summaryrefslogtreecommitdiffstats
path: root/dom/security/test/csp/file_websocket_explicit.html
diff options
context:
space:
mode:
authorjanekptacijarabaci <janekptacijarabaci@seznam.cz>2017-08-25 10:38:52 +0200
committerwolfbeast <mcwerewolf@gmail.com>2018-02-22 11:30:29 +0100
commit896e23c20eba71bffa77cb0874b9b341e1b6c264 (patch)
tree1175498d423599b5cf56ce4788f3c64ab77b283b /dom/security/test/csp/file_websocket_explicit.html
parentcdcfbde10dbcf0fab0630d5ee0146be45d7a6572 (diff)
downloadUXP-896e23c20eba71bffa77cb0874b9b341e1b6c264.tar
UXP-896e23c20eba71bffa77cb0874b9b341e1b6c264.tar.gz
UXP-896e23c20eba71bffa77cb0874b9b341e1b6c264.tar.lz
UXP-896e23c20eba71bffa77cb0874b9b341e1b6c264.tar.xz
UXP-896e23c20eba71bffa77cb0874b9b341e1b6c264.zip
CSP: connect-src 'self' should always include https: and wss: schemes
Diffstat (limited to 'dom/security/test/csp/file_websocket_explicit.html')
-rw-r--r--dom/security/test/csp/file_websocket_explicit.html31
1 files changed, 31 insertions, 0 deletions
diff --git a/dom/security/test/csp/file_websocket_explicit.html b/dom/security/test/csp/file_websocket_explicit.html
new file mode 100644
index 000000000..51462ab74
--- /dev/null
+++ b/dom/security/test/csp/file_websocket_explicit.html
@@ -0,0 +1,31 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+ <meta charset="utf-8">
+ <title>Bug 1345615: Allow websocket schemes when using 'self' in CSP</title>
+ <meta http-equiv="Content-Security-Policy" content="connect-src ws:">
+</head>
+<body>
+ <script type="application/javascript">
+ /* load socket using ws */
+ var wsSocket = new WebSocket("ws://example.com/tests/dom/security/test/csp/file_websocket_self");
+ wsSocket.onopen = function(e) {
+ window.parent.postMessage({result: "explicit-ws-loaded"}, "*");
+ wsSocket.close();
+ };
+ wsSocket.onerror = function(e) {
+ window.parent.postMessage({result: "explicit-ws-blocked"}, "*");
+ };
+
+ /* load socket using wss */
+ var wssSocket = new WebSocket("wss://example.com/tests/dom/security/test/csp/file_websocket_self");
+ wssSocket.onopen = function(e) {
+ window.parent.postMessage({result: "explicit-wss-loaded"}, "*");
+ wssSocket.close();
+ };
+ wssSocket.onerror = function(e) {
+ window.parent.postMessage({result: "explicit-wss-blocked"}, "*");
+ };
+ </script>
+</body>
+</html>