12016-04-07 John Wilander <wilander@apple.com>
2
3 CSP: Block XHR when calling XMLHttpRequest.send() and throw network error.
4 https://bugs.webkit.org/show_bug.cgi?id=153598
5 <rdar://problem/24391483>
6
7 Reviewed by NOBODY (OOPS!).
8
9 * fast/workers/resources/worker-inherits-csp-blocks-xhr.js:
10 (catch):
11 * fast/workers/worker-inherits-csp-blocks-xhr-expected.txt:
12 Changed expected error from DOMException.SECURITY_ERR to DOMException.NETWORK_ERR.
13 * http/tests/security/contentSecurityPolicy/connect-src-xmlhttprequest-blocked-expected.txt:
14 * http/tests/security/contentSecurityPolicy/connect-src-xmlhttprequest-blocked.html:
15 Now tests that XMLHttpRequest.send() is blocked if the URL voilates the connect-src directive in CSP.
16 * http/tests/security/contentSecurityPolicy/resources/worker.php:
17 Added two additional calls to XMLHttpRequest.send() to make existing tests work with the changes.
18 * http/tests/security/contentSecurityPolicy/source-list-parsing-malformed-meta.html:
19 Added an additional call to XMLHttpRequest.send() to make existing test work with the changes.
20 * http/tests/security/isolatedWorld/bypass-main-world-csp-for-xhr-expected.txt:
21 * http/tests/security/isolatedWorld/bypass-main-world-csp-for-xhr.html:
22 Added an additional call to XMLHttpRequest.send() to make existing test work with the changes.
23 Refactored test mechnism with additional parameters for various test scenarios (see below).
24 Now tests synchronous/asynchronous as well as same-origin/cross-origin in isolated worlds.
25