michael@0: /*
michael@0:  *   The policy for this test is:
michael@0:  *   Content-Security-Policy: default-src 'self'
michael@0:  */
michael@0: 
michael@0: function createAllowedEvent() {
michael@0:   /*
michael@0:    * Creates a new EventSource using 'http://mochi.test:8888'. Since all mochitests run on
michael@0:    * 'http://mochi.test', a default-src of 'self' allows this request.
michael@0:    */
michael@0:   var src_event = new EventSource("http://mochi.test:8888/tests/content/base/test/csp/file_CSP_bug802872.sjs");
michael@0: 
michael@0:   src_event.onmessage = function(e) {
michael@0:     src_event.close();
michael@0:     parent.dispatchEvent(new Event('allowedEventSrcCallbackOK'));
michael@0:   }
michael@0: 
michael@0:   src_event.onerror = function(e) {
michael@0:     src_event.close();
michael@0:     parent.dispatchEvent(new Event('allowedEventSrcCallbackFailed'));
michael@0:   }
michael@0: }
michael@0: 
michael@0: function createBlockedEvent() {
michael@0:   /*
michael@0:    * creates a new EventSource using 'http://example.com'. This domain is not whitelisted by the 
michael@0:    * CSP of this page, therefore the CSP blocks this request.
michael@0:    */
michael@0:   var src_event = new EventSource("http://example.com/tests/content/base/test/csp/file_CSP_bug802872.sjs");
michael@0: 
michael@0:   src_event.onmessage = function(e) {
michael@0:     src_event.close();
michael@0:     parent.dispatchEvent(new Event('blockedEventSrcCallbackOK'));
michael@0:   }
michael@0: 
michael@0:   src_event.onerror = function(e) {
michael@0:     src_event.close();
michael@0:     parent.dispatchEvent(new Event('blockedEventSrcCallbackFailed'));
michael@0:   }
michael@0: }
michael@0: 
michael@0: addLoadEvent(createAllowedEvent);
michael@0: addLoadEvent(createBlockedEvent);