LayoutTests/http/tests/security/contentSecurityPolicy/worker-without-own-csp.html - WebKit - Git at Google

 <!DOCTYPE html>
 <html>
 <head>
   <meta http-equiv="Content-Security-Policy" content="connect-src 'none'"/>
   <script src="/js-test-resources/testharness.js"></script>
   <script src="/js-test-resources/testharnessreport.js"></script>
 </head>
 <body>
   <script>
   // If the worker does not get served with a CSP header, than it should
   // have no CSP, not the CSP of the responsible document.

   async_test(function () {
       var worker = new Worker('http://127.0.0.1:8000/security/contentSecurityPolicy/resources/worker.py?type=make-xhr');
       worker.onmessage = this.step_func(function (event) {
           assert_equals(event.data, "xhr allowed");
           this.done();
       });
   }, "Worker should not inherit document's CSP");
   </script>
 </body>
 </html>
	<!DOCTYPE html>
	<html>
	<head>
	<meta http-equiv="Content-Security-Policy" content="connect-src 'none'"/>
	<script src="/js-test-resources/testharness.js"></script>
	<script src="/js-test-resources/testharnessreport.js"></script>
	</head>
	<body>
	<script>
	// If the worker does not get served with a CSP header, than it should
	// have no CSP, not the CSP of the responsible document.

	async_test(function () {
	var worker = new Worker('http://127.0.0.1:8000/security/contentSecurityPolicy/resources/worker.py?type=make-xhr');
	worker.onmessage = this.step_func(function (event) {
	assert_equals(event.data, "xhr allowed");
	this.done();
	});
	}, "Worker should not inherit document's CSP");
	</script>
	</body>
	</html>