blob: 9d0a1399459e6d85b3f9e4b97af3bc17bf51e079 [file] [log] [blame]
<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Security-Policy" content="connect-src 'none'"/>
<script src="/js-test-resources/testharness.js"></script>
<script src="/js-test-resources/testharnessreport.js"></script>
</head>
<body>
<script>
// If the worker does not get served with a CSP header, than it should
// have no CSP, not the CSP of the responsible document.
async_test(function () {
var worker = new Worker('http://127.0.0.1:8000/security/contentSecurityPolicy/resources/worker.py?type=make-xhr');
worker.onmessage = this.step_func(function (event) {
assert_equals(event.data, "xhr allowed");
this.done();
});
}, "Worker should not inherit document's CSP");
</script>
</body>
</html>