File: prefetch-header-blocked.html

package info (click to toggle)

firefox-esr 91.13.0esr-1~deb11u1

links: PTS, VCS
area: main
in suites: bullseye
size: 3,375,652 kB
sloc: cpp: 5,762,054; javascript: 5,481,714; ansic: 3,121,191; python: 851,492; asm: 331,172; xml: 178,949; java: 155,554; sh: 63,704; makefile: 20,127; perl: 12,825; yacc: 4,583; cs: 3,846; objc: 3,026; lex: 1,720; exp: 762; pascal: 635; php: 436; lisp: 260; awk: 231; ruby: 103; sed: 53; sql: 46; csh: 45

file content (37 lines) | stat: -rw-r--r-- 1,338 bytes

parent folder | download | duplicates (4)

<!DOCTYPE html>
<html>
<head>
  <!-- Headers:
    Content-Security-Policy: prefetch-src 'none'
    Link: </content-security-policy/support/fail.png>;rel=prefetch
  -->
  <script src='/resources/testharness.js'></script>
  <script src='/resources/testharnessreport.js'></script>
  <script src='/content-security-policy/support/testharness-helper.js'></script>
  <script src='/content-security-policy/support/prefetch-helper.js'></script>
  <script>
    async_test(t => {
      let url = window.origin + '/content-security-policy/support/fail.png';
      waitUntilCSPEventForURL(t, url)
        .then(t.step_func_done(e => {
          assert_equals(e.violatedDirective, 'prefetch-src');

          // This assert verifies both that the resource wasn't downloaded
          // when prefetched via `Link` on both this document itself, and
          // on the stylesheet subresource below.
          assert_resource_not_downloaded(t, url);
        }));

        // Load a stylesheet that tries to trigger a prefetch:
        let link = document.createElement('link');
        link.rel = 'stylesheet';
        link.href = '/content-security-policy/support/prefetch-subresource.css';
        document.head.appendChild(link);
    }, 'Prefetch via `Link` header blocked when allowed by prefetch-src');
  </script>
</head>
<body>
</body>
</html>