summaryrefslogtreecommitdiffstats
path: root/testing/web-platform/tests/fetch/nosniff/resources
diff options
context:
space:
mode:
Diffstat (limited to 'testing/web-platform/tests/fetch/nosniff/resources')
-rw-r--r--testing/web-platform/tests/fetch/nosniff/resources/css.py23
-rw-r--r--testing/web-platform/tests/fetch/nosniff/resources/image.py24
-rw-r--r--testing/web-platform/tests/fetch/nosniff/resources/js.py17
-rw-r--r--testing/web-platform/tests/fetch/nosniff/resources/nosniff.py10
-rw-r--r--testing/web-platform/tests/fetch/nosniff/resources/worker.py16
-rw-r--r--testing/web-platform/tests/fetch/nosniff/resources/x-content-type-options.json62
6 files changed, 152 insertions, 0 deletions
diff --git a/testing/web-platform/tests/fetch/nosniff/resources/css.py b/testing/web-platform/tests/fetch/nosniff/resources/css.py
new file mode 100644
index 0000000000..8afb56991d
--- /dev/null
+++ b/testing/web-platform/tests/fetch/nosniff/resources/css.py
@@ -0,0 +1,23 @@
+def main(request, response):
+ type = request.GET.first(b"type", None)
+ is_revalidation = request.headers.get(b"If-Modified-Since", None)
+
+ content = b"/* nothing to see here */"
+
+ response.add_required_headers = False
+ if is_revalidation is not None:
+ response.writer.write_status(304)
+ response.writer.write_header(b"x-content-type-options", b"nosniff")
+ response.writer.write_header(b"content-length", 0)
+ if(type != None):
+ response.writer.write_header(b"content-type", type)
+ response.writer.end_headers()
+ response.writer.write(b"")
+ else:
+ response.writer.write_status(200)
+ response.writer.write_header(b"x-content-type-options", b"nosniff")
+ response.writer.write_header(b"content-length", len(content))
+ if(type != None):
+ response.writer.write_header(b"content-type", type)
+ response.writer.end_headers()
+ response.writer.write(content)
diff --git a/testing/web-platform/tests/fetch/nosniff/resources/image.py b/testing/web-platform/tests/fetch/nosniff/resources/image.py
new file mode 100644
index 0000000000..9fd367c85c
--- /dev/null
+++ b/testing/web-platform/tests/fetch/nosniff/resources/image.py
@@ -0,0 +1,24 @@
+import os.path
+
+from wptserve.utils import isomorphic_decode
+
+def main(request, response):
+ type = request.GET.first(b"type", None)
+
+ if type != None and b"svg" in type:
+ filename = u"green-96x96.svg"
+ else:
+ filename = u"blue96x96.png"
+
+ path = os.path.join(os.path.dirname(isomorphic_decode(__file__)), u"../../../images", filename)
+ body = open(path, u"rb").read()
+
+ response.add_required_headers = False
+ response.writer.write_status(200)
+ response.writer.write_header(b"x-content-type-options", b"nosniff")
+ response.writer.write_header(b"content-length", len(body))
+ if(type != None):
+ response.writer.write_header(b"content-type", type)
+ response.writer.end_headers()
+
+ response.writer.write(body)
diff --git a/testing/web-platform/tests/fetch/nosniff/resources/js.py b/testing/web-platform/tests/fetch/nosniff/resources/js.py
new file mode 100644
index 0000000000..784050a2ca
--- /dev/null
+++ b/testing/web-platform/tests/fetch/nosniff/resources/js.py
@@ -0,0 +1,17 @@
+def main(request, response):
+ outcome = request.GET.first(b"outcome", b"f")
+ type = request.GET.first(b"type", b"Content-Type missing")
+
+ content = b"// nothing to see here"
+ content += b"\n"
+ content += b"log('FAIL: " + type + b"')" if (outcome == b"f") else b"p()"
+
+ response.add_required_headers = False
+ response.writer.write_status(200)
+ response.writer.write_header(b"x-content-type-options", b"nosniff")
+ response.writer.write_header(b"content-length", len(content))
+ if(type != b"Content-Type missing"):
+ response.writer.write_header(b"content-type", type)
+ response.writer.end_headers()
+
+ response.writer.write(content)
diff --git a/testing/web-platform/tests/fetch/nosniff/resources/nosniff.py b/testing/web-platform/tests/fetch/nosniff/resources/nosniff.py
new file mode 100644
index 0000000000..bc85ea0ec9
--- /dev/null
+++ b/testing/web-platform/tests/fetch/nosniff/resources/nosniff.py
@@ -0,0 +1,10 @@
+def main(request, response):
+ response.add_required_headers = False
+ output = b"HTTP/1.1 220 YOU HAVE NO POWER HERE\r\n"
+ output += b"Content-Length: 22\r\n"
+ output += b"Content-Type: x/x\r\n"
+ output += request.GET.first(b"nosniff") + b"\r\n"
+ output += b"\r\n"
+ output += b"// nothing to see here"
+ response.writer.write(output)
+ response.close_connection = True
diff --git a/testing/web-platform/tests/fetch/nosniff/resources/worker.py b/testing/web-platform/tests/fetch/nosniff/resources/worker.py
new file mode 100644
index 0000000000..2d7e3f6c90
--- /dev/null
+++ b/testing/web-platform/tests/fetch/nosniff/resources/worker.py
@@ -0,0 +1,16 @@
+def main(request, response):
+ type = request.GET.first(b"type", None)
+
+ content = b"// nothing to see here"
+ content += b"\n"
+ content += b"this.postMessage('hi')"
+
+ response.add_required_headers = False
+ response.writer.write_status(200)
+ response.writer.write_header(b"x-content-type-options", b"nosniff")
+ response.writer.write_header(b"content-length", len(content))
+ if(type != None):
+ response.writer.write_header(b"content-type", type)
+ response.writer.end_headers()
+
+ response.writer.write(content)
diff --git a/testing/web-platform/tests/fetch/nosniff/resources/x-content-type-options.json b/testing/web-platform/tests/fetch/nosniff/resources/x-content-type-options.json
new file mode 100644
index 0000000000..080fc1990b
--- /dev/null
+++ b/testing/web-platform/tests/fetch/nosniff/resources/x-content-type-options.json
@@ -0,0 +1,62 @@
+[
+ {
+ "input": "X-Content-Type-Options: NOSNIFF",
+ "nosniff": true
+ },
+ {
+ "input": "x-content-type-OPTIONS: nosniff",
+ "nosniff": true
+ },
+ {
+ "input": "X-Content-Type-Options: nosniff,,@#$#%%&^&^*()()11!",
+ "nosniff": true
+ },
+ {
+ "input": "X-Content-Type-Options: @#$#%%&^&^*()()11!,nosniff",
+ "nosniff": false
+ },
+ {
+ "input": "X-Content-Type-Options: nosniff\r\nX-Content-Type-Options: no",
+ "nosniff": true
+ },
+ {
+ "input": "X-Content-Type-Options: no\r\nX-Content-Type-Options: nosniff",
+ "nosniff": false
+ },
+ {
+ "input": "X-Content-Type-Options:\r\nX-Content-Type-Options: nosniff",
+ "nosniff": false
+ },
+ {
+ "input": "X-Content-Type-Options: nosniff\r\nX-Content-Type-Options: nosniff",
+ "nosniff": true
+ },
+ {
+ "input": "X-Content-Type-Options: ,nosniff",
+ "nosniff": false
+ },
+ {
+ "input": "X-Content-Type-Options: nosniff\u000C",
+ "nosniff": false
+ },
+ {
+ "input": "X-Content-Type-Options: nosniff\u000B",
+ "nosniff": false
+ },
+ {
+ "input": "X-Content-Type-Options: nosniff\u000B,nosniff",
+ "nosniff": false
+ },
+ {
+ "input": "X-Content-Type-Options: 'NosniFF'",
+ "nosniff": false
+ },
+ {
+ "input": "X-Content-Type-Options: \"nosniFF\"",
+ "nosniff": false
+ },
+ {
+ "input": "Content-Type-Options: nosniff",
+ "nosniff": false
+ }
+]