Fixed race condition in test report-uri-from-child-frame

Bug: 694525 Change-Id: I444672b14210213d00b644a91e63709bd602874e
web-platform-tests · Jan 24, 2018 · 8fac3ae · 8fac3ae
1 parent 9cdea02
commit 8fac3ae
Show file tree

Hide file tree

Showing 3 changed files with 20 additions and 3 deletions.
diff --git a/content-security-policy/reporting/report-uri-from-child-frame.html b/content-security-policy/reporting/report-uri-from-child-frame.html
@@ -4,10 +4,24 @@
     <script src="/resources/testharness.js"></script>
     <script src="/resources/testharnessreport.js"></script>
     <title>Reporting works in child iframes.</title>
-    <meta http-equiv="Content-Security-Policy" content="script-src 'self'">
+    <meta http-equiv="Content-Security-Policy" content="script-src 'self' 'nonce-abc'">
 </head>
 <body>
-    <script async defer src='../support/checkReport.sub.js?reportField=violated-directive&reportValue=script-src%20%27self%27&reportCookieName=generate-csp-report'></script>
+    <script nonce="abc">
+      var t1 = async_test("Check that we received a message from the child frame");
+
+      window.onmessage = function(e) {
+        if (e.data == 'cookie set') {
+          var s = document.createElement('script');
+          s.async = true;
+          s.defer = true;
+          s.src = '../support/checkReport.sub.js?reportField=violated-directive&reportValue=script-src%20%27self%27%20%27nonce-abc%27&reportCookieName=generate-csp-report';
+          document.body.appendChild(s);
+
+          t1.done();
+        }
+      }
+    </script>
     <iframe src="support/generate-csp-report.html"/>
 </body>
 </html>
diff --git a/content-security-policy/reporting/support/generate-csp-report.html b/content-security-policy/reporting/support/generate-csp-report.html
@@ -1,6 +1,9 @@
 <!DOCTYPE html>
 <html>
 <body>
+    <script nonce='abc'>
+      top.postMessage('cookie set', '*');
+    </script>
     <script>
         // This script block will trigger a violation report.
         alert('FAIL');

diff --git a/content-security-policy/reporting/support/generate-csp-report.html.sub.headers b/content-security-policy/reporting/support/generate-csp-report.html.sub.headers
@@ -3,4 +3,4 @@ Cache-Control: no-store, no-cache, must-revalidate
 Cache-Control: post-check=0, pre-check=0, false
 Pragma: no-cache
 Set-Cookie: generate-csp-report={{$id:uuid()}}; Path=/content-security-policy/reporting/
-Content-Security-Policy: script-src 'self'; report-uri ../../support/report.py?op=put&reportID={{$id}}
+Content-Security-Policy: script-src 'self' 'nonce-abc'; report-uri ../../support/report.py?op=put&reportID={{$id}}