Bug 1409706 - Files added for CSP WPT for worker-src,child-src,script-src,default fallback behaviour draft
authorcegvinoth <cegvinoth@gmail.com>
Fri, 03 Nov 2017 10:06:20 +0100
changeset 748255 ca24b08d5f43
parent 692325 b2f459b88cab
push id97097
push userbmo:cegvinoth@gmail.com
push dateMon, 29 Jan 2018 11:18:43 +0000
bugs1409706
milestone58.0a1
Bug 1409706 - Files added for CSP WPT for worker-src,child-src,script-src,default fallback behaviour MozReview-Commit-ID: 1LvYQiPNVqT
testing/web-platform/meta/MANIFEST.json
testing/web-platform/tests/content-security-policy/support/dedicated-worker-helper.js
testing/web-platform/tests/content-security-policy/support/service-worker-helper.js
testing/web-platform/tests/content-security-policy/support/shared-worker-helper.js
testing/web-platform/tests/content-security-policy/worker-src/dedicated-worker-src-child-fallback.sub.html
testing/web-platform/tests/content-security-policy/worker-src/dedicated-worker-src-default-fallback.sub.html
testing/web-platform/tests/content-security-policy/worker-src/dedicated-worker-src-script-fallback.sub.html
testing/web-platform/tests/content-security-policy/worker-src/dedicated-worker-src-self-fallback.sub.html
testing/web-platform/tests/content-security-policy/worker-src/service-worker-src-child-fallback.https.sub.html
testing/web-platform/tests/content-security-policy/worker-src/service-worker-src-default-fallback.https.sub.html
testing/web-platform/tests/content-security-policy/worker-src/service-worker-src-script-fallback.https.sub.html
testing/web-platform/tests/content-security-policy/worker-src/service-worker-src-self-fallback.https.sub.html
testing/web-platform/tests/content-security-policy/worker-src/shared-worker-src-child-fallback.sub.html
testing/web-platform/tests/content-security-policy/worker-src/shared-worker-src-default-fallback.sub.html
testing/web-platform/tests/content-security-policy/worker-src/shared-worker-src-script-fallback.sub.html
testing/web-platform/tests/content-security-policy/worker-src/shared-worker-src-self-fallback.sub.html
--- a/testing/web-platform/meta/MANIFEST.json
+++ b/testing/web-platform/meta/MANIFEST.json
@@ -206469,16 +206469,21 @@
      {}
     ]
    ],
    "content-security-policy/support/checkReport.sub.js": [
     [
      {}
     ]
    ],
+   "content-security-policy/support/dedicated-worker-helper.js": [
+    [
+     {}
+    ]
+   ],
    "content-security-policy/support/echo-policy.py": [
     [
      {}
     ]
    ],
    "content-security-policy/support/fail.asis": [
     [
      {}
@@ -206554,16 +206559,26 @@
      {}
     ]
    ],
    "content-security-policy/support/resource.py": [
     [
      {}
     ]
    ],
+   "content-security-policy/support/service-worker-helper.js": [
+    [
+     {}
+    ]
+   ],
+   "content-security-policy/support/shared-worker-helper.js": [
+    [
+     {}
+    ]
+   ],
    "content-security-policy/support/siblingPath.js": [
     [
      {}
     ]
    ],
    "content-security-policy/support/testharness-helper.js": [
     [
      {}
@@ -306725,16 +306740,40 @@
     ]
    ],
    "content-security-policy/worker-src/dedicated-self.sub.html": [
     [
      "/content-security-policy/worker-src/dedicated-self.sub.html",
      {}
     ]
    ],
+   "content-security-policy/worker-src/dedicated-worker-src-child-fallback.sub.html": [
+    [
+     "/content-security-policy/worker-src/dedicated-worker-src-child-fallback.sub.html",
+     {}
+    ]
+   ],
+   "content-security-policy/worker-src/dedicated-worker-src-default-fallback.sub.html": [
+    [
+     "/content-security-policy/worker-src/dedicated-worker-src-default-fallback.sub.html",
+     {}
+    ]
+   ],
+   "content-security-policy/worker-src/dedicated-worker-src-script-fallback.sub.html": [
+    [
+     "/content-security-policy/worker-src/dedicated-worker-src-script-fallback.sub.html",
+     {}
+    ]
+   ],
+   "content-security-policy/worker-src/dedicated-worker-src-self-fallback.sub.html": [
+    [
+     "/content-security-policy/worker-src/dedicated-worker-src-self-fallback.sub.html",
+     {}
+    ]
+   ],
    "content-security-policy/worker-src/service-child.https.sub.html": [
     [
      "/content-security-policy/worker-src/service-child.https.sub.html",
      {}
     ]
    ],
    "content-security-policy/worker-src/service-fallback.https.sub.html": [
     [
@@ -306755,16 +306794,40 @@
     ]
    ],
    "content-security-policy/worker-src/service-self.https.sub.html": [
     [
      "/content-security-policy/worker-src/service-self.https.sub.html",
      {}
     ]
    ],
+   "content-security-policy/worker-src/service-worker-src-child-fallback.https.sub.html": [
+    [
+     "/content-security-policy/worker-src/service-worker-src-child-fallback.https.sub.html",
+     {}
+    ]
+   ],
+   "content-security-policy/worker-src/service-worker-src-default-fallback.https.sub.html": [
+    [
+     "/content-security-policy/worker-src/service-worker-src-default-fallback.https.sub.html",
+     {}
+    ]
+   ],
+   "content-security-policy/worker-src/service-worker-src-script-fallback.https.sub.html": [
+    [
+     "/content-security-policy/worker-src/service-worker-src-script-fallback.https.sub.html",
+     {}
+    ]
+   ],
+   "content-security-policy/worker-src/service-worker-src-self-fallback.https.sub.html": [
+    [
+     "/content-security-policy/worker-src/service-worker-src-self-fallback.https.sub.html",
+     {}
+    ]
+   ],
    "content-security-policy/worker-src/shared-child.sub.html": [
     [
      "/content-security-policy/worker-src/shared-child.sub.html",
      {}
     ]
    ],
    "content-security-policy/worker-src/shared-fallback.sub.html": [
     [
@@ -306785,16 +306848,40 @@
     ]
    ],
    "content-security-policy/worker-src/shared-self.sub.html": [
     [
      "/content-security-policy/worker-src/shared-self.sub.html",
      {}
     ]
    ],
+   "content-security-policy/worker-src/shared-worker-src-child-fallback.sub.html": [
+    [
+     "/content-security-policy/worker-src/shared-worker-src-child-fallback.sub.html",
+     {}
+    ]
+   ],
+   "content-security-policy/worker-src/shared-worker-src-default-fallback.sub.html": [
+    [
+     "/content-security-policy/worker-src/shared-worker-src-default-fallback.sub.html",
+     {}
+    ]
+   ],
+   "content-security-policy/worker-src/shared-worker-src-script-fallback.sub.html": [
+    [
+     "/content-security-policy/worker-src/shared-worker-src-script-fallback.sub.html",
+     {}
+    ]
+   ],
+   "content-security-policy/worker-src/shared-worker-src-self-fallback.sub.html": [
+    [
+     "/content-security-policy/worker-src/shared-worker-src-self-fallback.sub.html",
+     {}
+    ]
+   ],
    "cookies/path/match.html": [
     [
      "/cookies/path/match.html",
      {}
     ]
    ],
    "cookies/secure/set-from-dom.https.sub.html": [
     [
@@ -415468,16 +415555,20 @@
   "content-security-policy/support/alertAssert.sub.js": [
    "b2b693859bef7a60723d996bb5ccf9d3252fa6d9",
    "support"
   ],
   "content-security-policy/support/checkReport.sub.js": [
    "90f36e63c4a18b6d755fda05b4e126e0cabf0e94",
    "support"
   ],
+  "content-security-policy/support/dedicated-worker-helper.js": [
+   "c2ee371b1ca6b56d4579032db79470d38dc7fad9",
+   "support"
+  ],
   "content-security-policy/support/echo-policy.py": [
    "84ac41975c7c1f7958ea4431ea4bf4666f2d0b24",
    "support"
   ],
   "content-security-policy/support/fail.asis": [
    "76e9a5bdd43e13f9665135c7178dbca3114eb11e",
    "support"
   ],
@@ -415536,16 +415627,24 @@
   "content-security-policy/support/report.py": [
    "8cd779a8017cba678a565475271b892e8ed53e58",
    "support"
   ],
   "content-security-policy/support/resource.py": [
    "e6e5eb285a3988173c49a116b1ae8a76f9f7ab1a",
    "support"
   ],
+  "content-security-policy/support/service-worker-helper.js": [
+   "dada4b697830bd56b771e02de8460dffcb3a494e",
+   "support"
+  ],
+  "content-security-policy/support/shared-worker-helper.js": [
+   "7e7b17341425d222d440f2f4607ee40ff020efe6",
+   "support"
+  ],
   "content-security-policy/support/siblingPath.js": [
    "1743309038e2aef21670a82973c1cea2fbc01253",
    "support"
   ],
   "content-security-policy/support/testharness-helper.js": [
    "c8b178ae8dd96aa4552b7ccdca8c53513cc3d713",
    "support"
   ],
@@ -415620,16 +415719,32 @@
   "content-security-policy/worker-src/dedicated-none.sub.html": [
    "06c39ca981f027f2d3aa4195c36d286f3ded9b8c",
    "testharness"
   ],
   "content-security-policy/worker-src/dedicated-self.sub.html": [
    "ec579a530ae0f44e387ed400d5b923cdb8203dc7",
    "testharness"
   ],
+  "content-security-policy/worker-src/dedicated-worker-src-child-fallback.sub.html": [
+   "1206a6f00c5cf43da1327625fb7c97ce9f63a868",
+   "testharness"
+  ],
+  "content-security-policy/worker-src/dedicated-worker-src-default-fallback.sub.html": [
+   "abc576c3a0adc9e3a68b5449aeb1477f6b50f6b1",
+   "testharness"
+  ],
+  "content-security-policy/worker-src/dedicated-worker-src-script-fallback.sub.html": [
+   "a5a34c8184397fc38b1949e798f23e0799aade1a",
+   "testharness"
+  ],
+  "content-security-policy/worker-src/dedicated-worker-src-self-fallback.sub.html": [
+   "8fee6e7d738c6cc9a22883cde366e395f346f5d4",
+   "testharness"
+  ],
   "content-security-policy/worker-src/service-child.https.sub.html": [
    "0ccf56794d55c4ea8800cbe8f0805fd02450549f",
    "testharness"
   ],
   "content-security-policy/worker-src/service-fallback.https.sub.html": [
    "84207a36ed3d686f14f88cda4725d3a97653dd3e",
    "testharness"
   ],
@@ -415640,16 +415755,32 @@
   "content-security-policy/worker-src/service-none.https.sub.html": [
    "accfac94cda22bc93f61db590cf2e8f329c2b695",
    "testharness"
   ],
   "content-security-policy/worker-src/service-self.https.sub.html": [
    "561c9a2ce0d4c1b9e148cad2ca5bad4b17517e9e",
    "testharness"
   ],
+  "content-security-policy/worker-src/service-worker-src-child-fallback.https.sub.html": [
+   "90d70a062e718daf5013f3b12662066b6edb1692",
+   "testharness"
+  ],
+  "content-security-policy/worker-src/service-worker-src-default-fallback.https.sub.html": [
+   "0a115336d748892edd4afc99467ae558080789f4",
+   "testharness"
+  ],
+  "content-security-policy/worker-src/service-worker-src-script-fallback.https.sub.html": [
+   "c770ac48a17b74d54bcde8a8f721fd506da81a6b",
+   "testharness"
+  ],
+  "content-security-policy/worker-src/service-worker-src-self-fallback.https.sub.html": [
+   "ee7276b72994909e0c504f5d3ef0fe526f898e7a",
+   "testharness"
+  ],
   "content-security-policy/worker-src/shared-child.sub.html": [
    "1bc3004b63255bdb75f6660ab81870d08b96e74c",
    "testharness"
   ],
   "content-security-policy/worker-src/shared-fallback.sub.html": [
    "0e39d2651a086dc987928b8458702d5c59098af8",
    "testharness"
   ],
@@ -415660,16 +415791,32 @@
   "content-security-policy/worker-src/shared-none.sub.html": [
    "2caec3d27e2dea2a9dcc066ee2bf0a3fdc165fdb",
    "testharness"
   ],
   "content-security-policy/worker-src/shared-self.sub.html": [
    "ff4d7ca289ea20fa00bca535fdcf929876a2278b",
    "testharness"
   ],
+  "content-security-policy/worker-src/shared-worker-src-child-fallback.sub.html": [
+   "8cc98872cd4fe0ed2e411d74ba4c79684fb1b312",
+   "testharness"
+  ],
+  "content-security-policy/worker-src/shared-worker-src-default-fallback.sub.html": [
+   "7ff188d280b8b5af15da54a75201ed5e68804c42",
+   "testharness"
+  ],
+  "content-security-policy/worker-src/shared-worker-src-script-fallback.sub.html": [
+   "d1a3d6e2848bd03fb46ad4be6e312ddc501e9f5c",
+   "testharness"
+  ],
+  "content-security-policy/worker-src/shared-worker-src-self-fallback.sub.html": [
+   "599143e3733f0ea7dc3cbaa6b03de0a7b8e93acf",
+   "testharness"
+  ],
   "cookies/path/echo-cookie.html": [
    "cbb91823a75f6e5c5ae435c5bc4c3b15a09c483e",
    "support"
   ],
   "cookies/path/match.html": [
    "f0a64d36154617213cbe846eb5ef0c93f7a65556",
    "testharness"
   ],
@@ -586561,25 +586708,25 @@
    "4e846b0f0538bbfc88e7dc6b637f19260a8d3c3e",
    "wdspec"
   ],
   "webdriver/tests/cookies/get_named_cookie.py": [
    "9455d1504590154ad2a540f102455baff602aefb",
    "wdspec"
   ],
   "webdriver/tests/element_click/__init__.py": [
-   "a471e12c9f3a8d87845ffe7c68d95e1991c5f613",
+   "da39a3ee5e6b4b0d3255bfef95601890afd80709",
    "support"
   ],
   "webdriver/tests/element_click/select.py": [
    "5ba51b660c7203bba3ada597c2f56fe094358e1f",
    "wdspec"
   ],
   "webdriver/tests/element_click/stale.py": [
-   "44ddedd4a9dff1b9c1a86f55719fa40f81100fe4",
+   "37af63203540dfe11d36fe05d74694f05c6505f2",
    "wdspec"
   ],
   "webdriver/tests/element_retrieval/get_active_element.py": [
    "41dab8ecf11556f7b1490d515557de659813881e",
    "wdspec"
   ],
   "webdriver/tests/fullscreen_window.py": [
    "6b1e481aac6856b6e858df17731d037997b99f83",
@@ -586609,29 +586756,29 @@
    "11c84957a3177acbbf34597bc0defb3f77c5744c",
    "wdspec"
   ],
   "webdriver/tests/retrieval/__init__.py": [
    "da39a3ee5e6b4b0d3255bfef95601890afd80709",
    "support"
   ],
   "webdriver/tests/retrieval/find_element.py": [
-   "a2d29c9c8dd5303d196d0682a19f3f3560b35872",
+   "2a4cdf4c703493f7c90fc3473daa27660ac61e11",
    "wdspec"
   ],
   "webdriver/tests/retrieval/find_element_from_element.py": [
-   "78d5e503bf979307f313b72f7578c55264c6e207",
+   "f036ef93adff21a7c83eeb8b131c96b6553b9fcb",
    "wdspec"
   ],
   "webdriver/tests/retrieval/find_element_from_elements.py": [
-   "0be0eb0bd904fa8f7e5332d43cef2b36dae1a579",
+   "131c25ffbde611f98e29b778d7c861ae9619b2f6",
    "wdspec"
   ],
   "webdriver/tests/retrieval/find_elements.py": [
-   "7df448c94c89bdb9f6818a69a9d52b21faa4b944",
+   "2d5c3c98b00e21a36f91e5797bb97835a8b63f2e",
    "wdspec"
   ],
   "webdriver/tests/sessions/get_timeouts.py": [
    "eaee354d16aa8c3a0fc960198fa4c5d9365bdee5",
    "wdspec"
   ],
   "webdriver/tests/sessions/new_session/conftest.py": [
    "d2df38e506cb9a3e501f03fe03e2a31af42d6f04",
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/support/dedicated-worker-helper.js
@@ -0,0 +1,2 @@
+var url = new URL("../support/ping.js", document.baseURI).toString();
+assert_worker_is_loaded(url, document.getElementById("foo").getAttribute("data-desc-fallback"));
\ No newline at end of file
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/support/service-worker-helper.js
@@ -0,0 +1,2 @@
+var url = new URL("../support/ping.js", document.baseURI).toString();
+assert_service_worker_is_loaded(url, document.getElementById("foo").getAttribute("data-desc-fallback"));
\ No newline at end of file
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/support/shared-worker-helper.js
@@ -0,0 +1,2 @@
+var url = new URL("../support/ping.js", document.baseURI).toString();
+assert_shared_worker_is_loaded(url, document.getElementById("foo").getAttribute("data-desc-fallback"));
\ No newline at end of file
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/worker-src/dedicated-worker-src-child-fallback.sub.html
@@ -0,0 +1,9 @@
+<!doctype html>
+<meta charset=utf-8>
+<title>Web platform test for dedicated worker allowed by child-src self</title>
+<script src=/resources/testharness.js></script>
+<script src=/resources/testharnessreport.js></script>
+<script src="../support/testharness-helper.js"></script>
+<!-- Ideally we would use "script-src 'none'" alone but we have to whitelist the actual script that spawns the workers, hence the nonce.-->
+<meta http-equiv="Content-Security-Policy" content="child-src 'self'; script-src 'none' 'nonce-foo'; default-src 'none'; ">
+<script src="../support/dedicated-worker-helper.js" nonce="foo" id="foo" data-desc-fallback="Same-origin dedicated worker allowed by child-src 'self'."></script>
\ No newline at end of file
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/worker-src/dedicated-worker-src-default-fallback.sub.html
@@ -0,0 +1,8 @@
+<!doctype html>
+<meta charset=utf-8>
+<title>Web platform test for dedicated worker allowed by default-src self</title>
+<script src=/resources/testharness.js></script>
+<script src=/resources/testharnessreport.js></script>
+<script src="../support/testharness-helper.js"></script>
+<meta http-equiv="Content-Security-Policy" content="default-src 'self'">
+<script src="../support/dedicated-worker-helper.js" id="foo" data-desc-fallback="Same-origin dedicated worker allowed by default-src 'self'."></script>
\ No newline at end of file
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/worker-src/dedicated-worker-src-script-fallback.sub.html
@@ -0,0 +1,8 @@
+<!doctype html>
+<meta charset=utf-8>
+<title>Web platform test for dedicated worker allowed by script-src self</title>
+<script src=/resources/testharness.js></script>
+<script src=/resources/testharnessreport.js></script>
+<script src="../support/testharness-helper.js"></script>
+<meta http-equiv="Content-Security-Policy" content="script-src 'self'; default-src 'none'; ">
+<script src="../support/dedicated-worker-helper.js" id="foo" data-desc-fallback="Same-origin dedicated worker allowed by script-src 'self'."></script>
\ No newline at end of file
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/worker-src/dedicated-worker-src-self-fallback.sub.html
@@ -0,0 +1,9 @@
+<!doctype html>
+<meta charset=utf-8>
+<title>Web platform test for dedicated worker allowed by worker-src self</title>
+<script src=/resources/testharness.js></script>
+<script src=/resources/testharnessreport.js></script>
+<script src="../support/testharness-helper.js"></script>
+<!-- Ideally we would use "script-src 'none'" alone but we have to whitelist the actual script that spawns the workers, hence the nonce.-->
+<meta http-equiv="Content-Security-Policy" content="worker-src 'self'; child-src 'none'; script-src 'none' 'nonce-foo'; default-src 'none'; ">
+<script src="../support/dedicated-worker-helper.js" nonce="foo" id="foo" data-desc-fallback="Same-origin dedicated worker allowed by worker-src 'self'."></script>
\ No newline at end of file
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/worker-src/service-worker-src-child-fallback.https.sub.html
@@ -0,0 +1,9 @@
+<!doctype html>
+<meta charset=utf-8>
+<title>Web platform test for service worker allowed by child-src self</title>
+<script src=/resources/testharness.js></script>
+<script src=/resources/testharnessreport.js></script>
+<script src="../support/testharness-helper.js"></script>
+<!-- Ideally we would use "script-src 'none'" alone but we have to whitelist the actual script that spawns the workers, hence the nonce.-->
+<meta http-equiv="Content-Security-Policy" content="child-src 'self'; script-src 'none' 'nonce-foo'; default-src 'none'; ">
+<script src="../support/service-worker-helper.js" nonce="foo" id="foo" data-desc-fallback="Same-origin service worker allowed by child-src 'self'."></script>
\ No newline at end of file
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/worker-src/service-worker-src-default-fallback.https.sub.html
@@ -0,0 +1,8 @@
+<!doctype html>
+<meta charset=utf-8>
+<title>Web platform test for service worker allowed by default-src self</title>
+<script src=/resources/testharness.js></script>
+<script src=/resources/testharnessreport.js></script>
+<script src="../support/testharness-helper.js"></script>
+<meta http-equiv="Content-Security-Policy" content="default-src 'self'">
+<script src="../support/service-worker-helper.js" id="foo" data-desc-fallback="Same-origin service worker allowed by default-src 'self'."></script>
\ No newline at end of file
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/worker-src/service-worker-src-script-fallback.https.sub.html
@@ -0,0 +1,8 @@
+<!doctype html>
+<meta charset=utf-8>
+<title>Web platform test for service worker allowed by script-src self</title>
+<script src=/resources/testharness.js></script>
+<script src=/resources/testharnessreport.js></script>
+<script src="../support/testharness-helper.js"></script>
+<meta http-equiv="Content-Security-Policy" content="script-src 'self'; default-src 'none'; ">
+<script src="../support/service-worker-helper.js" id="foo" data-desc-fallback="Same-origin service worker allowed by script-src 'self'."></script>
\ No newline at end of file
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/worker-src/service-worker-src-self-fallback.https.sub.html
@@ -0,0 +1,9 @@
+<!doctype html>
+<meta charset=utf-8>
+<title>Web platform test for service worker allowed by worker-src self</title>
+<script src=/resources/testharness.js></script>
+<script src=/resources/testharnessreport.js></script>
+<script src="../support/testharness-helper.js"></script>
+<!-- Ideally we would use "script-src 'none'" alone but we have to whitelist the actual script that spawns the workers, hence the nonce.-->
+<meta http-equiv="Content-Security-Policy" content="worker-src 'self'; child-src 'none'; script-src 'none' 'nonce-foo'; default-src 'none'; ">
+<script src="../support/service-worker-helper.js" nonce="foo" id="foo" data-desc-fallback="Same-origin service worker allowed by worker-src 'self'."></script>
\ No newline at end of file
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/worker-src/shared-worker-src-child-fallback.sub.html
@@ -0,0 +1,9 @@
+<!doctype html>
+<meta charset=utf-8>
+<title>Web platform test for shared worker allowed by child-src self</title>
+<script src=/resources/testharness.js></script>
+<script src=/resources/testharnessreport.js></script>
+<script src="../support/testharness-helper.js"></script>
+<!-- Ideally we would use "script-src 'none'" alone but we have to whitelist the actual script that spawns the workers, hence the nonce.-->
+<meta http-equiv="Content-Security-Policy" content="child-src 'self'; script-src 'none' 'nonce-foo'; default-src 'none'; ">
+<script src="../support/shared-worker-helper.js" nonce="foo" id="foo" data-desc-fallback="Same-origin shared worker allowed by child-src 'self'."></script>
\ No newline at end of file
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/worker-src/shared-worker-src-default-fallback.sub.html
@@ -0,0 +1,8 @@
+<!doctype html>
+<meta charset=utf-8>
+<title>Web platform test for shared worker allowed by default-src self</title>
+<script src=/resources/testharness.js></script>
+<script src=/resources/testharnessreport.js></script>
+<script src="../support/testharness-helper.js"></script>
+<meta http-equiv="Content-Security-Policy" content="default-src 'self'">
+<script src="../support/shared-worker-helper.js" id="foo" data-desc-fallback="Same-origin shared worker allowed by default-src 'self'."></script>
\ No newline at end of file
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/worker-src/shared-worker-src-script-fallback.sub.html
@@ -0,0 +1,8 @@
+<!doctype html>
+<meta charset=utf-8>
+<title>Web platform test for shared worker allowed by script-src self</title>
+<script src=/resources/testharness.js></script>
+<script src=/resources/testharnessreport.js></script>
+<script src="../support/testharness-helper.js"></script>
+<meta http-equiv="Content-Security-Policy" content="script-src 'self'; default-src 'none'; ">
+<script src="../support/shared-worker-helper.js" id="foo" data-desc-fallback="Same-origin shared worker allowed by script-src 'self'."></script>
\ No newline at end of file
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/worker-src/shared-worker-src-self-fallback.sub.html
@@ -0,0 +1,9 @@
+<!doctype html>
+<meta charset=utf-8>
+<title>Web platform test for shared worker allowed by worker-src self</title>
+<script src=/resources/testharness.js></script>
+<script src=/resources/testharnessreport.js></script>
+<script src="../support/testharness-helper.js"></script>
+<!-- Ideally we would use "script-src 'none'" alone but we have to whitelist the actual script that spawns the workers, hence the nonce.-->
+<meta http-equiv="Content-Security-Policy" content="worker-src 'self'; child-src 'none'; script-src 'none' 'nonce-foo'; default-src 'none'; ">
+<script src="../support/shared-worker-helper.js" nonce="foo" id="foo" data-desc-fallback="Same-origin shared worker allowed by worker-src 'self'."></script>
\ No newline at end of file