33 lines
1010 B
HTML
33 lines
1010 B
HTML
<!DOCTYPE html>
|
|
<html>
|
|
<head>
|
|
<meta http-equiv="Content-Security-Policy" content="script-src 'unsafe-inline'; connect-src 'none'">
|
|
<script>
|
|
if (window.testRunner) {
|
|
testRunner.dumpAsText();
|
|
testRunner.waitUntilDone();
|
|
}
|
|
</script>
|
|
</head>
|
|
<body>
|
|
<p>This tests that the Content Security Policy (CSP) of the owner document (this page) blocks a file-URL Web Worker from making an XHR request because the parent's CSP contains "connect-src 'none'"</p>
|
|
<pre id="result"></pre>
|
|
<script>
|
|
window.onmessage = function (event)
|
|
{
|
|
document.getElementById("result").textContent = event.data;
|
|
if (window.testRunner)
|
|
testRunner.notifyDone();
|
|
}
|
|
|
|
var worker;
|
|
try {
|
|
worker = new Worker("resources/worker-inherits-blocks-xhr.js");
|
|
worker.onmessage = function (event) { window.postMessage(event.data, "*") };
|
|
} catch (exception) {
|
|
window.postMessage("FAIL should not have thrown an exception when creating worker. Threw exception " + exception + ".", "*");
|
|
}
|
|
</script>
|
|
</body>
|
|
</html>
|