diff options
Diffstat (limited to 'dom/security/test/csp/file_bug802872.js')
-rw-r--r-- | dom/security/test/csp/file_bug802872.js | 43 |
1 files changed, 43 insertions, 0 deletions
diff --git a/dom/security/test/csp/file_bug802872.js b/dom/security/test/csp/file_bug802872.js new file mode 100644 index 000000000..5df8086cc --- /dev/null +++ b/dom/security/test/csp/file_bug802872.js @@ -0,0 +1,43 @@ +/* + * The policy for this test is: + * Content-Security-Policy: default-src 'self' + */ + +function createAllowedEvent() { + /* + * Creates a new EventSource using 'http://mochi.test:8888'. Since all mochitests run on + * 'http://mochi.test', a default-src of 'self' allows this request. + */ + var src_event = new EventSource("http://mochi.test:8888/tests/dom/security/test/csp/file_bug802872.sjs"); + + src_event.onmessage = function(e) { + src_event.close(); + parent.dispatchEvent(new Event('allowedEventSrcCallbackOK')); + } + + src_event.onerror = function(e) { + src_event.close(); + parent.dispatchEvent(new Event('allowedEventSrcCallbackFailed')); + } +} + +function createBlockedEvent() { + /* + * creates a new EventSource using 'http://example.com'. This domain is not whitelisted by the + * CSP of this page, therefore the CSP blocks this request. + */ + var src_event = new EventSource("http://example.com/tests/dom/security/test/csp/file_bug802872.sjs"); + + src_event.onmessage = function(e) { + src_event.close(); + parent.dispatchEvent(new Event('blockedEventSrcCallbackOK')); + } + + src_event.onerror = function(e) { + src_event.close(); + parent.dispatchEvent(new Event('blockedEventSrcCallbackFailed')); + } +} + +addLoadEvent(createAllowedEvent); +addLoadEvent(createBlockedEvent); |