diff options
Diffstat (limited to 'testing/web-platform/tests/content-security-policy/generic/support/304-response.py')
-rw-r--r-- | testing/web-platform/tests/content-security-policy/generic/support/304-response.py | 33 |
1 files changed, 33 insertions, 0 deletions
diff --git a/testing/web-platform/tests/content-security-policy/generic/support/304-response.py b/testing/web-platform/tests/content-security-policy/generic/support/304-response.py new file mode 100644 index 0000000000..f9756555f7 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/generic/support/304-response.py @@ -0,0 +1,33 @@ +def main(request, response): + if request.headers.get(b"If-None-Match"): + # we are now receing the second request, we will send back a different CSP + # with the 304 response + response.status = 304 + headers = [(b"Content-Type", b"text/html"), + (b"Content-Security-Policy", b"script-src 'nonce-def' 'sha256-IIB78ZS1RMMrAWpsLg/RrDbVPhI14rKm3sFOeKPYulw=';"), + (b"Cache-Control", b"private, max-age=0, must-revalidate"), + (b"ETag", b"123456")] + return headers, u"" + else: + headers = [(b"Content-Type", b"text/html"), + (b"Content-Security-Policy", b"script-src 'nonce-abc' 'sha256-IIB78ZS1RMMrAWpsLg/RrDbVPhI14rKm3sFOeKPYulw=';"), + (b"Cache-Control", b"private, max-age=0, must-revalidate"), + (b"Etag", b"123456")] + return headers, u''' +<!DOCTYPE html> +<html> +<head> + <script> + window.addEventListener("securitypolicyviolation", function(e) { + top.postMessage(e.originalPolicy, '*'); + }); + </script> + <script nonce="abc"> + top.postMessage('abc_executed', '*'); + </script> + <script nonce="def"> + top.postMessage('def_executed', '*'); + </script> +</head> +</html> +''' |