LayoutTests/http/tests/security/contentSecurityPolicy/worker-csp-blocks-xhr-redirect-cross-origin.html

<!DOCTYPE html>
<html>
<head>
<script>
if (window.testRunner) {
    testRunner.dumpAsText();
    testRunner.waitUntilDone();
}
</script>
</head>
<body>
<p>This tests an XHR request made from a worker is blocked if it redirects to a cross-origin resource that is not listed as a connect-src in the CSP of the worker.</p>
<pre id="result"></pre>
<script>
window.onmessage = function (event)
{
    document.getElementById("result").textContent = event.data;
    if (window.testRunner)
        testRunner.notifyDone();
}

var worker;
try {
    worker = new Worker("http://127.0.0.1:8000/security/contentSecurityPolicy/resources/worker-xhr-redirect-cross-origin-blocked.php?csp=" + encodeURIComponent("connect-src http://127.0.0.1:8000/security/contentSecurityPolicy/resources/redir.php"));
    worker.onmessage = function (event) { window.postMessage(event.data, "*") };
} catch (exception) {
    window.postMessage("FAIL should not have thrown an exception when creating worker. Threw exception " + exception + ".", "*");
}
</script>
</body>
</html>