-
Notifications
You must be signed in to change notification settings - Fork 3.1k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #2126 from hillbrad/csp_crossbrowser_fixes
CSP crossbrowser fixes
- Loading branch information
Showing
51 changed files
with
414 additions
and
209 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
File renamed without changes.
60 changes: 60 additions & 0 deletions
60
content-security-policy/blink-contrib/combine-multiple-header-policies.html.asis
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,60 @@ | ||
HTTP/1.1 200 OK | ||
Content-Type: text/html | ||
Expires: Mon, 26 Jul 1997 05:00:00 GMT | ||
Cache-Control: no-store, no-cache, must-revalidate | ||
Cache-Control: post-check=0, pre-check=0, false | ||
Pragma: no-cache | ||
Set-Cookie: combine-multiple-policies=d0140e7d-3800-4842-b66d-370840a4569a; Path=/content-security-policy/blink-contrib | ||
Content-Security-Policy: script-src 'self' 'unsafe-inline'; connect-src 'self'; style-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID=d0140e7d-3800-4842-b66d-370840a4569a | ||
Content-Security-Policy: img-src 'none' | ||
|
||
<!DOCTYPE html> | ||
<html> | ||
|
||
<head> | ||
<!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.--> | ||
<meta http-equiv="Content-Security-Policy" content="img-src 'none'"> | ||
<title>combine-multiple-policies</title> | ||
<script src="/resources/testharness.js"></script> | ||
<script src="/resources/testharnessreport.js"></script> | ||
<script src='../support/logTest.sub.js?logs=["TEST COMPLETE"]'></script> | ||
<script src="../support/alertAssert.sub.js?alerts=[]"></script> | ||
<!-- enforcing multiple policies: | ||
Content-Security-Policy: script-src 'self' 'unsafe-inline'; connect-src 'self'; styls-src 'self' | ||
Content-Security-Policy: img-src 'none' | ||
--> | ||
</head> | ||
|
||
<body> | ||
This test checks that we enforce all the supplied policies. This test passe if it doesn't alert fail and if the style doesn't apply. | ||
Check that a SecurityPolicyViolationEvent is fired upon blocking an image. | ||
<script> | ||
var img = document.createElement('img'); | ||
img.src = '../support/fail.png'; | ||
img.onerror = function() { | ||
log("TEST COMPLETE"); | ||
}; | ||
img.onload = function() { | ||
log("FAIL"); | ||
}; | ||
document.body.appendChild(img); | ||
|
||
</script> | ||
<style> | ||
body { | ||
background-color: blue; | ||
} | ||
|
||
</style> | ||
<script> | ||
var el = document.querySelector('body'); | ||
test(function() { | ||
assert_equals(window.getComputedStyle(el).color, "rgb(0, 0, 0)") | ||
}); | ||
|
||
</script> | ||
<div id="log"></div> | ||
<script async defer src="../support/checkReport.sub.js?reportExists=true&reportField=violated-directive&reportValue=style-src%20'self'"></script> | ||
</body> | ||
|
||
</html> |
Oops, something went wrong.