diff options
Diffstat (limited to 'testing/web-platform/tests/fetch/nosniff/resources')
6 files changed, 152 insertions, 0 deletions
diff --git a/testing/web-platform/tests/fetch/nosniff/resources/css.py b/testing/web-platform/tests/fetch/nosniff/resources/css.py new file mode 100644 index 0000000000..8afb56991d --- /dev/null +++ b/testing/web-platform/tests/fetch/nosniff/resources/css.py @@ -0,0 +1,23 @@ +def main(request, response): + type = request.GET.first(b"type", None) + is_revalidation = request.headers.get(b"If-Modified-Since", None) + + content = b"/* nothing to see here */" + + response.add_required_headers = False + if is_revalidation is not None: + response.writer.write_status(304) + response.writer.write_header(b"x-content-type-options", b"nosniff") + response.writer.write_header(b"content-length", 0) + if(type != None): + response.writer.write_header(b"content-type", type) + response.writer.end_headers() + response.writer.write(b"") + else: + response.writer.write_status(200) + response.writer.write_header(b"x-content-type-options", b"nosniff") + response.writer.write_header(b"content-length", len(content)) + if(type != None): + response.writer.write_header(b"content-type", type) + response.writer.end_headers() + response.writer.write(content) diff --git a/testing/web-platform/tests/fetch/nosniff/resources/image.py b/testing/web-platform/tests/fetch/nosniff/resources/image.py new file mode 100644 index 0000000000..9fd367c85c --- /dev/null +++ b/testing/web-platform/tests/fetch/nosniff/resources/image.py @@ -0,0 +1,24 @@ +import os.path + +from wptserve.utils import isomorphic_decode + +def main(request, response): + type = request.GET.first(b"type", None) + + if type != None and b"svg" in type: + filename = u"green-96x96.svg" + else: + filename = u"blue96x96.png" + + path = os.path.join(os.path.dirname(isomorphic_decode(__file__)), u"../../../images", filename) + body = open(path, u"rb").read() + + response.add_required_headers = False + response.writer.write_status(200) + response.writer.write_header(b"x-content-type-options", b"nosniff") + response.writer.write_header(b"content-length", len(body)) + if(type != None): + response.writer.write_header(b"content-type", type) + response.writer.end_headers() + + response.writer.write(body) diff --git a/testing/web-platform/tests/fetch/nosniff/resources/js.py b/testing/web-platform/tests/fetch/nosniff/resources/js.py new file mode 100644 index 0000000000..784050a2ca --- /dev/null +++ b/testing/web-platform/tests/fetch/nosniff/resources/js.py @@ -0,0 +1,17 @@ +def main(request, response): + outcome = request.GET.first(b"outcome", b"f") + type = request.GET.first(b"type", b"Content-Type missing") + + content = b"// nothing to see here" + content += b"\n" + content += b"log('FAIL: " + type + b"')" if (outcome == b"f") else b"p()" + + response.add_required_headers = False + response.writer.write_status(200) + response.writer.write_header(b"x-content-type-options", b"nosniff") + response.writer.write_header(b"content-length", len(content)) + if(type != b"Content-Type missing"): + response.writer.write_header(b"content-type", type) + response.writer.end_headers() + + response.writer.write(content) diff --git a/testing/web-platform/tests/fetch/nosniff/resources/nosniff.py b/testing/web-platform/tests/fetch/nosniff/resources/nosniff.py new file mode 100644 index 0000000000..bc85ea0ec9 --- /dev/null +++ b/testing/web-platform/tests/fetch/nosniff/resources/nosniff.py @@ -0,0 +1,10 @@ +def main(request, response): + response.add_required_headers = False + output = b"HTTP/1.1 220 YOU HAVE NO POWER HERE\r\n" + output += b"Content-Length: 22\r\n" + output += b"Content-Type: x/x\r\n" + output += request.GET.first(b"nosniff") + b"\r\n" + output += b"\r\n" + output += b"// nothing to see here" + response.writer.write(output) + response.close_connection = True diff --git a/testing/web-platform/tests/fetch/nosniff/resources/worker.py b/testing/web-platform/tests/fetch/nosniff/resources/worker.py new file mode 100644 index 0000000000..2d7e3f6c90 --- /dev/null +++ b/testing/web-platform/tests/fetch/nosniff/resources/worker.py @@ -0,0 +1,16 @@ +def main(request, response): + type = request.GET.first(b"type", None) + + content = b"// nothing to see here" + content += b"\n" + content += b"this.postMessage('hi')" + + response.add_required_headers = False + response.writer.write_status(200) + response.writer.write_header(b"x-content-type-options", b"nosniff") + response.writer.write_header(b"content-length", len(content)) + if(type != None): + response.writer.write_header(b"content-type", type) + response.writer.end_headers() + + response.writer.write(content) diff --git a/testing/web-platform/tests/fetch/nosniff/resources/x-content-type-options.json b/testing/web-platform/tests/fetch/nosniff/resources/x-content-type-options.json new file mode 100644 index 0000000000..080fc1990b --- /dev/null +++ b/testing/web-platform/tests/fetch/nosniff/resources/x-content-type-options.json @@ -0,0 +1,62 @@ +[ + { + "input": "X-Content-Type-Options: NOSNIFF", + "nosniff": true + }, + { + "input": "x-content-type-OPTIONS: nosniff", + "nosniff": true + }, + { + "input": "X-Content-Type-Options: nosniff,,@#$#%%&^&^*()()11!", + "nosniff": true + }, + { + "input": "X-Content-Type-Options: @#$#%%&^&^*()()11!,nosniff", + "nosniff": false + }, + { + "input": "X-Content-Type-Options: nosniff\r\nX-Content-Type-Options: no", + "nosniff": true + }, + { + "input": "X-Content-Type-Options: no\r\nX-Content-Type-Options: nosniff", + "nosniff": false + }, + { + "input": "X-Content-Type-Options:\r\nX-Content-Type-Options: nosniff", + "nosniff": false + }, + { + "input": "X-Content-Type-Options: nosniff\r\nX-Content-Type-Options: nosniff", + "nosniff": true + }, + { + "input": "X-Content-Type-Options: ,nosniff", + "nosniff": false + }, + { + "input": "X-Content-Type-Options: nosniff\u000C", + "nosniff": false + }, + { + "input": "X-Content-Type-Options: nosniff\u000B", + "nosniff": false + }, + { + "input": "X-Content-Type-Options: nosniff\u000B,nosniff", + "nosniff": false + }, + { + "input": "X-Content-Type-Options: 'NosniFF'", + "nosniff": false + }, + { + "input": "X-Content-Type-Options: \"nosniFF\"", + "nosniff": false + }, + { + "input": "Content-Type-Options: nosniff", + "nosniff": false + } +] |