| // META: script=/service-workers/service-worker/resources/test-helpers.sub.js |
| // META: script=resources/utils.js |
| 'use strict'; |
| |
| // Tests that requests blocked by Content Security Policy are rejected. |
| // https://w3c.github.io/webappsec-csp/#should-block-request |
| |
| // This is not a comprehensive test of Content Security Policy - it is just |
| // intended to check that CSP checks are enabled. |
| |
| var meta = document.createElement('meta'); |
| meta.setAttribute('http-equiv', 'Content-Security-Policy'); |
| meta.setAttribute('content', "connect-src 'none'"); |
| document.head.appendChild(meta); |
| |
| backgroundFetchTest((t, bgFetch) => { |
| return promise_rejects_js( |
| t, TypeError, |
| bgFetch.fetch(uniqueId(), 'https://example.com')); |
| }, 'fetch blocked by CSP should reject'); |