File: csp-blockes-bundle.https.tentative.html

package info (click to toggle)
firefox 142.0.1-1
  • links: PTS, VCS
  • area: main
  • in suites: sid
  • size: 4,591,884 kB
  • sloc: cpp: 7,451,570; javascript: 6,392,463; ansic: 3,712,584; python: 1,388,569; xml: 629,223; asm: 426,919; java: 184,857; sh: 63,439; makefile: 19,150; objc: 13,059; perl: 12,983; yacc: 4,583; cs: 3,846; pascal: 3,352; lex: 1,720; ruby: 1,003; exp: 762; php: 436; lisp: 258; awk: 247; sql: 66; sed: 53; csh: 10
file content (66 lines) | stat: -rw-r--r-- 2,359 bytes parent folder | download | duplicates (15) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
 
<!DOCTYPE html>
<title>CSP blocks WebBundle</title>
<link
  rel="help"
  href="https://github.com/WICG/webpackage/blob/main/explainers/subresource-loading.md"
/>
<meta
  http-equiv="Content-Security-Policy"
  content="
    default-src
      https://web-platform.test:8444/web-bundle/resources/wbn/relative-url-file.js
      https://web-platform.test:8444/resources/testharness.js
      https://web-platform.test:8444/resources/testharnessreport.js
      https://web-platform.test:8444/web-bundle/resources/test-helpers.js
      'unsafe-inline';
    img-src
      https://web-platform.test:8444/web-bundle/resources/wbn/pass.png;"
/>
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
<script src="../resources/test-helpers.js"></script>
<body>
  <script>
    // This bundle should be blocked because its URL is not listed in CSP directive.
    const bundle_url =
      "https://web-platform.test:8444/web-bundle/resources/wbn/relative-url.wbn";

    const subresource_url =
      "https://web-platform.test:8444/web-bundle/resources/wbn/relative-url-file.js";

    promise_test(() => {
      // if a WebBundle is blocked by CSP,
      // - A request for the WebBundle should fail.
      // - A subresource request associated with the bundle should fail.
      // - A window.load should be fired. In other words, any request shouldn't remain
      //   pending forever.

      const window_load = new Promise((resolve) => {
        window.addEventListener("load", () => {
          resolve();
        });
      });

      const script_webbundle = createWebBundleElement(bundle_url, [
        subresource_url,
      ]);
      const webbundle_error = new Promise((resolve) => {
        script_webbundle.addEventListener("error", () => {
          resolve();
        });
      });
      document.body.appendChild(script_webbundle);

      const script_js = document.createElement("script");
      script_js.src = subresource_url;
      const script_js_error = new Promise((resolve) => {
        script_js.addEventListener("error", () => {
          resolve();
        });
      });
      document.body.appendChild(script_js);

      return Promise.all([window_load, webbundle_error, script_js_error]);
    }, "WebBundle and subresource loadings should fail when CSP blocks a WebBundle");
  </script>
</body>