diff options
author | janekptacijarabaci <janekptacijarabaci@seznam.cz> | 2017-08-25 10:38:52 +0200 |
---|---|---|
committer | wolfbeast <mcwerewolf@gmail.com> | 2018-02-22 11:30:29 +0100 |
commit | 896e23c20eba71bffa77cb0874b9b341e1b6c264 (patch) | |
tree | 1175498d423599b5cf56ce4788f3c64ab77b283b /dom/security/test/csp/file_websocket_explicit.html | |
parent | cdcfbde10dbcf0fab0630d5ee0146be45d7a6572 (diff) | |
download | UXP-896e23c20eba71bffa77cb0874b9b341e1b6c264.tar UXP-896e23c20eba71bffa77cb0874b9b341e1b6c264.tar.gz UXP-896e23c20eba71bffa77cb0874b9b341e1b6c264.tar.lz UXP-896e23c20eba71bffa77cb0874b9b341e1b6c264.tar.xz UXP-896e23c20eba71bffa77cb0874b9b341e1b6c264.zip |
CSP: connect-src 'self' should always include https: and wss: schemes
Diffstat (limited to 'dom/security/test/csp/file_websocket_explicit.html')
-rw-r--r-- | dom/security/test/csp/file_websocket_explicit.html | 31 |
1 files changed, 31 insertions, 0 deletions
diff --git a/dom/security/test/csp/file_websocket_explicit.html b/dom/security/test/csp/file_websocket_explicit.html new file mode 100644 index 000000000..51462ab74 --- /dev/null +++ b/dom/security/test/csp/file_websocket_explicit.html @@ -0,0 +1,31 @@ +<!DOCTYPE HTML>
+<html>
+<head>
+ <meta charset="utf-8">
+ <title>Bug 1345615: Allow websocket schemes when using 'self' in CSP</title>
+ <meta http-equiv="Content-Security-Policy" content="connect-src ws:">
+</head>
+<body>
+ <script type="application/javascript">
+ /* load socket using ws */
+ var wsSocket = new WebSocket("ws://example.com/tests/dom/security/test/csp/file_websocket_self");
+ wsSocket.onopen = function(e) {
+ window.parent.postMessage({result: "explicit-ws-loaded"}, "*");
+ wsSocket.close();
+ };
+ wsSocket.onerror = function(e) {
+ window.parent.postMessage({result: "explicit-ws-blocked"}, "*");
+ };
+
+ /* load socket using wss */
+ var wssSocket = new WebSocket("wss://example.com/tests/dom/security/test/csp/file_websocket_self");
+ wssSocket.onopen = function(e) {
+ window.parent.postMessage({result: "explicit-wss-loaded"}, "*");
+ wssSocket.close();
+ };
+ wssSocket.onerror = function(e) {
+ window.parent.postMessage({result: "explicit-wss-blocked"}, "*");
+ };
+ </script>
+</body>
+</html>
|