedDirective);
});
if (typeof navigator.sendBeacon != 'function') {
t_log.set_status(t_log.NOTRUN, "No navigator.sendBeacon, cannot run test.");
t_log.phase = t_log.phases.HAS_RESULT;
t_log.done();
} else {
try {
var es = navigator.sendBeacon("http://www1.{{host}}:{{ports[http][0]}}/security/contentSecurityPolicy/echo-report.php");
log("Pass");
} catch (e) {
log("Fail");
}
}
</script>
<div id="log"></div>
</body>
async_test(t => {
document.addEventListener("securitypolicyviolation", t.step_func_done(e => {
if (e.blockedURI != "http://{{domains[www]}}:{{ports[http][0]}}/common/text-plain.txt")
return;
assert_equals(e.violatedDirective, "connect-src");
}));
assert_true(navigator.sendBeacon("common/redirect-opt-in.py?status=307&location=http://{{domains[www]}}:{{ports[http][0]}}/common/text-plain.txt"));
}, "redirect case");
</script>
</html>

36
tests/wpt/web-platform-tests/content-security-policy/connect-src/connect-src-beacon-redirect-to-blocked.sub.html Normal file
View file

@ -0,0 +1,36 @@
<!DOCTYPE html>
<html>
<head>
<!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.-->
<meta http-equiv="Content-Security-Policy" content="connect-src 'self'; script-src 'self' 'unsafe-inline';">
<title>connect-src-beacon-redirect-to-blocked</title>
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
<script src='../support/logTest.sub.js?logs=["violated-directive=connect-src"]'></script>
<script src="../support/alertAssert.sub.js?alerts=[]"></script>
<script></script>
</head>
<body>
<p>The beacon should not follow the redirect to http://www1.{{host}}:{{ports[http][0]}}/content-security-policy/support/fail.png and send a CSP violation report.</p>
<p>Verify that a CSP connect-src directive blocks redirects.</p>
<script>
window.addEventListener('securitypolicyviolation', function(e) {
log("violated-directive=" + e.violatedDirective);
});
if (typeof navigator.sendBeacon != 'function') {
t_log.set_status(t_log.NOTRUN, "No navigator.sendBeacon, cannot run test.");
t_log.phase = t_log.phases.HAS_RESULT;
t_log.done();
} else {
navigator.sendBeacon(
"/common/redirect.py?location=http://www1.{{host}}:{{ports[http][0]}}/content-security-policy/support/fail.png",
"ping");
}
</script>
<div id="log"></div>
</body>
</html>

31
tests/wpt/web-platform-tests/content-security-policy/connect-src/connect-src-eventsource-allowed.sub.html Normal file
View file

@ -0,0 +1,31 @@
<!DOCTYPE html>
<html>
<head>
<!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.-->
<meta http-equiv="Content-Security-Policy" content="connect-src 'self' http://{{host}}:{{ports[http][0]}}; script-src 'self' 'unsafe-inline';">
<title>connect-src-eventsource-allowed</title>
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
<script src='../support/logTest.sub.js?logs=["Pass"]'></script>
<script src="../support/alertAssert.sub.js?alerts=[]"></script>
</head>
<body>
<script>
window.addEventListener('securitypolicyviolation', function(e) {
log("FAIL");
});
try {
var es = new EventSource("http://{{host}}:{{ports[http][0]}}/content-security-policy/connect-src/resources/simple-event-stream");
log("Pass");
} catch (e) {
log("Fail");
}
</script>
<div id="log"></div>
</body>
</html>

92
tests/wpt/web-platform-tests/content-security-policy/connect-src/connect-src-eventsource-blocked.sub.html
View file

@ -1,61 +1,39 @@
<!DOCTYPE html>
<meta http-equiv="Content-Security-Policy" content="connect-src 'self'">
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
<script>
async_test(t => {
var errorEvent = false;
var cspEvent = false;
<html>
var es = new EventSource("http://{{domains[www]}}:{{ports[http][0]}}/common/text-plain.txt");
es.onerror = t.step_func(e => {
assert_equals(es.readyState, EventSource.CLOSED);
<head>
<!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.-->
<meta http-equiv="Content-Security-Policy" content="connect-src 'self'; script-src 'self' 'unsafe-inline';">
<title>connect-src-eventsource-blocked</title>
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
<script src='../support/logTest.sub.js?logs=["Pass","violated-directive=connect-src"]'></script>
<script src="../support/alertAssert.sub.js?alerts=[]"></script>
</head>
assert_false(errorEvent);
errorEvent = true;
if (cspEvent)
t.done();
});
document.addEventListener("securitypolicyviolation", t.step_func(e => {
if (e.blockedURI != "http://{{domains[www]}}:{{ports[http][0]}}/common/text-plain.txt")
return;
assert_equals(es.readyState, EventSource.CLOSED);
assert_equals(e.violatedDirective, "connect-src");
assert_false(cspEvent);
cspEvent = true;
if (errorEvent)
t.done();
}));
}, "EventSource should fire onerror.");
async_test(t => {
var errorEvent = false;
var cspEvent = false;
var es = new EventSource("http://{{domains[www]}}:{{ports[http][0]}}/common/text-plain.txt");
es.onerror = t.step_func(e => {
assert_equals(es.readyState, EventSource.CLOSED);
assert_false(errorEvent);
errorEvent = true;
if (cspEvent)
t.done();
});
document.addEventListener("securitypolicyviolation", t.step_func(e => {
if (e.blockedURI != "http://{{domains[www]}}:{{ports[http][0]}}/common/text-plain.txt")
return;
assert_equals(es.readyState, EventSource.CLOSED);
assert_equals(e.violatedDirective, "connect-src");
assert_false(cspEvent);
cspEvent = true;
if (errorEvent)
t.done();
}));
}, "EventSource should fire onerror.");
<body>
<script>
window.addEventListener('securitypolicyviolation', function(e) {
log("violated-directive=" + e.violatedDirective);
});
try {
var es = new EventSource("http://www1.{{host}}:{{ports[http][0]}}/content-security-policy/connect-src/resources/simple-event-stream");
// Firefox doesn't throw an exception and takes some time to close async
if (es.readyState == EventSource.CONNECTING) {
setTimeout( function() {
es.readyState != EventSource.CLOSED ? log("Fail") : log("Pass");
}, 2);
} else if (es.readyState == EventSource.CLOSED) {
log("Pass");
} else {
log("Fail");
}
} catch (e) {
log("Pass");
}
</script>
<div id="log"></div>
</body>
</html>

40
tests/wpt/web-platform-tests/content-security-policy/connect-src/connect-src-eventsource-redirect-to-blocked.sub.html Normal file
View file

@ -0,0 +1,40 @@
<!DOCTYPE html>
<html>
<head>
<!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.-->
<meta http-equiv="Content-Security-Policy" content="connect-src 'self' http://{{host}}:{{ports[http][0]}}/security/contentSecurityPolicy/resources/redir.php; script-src 'self' 'unsafe-inline';">
<title>connect-src-eventsource-redirect-to-blocked</title>
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
<script src='../support/logTest.sub.js?logs=["PASS EventSource() did not follow the disallowed redirect.","TEST COMPLETE", "violated-directive=connect-src"]'></script>
<script src="../support/alertAssert.sub.js?alerts=[]"></script>
<script></script>
</head>
<body>
<script>
window.addEventListener('securitypolicyviolation', function(e) {
log("violated-directive=" + e.violatedDirective);
});
var es;
try {
es = new EventSource("/common/redirect.py?location= http://www.{{host}}:{{ports[http][0]}}/content-security-policy/connect-src/resources/simple-event-stream");
} catch (e) {
log("FAIL " + "EventSource() should not throw an exception.");
}
es.onload = function() {
log("FAIL " + "EventSource() should fail to follow the disallowed redirect.");
log("TEST COMPLETE");
};
es.onerror = function() {
log("PASS " + "EventSource() did not follow the disallowed redirect.");
log("TEST COMPLETE");
};
</script>
<div id="log"></div>
</body>
</html>

31
tests/wpt/web-platform-tests/content-security-policy/connect-src/connect-src-websocket-allowed.sub.html Normal file
View file

@ -0,0 +1,31 @@
<!DOCTYPE html>
<html>
<head>
<!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.-->
<meta http-equiv="Content-Security-Policy" content="connect-src 'self' ws://127.0.0.1:8880; script-src 'self' 'unsafe-inline';">
<title>connect-src-websocket-allowed</title>
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
<script src='../support/logTest.sub.js?logs=["Pass"]'></script>
<script src="../support/alertAssert.sub.js?alerts=[]"></script>
</head>
<body>
<script>
window.addEventListener('securitypolicyviolation', function(e) {
log("Fail");
});
try {
var ws = new WebSocket("ws://127.0.0.1:8880/echo");
log("Pass");
} catch (e) {
log("Fail");
}
</script>
<div id="log"></div>
</body>
</html>

53
tests/wpt/web-platform-tests/content-security-policy/connect-src/connect-src-websocket-blocked.sub.html
View file

@ -1,34 +1,31 @@
<!DOCTYPE html>
<meta http-equiv="Content-Security-Policy" content="connect-src 'self'">
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
<script>
async_test(t => {
var errorEvent = false;
var cspEvent = false;
<html>
var ws = new WebSocket("ws://{{domains[www]}}:{{ports[ws][0]}}/echo");
ws.onopen = t.unreached_func("open should not fire.");
ws.onerror = t.step_func(e => {
assert_equals(ws.readyState, WebSocket.CLOSED);
<head>
<!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.-->
<meta http-equiv="Content-Security-Policy" content="connect-src 'self' ws://127.0.0.1:8880; script-src 'self' 'unsafe-inline';">
<title>connect-src-websocket-blocked</title>
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
<script src='../support/logTest.sub.js?logs=["Pass","violated-directive=connect-src"]'></script>
<script src="../support/alertAssert.sub.js?alerts=[]"></script>
</head>
assert_false(errorEvent);
errorEvent = true;
if (cspEvent)
t.done();
});
<body>
<script>
window.addEventListener('securitypolicyviolation', function(e) {
log("violated-directive=" + e.violatedDirective);
});
document.addEventListener("securitypolicyviolation", t.step_func(e => {
if (e.blockedURI != "ws://{{domains[www]}}:{{ports[ws][0]}}")
return;
try {
var ws = new WebSocket("ws://localhost:8880/echo");
log("Fail");
} catch (e) {
log("Pass");
}
assert_equals(ws.readyState, WebSocket.CLOSED);
assert_equals(e.violatedDirective, "connect-src");
</script>
<div id="log"></div>
</body>
assert_false(cspEvent);
cspEvent = true;
if (errorEvent)
t.done();
}));
}, "WebSocket should fire error event.");
</script>
</html>

32
tests/wpt/web-platform-tests/content-security-policy/connect-src/connect-src-xmlhttprequest-allowed.sub.html Normal file
View file

@ -0,0 +1,32 @@
<!DOCTYPE html>
<html>
<head>
<!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.-->
<meta http-equiv="Content-Security-Policy" content="connect-src 'self' http://{{host}}:{{ports[http][0]}}; script-src 'self' 'unsafe-inline';">
<title>connect-src-xmlhttprequest-allowed</title>
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
<script src='../support/logTest.sub.js?logs=["Pass"]'></script>
<script src="../support/alertAssert.sub.js?alerts=[]"></script>
</head>
<body>
<script>
window.addEventListener('securitypolicyviolation', function(e) {
log("Fail");
});
try {
var xhr = new XMLHttpRequest;
xhr.open("GET", "http://{{host}}:{{ports[http][0]}}/xmlhttprequest/resources/get.txt", true);
log("Pass");
} catch (e) {
log("Fail");
}
</script>
<div id="log"></div>
</body>
</html>

95
tests/wpt/web-platform-tests/content-security-policy/connect-src/connect-src-xmlhttprequest-blocked.sub.html
View file

@ -1,69 +1,38 @@
<!DOCTYPE html>
<meta http-equiv="Content-Security-Policy" content="connect-src 'self'">
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
<script>
async_test(t => {
var errorEvent = false;
var cspEvent = false;
<html>
var xhr = new XMLHttpRequest;
xhr.open("GET", "http://{{domains[www]}}:{{ports[http][0]}}/common/text-plain.txt");
xhr.onload = t.unreached_func("Load should not fire.");
xhr.onerror = t.step_func(e => {
assert_equals(xhr.readyState, XMLHttpRequest.DONE);
<head>
<!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.-->
<meta http-equiv="Content-Security-Policy" content="connect-src 'self'; script-src 'self' 'unsafe-inline';">
<title>connect-src-xmlhttprequest-blocked</title>
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
<script src='../support/logTest.sub.js?logs=["Pass","violated-directive=connect-src"]'></script>
<script src="../support/alertAssert.sub.js?alerts=[]"></script>
</head>
assert_false(errorEvent);
errorEvent = true;
if (cspEvent)
t.done();
});
<body>
<script>
window.addEventListener('securitypolicyviolation', function(e) {
log("violated-directive=" + e.violatedDirective);
});
document.addEventListener("securitypolicyviolation", t.step_func(e => {
if (e.blockedURI != "http://{{domains[www]}}:{{ports[http][0]}}/common/text-plain.txt")
return;
try {
var xhr = new XMLHttpRequest;
xhr.open("GET", "http://www1.{{host}}:{{ports[http][0]}}/content-security-policy/support/fail.png", true);
xhr.send();
xhr.onload = function() {
log("Fail");
}
xhr.onerror = function() {
log("Pass");
}
} catch (e) {
log("Pass");
}
assert_equals(xhr.readyState, XMLHttpRequest.DONE);
assert_equals(e.violatedDirective, "connect-src");
</script>
<div id="log"></div>
</body>
assert_false(cspEvent);
cspEvent = true;
if (errorEvent)
t.done();
}));
xhr.send();
}, "XHR should fire onerror.");
async_test(t => {
var errorEvent = false;
var cspEvent = false;
var xhr = new XMLHttpRequest;
xhr.open("GET", "/common/redirect-opt-in.py?status=307&location=http://{{domains[www]}}:{{ports[http][0]}}/common/text-plain.txt");
xhr.onload = t.unreached_func("Load should not fire.");
xhr.onerror = t.step_func(e => {
assert_equals(xhr.readyState, XMLHttpRequest.DONE);
assert_false(errorEvent);
errorEvent = true;
if (cspEvent)
t.done();
});
document.addEventListener("securitypolicyviolation", t.step_func(e => {
if (e.blockedURI != "http://{{domains[www]}}:{{ports[http][0]}}")
return;
assert_equals(xhr.readyState, XMLHttpRequest.DONE);
assert_equals(e.violatedDirective, "connect-src");
assert_false(cspEvent);
cspEvent = true;
if (errorEvent)
t.done();
}));
xhr.send();
}, "XHR should fire onerror after a redirect.");
</script>
</html>

46
tests/wpt/web-platform-tests/content-security-policy/connect-src/connect-src-xmlhttprequest-redirect-to-blocked.sub.html Normal file
View file

@ -0,0 +1,46 @@
<!DOCTYPE html>
<html>
<head>
<!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.-->
<meta http-equiv="Content-Security-Policy" content="connect-src 'self'; script-src 'self' 'unsafe-inline';">
<title>connect-src-xmlhttprequest-redirect-to-blocked</title>
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
<script src='../support/logTest.sub.js?logs=["PASS XMLHttpRequest.send() did not follow the disallowed redirect.","TEST COMPLETE","violated-directive=connect-src"]'></script>
<script src="../support/alertAssert.sub.js?alerts=[]"></script>
<script id="inject_here"></script>
</head>
<body>
<script>
window.addEventListener('securitypolicyviolation', function(e) {
log("violated-directive=" + e.violatedDirective);
});
var xhr = new XMLHttpRequest;
try {
xhr.open("GET", "/common/redirect.py?location=http://www1.{{host}}:{{ports[http][0]}}/content-security-policy/support/fail.asis", true);
} catch (e) {
log("FAIL " + "XMLHttpRequest.open() should not throw an exception.");
}
xhr.onload = function() {
//cons/**/ole.log(xhr.responseText);
if(xhr.responseText == "FAIL") {
log("FAIL " + "XMLHttpRequest.send() should fail to follow the disallowed redirect.");
} else {
log("PASS " + "XMLHttpRequest.send() did not follow the disallowed redirect.");
}
log("TEST COMPLETE");
};
xhr.onerror = function() {
log("PASS " + "XMLHttpRequest.send() did not follow the disallowed redirect.");
log("TEST COMPLETE");
};
xhr.send();
</script>
<div id="log"></div>
</body>
</html>

1
tests/wpt/web-platform-tests/content-security-policy/connect-src/resources/simple-event-stream Normal file
View file

@ -0,0 +1 @@
data: hello

1
tests/wpt/web-platform-tests/content-security-policy/connect-src/resources/simple-event-stream.headers Normal file
View file

@ -0,0 +1 @@
Content-Type: text/event-stream

39
tests/wpt/web-platform-tests/content-security-policy/connect-src/shared-worker-connect-src-allowed.sub.html Normal file
View file

@ -0,0 +1,39 @@
<!DOCTYPE html>
<html>
<head>
<!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.-->
<meta http-equiv="Content-Security-Policy" content="connect-src 'self' http://{{domains[www1]}}:{{ports[http][0]}}; script-src 'self' 'unsafe-inline';">
<title>shared-worker-connect-src-allowed</title>
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
<script src='../support/logTest.sub.js?logs=["xhr allowed","TEST COMPLETE"]'></script>
<script src='../support/alertAssert.sub.js?alerts=[]'></script>
</head>
<body>
<script>
window.addEventListener('securitypolicyviolation', function(e) {
log("violated-directive=" + e.violatedDirective);
});
if(typeof SharedWorker != 'function') {
t_log.set_status(t_alert.NOTRUN, "No SharedWorker, cannot run test.");
t_log.phase = t_alert.phases.HAS_RESULT;
t_log.done();
} else {
try {
var worker = new SharedWorker('/content-security-policy/connect-src/support/shared-worker-make-xhr-allowed.sub.js');
worker.port.onmessage = function(event) {
log(event.data);
};
} catch (e) {
log(e);
}
}
</script>
<div id="log"></div>
</body>
</html>

44
tests/wpt/web-platform-tests/content-security-policy/connect-src/shared-worker-connect-src-blocked.sub.html Normal file
View file

@ -0,0 +1,44 @@
<!DOCTYPE html>
<html>
<head>
<!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.-->
<meta http-equiv="Content-Security-Policy" content="connect-src *; script-src 'self' 'unsafe-inline';">
<title>shared-worker-connect-src-blocked</title>
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
<script src='../support/logTest.sub.js?logs=["xhr blocked","TEST COMPLETE"]'></script>
<script src='../support/alertAssert.sub.js?alerts=[]'></script>
</head>
<body>
<p>This test loads a shared worker, delivered with its own
policy. The worker should be blocked from making an XHR
as that policy specifies a connect-src 'none', though
this resource's policy is connect-src *. No report
should be sent since the worker's policy doesn't specify
a report-uri.</p>
<script>
window.addEventListener('securitypolicyviolation', function(e) {
log("Fail");
});
if(typeof SharedWorker != 'function') {
t_log.set_status(t_log.NOTRUN, "No SharedWorker, cannot run test.");
t_log.phase = t_log.phases.HAS_RESULT;
t_log.done();
} else {
try {
var worker = new SharedWorker('/content-security-policy/connect-src/support/shared-worker-make-xhr-blocked.sub.js');
worker.port.onmessage = function(event) {
log(event.data);
};
} catch (e) {
log(e);
}
}
</script>
<div id="log"></div>
</body>
</html>

23
tests/wpt/web-platform-tests/content-security-policy/connect-src/support/shared-worker-make-xhr-allowed.sub.js Normal file
View file

@ -0,0 +1,23 @@
onconnect = function (event) {
var port = event.ports[0];
var xhr = new XMLHttpRequest;
xhr.onerror = function () {
port.postMessage("xhr blocked");
port.postMessage("TEST COMPLETE");
};
xhr.onload = function () {
if (xhr.responseText == "FAIL") {
port.postMessage("xhr allowed");
} else {
port.postMessage("xhr blocked");
}
port.postMessage("TEST COMPLETE");
};
try {
xhr.open("GET", "http://{{domains[www1]}}:{{ports[http][0]}}/content-security-policy/support/fail.asis", true);
xhr.send();
} catch (e) {
port.postMessage("xhr blocked");
port.postMessage("TEST COMPLETE");
}
}

23
tests/wpt/web-platform-tests/content-security-policy/connect-src/support/shared-worker-make-xhr-blocked.sub.js Normal file
View file

@ -0,0 +1,23 @@
onconnect = function (event) {
var port = event.ports[0];
var xhr = new XMLHttpRequest;
xhr.onerror = function () {
port.postMessage("xhr blocked");
port.postMessage("TEST COMPLETE");
};
xhr.onload = function () {
if (xhr.responseText == "FAIL") {
port.postMessage("xhr allowed");
} else {
port.postMessage("xhr blocked");
}
port.postMessage("TEST COMPLETE");
};
try {
xhr.open("GET", "http://{{domains[www1]}}:{{ports[http][0]}}/content-security-policy/support/fail.asis", true);
xhr.send();
} catch (e) {
port.postMessage("xhr blocked");
port.postMessage("TEST COMPLETE");
}
}

1
tests/wpt/web-platform-tests/content-security-policy/connect-src/support/shared-worker-make-xhr-blocked.sub.js.sub.headers Normal file
View file

@ -0,0 +1 @@
Content-Security-Policy: connect-src 'none'

21
tests/wpt/web-platform-tests/content-security-policy/connect-src/support/worker-make-xhr-blocked.sub.js Normal file
View file

@ -0,0 +1,21 @@
var xhr = new XMLHttpRequest;
xhr.onerror = function () {
postMessage("xhr blocked");
postMessage("TEST COMPLETE");
};
xhr.onload = function () {
//cons/**/ole.log(xhr.responseText);
if (xhr.responseText == "FAIL") {
postMessage("xhr allowed");
} else {
postMessage("xhr blocked");
}
postMessage("TEST COMPLETE");
};
try {
xhr.open("GET", "/common/redirect.py?location=http://www1.{{host}}:{{ports[http][0]}}/content-security-policy/support/fail.asis", true);
xhr.send();
} catch (e) {
postMessage("xhr blocked");
postMessage("TEST COMPLETE");
}

1
tests/wpt/web-platform-tests/content-security-policy/connect-src/support/worker-make-xhr-blocked.sub.js.sub.headers Normal file
View file

@ -0,0 +1 @@
Content-Security-Policy: connect-src 'none'

21
tests/wpt/web-platform-tests/content-security-policy/connect-src/support/worker-make-xhr.sub.js Normal file
View file

@ -0,0 +1,21 @@
var xhr = new XMLHttpRequest;
xhr.onerror = function () {
postMessage("xhr blocked");
postMessage("TEST COMPLETE");
};
xhr.onload = function () {
//cons/**/ole.log(xhr.responseText);
if (xhr.responseText == "FAIL") {
postMessage("xhr allowed");
} else {
postMessage("xhr blocked");
}
postMessage("TEST COMPLETE");
};
try {
xhr.open("GET", "/common/redirect.py?location=http://{{host}}:{{ports[http][0]}}/content-security-policy/support/fail.asis", true);
xhr.send();
} catch (e) {
postMessage("xhr blocked");
postMessage("TEST COMPLETE");
}

34
tests/wpt/web-platform-tests/content-security-policy/connect-src/worker-connect-src-allowed.sub.html Normal file
View file

@ -0,0 +1,34 @@
<!DOCTYPE html>
<html>
<head>
<!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.-->
<meta http-equiv="Content-Security-Policy" content="connect-src 'self'; script-src 'self' 'unsafe-inline';">
<title>worker-connect-src-allowed</title>
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
<script src='../support/logTest.sub.js?logs=["xhr allowed"]'></script>
<script src='../support/alertAssert.sub.js?alerts=[]'></script>
</head>
<body>
<script>
window.addEventListener('securitypolicyviolation', function(e) {
log('Fail');
});
try {
var worker = new Worker('/content-security-policy/connect-src/support/worker-make-xhr.sub.js');
worker.onmessage = function(event) {
log(event.data);
};
} catch (e) {
log(e);
}
</script>
<div id="log"></div>
</body>
</html>

38
tests/wpt/web-platform-tests/content-security-policy/connect-src/worker-connect-src-blocked.sub.html Normal file
View file

@ -0,0 +1,38 @@
<!DOCTYPE html>
<html>
<head>
<!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.-->
<meta http-equiv="Content-Security-Policy" content="connect-src *; script-src 'self' 'unsafe-inline';">
<title>worker-connect-src-blocked</title>
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
<script src='../support/logTest.sub.js?logs=["xhr blocked","TEST COMPLETE"]'></script>
<script src='../support/alertAssert.sub.js?alerts=[]'></script>
</head>
<p>This test loads a worker, which is delivered with its own
policy. The worker should be blocked from making an XHR
as that policy specifies a connect-src 'none', though
this resource's policy is connect-src *. No report
should be sent since the worker's policy doesn't specify
a report-uri.</p>
<body>
<script>
window.addEventListener('securitypolicyviolation', function(e) {
log('Fail');
});
try {
var worker = new Worker('/content-security-policy/connect-src/support/worker-make-xhr-blocked.sub.js');
worker.onmessage = function(event) {
log(event.data);
};
} catch (e) {
log(e);
}
</script>
<div id="log"></div>
</body>
</html>

64
tests/wpt/web-platform-tests/content-security-policy/connect-src/worker-from-guid.sub.html Normal file
View file

@ -0,0 +1,64 @@
<!DOCTYPE html>
<html>
<head>
<!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.-->
<meta http-equiv="Content-Security-Policy" content="connect-src 'self'; script-src 'self' 'unsafe-inline' blob:;">
<title>worker-connect-src-blocked</title>
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
<script src='../support/logTest.sub.js?logs=["violated-directive=connect-src","xhr blocked","TEST COMPLETE"]'></script>
<script src='../support/alertAssert.sub.js?alerts=[]'></script>
</head>
<p>This test loads a worker, from a guid.
The worker should be blocked from making an XHR
to www1 as this resource's policy is connect-src 'self
and a guid Worker should inherit is parent's policy.
A report should be sent to the report-uri specified
with this resource.</p>
<body>
<script>
window.addEventListener('securitypolicyviolation', function(e) {
log("violated-directive=" + e.violatedDirective);
});
try {
var blob = new Blob([
"var xhr = new XMLHttpRequest;" +
"xhr.onerror = function () {" +
" postMessage('xhr blocked');" +
" postMessage('TEST COMPLETE');" +
"};" +
"xhr.onload = function () {" +
" if (xhr.responseText == 'FAIL') {" +
" postMessage('xhr allowed');" +
" } else {" +
" postMessage('xhr blocked');" +
" }" +
" postMessage('TEST COMPLETE');" +
"};" +
"try { " +
" xhr.open(" +
" 'GET'," +
" 'http:///content-security-policy/support/fail.asis'," +
" true" +
" );" +
" xhr.send();" +
"} catch (e) {" +
" postMessage('xhr blocked');" +
" postMessage('TEST COMPLETE');" +
"}"],
{type : 'application/javascript'});
var url = URL.createObjectURL(blob);
var worker = new Worker(url);
worker.onmessage = function(event) {
log(event.data);
};
} catch (e) {
log(e);
}
</script>
<div id="log"></div>
</body>
</html>