Add CSP related WPT tests for Sync XHR

I copied three connect-src-xmlhttprequest-* test files to connect-src-syncxmlhttprequest-*, and changed the tests to use sync XHR by setting the third argument of open() to false. Change-Id: I07222d901de6a34ebfb11838e7cf0923c50216bd Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4837957 Reviewed-by: Kenichi Ishibashi <[email protected]> Commit-Queue: Tsuyoshi Horo <[email protected]> Cr-Commit-Position: refs/heads/main@{#1191943}
web-platform-tests · Sep 4, 2023 · 7a7b4f8 · 7a7b4f8
1 parent 92313a3
commit 7a7b4f8
Show file tree

Hide file tree

Showing 4 changed files with 112 additions and 1 deletion.
diff --git a/content-security-policy/connect-src/connect-src-syncxmlhttprequest-allowed.sub.html b/content-security-policy/connect-src/connect-src-syncxmlhttprequest-allowed.sub.html
@@ -0,0 +1,32 @@
+<!DOCTYPE html>
+<html>
+
+<head>
+    <!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.-->
+    <meta http-equiv="Content-Security-Policy" content="connect-src 'self' http://{{host}}:{{ports[http][0]}}; script-src 'self' 'unsafe-inline';">
+    <title>connect-src-syncxmlhttprequest-allowed</title>
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src='../support/logTest.sub.js?logs=["Pass"]'></script>
+    <script src="../support/alertAssert.sub.js?alerts=[]"></script>
+</head>
+
+<body>
+    <script>
+        window.addEventListener('securitypolicyviolation', function(e) {
+            log("Fail");
+        });
+
+        try {
+            var xhr = new XMLHttpRequest;
+            xhr.open("GET", "http://{{host}}:{{ports[http][0]}}/xmlhttprequest/resources/get.txt", false);
+            log("Pass");
+        } catch (e) {
+            log("Fail");
+        }
+
+    </script>
+    <div id="log"></div>
+</body>
+
+</html>
diff --git a/content-security-policy/connect-src/connect-src-syncxmlhttprequest-blocked.sub.html b/content-security-policy/connect-src/connect-src-syncxmlhttprequest-blocked.sub.html
@@ -0,0 +1,38 @@
+<!DOCTYPE html>
+<html>
+
+<head>
+    <!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.-->
+    <meta http-equiv="Content-Security-Policy" content="connect-src 'self'; script-src 'self' 'unsafe-inline';">
+    <title>connect-src-syncxmlhttprequest-blocked</title>
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src='../support/logTest.sub.js?logs=["Pass","violated-directive=connect-src"]'></script>
+    <script src="../support/alertAssert.sub.js?alerts=[]"></script>
+</head>
+
+<body>
+    <script>
+        window.addEventListener('securitypolicyviolation', function(e) {
+            log("violated-directive=" + e.violatedDirective);
+        });
+
+        try {
+            var xhr = new XMLHttpRequest;
+            xhr.open("GET", "http://www1.{{host}}:{{ports[http][0]}}/content-security-policy/support/fail.png", false);
+            xhr.send();
+            xhr.onload = function() {
+                log("Fail");
+            }
+            xhr.onerror = function() {
+                log("Pass");
+            }
+        } catch (e) {
+            log("Pass");
+        }
+
+    </script>
+    <div id="log"></div>
+</body>
+
+</html>
diff --git a/...t-security-policy/connect-src/connect-src-syncxmlhttprequest-redirect-to-blocked.sub.html b/...t-security-policy/connect-src/connect-src-syncxmlhttprequest-redirect-to-blocked.sub.html
@@ -0,0 +1,42 @@
+<!DOCTYPE html>
+<html>
+
+<head>
+    <!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.-->
+    <meta http-equiv="Content-Security-Policy" content="connect-src 'self'; script-src 'self' 'unsafe-inline';">
+    <title>connect-src-syncxmlhttprequest-redirect-to-blocked</title>
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src='../support/logTest.sub.js?logs=["PASS Sync XMLHttpRequest.send() did not follow the disallowed redirect.","TEST COMPLETE","violated-directive=connect-src"]'></script>
+    <script src="../support/alertAssert.sub.js?alerts=[]"></script>
+    <script id="inject_here"></script>
+</head>
+
+<body>
+    <script>
+        window.addEventListener('securitypolicyviolation', function(e) {
+            log("violated-directive=" + e.violatedDirective);
+        });
+
+        var xhr = new XMLHttpRequest;
+        try {
+            xhr.open("GET", "/common/redirect.py?location=http://www1.{{host}}:{{ports[http][0]}}/content-security-policy/support/fail.asis", false);
+        } catch (e) {
+            log("FAIL " + "Sync XMLHttpRequest.open() should not throw an exception.");
+        }
+        xhr.onload = function() {
+            log("FAIL " + "Sync XMLHttpRequest.send() should fail to follow the disallowed redirect.");
+            log("TEST COMPLETE");
+        };
+        try {
+            xhr.send();
+        } catch (e) {
+            log("PASS " + "Sync XMLHttpRequest.send() did not follow the disallowed redirect.");
+            log("TEST COMPLETE");
+        }
+
+    </script>
+    <div id="log"></div>
+</body>
+
+</html>
diff --git a/content-security-policy/connect-src/connect-src-xmlhttprequest-redirect-to-blocked.sub.html b/content-security-policy/connect-src/connect-src-xmlhttprequest-redirect-to-blocked.sub.html
@@ -25,7 +25,6 @@
             log("FAIL " + "XMLHttpRequest.open() should not throw an exception.");
         }
         xhr.onload = function() {
-            //cons/**/ole.log(xhr.responseText);
             if(xhr.responseText == "FAIL") {
                 log("FAIL " + "XMLHttpRequest.send() should fail to follow the disallowed redirect.");
             } else {