diff --git a/.well-known/origin-policy/policy-content-security-comma-in-policy b/.well-known/origin-policy/policy-content-security-comma-in-policy
new file mode 100644
index 00000000000000..42990f93e6d272
--- /dev/null
+++ b/.well-known/origin-policy/policy-content-security-comma-in-policy
@@ -0,0 +1,5 @@
+{
+ "content_security": {
+ "policies": ["script-src 'self' 'unsafe-inline', img-src 'none'"]
+ }
+}
diff --git a/.well-known/origin-policy/policy-content-security-double-content-security b/.well-known/origin-policy/policy-content-security-double-content-security
new file mode 100644
index 00000000000000..be9b3750647d12
--- /dev/null
+++ b/.well-known/origin-policy/policy-content-security-double-content-security
@@ -0,0 +1,8 @@
+{
+ "content_security": {
+ "policies": ["script-src 'self' 'unsafe-inline'"]
+ },
+ "content_security": {
+ "policies": ["img-src 'none'"]
+ }
+}
diff --git a/.well-known/origin-policy/policy-content-security-double-policies b/.well-known/origin-policy/policy-content-security-double-policies
new file mode 100644
index 00000000000000..2e625c5c46389b
--- /dev/null
+++ b/.well-known/origin-policy/policy-content-security-double-policies
@@ -0,0 +1,6 @@
+{
+ "content_security": {
+ "policies": ["script-src 'self' 'unsafe-inline'"],
+ "policies": ["img-src 'none'"]
+ }
+}
diff --git a/.well-known/origin-policy/policy-content-security-noimg b/.well-known/origin-policy/policy-content-security-noimg
new file mode 100644
index 00000000000000..cd57b7b21e916b
--- /dev/null
+++ b/.well-known/origin-policy/policy-content-security-noimg
@@ -0,0 +1,5 @@
+{
+ "content_security": {
+ "policies": ["img-src 'none'"]
+ }
+}
diff --git a/.well-known/origin-policy/policy-content-security-noimg-report-only b/.well-known/origin-policy/policy-content-security-noimg-report-only
new file mode 100644
index 00000000000000..13c662ef2d6e1c
--- /dev/null
+++ b/.well-known/origin-policy/policy-content-security-noimg-report-only
@@ -0,0 +1,5 @@
+{
+ "content_security": {
+ "policies_report_only": ["img-src 'none'"]
+ }
+}
diff --git a/.well-known/origin-policy/policy-content-security-non-array b/.well-known/origin-policy/policy-content-security-non-array
new file mode 100644
index 00000000000000..b96546c5f88fe7
--- /dev/null
+++ b/.well-known/origin-policy/policy-content-security-non-array
@@ -0,0 +1,5 @@
+{
+ "content_security": {
+ "policies": "script-src 'self' 'unsafe-inline'"
+ }
+}
diff --git a/.well-known/origin-policy/policy-content-security-non-object b/.well-known/origin-policy/policy-content-security-non-object
new file mode 100644
index 00000000000000..7f6e1383640125
--- /dev/null
+++ b/.well-known/origin-policy/policy-content-security-non-object
@@ -0,0 +1,3 @@
+{
+ "content_security": ["script-src 'self' 'unsafe-inline'"]
+}
diff --git a/.well-known/origin-policy/policy-content-security-non-string b/.well-known/origin-policy/policy-content-security-non-string
new file mode 100644
index 00000000000000..8649b17c4d8e73
--- /dev/null
+++ b/.well-known/origin-policy/policy-content-security-non-string
@@ -0,0 +1,5 @@
+{
+ "content_security": {
+ "policies": [["script-src 'self' 'unsafe-inline'"]]
+ }
+}
diff --git a/.well-known/origin-policy/policy-content-security-valid b/.well-known/origin-policy/policy-content-security-valid
new file mode 100644
index 00000000000000..d4babb7949eefd
--- /dev/null
+++ b/.well-known/origin-policy/policy-content-security-valid
@@ -0,0 +1,5 @@
+{
+ "content_security": {
+ "policies": ["script-src 'self' 'unsafe-inline'"]
+ }
+}
diff --git a/.well-known/origin-policy/policy-content-security-valid-with-multi-item-array b/.well-known/origin-policy/policy-content-security-valid-with-multi-item-array
new file mode 100644
index 00000000000000..45ec32200d5f6e
--- /dev/null
+++ b/.well-known/origin-policy/policy-content-security-valid-with-multi-item-array
@@ -0,0 +1,5 @@
+{
+ "content_security": {
+ "policies": ["script-src 'self' 'unsafe-inline'", "img-src 'none'"]
+ }
+}
diff --git a/.well-known/origin-policy/policy-content-security-valid-with-semicolon b/.well-known/origin-policy/policy-content-security-valid-with-semicolon
new file mode 100644
index 00000000000000..e777d5c96d5921
--- /dev/null
+++ b/.well-known/origin-policy/policy-content-security-valid-with-semicolon
@@ -0,0 +1,5 @@
+{
+ "content_security": {
+ "policies": ["script-src 'self' 'unsafe-inline'; img-src 'none'"]
+ }
+}
diff --git a/.well-known/origin-policy/policy-csp-1 b/.well-known/origin-policy/policy-csp-1
index adbfc362580842..d4babb7949eefd 100644
--- a/.well-known/origin-policy/policy-csp-1
+++ b/.well-known/origin-policy/policy-csp-1
@@ -1,3 +1,5 @@
{
- "content-security-policy": [{ "policy": "script-src 'self' 'unsafe-inline'" }]
+ "content_security": {
+ "policies": ["script-src 'self' 'unsafe-inline'"]
+ }
}
diff --git a/.well-known/origin-policy/policy-csp-2 b/.well-known/origin-policy/policy-csp-2
index e896da36303c72..34a6c5c873b577 100644
--- a/.well-known/origin-policy/policy-csp-2
+++ b/.well-known/origin-policy/policy-csp-2
@@ -1,5 +1,5 @@
{
- "content-security-policy": [{
- "policy": "script-src 'self' 'nonce-test'"
- }]
+ "content_security": {
+ "policies": ["script-src 'self' 'nonce-test'"]
+ }
}
diff --git a/.well-known/origin-policy/policy-noimg b/.well-known/origin-policy/policy-noimg
deleted file mode 100644
index fce2d40c6e054b..00000000000000
--- a/.well-known/origin-policy/policy-noimg
+++ /dev/null
@@ -1,3 +0,0 @@
-{
- "content-security-policy": [{ "policy": "img-src 'none'" }]
-}
diff --git a/origin-policy/content-security/comma-in-policy.https.html b/origin-policy/content-security/comma-in-policy.https.html
new file mode 100644
index 00000000000000..88d72446392e67
--- /dev/null
+++ b/origin-policy/content-security/comma-in-policy.https.html
@@ -0,0 +1,11 @@
+
+
+
Commas in "content_security/policy" cause parse errors and thus no CSP
+
+
+
+
+
diff --git a/origin-policy/content-security/comma-in-policy.https.html.headers b/origin-policy/content-security/comma-in-policy.https.html.headers
new file mode 100644
index 00000000000000..32e453ab20de0c
--- /dev/null
+++ b/origin-policy/content-security/comma-in-policy.https.html.headers
@@ -0,0 +1 @@
+Sec-Origin-Policy: policy=policy-content-security-comma-in-policy
diff --git a/origin-policy/content-security/double-content-security.https.html b/origin-policy/content-security/double-content-security.https.html
new file mode 100644
index 00000000000000..99046803c9fe30
--- /dev/null
+++ b/origin-policy/content-security/double-content-security.https.html
@@ -0,0 +1,13 @@
+
+
+Of two "content_security" items only the second counts
+
+
+
+
+
+
+
diff --git a/origin-policy/content-security/double-content-security.https.html.headers b/origin-policy/content-security/double-content-security.https.html.headers
new file mode 100644
index 00000000000000..a380b053c270c6
--- /dev/null
+++ b/origin-policy/content-security/double-content-security.https.html.headers
@@ -0,0 +1 @@
+Sec-Origin-Policy: policy=policy-content-security-double-content-security
diff --git a/origin-policy/content-security/double-policies.https.html b/origin-policy/content-security/double-policies.https.html
new file mode 100644
index 00000000000000..925b9d5a31e10f
--- /dev/null
+++ b/origin-policy/content-security/double-policies.https.html
@@ -0,0 +1,13 @@
+
+
+Of two "content_security/policies" items only the second counts
+
+
+
+
+
+
+
diff --git a/origin-policy/content-security/double-policies.https.html.headers b/origin-policy/content-security/double-policies.https.html.headers
new file mode 100644
index 00000000000000..23f1d1434057d2
--- /dev/null
+++ b/origin-policy/content-security/double-policies.https.html.headers
@@ -0,0 +1 @@
+Sec-Origin-Policy: policy=policy-content-security-double-policies
diff --git a/origin-policy/content-security/helper.js b/origin-policy/content-security/helper.js
new file mode 100644
index 00000000000000..4875977afa4437
--- /dev/null
+++ b/origin-policy/content-security/helper.js
@@ -0,0 +1,73 @@
+window.waitForOneSecurityPolicyViolationEvent = expectedBlockedURI => {
+ return new Promise(resolve => {
+ let eventCount = 0;
+ let blockedURI = null;
+
+ document.addEventListener("securitypolicyviolation", e => {
+ ++eventCount;
+ blockedURI = e.blockedURI;
+
+ // We want to test that only one event is fired, but we want to do so
+ // without waiting indefinitely. By waiting for one tick, we at least
+ // ensure that there's no bug that leads to two securitypolicyviolation
+ // events being fired at the same time, as a result of the one violation.
+ step_timeout(() => {
+ assert_equals(eventCount, 1);
+ resolve(blockedURI);
+ });
+ });
+ });
+};
+
+window.waitForImgFail = imgSrc => {
+ return new Promise((resolve, reject) => {
+ const img = document.createElement("img");
+ img.onload = () => reject(new Error("Must not load the image"));
+ img.onerror = () => resolve();
+
+ img.src = imgSrc;
+ document.body.append(img);
+ });
+};
+
+
+window.waitForImgSuccess = imgSrc => {
+ return new Promise((resolve, reject) => {
+ const img = document.createElement("img");
+ img.onload = () => resolve();
+ img.onerror = () => reject(new Error("Must load the image"));
+
+ img.src = imgSrc;
+ document.body.append(img);
+ });
+};
+
+// Both params are optional; if they are not given as booleans then we will not test that aspect.
+window.runCSPTest = ({ unsafeEval, img }) => {
+ if (unsafeEval === true) {
+ test(() => {
+ eval("window.evalAllowed = true;");
+ assert_equals(window.evalAllowed, true);
+ }, "eval must be allowed");
+ } else if (unsafeEval === false) {
+ test(() => {
+ try {
+ eval("window.evalAllowed = true;");
+ } catch (e) { }
+
+ assert_equals(window.evalAllowed, undefined);
+ }, "eval must be disallowed");
+ }
+
+ if (img === true) {
+ promise_test(
+ () => waitForImgSuccess("/common/security-features/subresource/image.py"),
+ "img loading must be allowed"
+ );
+ } else if (img === false) {
+ promise_test(
+ () => waitForImgFail("/common/security-features/subresource/image.py"),
+ "img loading must be disallowed"
+ );
+ }
+};
diff --git a/origin-policy/content-security/non-array.https.html b/origin-policy/content-security/non-array.https.html
new file mode 100644
index 00000000000000..78a67e16eb9d30
--- /dev/null
+++ b/origin-policy/content-security/non-array.https.html
@@ -0,0 +1,11 @@
+
+
+Non-array "content_security/policies" member must be ignored
+
+
+
+
+
diff --git a/origin-policy/content-security/non-array.https.html.headers b/origin-policy/content-security/non-array.https.html.headers
new file mode 100644
index 00000000000000..31e6f375ef967e
--- /dev/null
+++ b/origin-policy/content-security/non-array.https.html.headers
@@ -0,0 +1 @@
+Sec-Origin-Policy: policy=policy-content-security-non-array
diff --git a/origin-policy/content-security/non-object.https.html b/origin-policy/content-security/non-object.https.html
new file mode 100644
index 00000000000000..359c6c7692294e
--- /dev/null
+++ b/origin-policy/content-security/non-object.https.html
@@ -0,0 +1,11 @@
+
+
+Non-object "content_security" member must be ignored
+
+
+
+
+
diff --git a/origin-policy/content-security/non-object.https.html.headers b/origin-policy/content-security/non-object.https.html.headers
new file mode 100644
index 00000000000000..812ea9445eca18
--- /dev/null
+++ b/origin-policy/content-security/non-object.https.html.headers
@@ -0,0 +1 @@
+Sec-Origin-Policy: policy=policy-content-security-non-object
diff --git a/origin-policy/content-security/non-string.https.html b/origin-policy/content-security/non-string.https.html
new file mode 100644
index 00000000000000..8af3c1c4dff136
--- /dev/null
+++ b/origin-policy/content-security/non-string.https.html
@@ -0,0 +1,11 @@
+
+
+Non-string "content_security/policies" array member must be ignored
+
+
+
+
+
diff --git a/origin-policy/content-security/non-string.https.html.headers b/origin-policy/content-security/non-string.https.html.headers
new file mode 100644
index 00000000000000..0b9ce2ee3f84c5
--- /dev/null
+++ b/origin-policy/content-security/non-string.https.html.headers
@@ -0,0 +1 @@
+Sec-Origin-Policy: policy=policy-content-security-non-string
diff --git a/origin-policy/content-security/trigger-violation-report-report-only.https.html b/origin-policy/content-security/trigger-violation-report-report-only.https.html
new file mode 100644
index 00000000000000..3e5038b501dec9
--- /dev/null
+++ b/origin-policy/content-security/trigger-violation-report-report-only.https.html
@@ -0,0 +1,23 @@
+
+
+CSP via origin policy must trigger a securitypolicyviolation event even when the CSP is report-only
+
+
+
+
+
+
+
diff --git a/origin-policy/content-security/trigger-violation-report-report-only.https.html.headers b/origin-policy/content-security/trigger-violation-report-report-only.https.html.headers
new file mode 100644
index 00000000000000..cb27e1500e0b4e
--- /dev/null
+++ b/origin-policy/content-security/trigger-violation-report-report-only.https.html.headers
@@ -0,0 +1 @@
+Sec-Origin-Policy: policy=policy-content-security-noimg-report-only
diff --git a/origin-policy/content-security/trigger-violation-report.https.html b/origin-policy/content-security/trigger-violation-report.https.html
new file mode 100644
index 00000000000000..22beca5a3dbbc9
--- /dev/null
+++ b/origin-policy/content-security/trigger-violation-report.https.html
@@ -0,0 +1,23 @@
+
+
+CSP via origin policy must trigger a securitypolicyviolation event
+
+
+
+
+
+
+
diff --git a/origin-policy/content-security/trigger-violation-report.https.html.headers b/origin-policy/content-security/trigger-violation-report.https.html.headers
new file mode 100644
index 00000000000000..08bcb9fa94171e
--- /dev/null
+++ b/origin-policy/content-security/trigger-violation-report.https.html.headers
@@ -0,0 +1 @@
+Sec-Origin-Policy: policy=policy-content-security-noimg
diff --git a/origin-policy/content-security/valid-with-multi-item-array.https.html b/origin-policy/content-security/valid-with-multi-item-array.https.html
new file mode 100644
index 00000000000000..bc9ebd0cccfcbd
--- /dev/null
+++ b/origin-policy/content-security/valid-with-multi-item-array.https.html
@@ -0,0 +1,13 @@
+
+
+"content_security/policy" can contain multiple array items to enforce multiple CSPs
+
+
+
+
+
+
+
diff --git a/origin-policy/content-security/valid-with-multi-item-array.https.html.headers b/origin-policy/content-security/valid-with-multi-item-array.https.html.headers
new file mode 100644
index 00000000000000..eeddaba7a59b58
--- /dev/null
+++ b/origin-policy/content-security/valid-with-multi-item-array.https.html.headers
@@ -0,0 +1 @@
+Sec-Origin-Policy: policy=policy-content-security-valid-with-semicolon
diff --git a/origin-policy/content-security/valid-with-semicolon.https.html b/origin-policy/content-security/valid-with-semicolon.https.html
new file mode 100644
index 00000000000000..82158f1cf7044f
--- /dev/null
+++ b/origin-policy/content-security/valid-with-semicolon.https.html
@@ -0,0 +1,13 @@
+
+
+"content_security/policy" array items can contain semicolons to enforce multiple CSP directives
+
+
+
+
+
+
+
diff --git a/origin-policy/content-security/valid-with-semicolon.https.html.headers b/origin-policy/content-security/valid-with-semicolon.https.html.headers
new file mode 100644
index 00000000000000..eeddaba7a59b58
--- /dev/null
+++ b/origin-policy/content-security/valid-with-semicolon.https.html.headers
@@ -0,0 +1 @@
+Sec-Origin-Policy: policy=policy-content-security-valid-with-semicolon
diff --git a/origin-policy/content-security/valid.https.html b/origin-policy/content-security/valid.https.html
new file mode 100644
index 00000000000000..36e5ddbf958b31
--- /dev/null
+++ b/origin-policy/content-security/valid.https.html
@@ -0,0 +1,11 @@
+
+
+Valid "content_security" member disallows eval
+
+
+
+
+
diff --git a/origin-policy/content-security/valid.https.html.headers b/origin-policy/content-security/valid.https.html.headers
new file mode 100644
index 00000000000000..78aeeacd934c90
--- /dev/null
+++ b/origin-policy/content-security/valid.https.html.headers
@@ -0,0 +1 @@
+Sec-Origin-Policy: policy=policy-content-security-valid
diff --git a/origin-policy/origin-policy-single-report.https.tentative.html b/origin-policy/origin-policy-single-report.https.tentative.html
deleted file mode 100644
index 24ee89990548ad..00000000000000
--- a/origin-policy/origin-policy-single-report.https.tentative.html
+++ /dev/null
@@ -1,30 +0,0 @@
-
-
-
-
-
-
-
-
-
-
-
diff --git a/origin-policy/origin-policy-single-report.https.tentative.html.headers b/origin-policy/origin-policy-single-report.https.tentative.html.headers
deleted file mode 100644
index 9456832d23cbe3..00000000000000
--- a/origin-policy/origin-policy-single-report.https.tentative.html.headers
+++ /dev/null
@@ -1 +0,0 @@
-Sec-Origin-Policy: policy=policy-noimg