blob: 7a98b5f6b9a8ea97b3f0c88c52ade01e777ff31a [file] [log] [blame]
<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Security-Policy" content="script-src 'unsafe-inline'; connect-src 'none'">
<script>
if (window.testRunner) {
testRunner.dumpAsText();
testRunner.waitUntilDone();
}
</script>
</head>
<body>
<p>This tests that the Content Security Policy (CSP) of the owner document (this page) blocks a file-URL Web Worker from making an XHR request because the parent's CSP contains &quot;connect-src 'none'&quot;</p>
<pre id="result"></pre>
<script>
window.onmessage = function (event)
{
document.getElementById("result").textContent = event.data;
if (window.testRunner)
testRunner.notifyDone();
}
var worker;
try {
worker = new Worker("resources/worker-inherits-blocks-xhr.js");
worker.onmessage = function (event) { window.postMessage(event.data, "*") };
} catch (exception) {
window.postMessage("FAIL should not have thrown an exception when creating worker. Threw exception " + exception + ".", "*");
}
</script>
</body>
</html>