-
Notifications
You must be signed in to change notification settings - Fork 3.1k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add CSP related WPT tests for Sync XHR
I copied three connect-src-xmlhttprequest-* test files to connect-src-syncxmlhttprequest-*, and changed the tests to use sync XHR by setting the third argument of open() to false. Change-Id: I07222d901de6a34ebfb11838e7cf0923c50216bd Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4837957 Reviewed-by: Kenichi Ishibashi <[email protected]> Commit-Queue: Tsuyoshi Horo <[email protected]> Cr-Commit-Position: refs/heads/main@{#1191943}
- Loading branch information
1 parent
92313a3
commit 7a7b4f8
Showing
4 changed files
with
112 additions
and
1 deletion.
There are no files selected for viewing
32 changes: 32 additions & 0 deletions
32
content-security-policy/connect-src/connect-src-syncxmlhttprequest-allowed.sub.html
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,32 @@ | ||
<!DOCTYPE html> | ||
<html> | ||
|
||
<head> | ||
<!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.--> | ||
<meta http-equiv="Content-Security-Policy" content="connect-src 'self' http://{{host}}:{{ports[http][0]}}; script-src 'self' 'unsafe-inline';"> | ||
<title>connect-src-syncxmlhttprequest-allowed</title> | ||
<script src="/resources/testharness.js"></script> | ||
<script src="/resources/testharnessreport.js"></script> | ||
<script src='../support/logTest.sub.js?logs=["Pass"]'></script> | ||
<script src="../support/alertAssert.sub.js?alerts=[]"></script> | ||
</head> | ||
|
||
<body> | ||
<script> | ||
window.addEventListener('securitypolicyviolation', function(e) { | ||
log("Fail"); | ||
}); | ||
|
||
try { | ||
var xhr = new XMLHttpRequest; | ||
xhr.open("GET", "http://{{host}}:{{ports[http][0]}}/xmlhttprequest/resources/get.txt", false); | ||
log("Pass"); | ||
} catch (e) { | ||
log("Fail"); | ||
} | ||
|
||
</script> | ||
<div id="log"></div> | ||
</body> | ||
|
||
</html> |
38 changes: 38 additions & 0 deletions
38
content-security-policy/connect-src/connect-src-syncxmlhttprequest-blocked.sub.html
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,38 @@ | ||
<!DOCTYPE html> | ||
<html> | ||
|
||
<head> | ||
<!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.--> | ||
<meta http-equiv="Content-Security-Policy" content="connect-src 'self'; script-src 'self' 'unsafe-inline';"> | ||
<title>connect-src-syncxmlhttprequest-blocked</title> | ||
<script src="/resources/testharness.js"></script> | ||
<script src="/resources/testharnessreport.js"></script> | ||
<script src='../support/logTest.sub.js?logs=["Pass","violated-directive=connect-src"]'></script> | ||
<script src="../support/alertAssert.sub.js?alerts=[]"></script> | ||
</head> | ||
|
||
<body> | ||
<script> | ||
window.addEventListener('securitypolicyviolation', function(e) { | ||
log("violated-directive=" + e.violatedDirective); | ||
}); | ||
|
||
try { | ||
var xhr = new XMLHttpRequest; | ||
xhr.open("GET", "http://www1.{{host}}:{{ports[http][0]}}/content-security-policy/support/fail.png", false); | ||
xhr.send(); | ||
xhr.onload = function() { | ||
log("Fail"); | ||
} | ||
xhr.onerror = function() { | ||
log("Pass"); | ||
} | ||
} catch (e) { | ||
log("Pass"); | ||
} | ||
|
||
</script> | ||
<div id="log"></div> | ||
</body> | ||
|
||
</html> |
42 changes: 42 additions & 0 deletions
42
...t-security-policy/connect-src/connect-src-syncxmlhttprequest-redirect-to-blocked.sub.html
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,42 @@ | ||
<!DOCTYPE html> | ||
<html> | ||
|
||
<head> | ||
<!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.--> | ||
<meta http-equiv="Content-Security-Policy" content="connect-src 'self'; script-src 'self' 'unsafe-inline';"> | ||
<title>connect-src-syncxmlhttprequest-redirect-to-blocked</title> | ||
<script src="/resources/testharness.js"></script> | ||
<script src="/resources/testharnessreport.js"></script> | ||
<script src='../support/logTest.sub.js?logs=["PASS Sync XMLHttpRequest.send() did not follow the disallowed redirect.","TEST COMPLETE","violated-directive=connect-src"]'></script> | ||
<script src="../support/alertAssert.sub.js?alerts=[]"></script> | ||
<script id="inject_here"></script> | ||
</head> | ||
|
||
<body> | ||
<script> | ||
window.addEventListener('securitypolicyviolation', function(e) { | ||
log("violated-directive=" + e.violatedDirective); | ||
}); | ||
|
||
var xhr = new XMLHttpRequest; | ||
try { | ||
xhr.open("GET", "/common/redirect.py?location=http://www1.{{host}}:{{ports[http][0]}}/content-security-policy/support/fail.asis", false); | ||
} catch (e) { | ||
log("FAIL " + "Sync XMLHttpRequest.open() should not throw an exception."); | ||
} | ||
xhr.onload = function() { | ||
log("FAIL " + "Sync XMLHttpRequest.send() should fail to follow the disallowed redirect."); | ||
log("TEST COMPLETE"); | ||
}; | ||
try { | ||
xhr.send(); | ||
} catch (e) { | ||
log("PASS " + "Sync XMLHttpRequest.send() did not follow the disallowed redirect."); | ||
log("TEST COMPLETE"); | ||
} | ||
|
||
</script> | ||
<div id="log"></div> | ||
</body> | ||
|
||
</html> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters