1.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000
1.2 +++ b/content/base/test/csp/file_CSP_bug802872.js Wed Dec 31 06:09:35 2014 +0100
1.3 @@ -0,0 +1,43 @@
1.4 +/*
1.5 + * The policy for this test is:
1.6 + * Content-Security-Policy: default-src 'self'
1.7 + */
1.8 +
1.9 +function createAllowedEvent() {
1.10 + /*
1.11 + * Creates a new EventSource using 'http://mochi.test:8888'. Since all mochitests run on
1.12 + * 'http://mochi.test', a default-src of 'self' allows this request.
1.13 + */
1.14 + var src_event = new EventSource("http://mochi.test:8888/tests/content/base/test/csp/file_CSP_bug802872.sjs");
1.15 +
1.16 + src_event.onmessage = function(e) {
1.17 + src_event.close();
1.18 + parent.dispatchEvent(new Event('allowedEventSrcCallbackOK'));
1.19 + }
1.20 +
1.21 + src_event.onerror = function(e) {
1.22 + src_event.close();
1.23 + parent.dispatchEvent(new Event('allowedEventSrcCallbackFailed'));
1.24 + }
1.25 +}
1.26 +
1.27 +function createBlockedEvent() {
1.28 + /*
1.29 + * creates a new EventSource using 'http://example.com'. This domain is not whitelisted by the
1.30 + * CSP of this page, therefore the CSP blocks this request.
1.31 + */
1.32 + var src_event = new EventSource("http://example.com/tests/content/base/test/csp/file_CSP_bug802872.sjs");
1.33 +
1.34 + src_event.onmessage = function(e) {
1.35 + src_event.close();
1.36 + parent.dispatchEvent(new Event('blockedEventSrcCallbackOK'));
1.37 + }
1.38 +
1.39 + src_event.onerror = function(e) {
1.40 + src_event.close();
1.41 + parent.dispatchEvent(new Event('blockedEventSrcCallbackFailed'));
1.42 + }
1.43 +}
1.44 +
1.45 +addLoadEvent(createAllowedEvent);
1.46 +addLoadEvent(createBlockedEvent);
