LayoutTests/imported/w3c/web-platform-tests/content-security-policy/media-src/media-src-redir-bug.sub.html - WebKit - Git at Google

 <!DOCTYPE HTML>
 <html>
 <head>
     <title>Video element src attribute must match src list - positive test</title>
     <meta http-equiv="Content-Security-Policy" content="script-src * 'unsafe-inline'; media-src http://{{domains[www2]}}:{{ports[http][0]}}/ 'self'; connect-src 'self';">
     <script src='/resources/testharness.js'></script>
     <script src='/resources/testharnessreport.js'></script>
 </head>
 <body>
     <h1>Video element in media-src list - redirect test</h1>
     <div id='log'></div>

   <p>This test tests a buggy interaction in Chrome 46.  Two hosts (self and www2) are both allowed
     as media-src, but only one (self) is allowed for connect-src.  If a video src starts on
     an allowed host (self), and is redirected to another allowed media-src host, it should succeed. But a bug
     causes the redirect to be done in a fetch context to which connect-src is being applied instead, so
     the load is blocked. (This test passes in Firefox 45, modulo an event listener not firing.)</p>

   <script>
     var src_test = async_test("In-policy async video src");
     var src_redir_test = async_test("in-policy async video src w/redir")
     var source_test = async_test("In-policy async video source element");
     var source_redir_test = async_test("In-policy async video source element w/redir");

     var t_spv = async_test("Should not fire policy violation events");
     var test_count = 4;
     window.addEventListener("securitypolicyviolation", t_spv.unreached_func("Should not have fired any event"));

     function media_loaded(t) {
       t.done();
       if (--test_count <= 0) {
         t_spv.done();
       }
     }

     function media_error_handler(t) {
       t.step( function () {
           assert_unreached("Media error handler shouldn't be triggered for allowed domain.");
       });
       t.done();
     }
   </script>

     <video id="videoObject" width="320" height="240" controls
            onloadeddata="media_loaded(source_test)">
         <source id="videoSourceObject"
                 type="video/ogg"
                 onerror="media_error_handler(source_test)"
                 src="http://{{domains[www2]}}:{{ports[http][0]}}/media/A4.ogv">
     </video>

     <video id="videoObject2" width="320" height="240" controls
            onerror="media_error_handler(src_test)"
            onloadeddata="media_loaded(src_test)"
            src="http://{{domains[www2]}}:{{ports[http][0]}}/media/A4.ogv">

     <video id="videoObject3" width="320" height="240" controls
            onloadeddata="media_loaded(source_redir_test)">
         <source id="videoSourceObject"
                 type="video/ogg"
                 onerror="media_error_handler(source_test)"
                 src="/common/redirect.py?location=http://{{domains[www2]}}:{{ports[http][0]}}/media/A4.ogv">
     </video>

     <video id="videoObject2" width="320" height="240" controls
            onerror="media_error_handler(src_redir_test)"
            onloadeddata="media_loaded(src_redir_test)"
            src="/common/redirect.py?location=http://{{domains[www2]}}:{{ports[http][0]}}/media/A4.ogv">

 </body>
 </html>
	<!DOCTYPE HTML>
	<html>
	<head>
	<title>Video element src attribute must match src list - positive test</title>
	<meta http-equiv="Content-Security-Policy" content="script-src * 'unsafe-inline'; media-src http://{{domains[www2]}}:{{ports[http][0]}}/ 'self'; connect-src 'self';">
	<script src='/resources/testharness.js'></script>
	<script src='/resources/testharnessreport.js'></script>
	</head>
	<body>
	<h1>Video element in media-src list - redirect test</h1>
	<div id='log'></div>

	<p>This test tests a buggy interaction in Chrome 46. Two hosts (self and www2) are both allowed
	as media-src, but only one (self) is allowed for connect-src. If a video src starts on
	an allowed host (self), and is redirected to another allowed media-src host, it should succeed. But a bug
	causes the redirect to be done in a fetch context to which connect-src is being applied instead, so
	the load is blocked. (This test passes in Firefox 45, modulo an event listener not firing.)</p>

	<script>
	var src_test = async_test("In-policy async video src");
	var src_redir_test = async_test("in-policy async video src w/redir")
	var source_test = async_test("In-policy async video source element");
	var source_redir_test = async_test("In-policy async video source element w/redir");

	var t_spv = async_test("Should not fire policy violation events");
	var test_count = 4;
	window.addEventListener("securitypolicyviolation", t_spv.unreached_func("Should not have fired any event"));

	function media_loaded(t) {
	t.done();
	if (--test_count <= 0) {
	t_spv.done();
	}
	}

	function media_error_handler(t) {
	t.step( function () {
	assert_unreached("Media error handler shouldn't be triggered for allowed domain.");
	});
	t.done();
	}
	</script>

	<video id="videoObject" width="320" height="240" controls
	onloadeddata="media_loaded(source_test)">
	<source id="videoSourceObject"
	type="video/ogg"
	onerror="media_error_handler(source_test)"
	src="http://{{domains[www2]}}:{{ports[http][0]}}/media/A4.ogv">
	</video>

	<video id="videoObject2" width="320" height="240" controls
	onerror="media_error_handler(src_test)"
	onloadeddata="media_loaded(src_test)"
	src="http://{{domains[www2]}}:{{ports[http][0]}}/media/A4.ogv">

	<video id="videoObject3" width="320" height="240" controls
	onloadeddata="media_loaded(source_redir_test)">
	<source id="videoSourceObject"
	type="video/ogg"
	onerror="media_error_handler(source_test)"
	src="/common/redirect.py?location=http://{{domains[www2]}}:{{ports[http][0]}}/media/A4.ogv">
	</video>

	<video id="videoObject2" width="320" height="240" controls
	onerror="media_error_handler(src_redir_test)"
	onloadeddata="media_loaded(src_redir_test)"
	src="/common/redirect.py?location=http://{{domains[www2]}}:{{ports[http][0]}}/media/A4.ogv">

	</body>
	</html>