The Tor Browser: comparison content/base/test/csp/file_CSP_bug802872.js

comparison: content/base/test/csp/file_CSP_bug802872.js

content/base/test/csp/file_CSP_bug802872.js

branch: TOR_BUG_9701
changeset 8: 97036ab72558

equal deleted inserted replaced

--1:000000000000
+:8aaf197256d9
+/*
+*   The policy for this test is:
+*   Content-Security-Policy: default-src 'self'
+*/
+function createAllowedEvent() {
+/*
+* Creates a new EventSource using 'http://mochi.test:8888'. Since all mochitests run on
+* 'http://mochi.test', a default-src of 'self' allows this request.
+*/
+var src_event = new EventSource("http://mochi.test:8888/tests/content/base/test/csp/file_CSP_bug802872.sjs");
+src_event.onmessage = function(e) {
+src_event.close();
+parent.dispatchEvent(new Event('allowedEventSrcCallbackOK'));
+}
+src_event.onerror = function(e) {
+src_event.close();
+parent.dispatchEvent(new Event('allowedEventSrcCallbackFailed'));
+}
+}
+function createBlockedEvent() {
+/*
+* creates a new EventSource using 'http://example.com'. This domain is not whitelisted by the
+* CSP of this page, therefore the CSP blocks this request.
+*/
+var src_event = new EventSource("http://example.com/tests/content/base/test/csp/file_CSP_bug802872.sjs");
+src_event.onmessage = function(e) {
+src_event.close();
+parent.dispatchEvent(new Event('blockedEventSrcCallbackOK'));
+}
+src_event.onerror = function(e) {
+src_event.close();
+parent.dispatchEvent(new Event('blockedEventSrcCallbackFailed'));
+}
+}
+addLoadEvent(createAllowedEvent);
+addLoadEvent(createBlockedEvent);