fetch/fetch-later/policies/csp-allowed.tentative.https.window.js - external/w3c/web-platform-tests - Git at Google

 // META: title=FetchLater: allowed by CSP
 // META: script=/common/utils.js
 // META: script=/common/get-host-info.sub.js
 // META: script=/pending-beacon/resources/pending_beacon-helper.js
 'use strict';

 const {
   HTTPS_NOTSAMESITE_ORIGIN,
 } = get_host_info();

 // FetchLater requests allowed by Content Security Policy.
 // https://w3c.github.io/webappsec-csp/#should-block-request

 const meta = document.createElement('meta');
 meta.setAttribute('http-equiv', 'Content-Security-Policy');
 meta.setAttribute('content', `connect-src 'self' ${HTTPS_NOTSAMESITE_ORIGIN}`);
 document.head.appendChild(meta);

 promise_test(async t => {
   const uuid = token();
   const url = generateSetBeaconURL(uuid, {host: HTTPS_NOTSAMESITE_ORIGIN});
   fetchLater(url, {activateAfter: 0});

   await expectBeacon(uuid, {count: 1});
   t.done();
 }, 'FetchLater allowed by CSP should succeed');
	// META: title=FetchLater: allowed by CSP
	// META: script=/common/utils.js
	// META: script=/common/get-host-info.sub.js
	// META: script=/pending-beacon/resources/pending_beacon-helper.js
	'use strict';

	const {
	HTTPS_NOTSAMESITE_ORIGIN,
	} = get_host_info();

	// FetchLater requests allowed by Content Security Policy.
	// https://w3c.github.io/webappsec-csp/#should-block-request

	const meta = document.createElement('meta');
	meta.setAttribute('http-equiv', 'Content-Security-Policy');
	meta.setAttribute('content', `connect-src 'self' ${HTTPS_NOTSAMESITE_ORIGIN}`);
	document.head.appendChild(meta);

	promise_test(async t => {
	const uuid = token();
	const url = generateSetBeaconURL(uuid, {host: HTTPS_NOTSAMESITE_ORIGIN});
	fetchLater(url, {activateAfter: 0});

	await expectBeacon(uuid, {count: 1});
	t.done();
	}, 'FetchLater allowed by CSP should succeed');