1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
|
<!DOCTYPE html>
<html>
<head>
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
<script src="/common/utils.js"></script>
<script src="/common/get-host-info.sub.js"></script>
<script src="/content-security-policy/support/testharness-helper.js"></script>
<script src="/content-security-policy/support/prefetch-helper.js"></script>
<meta http-equiv="Content-Security-Policy" content="default-src 'none'; script-src 'self' 'unsafe-inline'; style-src 'unsafe-inline'; img-src http://{{domains[www2]}}:{{ports[http][0]}}"/>
<script>
const { OTHER_ORIGIN, REMOTE_ORIGIN } = get_host_info();
promise_test(async (t) => {
const url = new URL("/common/dummy.xml", location.href);
assert_true(await try_to_prefetch(url, t));
}, "Prefetch should succeed when restricted by default-src but allowed by " +
"other directive");
promise_test(async (t) => {
const url = new URL("/common/dummy.xml", REMOTE_ORIGIN);
assert_false(await try_to_prefetch(url, t));
}, "Prefetch should fail when restricted by default-src and different " +
"origin allowed by other directive");
promise_test(async (t) => {
const url = new URL("/common/dummy.xml", OTHER_ORIGIN);
assert_true(await try_to_prefetch(url, t));
}, "Prefetch should succeed when restricted by default-src but origin " +
"allowed by other directive");
</script>
</head>
<body></body>
</html>
|
