blob: 5f81202316a0dc4a7e5ec29f4cb74e76fb5c867c [file] [log] [blame]
<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Security-Policy" content="connect-src 'none'"/>
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
</head>
<body>
<script>
// If the worker does not get served with a CSP header, than it should
// have no CSP, not the CSP of the responsible document.
async_test(function () {
var worker = new Worker('http://127.0.0.1:8000/security/contentSecurityPolicy/resources/worker.php?type=make-xhr');
worker.onmessage = this.step_func(function (event) {
assert_equals("xhr allowed", event.data);
this.done();
});
}, "Worker should not inherit document's CSP");
async_test(function () {
var worker = new SharedWorker('http://127.0.0.1:8000/security/contentSecurityPolicy/resources/worker.php?type=shared-make-xhr');
worker.port.onmessage = this.step_func(function (event) {
assert_equals("xhr allowed", event.data);
this.done();
});
worker.port.start();
}, "Shared worker should not inherit document's CSP");
</script>
</body>
</html>