From 43a97878ce14b72f0981164f87f2e35e14151312 Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Sun, 7 Apr 2024 11:22:09 +0200 Subject: Adding upstream version 110.0.1. Signed-off-by: Daniel Baumann --- .../tests/content-security-policy/META.yml | 4 + .../tests/content-security-policy/README.css | 27 + .../tests/content-security-policy/README.html | 118 +++++ .../base-uri/base-uri-allow.sub.html | 24 + .../base-uri/base-uri-deny.sub.html | 25 + .../base-uri/base-uri_iframe_sandbox.sub.html | 79 +++ .../report-uri-does-not-respect-base-uri.sub.html | 27 + ...-does-not-respect-base-uri.sub.html.sub.headers | 5 + .../blob/blob-urls-do-not-match-self.sub.html | 36 ++ .../blob/blob-urls-match-blob.sub.html | 37 ++ .../blob/self-doesnt-match-blob.sub.html | 49 ++ .../blob/star-doesnt-match-blob.sub.html | 49 ++ ...ild-src-about-blank-allowed-by-default.sub.html | 29 ++ ...hild-src-about-blank-allowed-by-scheme.sub.html | 25 + .../child-src/child-src-allowed.sub.html | 64 +++ .../child-src/child-src-blocked.sub.html | 62 +++ .../child-src-conflicting-frame-src.sub.html | 65 +++ .../child-src/child-src-cross-origin-load.sub.html | 42 ++ .../child-src/child-src-redirect-blocked.sub.html | 65 +++ .../child-src/child-src-worker-allowed.sub.html | 38 ++ .../child-src/child-src-worker-blocked.sub.html | 44 ++ .../connect-src-beacon-allowed.sub.html | 39 ++ .../connect-src-beacon-blocked.sub.html | 39 ++ ...connect-src-beacon-redirect-to-blocked.sub.html | 36 ++ .../connect-src-eventsource-allowed.sub.html | 36 ++ .../connect-src-eventsource-blocked.sub.html | 39 ++ ...ct-src-eventsource-redirect-to-blocked.sub.html | 40 ++ .../connect-src-websocket-allowed.sub.html | 36 ++ .../connect-src-websocket-blocked.sub.html | 36 ++ .../connect-src-websocket-self.sub.html | 47 ++ .../connect-src-xmlhttprequest-allowed.sub.html | 32 ++ .../connect-src-xmlhttprequest-blocked.sub.html | 38 ++ ...src-xmlhttprequest-redirect-to-blocked.sub.html | 46 ++ .../connect-src/resources/simple-event-stream | 1 + .../resources/simple-event-stream.headers | 1 + .../shared-worker-connect-src-allowed.sub.html | 39 ++ .../shared-worker-connect-src-blocked.sub.html | 44 ++ .../support/shared-worker-make-xhr-allowed.sub.js | 23 + .../support/shared-worker-make-xhr-blocked.sub.js | 23 + ...ared-worker-make-xhr-blocked.sub.js.sub.headers | 1 + .../support/worker-make-xhr-blocked.sub.js | 21 + .../worker-make-xhr-blocked.sub.js.sub.headers | 1 + .../connect-src/support/worker-make-xhr.sub.js | 21 + .../worker-connect-src-allowed.sub.html | 34 ++ .../worker-connect-src-blocked.sub.html | 38 ++ .../connect-src/worker-from-guid.sub.html | 64 +++ .../default-src-inline-allowed.sub.html | 28 ++ .../default-src-inline-blocked.sub.html | 31 ++ ...fault-src-strict_dynamic_and_unsafe_inline.html | 23 + .../embedded-enforcement/META.yml | 1 + .../allow_csp_from-header.html | 94 ++++ .../blocked-iframe-are-cross-origin.html | 59 +++ ...hange-csp-attribute-and-history-navigation.html | 93 ++++ .../embedded-enforcement/idlharness.window.js | 16 + .../embedded-enforcement/iframe-csp-attribute.html | 35 ++ .../required-csp-header-cascade.html | 67 +++ .../required_csp-header-crlf.html | 87 ++++ .../embedded-enforcement/required_csp-header.html | 119 +++++ .../subsumption_algorithm-general.html | 96 ++++ .../subsumption_algorithm-hashes.html | 80 +++ .../subsumption_algorithm-host_sources-hosts.html | 42 ++ .../subsumption_algorithm-host_sources-paths.html | 58 +++ .../subsumption_algorithm-host_sources-ports.html | 82 +++ ...bsumption_algorithm-host_sources-protocols.html | 66 +++ .../subsumption_algorithm-nonces.html | 59 +++ .../subsumption_algorithm-none.html | 113 +++++ .../subsumption_algorithm-self.html | 49 ++ ...ubsumption_algorithm-source_list-wildcards.html | 125 +++++ .../subsumption_algorithm-strict_dynamic.html | 72 +++ .../subsumption_algorithm-unsafe_eval.html | 54 ++ .../subsumption_algorithm-unsafe_hashes.html | 54 ++ .../subsumption_algorithm-unsafe_inline.html | 103 ++++ .../support/echo-allow-csp-from.py | 43 ++ .../support/echo-policy-multiple.py | 25 + .../support/echo-required-csp.py | 47 ++ .../support/embed-img-and-message-top.html | 14 + .../embedded-enforcement/support/executor.html | 3 + .../support/testharness-helper.sub.js | 170 +++++++ .../font-src/font-match-allowed.sub.html | 23 + .../font-src/font-mismatch-blocked.sub.html | 22 + .../font-src/font-none-blocked.sub.html | 22 + .../font-src/font-self-allowed.html | 23 + .../font-src/font-stylesheet-font-blocked.sub.html | 25 + .../form-action-self-allowed-target-blank.html | 40 ++ .../form-action-src-allowed-target-blank.sub.html | 33 ++ .../form-action-src-allowed-target-frame.sub.html | 34 ++ .../form-action/form-action-src-allowed.sub.html | 40 ++ .../form-action/form-action-src-blocked.sub.html | 40 ++ .../form-action-src-default-ignored.sub.html | 40 ++ .../form-action-src-get-allowed.sub.html | 41 ++ .../form-action-src-get-blocked.sub.html | 42 ++ .../form-action-src-javascript-blocked.sub.html | 34 ++ ...ion-src-javascript-blocked.sub.html.sub.headers | 0 .../form-action-src-javascript-prevented.html | 46 ++ ...tion-src-redirect-allowed-target-blank.sub.html | 33 ++ ...tion-src-redirect-allowed-target-frame.sub.html | 34 ++ .../form-action-src-redirect-blocked.sub.html | 42 ++ .../support/post-message-to-opener.sub.html | 3 + .../support/post-message-to-parent.sub.html | 3 + .../frame-ancestors-from-serviceworker.https.html | 46 ++ ...ancestors-nested-cross-in-cross-none-block.html | 15 + ...ancestors-nested-cross-in-cross-self-block.html | 15 + ...ancestors-nested-cross-in-cross-star-allow.html | 15 + ...-ancestors-nested-cross-in-cross-url-allow.html | 15 + ...-ancestors-nested-cross-in-cross-url-block.html | 15 + ...-ancestors-nested-cross-in-same-none-block.html | 16 + ...-ancestors-nested-cross-in-same-self-block.html | 15 + ...-ancestors-nested-cross-in-same-star-allow.html | 17 + ...e-ancestors-nested-cross-in-same-url-allow.html | 16 + ...e-ancestors-nested-cross-in-same-url-block.html | 15 + ...-nested-cross-in-sandboxed-cross-url-block.html | 16 + ...-ancestors-nested-same-in-cross-none-block.html | 15 + ...-ancestors-nested-same-in-cross-self-block.html | 15 + ...-ancestors-nested-same-in-cross-star-allow.html | 15 + ...e-ancestors-nested-same-in-cross-url-allow.html | 15 + ...e-ancestors-nested-same-in-cross-url-block.html | 15 + ...e-ancestors-nested-same-in-same-none-block.html | 15 + ...e-ancestors-nested-same-in-same-self-allow.html | 15 + ...e-ancestors-nested-same-in-same-star-allow.html | 15 + ...me-ancestors-nested-same-in-same-url-allow.html | 15 + ...me-ancestors-nested-same-in-same-url-block.html | 15 + .../frame-ancestors-none-block.html | 23 + .../frame-ancestors-overrides-xfo.html | 39 ++ .../frame-ancestors-sandbox-same-origin-self.html | 17 + .../frame-ancestors-self-allow.html | 16 + .../frame-ancestors-self-block.html | 15 + .../frame-ancestors-star-allow-crossorigin.html | 16 + .../frame-ancestors-star-allow-sameorigin.html | 15 + .../frame-ancestors-url-allow.sub.html | 15 + .../frame-ancestors/frame-ancestors-url-block.html | 15 + .../frame-ancestors/report-blocked-frame.sub.html | 13 + .../frame-ancestors/report-only-frame.sub.html | 13 + .../content-security-policy-report-only.sub.html | 6 + ...ecurity-policy-report-only.sub.html.sub.headers | 1 + .../support/content-security-policy.sub.html | 6 + .../content-security-policy.sub.html.sub.headers | 1 + .../frame-ancestors-and-x-frame-options.sub.html | 9 + ...estors-and-x-frame-options.sub.html.sub.headers | 3 + .../support/frame-ancestors-test.sub.js | 147 ++++++ .../support/frame-ancestors.sub.html | 9 + .../support/frame-ancestors.sub.html.sub.headers | 2 + .../support/frame-in-frame.sub.html | 16 + .../support/frame-in-frame.sub.html.sub.headers | 1 + .../frame-ancestors/support/service-worker.js | 10 + ...ame-src-about-blank-allowed-by-default.sub.html | 32 ++ ...rame-src-about-blank-allowed-by-scheme.sub.html | 28 ++ .../frame-src/frame-src-allowed.sub.html | 64 +++ .../frame-src/frame-src-blocked.sub.html | 62 +++ .../frame-src/frame-src-cross-origin-load.sub.html | 68 +++ ...cross-origin-same-document-navigation.window.js | 45 ++ .../frame-src/frame-src-redirect.html | 35 ++ .../frame-src/frame-src-redirect.html.headers | 2 + .../frame-src-same-document-meta.sub.html | 52 ++ .../frame-src/frame-src-same-document.sub.html | 22 + .../frame-src-same-document.sub.html.headers | 1 + .../frame-src/frame-src-sandboxed-allowed.html | 29 ++ .../frame-src-sandboxed-allowed.html.headers | 4 + .../frame-src/frame-src-self-unique-origin.html | 49 ++ .../frame-src/support/frame.html | 2 + .../frame-src/support/testharness-helper.sub.js | 5 + .../script-src-self/script-tag.http.html | 82 +++ .../script-src-self/script-tag.http.html.headers | 1 + .../script-src-self/script-tag.https.html | 82 +++ .../script-src-self/script-tag.https.html.headers | 1 + .../script-src-self/sharedworker-classic.http.html | 42 ++ .../sharedworker-classic.http.html.headers | 1 + .../sharedworker-classic.https.html | 42 ++ .../sharedworker-classic.https.html.headers | 1 + .../sharedworker-import-data.http.html | 82 +++ .../sharedworker-import-data.http.html.headers | 1 + .../sharedworker-import-data.https.html | 82 +++ .../sharedworker-import-data.https.html.headers | 1 + .../script-src-self/sharedworker-import.http.html | 82 +++ .../sharedworker-import.http.html.headers | 1 + .../script-src-self/sharedworker-import.https.html | 82 +++ .../sharedworker-import.https.html.headers | 1 + .../script-src-self/sharedworker-module.http.html | 42 ++ .../sharedworker-module.http.html.headers | 1 + .../script-src-self/sharedworker-module.https.html | 42 ++ .../sharedworker-module.https.html.headers | 1 + .../script-src-self/worker-classic.http.html | 42 ++ .../worker-classic.http.html.headers | 1 + .../script-src-self/worker-classic.https.html | 42 ++ .../worker-classic.https.html.headers | 1 + .../script-src-self/worker-import-data.http.html | 82 +++ .../worker-import-data.http.html.headers | 1 + .../script-src-self/worker-import-data.https.html | 82 +++ .../worker-import-data.https.html.headers | 1 + .../script-src-self/worker-import.http.html | 82 +++ .../worker-import.http.html.headers | 1 + .../script-src-self/worker-import.https.html | 82 +++ .../worker-import.https.html.headers | 1 + .../script-src-self/worker-module.http.html | 42 ++ .../worker-module.http.html.headers | 1 + .../script-src-self/worker-module.https.html | 42 ++ .../worker-module.https.html.headers | 1 + .../worklet-animation-import-data.https.html | 82 +++ ...orklet-animation-import-data.https.html.headers | 1 + .../script-src-self/worklet-animation.https.html | 82 +++ .../worklet-animation.https.html.headers | 1 + .../worklet-audio-import-data.https.html | 82 +++ .../worklet-audio-import-data.https.html.headers | 1 + .../script-src-self/worklet-audio.https.html | 82 +++ .../worklet-audio.https.html.headers | 1 + .../worklet-layout-import-data.https.html | 82 +++ .../worklet-layout-import-data.https.html.headers | 1 + .../script-src-self/worklet-layout.https.html | 82 +++ .../worklet-layout.https.html.headers | 1 + .../worklet-paint-import-data.https.html | 82 +++ .../worklet-paint-import-data.https.html.headers | 1 + .../script-src-self/worklet-paint.https.html | 82 +++ .../worklet-paint.https.html.headers | 1 + .../script-src-wildcard/script-tag.http.html | 82 +++ .../script-tag.http.html.headers | 1 + .../script-src-wildcard/script-tag.https.html | 82 +++ .../script-tag.https.html.headers | 1 + .../sharedworker-classic.http.html | 42 ++ .../sharedworker-classic.http.html.headers | 1 + .../sharedworker-classic.https.html | 42 ++ .../sharedworker-classic.https.html.headers | 1 + .../sharedworker-import-data.http.html | 82 +++ .../sharedworker-import-data.http.html.headers | 1 + .../sharedworker-import-data.https.html | 82 +++ .../sharedworker-import-data.https.html.headers | 1 + .../sharedworker-import.http.html | 82 +++ .../sharedworker-import.http.html.headers | 1 + .../sharedworker-import.https.html | 82 +++ .../sharedworker-import.https.html.headers | 1 + .../sharedworker-module.http.html | 42 ++ .../sharedworker-module.http.html.headers | 1 + .../sharedworker-module.https.html | 42 ++ .../sharedworker-module.https.html.headers | 1 + .../script-src-wildcard/worker-classic.http.html | 42 ++ .../worker-classic.http.html.headers | 1 + .../script-src-wildcard/worker-classic.https.html | 42 ++ .../worker-classic.https.html.headers | 1 + .../worker-import-data.http.html | 82 +++ .../worker-import-data.http.html.headers | 1 + .../worker-import-data.https.html | 82 +++ .../worker-import-data.https.html.headers | 1 + .../script-src-wildcard/worker-import.http.html | 82 +++ .../worker-import.http.html.headers | 1 + .../script-src-wildcard/worker-import.https.html | 82 +++ .../worker-import.https.html.headers | 1 + .../script-src-wildcard/worker-module.http.html | 42 ++ .../worker-module.http.html.headers | 1 + .../script-src-wildcard/worker-module.https.html | 42 ++ .../worker-module.https.html.headers | 1 + .../worklet-animation-import-data.https.html | 82 +++ ...orklet-animation-import-data.https.html.headers | 1 + .../worklet-animation.https.html | 82 +++ .../worklet-animation.https.html.headers | 1 + .../worklet-audio-import-data.https.html | 82 +++ .../worklet-audio-import-data.https.html.headers | 1 + .../script-src-wildcard/worklet-audio.https.html | 82 +++ .../worklet-audio.https.html.headers | 1 + .../worklet-layout-import-data.https.html | 82 +++ .../worklet-layout-import-data.https.html.headers | 1 + .../script-src-wildcard/worklet-layout.https.html | 82 +++ .../worklet-layout.https.html.headers | 1 + .../worklet-paint-import-data.https.html | 82 +++ .../worklet-paint-import-data.https.html.headers | 1 + .../script-src-wildcard/worklet-paint.https.html | 82 +++ .../worklet-paint.https.html.headers | 1 + .../worker-src-none/script-tag.http.html | 82 +++ .../worker-src-none/script-tag.http.html.headers | 1 + .../worker-src-none/script-tag.https.html | 82 +++ .../worker-src-none/script-tag.https.html.headers | 1 + .../worker-src-none/sharedworker-classic.http.html | 42 ++ .../sharedworker-classic.http.html.headers | 1 + .../sharedworker-classic.https.html | 42 ++ .../sharedworker-classic.https.html.headers | 1 + .../sharedworker-import-data.http.html | 82 +++ .../sharedworker-import-data.http.html.headers | 1 + .../sharedworker-import-data.https.html | 82 +++ .../sharedworker-import-data.https.html.headers | 1 + .../worker-src-none/sharedworker-import.http.html | 82 +++ .../sharedworker-import.http.html.headers | 1 + .../worker-src-none/sharedworker-import.https.html | 82 +++ .../sharedworker-import.https.html.headers | 1 + .../worker-src-none/sharedworker-module.http.html | 42 ++ .../sharedworker-module.http.html.headers | 1 + .../worker-src-none/sharedworker-module.https.html | 42 ++ .../sharedworker-module.https.html.headers | 1 + .../worker-src-none/worker-classic.http.html | 42 ++ .../worker-classic.http.html.headers | 1 + .../worker-src-none/worker-classic.https.html | 42 ++ .../worker-classic.https.html.headers | 1 + .../worker-src-none/worker-import-data.http.html | 82 +++ .../worker-import-data.http.html.headers | 1 + .../worker-src-none/worker-import-data.https.html | 82 +++ .../worker-import-data.https.html.headers | 1 + .../worker-src-none/worker-import.http.html | 82 +++ .../worker-import.http.html.headers | 1 + .../worker-src-none/worker-import.https.html | 82 +++ .../worker-import.https.html.headers | 1 + .../worker-src-none/worker-module.http.html | 42 ++ .../worker-module.http.html.headers | 1 + .../worker-src-none/worker-module.https.html | 42 ++ .../worker-module.https.html.headers | 1 + .../worklet-animation-import-data.https.html | 82 +++ ...orklet-animation-import-data.https.html.headers | 1 + .../worker-src-none/worklet-animation.https.html | 82 +++ .../worklet-animation.https.html.headers | 1 + .../worklet-audio-import-data.https.html | 82 +++ .../worklet-audio-import-data.https.html.headers | 1 + .../worker-src-none/worklet-audio.https.html | 82 +++ .../worklet-audio.https.html.headers | 1 + .../worklet-layout-import-data.https.html | 82 +++ .../worklet-layout-import-data.https.html.headers | 1 + .../worker-src-none/worklet-layout.https.html | 82 +++ .../worklet-layout.https.html.headers | 1 + .../worklet-paint-import-data.https.html | 82 +++ .../worklet-paint-import-data.https.html.headers | 1 + .../worker-src-none/worklet-paint.https.html | 82 +++ .../worklet-paint.https.html.headers | 1 + .../worker-src-self/script-tag.http.html | 82 +++ .../worker-src-self/script-tag.http.html.headers | 1 + .../worker-src-self/script-tag.https.html | 82 +++ .../worker-src-self/script-tag.https.html.headers | 1 + .../worker-src-self/sharedworker-classic.http.html | 42 ++ .../sharedworker-classic.http.html.headers | 1 + .../sharedworker-classic.https.html | 42 ++ .../sharedworker-classic.https.html.headers | 1 + .../sharedworker-import-data.http.html | 82 +++ .../sharedworker-import-data.http.html.headers | 1 + .../sharedworker-import-data.https.html | 82 +++ .../sharedworker-import-data.https.html.headers | 1 + .../worker-src-self/sharedworker-import.http.html | 82 +++ .../sharedworker-import.http.html.headers | 1 + .../worker-src-self/sharedworker-import.https.html | 82 +++ .../sharedworker-import.https.html.headers | 1 + .../worker-src-self/sharedworker-module.http.html | 42 ++ .../sharedworker-module.http.html.headers | 1 + .../worker-src-self/sharedworker-module.https.html | 42 ++ .../sharedworker-module.https.html.headers | 1 + .../worker-src-self/worker-classic.http.html | 42 ++ .../worker-classic.http.html.headers | 1 + .../worker-src-self/worker-classic.https.html | 42 ++ .../worker-classic.https.html.headers | 1 + .../worker-src-self/worker-import-data.http.html | 82 +++ .../worker-import-data.http.html.headers | 1 + .../worker-src-self/worker-import-data.https.html | 82 +++ .../worker-import-data.https.html.headers | 1 + .../worker-src-self/worker-import.http.html | 82 +++ .../worker-import.http.html.headers | 1 + .../worker-src-self/worker-import.https.html | 82 +++ .../worker-import.https.html.headers | 1 + .../worker-src-self/worker-module.http.html | 42 ++ .../worker-module.http.html.headers | 1 + .../worker-src-self/worker-module.https.html | 42 ++ .../worker-module.https.html.headers | 1 + .../worklet-animation-import-data.https.html | 82 +++ ...orklet-animation-import-data.https.html.headers | 1 + .../worker-src-self/worklet-animation.https.html | 82 +++ .../worklet-animation.https.html.headers | 1 + .../worklet-audio-import-data.https.html | 82 +++ .../worklet-audio-import-data.https.html.headers | 1 + .../worker-src-self/worklet-audio.https.html | 82 +++ .../worklet-audio.https.html.headers | 1 + .../worklet-layout-import-data.https.html | 82 +++ .../worklet-layout-import-data.https.html.headers | 1 + .../worker-src-self/worklet-layout.https.html | 82 +++ .../worklet-layout.https.html.headers | 1 + .../worklet-paint-import-data.https.html | 82 +++ .../worklet-paint-import-data.https.html.headers | 1 + .../worker-src-self/worklet-paint.https.html | 82 +++ .../worklet-paint.https.html.headers | 1 + .../worker-src-wildcard/script-tag.http.html | 82 +++ .../script-tag.http.html.headers | 1 + .../worker-src-wildcard/script-tag.https.html | 82 +++ .../script-tag.https.html.headers | 1 + .../sharedworker-classic.http.html | 42 ++ .../sharedworker-classic.http.html.headers | 1 + .../sharedworker-classic.https.html | 42 ++ .../sharedworker-classic.https.html.headers | 1 + .../sharedworker-import-data.http.html | 82 +++ .../sharedworker-import-data.http.html.headers | 1 + .../sharedworker-import-data.https.html | 82 +++ .../sharedworker-import-data.https.html.headers | 1 + .../sharedworker-import.http.html | 82 +++ .../sharedworker-import.http.html.headers | 1 + .../sharedworker-import.https.html | 82 +++ .../sharedworker-import.https.html.headers | 1 + .../sharedworker-module.http.html | 42 ++ .../sharedworker-module.http.html.headers | 1 + .../sharedworker-module.https.html | 42 ++ .../sharedworker-module.https.html.headers | 1 + .../worker-src-wildcard/worker-classic.http.html | 42 ++ .../worker-classic.http.html.headers | 1 + .../worker-src-wildcard/worker-classic.https.html | 42 ++ .../worker-classic.https.html.headers | 1 + .../worker-import-data.http.html | 82 +++ .../worker-import-data.http.html.headers | 1 + .../worker-import-data.https.html | 82 +++ .../worker-import-data.https.html.headers | 1 + .../worker-src-wildcard/worker-import.http.html | 82 +++ .../worker-import.http.html.headers | 1 + .../worker-src-wildcard/worker-import.https.html | 82 +++ .../worker-import.https.html.headers | 1 + .../worker-src-wildcard/worker-module.http.html | 42 ++ .../worker-module.http.html.headers | 1 + .../worker-src-wildcard/worker-module.https.html | 42 ++ .../worker-module.https.html.headers | 1 + .../worklet-animation-import-data.https.html | 82 +++ ...orklet-animation-import-data.https.html.headers | 1 + .../worklet-animation.https.html | 82 +++ .../worklet-animation.https.html.headers | 1 + .../worklet-audio-import-data.https.html | 82 +++ .../worklet-audio-import-data.https.html.headers | 1 + .../worker-src-wildcard/worklet-audio.https.html | 82 +++ .../worklet-audio.https.html.headers | 1 + .../worklet-layout-import-data.https.html | 82 +++ .../worklet-layout-import-data.https.html.headers | 1 + .../worker-src-wildcard/worklet-layout.https.html | 82 +++ .../worklet-layout.https.html.headers | 1 + .../worklet-paint-import-data.https.html | 82 +++ .../worklet-paint-import-data.https.html.headers | 1 + .../worker-src-wildcard/worklet-paint.https.html | 82 +++ .../worklet-paint.https.html.headers | 1 + .../top.meta/script-src-self/script-tag.http.html | 83 ++++ .../top.meta/script-src-self/script-tag.https.html | 83 ++++ .../script-src-self/sharedworker-classic.http.html | 43 ++ .../sharedworker-classic.https.html | 43 ++ .../sharedworker-import-data.http.html | 83 ++++ .../sharedworker-import-data.https.html | 83 ++++ .../script-src-self/sharedworker-import.http.html | 83 ++++ .../script-src-self/sharedworker-import.https.html | 83 ++++ .../script-src-self/sharedworker-module.http.html | 43 ++ .../script-src-self/sharedworker-module.https.html | 43 ++ .../script-src-self/worker-classic.http.html | 43 ++ .../script-src-self/worker-classic.https.html | 43 ++ .../script-src-self/worker-import-data.http.html | 83 ++++ .../script-src-self/worker-import-data.https.html | 83 ++++ .../script-src-self/worker-import.http.html | 83 ++++ .../script-src-self/worker-import.https.html | 83 ++++ .../script-src-self/worker-module.http.html | 43 ++ .../script-src-self/worker-module.https.html | 43 ++ .../worklet-animation-import-data.https.html | 83 ++++ .../script-src-self/worklet-animation.https.html | 83 ++++ .../worklet-audio-import-data.https.html | 83 ++++ .../script-src-self/worklet-audio.https.html | 83 ++++ .../worklet-layout-import-data.https.html | 83 ++++ .../script-src-self/worklet-layout.https.html | 83 ++++ .../worklet-paint-import-data.https.html | 83 ++++ .../script-src-self/worklet-paint.https.html | 83 ++++ .../script-src-wildcard/script-tag.http.html | 83 ++++ .../script-src-wildcard/script-tag.https.html | 83 ++++ .../sharedworker-classic.http.html | 43 ++ .../sharedworker-classic.https.html | 43 ++ .../sharedworker-import-data.http.html | 83 ++++ .../sharedworker-import-data.https.html | 83 ++++ .../sharedworker-import.http.html | 83 ++++ .../sharedworker-import.https.html | 83 ++++ .../sharedworker-module.http.html | 43 ++ .../sharedworker-module.https.html | 43 ++ .../script-src-wildcard/worker-classic.http.html | 43 ++ .../script-src-wildcard/worker-classic.https.html | 43 ++ .../worker-import-data.http.html | 83 ++++ .../worker-import-data.https.html | 83 ++++ .../script-src-wildcard/worker-import.http.html | 83 ++++ .../script-src-wildcard/worker-import.https.html | 83 ++++ .../script-src-wildcard/worker-module.http.html | 43 ++ .../script-src-wildcard/worker-module.https.html | 43 ++ .../worklet-animation-import-data.https.html | 83 ++++ .../worklet-animation.https.html | 83 ++++ .../worklet-audio-import-data.https.html | 83 ++++ .../script-src-wildcard/worklet-audio.https.html | 83 ++++ .../worklet-layout-import-data.https.html | 83 ++++ .../script-src-wildcard/worklet-layout.https.html | 83 ++++ .../worklet-paint-import-data.https.html | 83 ++++ .../script-src-wildcard/worklet-paint.https.html | 83 ++++ .../top.meta/worker-src-none/script-tag.http.html | 83 ++++ .../top.meta/worker-src-none/script-tag.https.html | 83 ++++ .../worker-src-none/sharedworker-classic.http.html | 43 ++ .../sharedworker-classic.https.html | 43 ++ .../sharedworker-import-data.http.html | 83 ++++ .../sharedworker-import-data.https.html | 83 ++++ .../worker-src-none/sharedworker-import.http.html | 83 ++++ .../worker-src-none/sharedworker-import.https.html | 83 ++++ .../worker-src-none/sharedworker-module.http.html | 43 ++ .../worker-src-none/sharedworker-module.https.html | 43 ++ .../worker-src-none/worker-classic.http.html | 43 ++ .../worker-src-none/worker-classic.https.html | 43 ++ .../worker-src-none/worker-import-data.http.html | 83 ++++ .../worker-src-none/worker-import-data.https.html | 83 ++++ .../worker-src-none/worker-import.http.html | 83 ++++ .../worker-src-none/worker-import.https.html | 83 ++++ .../worker-src-none/worker-module.http.html | 43 ++ .../worker-src-none/worker-module.https.html | 43 ++ .../worklet-animation-import-data.https.html | 83 ++++ .../worker-src-none/worklet-animation.https.html | 83 ++++ .../worklet-audio-import-data.https.html | 83 ++++ .../worker-src-none/worklet-audio.https.html | 83 ++++ .../worklet-layout-import-data.https.html | 83 ++++ .../worker-src-none/worklet-layout.https.html | 83 ++++ .../worklet-paint-import-data.https.html | 83 ++++ .../worker-src-none/worklet-paint.https.html | 83 ++++ .../top.meta/worker-src-self/script-tag.http.html | 83 ++++ .../top.meta/worker-src-self/script-tag.https.html | 83 ++++ .../worker-src-self/sharedworker-classic.http.html | 43 ++ .../sharedworker-classic.https.html | 43 ++ .../sharedworker-import-data.http.html | 83 ++++ .../sharedworker-import-data.https.html | 83 ++++ .../worker-src-self/sharedworker-import.http.html | 83 ++++ .../worker-src-self/sharedworker-import.https.html | 83 ++++ .../worker-src-self/sharedworker-module.http.html | 43 ++ .../worker-src-self/sharedworker-module.https.html | 43 ++ .../worker-src-self/worker-classic.http.html | 43 ++ .../worker-src-self/worker-classic.https.html | 43 ++ .../worker-src-self/worker-import-data.http.html | 83 ++++ .../worker-src-self/worker-import-data.https.html | 83 ++++ .../worker-src-self/worker-import.http.html | 83 ++++ .../worker-src-self/worker-import.https.html | 83 ++++ .../worker-src-self/worker-module.http.html | 43 ++ .../worker-src-self/worker-module.https.html | 43 ++ .../worklet-animation-import-data.https.html | 83 ++++ .../worker-src-self/worklet-animation.https.html | 83 ++++ .../worklet-audio-import-data.https.html | 83 ++++ .../worker-src-self/worklet-audio.https.html | 83 ++++ .../worklet-layout-import-data.https.html | 83 ++++ .../worker-src-self/worklet-layout.https.html | 83 ++++ .../worklet-paint-import-data.https.html | 83 ++++ .../worker-src-self/worklet-paint.https.html | 83 ++++ .../worker-src-wildcard/script-tag.http.html | 83 ++++ .../worker-src-wildcard/script-tag.https.html | 83 ++++ .../sharedworker-classic.http.html | 43 ++ .../sharedworker-classic.https.html | 43 ++ .../sharedworker-import-data.http.html | 83 ++++ .../sharedworker-import-data.https.html | 83 ++++ .../sharedworker-import.http.html | 83 ++++ .../sharedworker-import.https.html | 83 ++++ .../sharedworker-module.http.html | 43 ++ .../sharedworker-module.https.html | 43 ++ .../worker-src-wildcard/worker-classic.http.html | 43 ++ .../worker-src-wildcard/worker-classic.https.html | 43 ++ .../worker-import-data.http.html | 83 ++++ .../worker-import-data.https.html | 83 ++++ .../worker-src-wildcard/worker-import.http.html | 83 ++++ .../worker-src-wildcard/worker-import.https.html | 83 ++++ .../worker-src-wildcard/worker-module.http.html | 43 ++ .../worker-src-wildcard/worker-module.https.html | 43 ++ .../worklet-animation-import-data.https.html | 83 ++++ .../worklet-animation.https.html | 83 ++++ .../worklet-audio-import-data.https.html | 83 ++++ .../worker-src-wildcard/worklet-audio.https.html | 83 ++++ .../worklet-layout-import-data.https.html | 83 ++++ .../worker-src-wildcard/worklet-layout.https.html | 83 ++++ .../worklet-paint-import-data.https.html | 83 ++++ .../worker-src-wildcard/worklet-paint.https.html | 83 ++++ .../304-response-should-update-csp.sub.html | 52 ++ .../generic/cspro-not-enforced-in-worker.html | 22 + .../cspro-not-enforced-in-worker.html.sub.headers | 1 + .../directive-name-case-insensitive.sub.html | 32 ++ .../generic/duplicate-directive.sub.html | 27 + .../eval-typecheck-callout-order.tentative.html | 28 ++ ...-typecheck-callout-order.tentative.html.headers | 1 + .../content-security-policy/generic/fail-0_1.js | 3 + .../filesystem-urls-do-not-match-self.sub.html | 60 +++ .../filesystem-urls-match-filesystem.sub.html | 57 +++ .../generic/generic-0_1-img-src.html | 38 ++ .../generic/generic-0_1-script-src.html | 38 ++ .../generic/generic-0_10.sub.html | 27 + .../generic/generic-0_10_1.sub.html | 26 + .../generic/generic-0_2.html | 28 ++ .../generic/generic-0_2_2.sub.html | 26 + .../generic/generic-0_2_3.html | 26 + .../generic/generic-0_8.sub.html | 27 + .../generic/generic-0_8_1.sub.html | 31 ++ .../generic/generic-0_9.sub.html | 27 + .../generic/invalid-characters-in-policy.html | 75 +++ .../generic/negativeTests.js | 3 + .../generic/no-default-src.sub.html | 41 ++ .../generic/no-default-src.sub.html.sub.headers | 6 + .../only-valid-whitespaces-are-allowed.html | 67 +++ .../content-security-policy/generic/pass-0_1.js | 3 + .../generic/policy-does-not-affect-child.sub.html | 24 + .../policy-inherited-correctly-by-plznavigate.html | 43 ++ ...rited-correctly-by-plznavigate.html.sub.headers | 5 + .../generic/positiveTest.js | 1 + .../generic/support/304-response.py | 33 ++ .../generic/support/eval.js | 2 + .../support/load_img_and_post_result_header.html | 11 + ...oad_img_and_post_result_header.html.sub.headers | 1 + .../support/load_img_and_post_result_meta.sub.html | 14 + .../generic/support/log-pass.html | 3 + .../generic/support/sandboxed-eval.sub.html | 4 + .../support/sandboxed-eval.sub.html.sub.headers | 1 + .../generic/test-case.sub.js | 98 ++++ .../content-security-policy/generic/unreached.js | 3 + .../generic/wildcardHostTest.js | 8 + .../generic/wildcardHostTestFailure.js | 8 + .../generic/wildcardHostTestSuceeds.js | 1 + .../generic/wildcardPortTest.js | 8 + .../generic/wildcardPortTestSuceeds.js | 1 + .../img-src/icon-allowed.sub.html | 28 ++ .../img-src/icon-blocked.sub.html | 33 ++ .../img-src/img-src-4_1.sub.html | 35 ++ .../img-src-full-host-wildcard-blocked.sub.html | 20 + .../img-src-host-partial-wildcard-allowed.sub.html | 20 + .../img-src/img-src-none-blocks.html | 20 + .../img-src/img-src-port-wildcard-allowed.sub.html | 20 + .../img-src/img-src-self-unique-origin.html | 49 ++ .../img-src/img-src-wildcard-allowed.html | 40 ++ .../img-src/report-blocked-data-uri.sub.html | 25 + ...om-meta-http-equiv-with-invalid-characters.html | 19 + ...-in-child-frame-self-navigate-inherits.sub.html | 17 + ...-in-main-window-self-navigate-inherits.sub.html | 23 + .../blob-url-inherits-from-initiator.sub.html | 43 ++ .../inheritance/document-write-iframe.html | 65 +++ .../inheritance/frame-src-javascript-url.html | 40 ++ .../inheritance/history-iframe.sub.html | 178 +++++++ .../inheritance/history.sub.html | 195 ++++++++ .../iframe-all-local-schemes-inherit-self.sub.html | 102 ++++ .../inheritance/iframe-all-local-schemes.sub.html | 180 +++++++ .../iframe-srcdoc-history-inheritance.html | 63 +++ .../inheritance/iframe-srcdoc-inheritance.html | 34 ++ .../inheritance-from-initiator.sub.html | 173 +++++++ ...inherited-csp-list-modifications-are-local.html | 49 ++ .../javascript-url-open-in-main-window.html | 13 + ...url-srcdoc-cross-origin-iframe-inheritance.html | 28 ++ .../inheritance/location-reload.html | 120 +++++ .../inheritance/sandboxed-blob-scheme.html | 23 + .../sandboxed-blob-scheme.html.sub.headers | 5 + .../inheritance/sandboxed-data-scheme.html | 21 + .../sandboxed-data-scheme.html.sub.headers | 5 + .../inheritance/support/empty.html | 0 .../inheritance/support/iframe-do.sub.html | 8 + ...cross-origin-iframe-inheritance-helper.sub.html | 24 + .../support/message-opener-and-navigate-back.html | 5 + .../support/message-top-and-navigate-back.html | 5 + .../support/navigate-parent-to-blob.html | 23 + .../inheritance/support/navigate-self-to-blob.html | 6 + .../support/navigate-self-to-blob.html.sub.headers | 4 + .../support/navigate-self-to-javascript.html | 12 + .../inheritance/support/postmessage-opener.html | 4 + .../inheritance/support/postmessage-top.html | 5 + .../inheritance/support/srcdoc-child-frame.html | 19 + .../inheritance/unsandboxed-blob-scheme.html | 22 + .../unsandboxed-blob-scheme.html.sub.headers | 5 + .../inheritance/unsandboxed-data-scheme.html | 20 + .../unsandboxed-data-scheme.html.sub.headers | 5 + ...window-open-local-after-network-scheme.sub.html | 83 ++++ .../inheritance/window.html | 66 +++ .../inside-worker/dedicatedworker-connect-src.html | 57 +++ .../dedicatedworker-connect-src.html.sub.headers | 6 + .../inside-worker/dedicatedworker-report-only.html | 15 + .../dedicatedworker-report-only.html.sub.headers | 6 + .../inside-worker/dedicatedworker-script-src.html | 57 +++ .../dedicatedworker-script-src.html.sub.headers | 6 + .../serviceworker-connect-src.https.sub.html | 32 ++ .../serviceworker-report-only.https.sub.html | 15 + .../serviceworker-script-src.https.sub.html | 32 ++ .../sharedworker-connect-src.sub.html | 30 ++ .../sharedworker-report-only.sub.html | 8 + .../inside-worker/sharedworker-script-src.sub.html | 30 ++ .../inside-worker/support/connect-src-allow.sub.js | 71 +++ .../support/connect-src-self-report-only.sub.js | 117 +++++ ...connect-src-self-report-only.sub.js.sub.headers | 5 + .../inside-worker/support/connect-src-self.sub.js | 123 +++++ .../inside-worker/support/script-src-allow.sub.js | 24 + .../inside-worker/support/script-src-self.sub.js | 71 +++ .../media-src/media-src-7_1.html | 48 ++ .../media-src/media-src-7_1_2.sub.html | 57 +++ .../media-src/media-src-7_2.html | 48 ++ .../media-src/media-src-7_2_2.sub.html | 57 +++ .../media-src/media-src-7_3.sub.html | 53 ++ .../media-src/media-src-7_3_2.sub.html | 72 +++ .../media-src/media-src-blocked.sub.html | 101 ++++ .../media-src/media-src-redir-bug.sub.html | 71 +++ .../meta/combine-header-and-meta-policies.sub.html | 54 ++ ...e-header-and-meta-policies.sub.html.sub.headers | 5 + .../content-security-policy/meta/meta-img-src.html | 33 ++ .../meta/meta-modified.html | 35 ++ .../meta/meta-outside-head.sub.html | 32 ++ .../meta/meta-outside-head.sub.html.sub.headers | 1 + .../meta/sandbox-iframe.html | 54 ++ .../meta/support/metaHelper.js | 5 + .../anchor-navigation-always-allowed.html | 23 + .../anchor-navigation-always-allowed.html.headers | 4 + .../child-navigates-parent-allowed.html | 18 + .../child-navigates-parent-allowed.html.headers | 4 + .../child-navigates-parent-blocked.sub.html | 19 + ...child-navigates-parent-blocked.sub.html.headers | 4 + .../form-action-allows-navigate-to-allows.sub.html | 16 + .../form-action-allows-navigate-to-blocks.sub.html | 16 + .../form-action-blocks-navigate-to-allows.sub.html | 17 + .../form-action-blocks-navigate-to-blocks.sub.html | 17 + .../navigate-to/form-allowed.html | 16 + .../navigate-to/form-blocked.sub.html | 19 + .../navigate-to/form-cross-origin-allowed.sub.html | 16 + .../navigate-to/form-cross-origin-blocked.sub.html | 19 + .../navigate-to/form-redirected-allowed.html | 16 + .../navigate-to/form-redirected-blocked.sub.html | 20 + .../navigate-to/href-location-allowed.html | 17 + .../navigate-to/href-location-blocked.sub.html | 20 + .../href-location-cross-origin-allowed.sub.html | 17 + .../href-location-cross-origin-blocked.sub.html | 20 + .../href-location-redirected-allowed.html | 17 + .../href-location-redirected-blocked.sub.html | 20 + .../navigate-to/link-click-allowed.html | 16 + .../navigate-to/link-click-blocked.sub.html | 19 + .../link-click-cross-origin-allowed.sub.html | 16 + .../link-click-cross-origin-blocked.sub.html | 20 + .../navigate-to/link-click-redirected-allowed.html | 16 + .../link-click-redirected-blocked.sub.html | 19 + .../navigate-to/meta-refresh-allowed.html | 16 + .../navigate-to/meta-refresh-blocked.sub.html | 20 + .../meta-refresh-cross-origin-allowed.sub.html | 16 + .../meta-refresh-cross-origin-blocked.sub.html | 20 + .../meta-refresh-redirected-allowed.html | 16 + .../meta-refresh-redirected-blocked.sub.html | 20 + .../parent-navigates-child-allowed.html | 26 + .../parent-navigates-child-allowed.html.headers | 4 + .../parent-navigates-child-blocked.html | 28 ++ ...parent-navigates-child-blocked.html.sub.headers | 5 + .../spv-only-sent-to-initiator.sub.html | 48 ++ .../navigate-to/support/delayed_frame.py | 12 + .../support/form_action_navigation.sub.html | 33 ++ .../form_action_navigation.sub.html.sub.headers | 4 + .../support/href_location_navigation.sub.html | 17 + .../href_location_navigation.sub.html.sub.headers | 4 + .../support/link_click_navigation.sub.html | 16 + .../link_click_navigation.sub.html.sub.headers | 4 + .../support/meta_refresh_navigation.sub.html | 16 + .../meta_refresh_navigation.sub.html.sub.headers | 4 + .../navigate-to/support/navigate_parent.sub.html | 18 + .../support/navigate_parent.sub.html.sub.headers | 4 + .../support/post_message_to_frame_owner.html | 6 + .../redirect_to_post_message_to_frame_owner.py | 6 + .../navigate-to/support/spv-test-iframe1.sub.html | 19 + .../support/spv-test-iframe1.sub.html.sub.headers | 4 + .../navigate-to/support/spv-test-iframe2.sub.html | 14 + .../navigate-to/support/spv-test-iframe3.sub.html | 12 + .../navigate-to/support/wait_for_navigation.html | 14 + .../support/wait_for_navigation.html.sub.headers | 4 + ...ed-end-of-chain-because-of-same-origin.sub.html | 29 ++ .../allowed-end-of-chain.sub.html | 28 ++ .../blocked-end-of-chain.sub.html | 29 ++ .../javascript-url-navigation-inherits-csp.html | 16 + .../navigation/support/frame-with-csp.sub.html | 2 + .../support/test_csp_self_window.sub.html | 10 + .../test_csp_self_window.sub.html.sub.headers | 6 + .../to-javascript-parent-initiated-child-csp.html | 20 + ...cript-parent-initiated-parent-csp-disallow.html | 23 + .../to-javascript-parent-initiated-parent-csp.html | 24 + .../navigation/to-javascript-url-frame-src.html | 16 + .../navigation/to-javascript-url-script-src.html | 72 +++ .../nonce-hiding/nonces.html | 64 +++ .../nonce-hiding/nonces.html.headers | 1 + .../script-nonces-hidden-meta.sub.html | 131 +++++ .../nonce-hiding/script-nonces-hidden.html | 172 +++++++ .../nonce-hiding/script-nonces-hidden.html.headers | 1 + .../svgscript-nonces-hidden-meta.sub.html | 100 ++++ .../nonce-hiding/svgscript-nonces-hidden.html | 98 ++++ .../svgscript-nonces-hidden.html.headers | 1 + .../object-src/object-src-no-url-allowed.html | 18 + .../object-src-no-url-allowed.html.sub.headers | 2 + .../object-src/object-src-no-url-blocked.html | 21 + .../object-src/object-src-url-allowed.html | 24 + .../object-src-url-allowed.html.sub.headers | 2 + .../object-src/object-src-url-blocked.html | 46 ++ .../object-src/object-src-url-embed-allowed.html | 25 + .../object-src-url-embed-allowed.html.sub.headers | 2 + .../object-src/object-src-url-embed-blocked.html | 22 + .../object-src-url-redirect-allowed.html | 18 + ...bject-src-url-redirect-allowed.html.sub.headers | 2 + .../object-src-url-redirect-blocked.sub.html | 21 + .../parsing/invalid-directive.html | 22 + .../plugin-types/plugin-types-ignored.html | 17 + .../plugin-types-ignored.html.sub.headers | 6 + .../prefetch-src/prefetch-allowed.html | 30 ++ .../prefetch-src/prefetch-blocked-by-default.html | 25 + .../prefetch-src/prefetch-blocked.html | 23 + .../prefetch-src/prefetch-header-allowed.html | 25 + .../prefetch-header-allowed.html.headers | 2 + .../prefetch-header-blocked-by-default.html | 37 ++ ...prefetch-header-blocked-by-default.html.headers | 2 + .../prefetch-src/prefetch-header-blocked.html | 37 ++ .../prefetch-header-blocked.html.headers | 2 + ...ort-to-directive-allowed-in-meta.https.sub.html | 56 +++ ...tive-allowed-in-meta.https.sub.html.sub.headers | 6 + ...t-send-reports-without-violation.https.sub.html | 20 + ...ts-without-violation.https.sub.html.sub.headers | 7 + ...-only-sends-reports-on-violation.https.sub.html | 25 + ...reports-on-violation.https.sub.html.sub.headers | 7 + ...-sends-reports-to-first-endpoint.https.sub.html | 25 + ...ts-to-first-endpoint.https.sub.html.sub.headers | 7 + ...report-to-overrides-report-uri-1.https.sub.html | 25 + ...errides-report-uri-1.https.sub.html.sub.headers | 7 + ...report-to-overrides-report-uri-2.https.sub.html | 25 + ...errides-report-uri-2.https.sub.html.sub.headers | 7 + ...g-api-sends-reports-on-violation.https.sub.html | 55 ++ ...reports-on-violation.https.sub.html.sub.headers | 7 + ...ing-api-works-on-frame-ancestors.https.sub.html | 17 + ...s-on-frame-ancestors.https.sub.html.sub.headers | 5 + ...reporting-api-works-on-frame-src.https.sub.html | 22 + ...i-works-on-frame-src.https.sub.html.sub.headers | 6 + .../support/non-embeddable-frame.html | 1 + .../support/non-embeddable-frame.html.sub.headers | 5 + .../reporting/multiple-report-policies.html | 19 + .../multiple-report-policies.html.sub.headers | 8 + .../reporting/post-redirect-stacktrace.https.html | 107 ++++ .../post-redirect-stacktrace.https.html.headers | 1 + .../reporting/report-and-enforce.html | 34 ++ .../reporting/report-and-enforce.html.sub.headers | 7 + .../reporting/report-blocked-data-uri.html | 15 + .../report-blocked-data-uri.html.sub.headers | 6 + .../report-blocked-uri-cross-origin.sub.html | 16 + ...t-blocked-uri-cross-origin.sub.html.sub.headers | 7 + .../reporting/report-blocked-uri.html | 16 + .../reporting/report-blocked-uri.html.sub.headers | 7 + .../reporting/report-clips-sample.https.html | 45 ++ .../report-cross-origin-no-cookies.sub.html | 37 ++ ...rt-cross-origin-no-cookies.sub.html.sub.headers | 6 + ...t-frame-ancestors-with-x-frame-options.sub.html | 12 + .../reporting/report-frame-ancestors.sub.html | 12 + .../reporting/report-multiple-violations-01.html | 16 + .../report-multiple-violations-01.html.sub.headers | 6 + .../reporting/report-multiple-violations-02.html | 19 + .../report-multiple-violations-02.html.sub.headers | 6 + .../reporting/report-only-in-meta.sub.html | 46 ++ .../report-only-in-meta.sub.html.sub.headers | 5 + .../reporting/report-only-unsafe-eval.html | 31 ++ .../report-only-unsafe-eval.html.sub.headers | 4 + ...ginal-url-on-mixed-content-frame.https.sub.html | 11 + ...-mixed-content-frame.https.sub.html.sub.headers | 6 + .../reporting/report-original-url.sub.html | 51 ++ .../report-original-url.sub.html.sub.headers | 6 + .../report-preload-and-consume.https.html | 24 + .../reporting/report-same-origin-with-cookies.html | 34 ++ ...eport-same-origin-with-cookies.html.sub.headers | 6 + .../reporting/report-strips-fragment.html | 23 + .../reporting/report-uri-effective-directive.html | 18 + ...report-uri-effective-directive.html.sub.headers | 6 + .../reporting/report-uri-from-child-frame.html | 23 + .../report-uri-from-inline-javascript.html | 20 + ...ort-uri-from-inline-javascript.html.sub.headers | 6 + .../reporting/report-uri-from-javascript.html | 15 + .../report-uri-from-javascript.html.sub.headers | 6 + .../reporting/report-uri-multiple-reversed.html | 16 + .../report-uri-multiple-reversed.html.sub.headers | 7 + .../reporting/report-uri-multiple.html | 16 + .../reporting/report-uri-multiple.html.sub.headers | 7 + .../reporting/report-uri-scheme-relative.html | 18 + .../report-uri-scheme-relative.html.sub.headers | 6 + .../reporting/support/generate-csp-report.html | 12 + .../support/generate-csp-report.html.sub.headers | 6 + .../reporting/support/not-embeddable-frame.py | 10 + .../support/preload-csp-report.https.sub.html | 30 ++ .../preload-csp-report.https.sub.html.sub.headers | 1 + .../support/redirect-throw-function.sub.py | 10 + .../reporting/support/set-cookie.py | 32 ++ .../reporting/support/throw-function.js | 9 + .../sandbox/iframe-inside-csp.sub.html | 18 + .../sandbox/meta-element.sub.html | 46 ++ .../sandbox-allow-scripts-subframe.sub.html | 22 + .../sandbox/sandbox-allow-scripts.sub.html | 22 + .../sandbox/sandbox-empty-subframe.sub.html | 23 + .../sandbox/sandbox-empty.sub.html | 25 + .../sandbox/service-worker-sandbox.https.html | 67 +++ .../sandbox/shared-worker-sandbox.html | 18 + .../sandbox/support/empty.html | 0 .../sandbox/support/post-origin-on-load-worker.js | 1 + .../sandbox/support/sandboxed-data-iframe.sub.html | 1 + .../sandboxed-data-iframe.sub.html.sub.headers | 1 + .../sandbox/support/sandboxed-eval.sub.html | 4 + .../support/sandboxed-eval.sub.html.sub.headers | 1 + .../support/sandboxed-post-message-to-parent.html | 3 + .../support/sandboxed-post-property-to-opener.html | 3 + ...dboxed-post-property-to-opener.html.sub.headers | 1 + .../sandbox/support/sandboxed-service-worker.js | 14 + .../support/sandboxed-service-worker.js.headers | 1 + .../sandbox/support/sandboxed-shared-worker.js | 3 + .../support/sandboxed-shared-worker.js.headers | 1 + .../unsandboxed-post-property-to-opener.html | 3 + .../sandbox/window-reuse-sandboxed.html | 22 + .../sandbox/window-reuse-unsandboxed.html | 22 + .../script-src-attr-allowed-src-blocked.html | 20 + .../script-src-attr-blocked-src-allowed.html | 23 + .../script-src-elem-allowed-attr-blocked.html | 29 ++ .../script-src-elem-allowed-src-blocked.html | 22 + .../script-src-elem-blocked-attr-allowed.html | 31 ++ .../script-src-elem-blocked-src-allowed.html | 28 ++ .../strict-dynamic-elem-allowed-src-blocked.html | 22 + ...trict-dynamic-elem-blocked-src-allowed.sub.html | 25 + .../script-src-attr-elem/support/t_done.js | 1 + .../script-src-attr-elem/support/t_fail.js | 3 + .../script-src/10_1_support_1.js | 4 + .../script-src/10_1_support_2.js | 5 + .../addInlineTestsWithDOMManipulation.js | 28 ++ .../script-src/buildInlineWorker.js | 21 + .../script-src/crossoriginScript.js | 3 + .../script-src/crossoriginScript.js.headers | 1 + ...lowed-in-report-only-mode-and-sends-report.html | 19 + ...ort-only-mode-and-sends-report.html.sub.headers | 2 + .../eval-allowed-in-report-only-mode.html | 17 + ...al-allowed-in-report-only-mode.html.sub.headers | 1 + .../script-src/externalScript.js | 1 + .../hash-always-converted-to-utf-8/iso-8859-1.html | 20 + .../iso-8859-1.html.sub.headers | 1 + .../hash-always-converted-to-utf-8/iso-8859-3.html | 20 + .../iso-8859-3.html.sub.headers | 1 + .../hash-always-converted-to-utf-8/iso-8859-7.html | 20 + .../iso-8859-7.html.sub.headers | 1 + .../hash-always-converted-to-utf-8/iso-8859-9.html | 20 + .../iso-8859-9.html.sub.headers | 1 + .../utf-8-lone-surrogate.html | 31 ++ .../utf-8-lone-surrogate.html.sub.headers | 1 + .../hash-always-converted-to-utf-8/utf-8.html | 36 ++ .../utf-8.html.sub.headers | 1 + .../injected-inline-script-allowed.sub.html | 24 + .../injected-inline-script-blocked.sub.html | 25 + .../script-src/inlineSuccessTest.js | 12 + .../script-src/inlineTests.js | 22 + .../script-src/javascript-window-open-blocked.html | 20 + ...javascript-window-open-blocked.html.sub.headers | 6 + .../script-src/nonce-enforce-blocked.html | 63 +++ .../script-src/script-src-1_1.html | 20 + .../script-src/script-src-1_10.html | 31 ++ .../script-src/script-src-1_10_1.html | 19 + .../script-src/script-src-1_2.html | 20 + .../script-src/script-src-1_2_1.html | 21 + .../script-src/script-src-1_3.html | 18 + .../script-src/script-src-1_4.html | 28 ++ .../script-src/script-src-1_4_1.html | 33 ++ .../script-src/script-src-1_4_2.html | 31 ++ ...tiple-policies-multiple-hashing-algorithms.html | 26 + ...es-multiple-hashing-algorithms.html.sub.headers | 6 + ...iple-policies-one-using-hashing-algorithms.html | 26 + ...s-one-using-hashing-algorithms.html.sub.headers | 6 + .../script-src-overrides-default-src.sub.html | 27 + ...nly-policy-works-with-external-hash-policy.html | 25 + ...orks-with-external-hash-policy.html.sub.headers | 6 + ...-report-only-policy-works-with-hash-policy.html | 31 ++ ...-policy-works-with-hash-policy.html.sub.headers | 6 + .../script-src/script-src-sri_hash.sub.html | 104 ++++ .../script-src-sri_hash.sub.html.sub.headers | 5 + ...pt-src-strict_dynamic_and_unsafe_eval_eval.html | 31 ++ ...trict_dynamic_and_unsafe_eval_eval.html.headers | 5 + ...trict_dynamic_and_unsafe_eval_new_function.html | 31 ++ ...namic_and_unsafe_eval_new_function.html.headers | 5 + ...-strict_dynamic_discard_source_expressions.html | 32 ++ ...dynamic_discard_source_expressions.html.headers | 5 + ...rict_dynamic_double_policy_different_nonce.html | 68 +++ ...amic_double_policy_different_nonce.html.headers | 6 + ...double_policy_honor_source_expressions.sub.html | 61 +++ ...olicy_honor_source_expressions.sub.html.headers | 6 + ...c-strict_dynamic_double_policy_report_only.html | 44 ++ ..._dynamic_double_policy_report_only.html.headers | 6 + .../script-src/script-src-strict_dynamic_eval.html | 38 ++ .../script-src-strict_dynamic_eval.html.headers | 5 + .../script-src-strict_dynamic_hashes.html | 52 ++ .../script-src-strict_dynamic_hashes.html.headers | 5 + .../script-src-strict_dynamic_in_img-src.html | 32 ++ ...ript-src-strict_dynamic_in_img-src.html.headers | 5 + .../script-src-strict_dynamic_javascript_uri.html | 32 ++ ...-src-strict_dynamic_javascript_uri.html.headers | 5 + .../script-src-strict_dynamic_meta_tag.html | 76 +++ ...script-src-strict_dynamic_meta_tag.html.headers | 4 + .../script-src-strict_dynamic_new_function.html | 37 ++ ...pt-src-strict_dynamic_new_function.html.headers | 5 + ...ipt-src-strict_dynamic_non_parser_inserted.html | 76 +++ ...strict_dynamic_non_parser_inserted.html.headers | 5 + ...ynamic_non_parser_inserted_incorrect_nonce.html | 29 ++ ...on_parser_inserted_incorrect_nonce.html.headers | 5 + .../script-src-strict_dynamic_parser_inserted.html | 205 ++++++++ ...src-strict_dynamic_parser_inserted.html.headers | 5 + ...rict_dynamic_parser_inserted_correct_nonce.html | 110 ++++ ...amic_parser_inserted_correct_nonce.html.headers | 5 + ...-strict_dynamic_worker-importScripts.https.html | 18 + .../script-src-strict_dynamic_worker.https.html | 20 + .../script-src-wildcards-disallowed.html | 63 +++ .../script-src/scripthash-allowed.sub.html | 42 ++ ...cripthash-base64url-converts-to-base64.sub.html | 40 ++ .../scripthash-basic-blocked-error-event.html | 10 + .../script-src/scripthash-basic-blocked.sub.html | 72 +++ .../scripthash-case-insensitive.sub.html | 60 +++ .../script-src/scripthash-changed-1.html | 35 ++ .../script-src/scripthash-changed-2.html | 35 ++ .../script-src/scripthash-default-src.sub.html | 21 + .../scripthash-ignore-unsafeinline.sub.html | 56 +++ .../scripthash-unicode-normalization.sub.html | 72 +++ .../script-src/scriptnonce-allowed.sub.html | 68 +++ .../script-src/scriptnonce-and-scripthash.sub.html | 79 +++ .../script-src/scriptnonce-basic-blocked.sub.html | 43 ++ .../script-src/scriptnonce-changed-1.html | 31 ++ .../script-src/scriptnonce-changed-2.html | 31 ++ .../scriptnonce-ignore-unsafeinline.sub.html | 74 +++ .../script-src/scriptnonce-redirect.sub.html | 62 +++ .../scriptnonce-specified-source.sub.html | 43 ++ ...riptnonce-specified-source.sub.html.sub.headers | 1 + .../script-src/simpleSourcedScript.js | 1 + .../srcdoc-doesnt-bypass-script-src.sub.html | 35 ++ .../support/change-scripthash-before-execute.js | 10 + .../support/change-scriptnonce-before-execute.js | 8 + .../script-src/support/empty.css | 0 .../script-src/support/inject-script.js | 5 + .../support/inline-script-should-be-blocked.js | 14 + .../script-src/support/post-message.js | 1 + .../script-src/support/worker-eval.js | 5 + .../script-src/support/worker-eval.js.sub.headers | 1 + .../script-src/support/worker-function-function.js | 7 + .../worker-function-function.js.sub.headers | 1 + .../worker-with-script-src-none-importscripts.js | 17 + ...th-script-src-none-importscripts.js.sub.headers | 1 + .../worker-with-script-src-none-set-timeout.js | 16 + ...with-script-src-none-set-timeout.js.sub.headers | 1 + .../script-src/worker-data-set-timeout.sub.html | 28 ++ .../script-src/worker-eval-blocked.sub.html | 38 ++ .../worker-function-function-blocked.sub.html | 37 ++ .../script-src/worker-importscripts.sub.html | 26 + .../script-src/worker-script-src.sub.html | 32 ++ .../script-src/worker-set-timeout.sub.html | 26 + .../securitypolicyviolation/blockeduri-eval.html | 20 + .../securitypolicyviolation/blockeduri-inline.html | 19 + .../blockeduri-ws-wss-scheme.html | 53 ++ .../constructor-required-fields.html | 239 +++++++++ .../securitypolicyviolation/idlharness.window.js | 18 + .../img-src-redirect-upgrade-reporting.https.html | 31 ++ ...c-redirect-upgrade-reporting.https.html.headers | 2 + .../img-src-redirect.sub.html | 25 + .../inside-dedicated-worker.html | 22 + .../inside-service-worker.https.html | 27 + .../inside-shared-worker.html | 23 + .../script-sample-no-opt-in.html | 80 +++ .../securitypolicyviolation/script-sample.html | 94 ++++ ...n-block-cross-origin-image-from-script.sub.html | 28 ++ ...licyviolation-block-cross-origin-image.sub.html | 27 + ...olicyviolation-block-image-from-script.sub.html | 28 ++ .../securitypolicyviolation-block-image.sub.html | 28 ++ .../source-file-blob-scheme.html | 26 + .../source-file-data-scheme.html | 26 + .../securitypolicyviolation/source-file.html | 102 ++++ .../style-sample-no-opt-in.html | 39 ++ .../securitypolicyviolation/style-sample.html | 39 ++ .../support/inside-worker.sub.js | 57 +++ .../support/inside-worker.sub.js.headers | 5 + .../support/testharness-helper.sub.js | 5 + .../securitypolicyviolation/targeting.html | 169 +++++++ .../upgrade-insecure-requests-reporting.https.html | 100 ++++ ...-insecure-requests-reporting.https.html.headers | 2 + .../tests/content-security-policy/spec.src.json | 552 +++++++++++++++++++++ .../style-src-attr-allowed-src-blocked.html | 24 + .../style-src-attr-blocked-src-allowed.html | 27 + .../style-src-elem-allowed-attr-blocked.html | 33 ++ .../style-src-elem-allowed-src-blocked.html | 27 + .../style-src-elem-blocked-attr-allowed.html | 33 ++ .../style-src-elem-blocked-src-allowed.html | 30 ++ .../injected-inline-style-allowed.sub.html | 40 ++ .../injected-inline-style-blocked.sub.html | 36 ++ ...ne-style-allowed-while-cloning-objects.sub.html | 146 ++++++ .../style-src/inline-style-allowed.sub.html | 34 ++ .../inline-style-attribute-allowed.sub.html | 28 ++ .../inline-style-attribute-blocked.sub.html | 27 + .../inline-style-attribute-on-html.sub.html | 28 ++ .../style-src/inline-style-blocked.sub.html | 33 ++ .../style-src/resources/allowed.css | 3 + .../style-src/resources/style-src-import.sub.css | 1 + .../style-src/resources/style-src-inject-style.js | 5 + .../style-src/resources/style-src.css | 1 + .../style-src/style-allowed.sub.html | 28 ++ .../style-src/style-blocked.html | 25 + .../style-src/style-src-error-event-fires.html | 34 ++ .../style-src/style-src-hash-allowed.html | 42 ++ .../style-src/style-src-hash-blocked.html | 48 ++ .../style-src/style-src-hash-case-insensitive.html | 55 ++ .../style-src-hash-default-src-allowed.html | 42 ++ .../style-src-imported-style-allowed.sub.html | 30 ++ .../style-src-imported-style-blocked.html | 38 ++ ...ted-inline-style-allowed-with-content-hash.html | 46 ++ .../style-src-injected-inline-style-allowed.html | 34 ++ .../style-src-injected-inline-style-blocked.html | 40 ++ .../style-src-injected-stylesheet-allowed.sub.html | 35 ++ .../style-src-injected-stylesheet-blocked.sub.html | 39 ++ .../style-src/style-src-inline-style-allowed.html | 34 ++ .../style-src-inline-style-attribute-allowed.html | 24 + .../style-src-inline-style-attribute-blocked.html | 28 ++ .../style-src/style-src-inline-style-blocked.html | 38 ++ .../style-src-inline-style-nonce-allowed.html | 34 ++ ...src-inline-style-nonce-blocked-error-event.html | 71 +++ .../style-src-inline-style-nonce-blocked.html | 37 ++ ...tiple-policies-multiple-hashing-algorithms.html | 20 + ...es-multiple-hashing-algorithms.html.sub.headers | 7 + .../style-src/style-src-none-blocked.html | 33 ++ .../style-src/style-src-star-allowed.html | 29 ++ .../style-src-stylesheet-nonce-allowed.html | 30 ++ .../style-src-stylesheet-nonce-blocked.html | 33 ++ .../style-src/stylehash-allowed.sub.html | 81 +++ .../style-src/stylehash-basic-blocked.sub.html | 62 +++ .../style-src/stylehash-default-src.sub.html | 27 + .../style-src/stylenonce-allowed.sub.html | 58 +++ .../style-src/stylenonce-blocked.sub.html | 40 ++ .../style-src/support/inject-style.js | 5 + .../content-security-policy/support/alert-pass.js | 1 + .../support/alertAssert.sub.js | 43 ++ .../support/checkReport.sub.js | 138 ++++++ .../support/dedicated-worker-helper.js | 5 + .../support/document-write-alert-fail.js | 1 + .../content-security-policy/support/echo-policy.py | 3 + .../content-security-policy/support/fail.asis | 5 + .../content-security-policy/support/fail.html | 3 + .../tests/content-security-policy/support/fail.js | 1 + .../tests/content-security-policy/support/fail.png | Bin 0 -> 759 bytes .../support/file-prefetch-allowed.html | 9 + .../content-security-policy/support/fonts.css | 8 + .../support/import-scripts.js | 3 + .../support/inject-image.js | 4 + .../support/inject-image.sub.js | 3 + .../content-security-policy/support/logTest.sub.js | 41 ++ .../content-security-policy/support/manifest.json | 5 + .../support/media/flash.swf | Bin 0 -> 638 bytes .../support/nonce-should-be-blocked.js | 1 + .../tests/content-security-policy/support/pass.png | Bin 0 -> 1689 bytes .../content-security-policy/support/pass2.png | Bin 0 -> 1689 bytes .../tests/content-security-policy/support/ping.js | 12 + .../support/post-message.js | 1 + .../support/postmessage-fail.html | 4 + .../support/postmessage-pass-to-opener.html | 3 + .../support/postmessage-pass.html | 4 + .../support/prefetch-helper.js | 71 +++ .../support/prefetch-subresource.css | 3 + .../support/prefetch-subresource.css.headers | 1 + .../content-security-policy/support/resource.py | 5 + .../support/service-worker-helper.js | 5 + .../support/shared-worker-helper.js | 5 + .../content-security-policy/support/siblingPath.js | 5 + .../support/testharness-helper.js | 142 ++++++ .../tests/content-security-policy/support/var-a.js | 1 + .../content-security-policy/svg/including.sub.svg | 19 + .../svg/including.sub.svg.sub.headers | 6 + .../svg/object-in-svg-foreignobject.sub.html | 27 + .../tests/content-security-policy/svg/scripted.svg | 20 + .../svg/scripted.svg.sub.headers | 6 + .../content-security-policy/svg/svg-from-guid.html | 51 ++ .../svg/svg-inline.sub.html | 41 ++ .../svg/svg-policy-resource-doc-includes.html | 29 ++ .../svg/svg-policy-with-resource.html | 30 ++ .../unsafe-eval/eval-allowed.sub.html | 27 + .../eval-blocked-and-sends-report.sub.html | 30 ++ .../eval-blocked-in-about-blank-iframe.html | 61 +++ .../unsafe-eval/eval-blocked.sub.html | 36 ++ .../unsafe-eval/eval-in-iframe.html | 49 ++ .../eval-scripts-setInterval-allowed.sub.html | 33 ++ .../eval-scripts-setInterval-blocked.sub.html | 31 ++ .../eval-scripts-setTimeout-allowed.sub.html | 28 ++ .../eval-scripts-setTimeout-blocked.sub.html | 30 ++ .../function-constructor-allowed.sub.html | 26 + .../function-constructor-blocked.sub.html | 30 ++ .../unsafe-eval/support/echo-eval-with-policy.py | 30 ++ .../unsafe-hashes/javascript_src_allowed-href.html | 15 + ...ipt_src_allowed-href_blank-script-src-attr.html | 18 + ...ipt_src_allowed-href_blank-script-src-elem.html | 15 + .../javascript_src_allowed-href_blank.html | 15 + .../javascript_src_allowed-window_location.html | 27 + .../javascript_src_allowed-window_open.html | 29 ++ ...ript_src_denied_missing_unsafe_hashes-href.html | 15 + ...g_unsafe_hashes-href_blank-script-src-attr.html | 18 + ...g_unsafe_hashes-href_blank-script-src-elem.html | 15 + ...rc_denied_missing_unsafe_hashes-href_blank.html | 15 + ...nied_missing_unsafe_hashes-window_location.html | 27 + ...c_denied_missing_unsafe_hashes-window_open.html | 30 ++ .../javascript_src_denied_wrong_hash-href.html | 15 + ...nied_wrong_hash-href_blank-script-src-attr.html | 18 + ...nied_wrong_hash-href_blank-script-src-elem.html | 15 + ...avascript_src_denied_wrong_hash-href_blank.html | 15 + ...ript_src_denied_wrong_hash-window_location.html | 27 + ...vascript_src_denied_wrong_hash-window_open.html | 30 ++ .../script_event_handlers_allowed.html | 22 + ...vent_handlers_denied_missing_unsafe_hashes.html | 26 + .../script_event_handlers_denied_wrong_hash.html | 25 + .../unsafe-hashes/style_attribute_allowed.html | 30 ++ ...yle_attribute_denied_missing_unsafe_hashes.html | 29 ++ .../style_attribute_denied_wrong_hash.html | 29 ++ .../child_window_location_navigate.sub.html | 21 + .../unsafe-hashes/support/helper.js | 40 ++ .../default-src-blocks-wasm.any.js | 8 + .../default-src-blocks-wasm.any.js.headers | 1 + .../default-src-unsafe-eval-allows-wasm.any.js | 6 + ...ault-src-unsafe-eval-allows-wasm.any.js.headers | 1 + ...default-src-wasm-unsafe-eval-allows-wasm.any.js | 6 + ...src-wasm-unsafe-eval-allows-wasm.any.js.headers | 1 + .../wasm-unsafe-eval/postMessage-wasm-module.html | 31 ++ .../wasm-unsafe-eval/script-src-blocks-wasm.any.js | 8 + .../script-src-blocks-wasm.any.js.headers | 1 + .../wasm-unsafe-eval/script-src-spv-asynch.any.js | 18 + .../script-src-spv-asynch.any.js.headers | 1 + .../script-src-unsafe-eval-allows-wasm.any.js | 6 + ...ript-src-unsafe-eval-allows-wasm.any.js.headers | 1 + .../script-src-wasm-unsafe-eval-allows-wasm.any.js | 6 + ...src-wasm-unsafe-eval-allows-wasm.any.js.headers | 1 + .../wasm-unsafe-eval/support/iframe.html | 15 + .../wasm-unsafe-eval/support/iframe.html.headers | 1 + .../webrtc/webrtc-allowed-default-src-none.html | 21 + .../webrtc/webrtc-allowed-explicit.html | 19 + .../webrtc/webrtc-allowed-nopolicy.html | 18 + .../webrtc/webrtc-blocked-explicit.html | 19 + .../webrtc/webrtc-blocked-unknown.html | 19 + .../tests/content-security-policy/webrtc/webrtc.js | 56 +++ .../worker-src/dedicated-child.sub.html | 13 + .../worker-src/dedicated-fallback.sub.html | 13 + .../worker-src/dedicated-list.sub.html | 13 + .../worker-src/dedicated-none.sub.html | 13 + .../worker-src/dedicated-self.sub.html | 9 + ...ated-worker-src-child-fallback-blocked.sub.html | 9 + .../dedicated-worker-src-child-fallback.sub.html | 9 + .../dedicated-worker-src-default-fallback.sub.html | 8 + .../dedicated-worker-src-script-fallback.sub.html | 8 + .../dedicated-worker-src-self-fallback.sub.html | 9 + .../worker-src/service-child.https.sub.html | 10 + .../worker-src/service-fallback.https.sub.html | 9 + .../worker-src/service-list.https.sub.html | 9 + .../worker-src/service-none.https.sub.html | 9 + .../worker-src/service-self.https.sub.html | 9 + ...orker-src-child-fallback-blocked.https.sub.html | 9 + ...ervice-worker-src-child-fallback.https.sub.html | 9 + ...vice-worker-src-default-fallback.https.sub.html | 8 + ...rvice-worker-src-script-fallback.https.sub.html | 8 + ...service-worker-src-self-fallback.https.sub.html | 9 + .../worker-src/shared-child.sub.html | 13 + .../worker-src/shared-fallback.sub.html | 13 + .../worker-src/shared-list.sub.html | 13 + .../worker-src/shared-none.sub.html | 13 + .../worker-src/shared-self.sub.html | 10 + ...ared-worker-src-child-fallback-blocked.sub.html | 9 + .../shared-worker-src-child-fallback.sub.html | 9 + .../shared-worker-src-default-fallback.sub.html | 8 + .../shared-worker-src-script-fallback.sub.html | 8 + .../shared-worker-src-self-fallback.sub.html | 9 + 1229 files changed, 41620 insertions(+) create mode 100644 testing/web-platform/tests/content-security-policy/META.yml create mode 100644 testing/web-platform/tests/content-security-policy/README.css create mode 100644 testing/web-platform/tests/content-security-policy/README.html create mode 100644 testing/web-platform/tests/content-security-policy/base-uri/base-uri-allow.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/base-uri/base-uri-deny.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/base-uri/base-uri_iframe_sandbox.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/base-uri/report-uri-does-not-respect-base-uri.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/base-uri/report-uri-does-not-respect-base-uri.sub.html.sub.headers create mode 100644 testing/web-platform/tests/content-security-policy/blob/blob-urls-do-not-match-self.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/blob/blob-urls-match-blob.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/blob/self-doesnt-match-blob.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/blob/star-doesnt-match-blob.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/child-src/child-src-about-blank-allowed-by-default.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/child-src/child-src-about-blank-allowed-by-scheme.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/child-src/child-src-allowed.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/child-src/child-src-blocked.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/child-src/child-src-conflicting-frame-src.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/child-src/child-src-cross-origin-load.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/child-src/child-src-redirect-blocked.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/child-src/child-src-worker-allowed.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/child-src/child-src-worker-blocked.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/connect-src/connect-src-beacon-allowed.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/connect-src/connect-src-beacon-blocked.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/connect-src/connect-src-beacon-redirect-to-blocked.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/connect-src/connect-src-eventsource-allowed.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/connect-src/connect-src-eventsource-blocked.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/connect-src/connect-src-eventsource-redirect-to-blocked.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/connect-src/connect-src-websocket-allowed.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/connect-src/connect-src-websocket-blocked.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/connect-src/connect-src-websocket-self.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/connect-src/connect-src-xmlhttprequest-allowed.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/connect-src/connect-src-xmlhttprequest-blocked.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/connect-src/connect-src-xmlhttprequest-redirect-to-blocked.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/connect-src/resources/simple-event-stream create mode 100644 testing/web-platform/tests/content-security-policy/connect-src/resources/simple-event-stream.headers create mode 100644 testing/web-platform/tests/content-security-policy/connect-src/shared-worker-connect-src-allowed.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/connect-src/shared-worker-connect-src-blocked.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/connect-src/support/shared-worker-make-xhr-allowed.sub.js create mode 100644 testing/web-platform/tests/content-security-policy/connect-src/support/shared-worker-make-xhr-blocked.sub.js create mode 100644 testing/web-platform/tests/content-security-policy/connect-src/support/shared-worker-make-xhr-blocked.sub.js.sub.headers create mode 100644 testing/web-platform/tests/content-security-policy/connect-src/support/worker-make-xhr-blocked.sub.js create mode 100644 testing/web-platform/tests/content-security-policy/connect-src/support/worker-make-xhr-blocked.sub.js.sub.headers create mode 100644 testing/web-platform/tests/content-security-policy/connect-src/support/worker-make-xhr.sub.js create mode 100644 testing/web-platform/tests/content-security-policy/connect-src/worker-connect-src-allowed.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/connect-src/worker-connect-src-blocked.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/connect-src/worker-from-guid.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/default-src/default-src-inline-allowed.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/default-src/default-src-inline-blocked.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/default-src/default-src-strict_dynamic_and_unsafe_inline.html create mode 100644 testing/web-platform/tests/content-security-policy/embedded-enforcement/META.yml create mode 100644 testing/web-platform/tests/content-security-policy/embedded-enforcement/allow_csp_from-header.html create mode 100644 testing/web-platform/tests/content-security-policy/embedded-enforcement/blocked-iframe-are-cross-origin.html create mode 100644 testing/web-platform/tests/content-security-policy/embedded-enforcement/change-csp-attribute-and-history-navigation.html create mode 100644 testing/web-platform/tests/content-security-policy/embedded-enforcement/idlharness.window.js create mode 100644 testing/web-platform/tests/content-security-policy/embedded-enforcement/iframe-csp-attribute.html create mode 100644 testing/web-platform/tests/content-security-policy/embedded-enforcement/required-csp-header-cascade.html create mode 100644 testing/web-platform/tests/content-security-policy/embedded-enforcement/required_csp-header-crlf.html create mode 100644 testing/web-platform/tests/content-security-policy/embedded-enforcement/required_csp-header.html create mode 100644 testing/web-platform/tests/content-security-policy/embedded-enforcement/subsumption_algorithm-general.html create mode 100644 testing/web-platform/tests/content-security-policy/embedded-enforcement/subsumption_algorithm-hashes.html create mode 100644 testing/web-platform/tests/content-security-policy/embedded-enforcement/subsumption_algorithm-host_sources-hosts.html create mode 100644 testing/web-platform/tests/content-security-policy/embedded-enforcement/subsumption_algorithm-host_sources-paths.html create mode 100644 testing/web-platform/tests/content-security-policy/embedded-enforcement/subsumption_algorithm-host_sources-ports.html create mode 100644 testing/web-platform/tests/content-security-policy/embedded-enforcement/subsumption_algorithm-host_sources-protocols.html create mode 100644 testing/web-platform/tests/content-security-policy/embedded-enforcement/subsumption_algorithm-nonces.html create mode 100644 testing/web-platform/tests/content-security-policy/embedded-enforcement/subsumption_algorithm-none.html create mode 100644 testing/web-platform/tests/content-security-policy/embedded-enforcement/subsumption_algorithm-self.html create mode 100644 testing/web-platform/tests/content-security-policy/embedded-enforcement/subsumption_algorithm-source_list-wildcards.html create mode 100644 testing/web-platform/tests/content-security-policy/embedded-enforcement/subsumption_algorithm-strict_dynamic.html create mode 100644 testing/web-platform/tests/content-security-policy/embedded-enforcement/subsumption_algorithm-unsafe_eval.html create mode 100644 testing/web-platform/tests/content-security-policy/embedded-enforcement/subsumption_algorithm-unsafe_hashes.html create mode 100644 testing/web-platform/tests/content-security-policy/embedded-enforcement/subsumption_algorithm-unsafe_inline.html create mode 100644 testing/web-platform/tests/content-security-policy/embedded-enforcement/support/echo-allow-csp-from.py create mode 100644 testing/web-platform/tests/content-security-policy/embedded-enforcement/support/echo-policy-multiple.py create mode 100644 testing/web-platform/tests/content-security-policy/embedded-enforcement/support/echo-required-csp.py create mode 100644 testing/web-platform/tests/content-security-policy/embedded-enforcement/support/embed-img-and-message-top.html create mode 100644 testing/web-platform/tests/content-security-policy/embedded-enforcement/support/executor.html create mode 100644 testing/web-platform/tests/content-security-policy/embedded-enforcement/support/testharness-helper.sub.js create mode 100644 testing/web-platform/tests/content-security-policy/font-src/font-match-allowed.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/font-src/font-mismatch-blocked.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/font-src/font-none-blocked.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/font-src/font-self-allowed.html create mode 100644 testing/web-platform/tests/content-security-policy/font-src/font-stylesheet-font-blocked.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/form-action/form-action-self-allowed-target-blank.html create mode 100644 testing/web-platform/tests/content-security-policy/form-action/form-action-src-allowed-target-blank.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/form-action/form-action-src-allowed-target-frame.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/form-action/form-action-src-allowed.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/form-action/form-action-src-blocked.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/form-action/form-action-src-default-ignored.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/form-action/form-action-src-get-allowed.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/form-action/form-action-src-get-blocked.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/form-action/form-action-src-javascript-blocked.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/form-action/form-action-src-javascript-blocked.sub.html.sub.headers create mode 100644 testing/web-platform/tests/content-security-policy/form-action/form-action-src-javascript-prevented.html create mode 100644 testing/web-platform/tests/content-security-policy/form-action/form-action-src-redirect-allowed-target-blank.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/form-action/form-action-src-redirect-allowed-target-frame.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/form-action/form-action-src-redirect-blocked.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/form-action/support/post-message-to-opener.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/form-action/support/post-message-to-parent.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/frame-ancestors/frame-ancestors-from-serviceworker.https.html create mode 100644 testing/web-platform/tests/content-security-policy/frame-ancestors/frame-ancestors-nested-cross-in-cross-none-block.html create mode 100644 testing/web-platform/tests/content-security-policy/frame-ancestors/frame-ancestors-nested-cross-in-cross-self-block.html create mode 100644 testing/web-platform/tests/content-security-policy/frame-ancestors/frame-ancestors-nested-cross-in-cross-star-allow.html create mode 100644 testing/web-platform/tests/content-security-policy/frame-ancestors/frame-ancestors-nested-cross-in-cross-url-allow.html create mode 100644 testing/web-platform/tests/content-security-policy/frame-ancestors/frame-ancestors-nested-cross-in-cross-url-block.html create mode 100644 testing/web-platform/tests/content-security-policy/frame-ancestors/frame-ancestors-nested-cross-in-same-none-block.html create mode 100644 testing/web-platform/tests/content-security-policy/frame-ancestors/frame-ancestors-nested-cross-in-same-self-block.html create mode 100644 testing/web-platform/tests/content-security-policy/frame-ancestors/frame-ancestors-nested-cross-in-same-star-allow.html create mode 100644 testing/web-platform/tests/content-security-policy/frame-ancestors/frame-ancestors-nested-cross-in-same-url-allow.html create mode 100644 testing/web-platform/tests/content-security-policy/frame-ancestors/frame-ancestors-nested-cross-in-same-url-block.html create mode 100644 testing/web-platform/tests/content-security-policy/frame-ancestors/frame-ancestors-nested-cross-in-sandboxed-cross-url-block.html create mode 100644 testing/web-platform/tests/content-security-policy/frame-ancestors/frame-ancestors-nested-same-in-cross-none-block.html create mode 100644 testing/web-platform/tests/content-security-policy/frame-ancestors/frame-ancestors-nested-same-in-cross-self-block.html create mode 100644 testing/web-platform/tests/content-security-policy/frame-ancestors/frame-ancestors-nested-same-in-cross-star-allow.html create mode 100644 testing/web-platform/tests/content-security-policy/frame-ancestors/frame-ancestors-nested-same-in-cross-url-allow.html create mode 100644 testing/web-platform/tests/content-security-policy/frame-ancestors/frame-ancestors-nested-same-in-cross-url-block.html create mode 100644 testing/web-platform/tests/content-security-policy/frame-ancestors/frame-ancestors-nested-same-in-same-none-block.html create mode 100644 testing/web-platform/tests/content-security-policy/frame-ancestors/frame-ancestors-nested-same-in-same-self-allow.html create mode 100644 testing/web-platform/tests/content-security-policy/frame-ancestors/frame-ancestors-nested-same-in-same-star-allow.html create mode 100644 testing/web-platform/tests/content-security-policy/frame-ancestors/frame-ancestors-nested-same-in-same-url-allow.html create mode 100644 testing/web-platform/tests/content-security-policy/frame-ancestors/frame-ancestors-nested-same-in-same-url-block.html create mode 100644 testing/web-platform/tests/content-security-policy/frame-ancestors/frame-ancestors-none-block.html create mode 100644 testing/web-platform/tests/content-security-policy/frame-ancestors/frame-ancestors-overrides-xfo.html create mode 100644 testing/web-platform/tests/content-security-policy/frame-ancestors/frame-ancestors-sandbox-same-origin-self.html create mode 100644 testing/web-platform/tests/content-security-policy/frame-ancestors/frame-ancestors-self-allow.html create mode 100644 testing/web-platform/tests/content-security-policy/frame-ancestors/frame-ancestors-self-block.html create mode 100644 testing/web-platform/tests/content-security-policy/frame-ancestors/frame-ancestors-star-allow-crossorigin.html create mode 100644 testing/web-platform/tests/content-security-policy/frame-ancestors/frame-ancestors-star-allow-sameorigin.html create mode 100644 testing/web-platform/tests/content-security-policy/frame-ancestors/frame-ancestors-url-allow.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/frame-ancestors/frame-ancestors-url-block.html create mode 100644 testing/web-platform/tests/content-security-policy/frame-ancestors/report-blocked-frame.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/frame-ancestors/report-only-frame.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/frame-ancestors/support/content-security-policy-report-only.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/frame-ancestors/support/content-security-policy-report-only.sub.html.sub.headers create mode 100644 testing/web-platform/tests/content-security-policy/frame-ancestors/support/content-security-policy.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/frame-ancestors/support/content-security-policy.sub.html.sub.headers create mode 100644 testing/web-platform/tests/content-security-policy/frame-ancestors/support/frame-ancestors-and-x-frame-options.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/frame-ancestors/support/frame-ancestors-and-x-frame-options.sub.html.sub.headers create mode 100644 testing/web-platform/tests/content-security-policy/frame-ancestors/support/frame-ancestors-test.sub.js create mode 100644 testing/web-platform/tests/content-security-policy/frame-ancestors/support/frame-ancestors.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/frame-ancestors/support/frame-ancestors.sub.html.sub.headers create mode 100644 testing/web-platform/tests/content-security-policy/frame-ancestors/support/frame-in-frame.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/frame-ancestors/support/frame-in-frame.sub.html.sub.headers create mode 100644 testing/web-platform/tests/content-security-policy/frame-ancestors/support/service-worker.js create mode 100644 testing/web-platform/tests/content-security-policy/frame-src/frame-src-about-blank-allowed-by-default.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/frame-src/frame-src-about-blank-allowed-by-scheme.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/frame-src/frame-src-allowed.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/frame-src/frame-src-blocked.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/frame-src/frame-src-cross-origin-load.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/frame-src/frame-src-cross-origin-same-document-navigation.window.js create mode 100644 testing/web-platform/tests/content-security-policy/frame-src/frame-src-redirect.html create mode 100644 testing/web-platform/tests/content-security-policy/frame-src/frame-src-redirect.html.headers create mode 100644 testing/web-platform/tests/content-security-policy/frame-src/frame-src-same-document-meta.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/frame-src/frame-src-same-document.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/frame-src/frame-src-same-document.sub.html.headers create mode 100644 testing/web-platform/tests/content-security-policy/frame-src/frame-src-sandboxed-allowed.html create mode 100644 testing/web-platform/tests/content-security-policy/frame-src/frame-src-sandboxed-allowed.html.headers create mode 100644 testing/web-platform/tests/content-security-policy/frame-src/frame-src-self-unique-origin.html create mode 100644 testing/web-platform/tests/content-security-policy/frame-src/support/frame.html create mode 100644 testing/web-platform/tests/content-security-policy/frame-src/support/testharness-helper.sub.js create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-self/script-tag.http.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-self/script-tag.http.html.headers create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-self/script-tag.https.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-self/script-tag.https.html.headers create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-self/sharedworker-classic.http.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-self/sharedworker-classic.http.html.headers create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-self/sharedworker-classic.https.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-self/sharedworker-classic.https.html.headers create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-self/sharedworker-import-data.http.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-self/sharedworker-import-data.http.html.headers create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-self/sharedworker-import-data.https.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-self/sharedworker-import-data.https.html.headers create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-self/sharedworker-import.http.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-self/sharedworker-import.http.html.headers create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-self/sharedworker-import.https.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-self/sharedworker-import.https.html.headers create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-self/sharedworker-module.http.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-self/sharedworker-module.http.html.headers create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-self/sharedworker-module.https.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-self/sharedworker-module.https.html.headers create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-self/worker-classic.http.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-self/worker-classic.http.html.headers create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-self/worker-classic.https.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-self/worker-classic.https.html.headers create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-self/worker-import-data.http.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-self/worker-import-data.http.html.headers create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-self/worker-import-data.https.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-self/worker-import-data.https.html.headers create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-self/worker-import.http.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-self/worker-import.http.html.headers create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-self/worker-import.https.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-self/worker-import.https.html.headers create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-self/worker-module.http.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-self/worker-module.http.html.headers create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-self/worker-module.https.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-self/worker-module.https.html.headers create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-self/worklet-animation-import-data.https.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-self/worklet-animation-import-data.https.html.headers create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-self/worklet-animation.https.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-self/worklet-animation.https.html.headers create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-self/worklet-audio-import-data.https.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-self/worklet-audio-import-data.https.html.headers create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-self/worklet-audio.https.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-self/worklet-audio.https.html.headers create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-self/worklet-layout-import-data.https.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-self/worklet-layout-import-data.https.html.headers create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-self/worklet-layout.https.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-self/worklet-layout.https.html.headers create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-self/worklet-paint-import-data.https.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-self/worklet-paint-import-data.https.html.headers create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-self/worklet-paint.https.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-self/worklet-paint.https.html.headers create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-wildcard/script-tag.http.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-wildcard/script-tag.http.html.headers create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-wildcard/script-tag.https.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-wildcard/script-tag.https.html.headers create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-wildcard/sharedworker-classic.http.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-wildcard/sharedworker-classic.http.html.headers create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-wildcard/sharedworker-classic.https.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-wildcard/sharedworker-classic.https.html.headers create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-wildcard/sharedworker-import-data.http.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-wildcard/sharedworker-import-data.http.html.headers create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-wildcard/sharedworker-import-data.https.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-wildcard/sharedworker-import-data.https.html.headers create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-wildcard/sharedworker-import.http.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-wildcard/sharedworker-import.http.html.headers create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-wildcard/sharedworker-import.https.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-wildcard/sharedworker-import.https.html.headers create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-wildcard/sharedworker-module.http.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-wildcard/sharedworker-module.http.html.headers create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-wildcard/sharedworker-module.https.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-wildcard/sharedworker-module.https.html.headers create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-wildcard/worker-classic.http.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-wildcard/worker-classic.http.html.headers create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-wildcard/worker-classic.https.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-wildcard/worker-classic.https.html.headers create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-wildcard/worker-import-data.http.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-wildcard/worker-import-data.http.html.headers create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-wildcard/worker-import-data.https.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-wildcard/worker-import-data.https.html.headers create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-wildcard/worker-import.http.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-wildcard/worker-import.http.html.headers create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-wildcard/worker-import.https.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-wildcard/worker-import.https.html.headers create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-wildcard/worker-module.http.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-wildcard/worker-module.http.html.headers create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-wildcard/worker-module.https.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-wildcard/worker-module.https.html.headers create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-wildcard/worklet-animation-import-data.https.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-wildcard/worklet-animation-import-data.https.html.headers create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-wildcard/worklet-animation.https.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-wildcard/worklet-animation.https.html.headers create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-wildcard/worklet-audio-import-data.https.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-wildcard/worklet-audio-import-data.https.html.headers create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-wildcard/worklet-audio.https.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-wildcard/worklet-audio.https.html.headers create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-wildcard/worklet-layout-import-data.https.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-wildcard/worklet-layout-import-data.https.html.headers create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-wildcard/worklet-layout.https.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-wildcard/worklet-layout.https.html.headers create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-wildcard/worklet-paint-import-data.https.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-wildcard/worklet-paint-import-data.https.html.headers create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-wildcard/worklet-paint.https.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-wildcard/worklet-paint.https.html.headers create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-none/script-tag.http.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-none/script-tag.http.html.headers create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-none/script-tag.https.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-none/script-tag.https.html.headers create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-none/sharedworker-classic.http.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-none/sharedworker-classic.http.html.headers create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-none/sharedworker-classic.https.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-none/sharedworker-classic.https.html.headers create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-none/sharedworker-import-data.http.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-none/sharedworker-import-data.http.html.headers create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-none/sharedworker-import-data.https.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-none/sharedworker-import-data.https.html.headers create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-none/sharedworker-import.http.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-none/sharedworker-import.http.html.headers create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-none/sharedworker-import.https.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-none/sharedworker-import.https.html.headers create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-none/sharedworker-module.http.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-none/sharedworker-module.http.html.headers create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-none/sharedworker-module.https.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-none/sharedworker-module.https.html.headers create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-none/worker-classic.http.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-none/worker-classic.http.html.headers create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-none/worker-classic.https.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-none/worker-classic.https.html.headers create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-none/worker-import-data.http.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-none/worker-import-data.http.html.headers create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-none/worker-import-data.https.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-none/worker-import-data.https.html.headers create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-none/worker-import.http.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-none/worker-import.http.html.headers create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-none/worker-import.https.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-none/worker-import.https.html.headers create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-none/worker-module.http.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-none/worker-module.http.html.headers create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-none/worker-module.https.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-none/worker-module.https.html.headers create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-none/worklet-animation-import-data.https.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-none/worklet-animation-import-data.https.html.headers create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-none/worklet-animation.https.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-none/worklet-animation.https.html.headers create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-none/worklet-audio-import-data.https.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-none/worklet-audio-import-data.https.html.headers create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-none/worklet-audio.https.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-none/worklet-audio.https.html.headers create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-none/worklet-layout-import-data.https.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-none/worklet-layout-import-data.https.html.headers create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-none/worklet-layout.https.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-none/worklet-layout.https.html.headers create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-none/worklet-paint-import-data.https.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-none/worklet-paint-import-data.https.html.headers create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-none/worklet-paint.https.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-none/worklet-paint.https.html.headers create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-self/script-tag.http.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-self/script-tag.http.html.headers create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-self/script-tag.https.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-self/script-tag.https.html.headers create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-self/sharedworker-classic.http.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-self/sharedworker-classic.http.html.headers create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-self/sharedworker-classic.https.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-self/sharedworker-classic.https.html.headers create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-self/sharedworker-import-data.http.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-self/sharedworker-import-data.http.html.headers create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-self/sharedworker-import-data.https.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-self/sharedworker-import-data.https.html.headers create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-self/sharedworker-import.http.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-self/sharedworker-import.http.html.headers create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-self/sharedworker-import.https.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-self/sharedworker-import.https.html.headers create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-self/sharedworker-module.http.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-self/sharedworker-module.http.html.headers create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-self/sharedworker-module.https.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-self/sharedworker-module.https.html.headers create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-self/worker-classic.http.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-self/worker-classic.http.html.headers create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-self/worker-classic.https.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-self/worker-classic.https.html.headers create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-self/worker-import-data.http.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-self/worker-import-data.http.html.headers create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-self/worker-import-data.https.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-self/worker-import-data.https.html.headers create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-self/worker-import.http.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-self/worker-import.http.html.headers create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-self/worker-import.https.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-self/worker-import.https.html.headers create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-self/worker-module.http.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-self/worker-module.http.html.headers create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-self/worker-module.https.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-self/worker-module.https.html.headers create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-self/worklet-animation-import-data.https.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-self/worklet-animation-import-data.https.html.headers create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-self/worklet-animation.https.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-self/worklet-animation.https.html.headers create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-self/worklet-audio-import-data.https.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-self/worklet-audio-import-data.https.html.headers create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-self/worklet-audio.https.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-self/worklet-audio.https.html.headers create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-self/worklet-layout-import-data.https.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-self/worklet-layout-import-data.https.html.headers create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-self/worklet-layout.https.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-self/worklet-layout.https.html.headers create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-self/worklet-paint-import-data.https.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-self/worklet-paint-import-data.https.html.headers create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-self/worklet-paint.https.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-self/worklet-paint.https.html.headers create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-wildcard/script-tag.http.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-wildcard/script-tag.http.html.headers create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-wildcard/script-tag.https.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-wildcard/script-tag.https.html.headers create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-wildcard/sharedworker-classic.http.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-wildcard/sharedworker-classic.http.html.headers create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-wildcard/sharedworker-classic.https.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-wildcard/sharedworker-classic.https.html.headers create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-wildcard/sharedworker-import-data.http.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-wildcard/sharedworker-import-data.http.html.headers create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-wildcard/sharedworker-import-data.https.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-wildcard/sharedworker-import-data.https.html.headers create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-wildcard/sharedworker-import.http.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-wildcard/sharedworker-import.http.html.headers create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-wildcard/sharedworker-import.https.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-wildcard/sharedworker-import.https.html.headers create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-wildcard/sharedworker-module.http.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-wildcard/sharedworker-module.http.html.headers create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-wildcard/sharedworker-module.https.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-wildcard/sharedworker-module.https.html.headers create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-wildcard/worker-classic.http.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-wildcard/worker-classic.http.html.headers create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-wildcard/worker-classic.https.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-wildcard/worker-classic.https.html.headers create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-wildcard/worker-import-data.http.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-wildcard/worker-import-data.http.html.headers create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-wildcard/worker-import-data.https.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-wildcard/worker-import-data.https.html.headers create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-wildcard/worker-import.http.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-wildcard/worker-import.http.html.headers create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-wildcard/worker-import.https.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-wildcard/worker-import.https.html.headers create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-wildcard/worker-module.http.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-wildcard/worker-module.http.html.headers create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-wildcard/worker-module.https.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-wildcard/worker-module.https.html.headers create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-wildcard/worklet-animation-import-data.https.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-wildcard/worklet-animation-import-data.https.html.headers create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-wildcard/worklet-animation.https.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-wildcard/worklet-animation.https.html.headers create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-wildcard/worklet-audio-import-data.https.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-wildcard/worklet-audio-import-data.https.html.headers create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-wildcard/worklet-audio.https.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-wildcard/worklet-audio.https.html.headers create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-wildcard/worklet-layout-import-data.https.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-wildcard/worklet-layout-import-data.https.html.headers create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-wildcard/worklet-layout.https.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-wildcard/worklet-layout.https.html.headers create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-wildcard/worklet-paint-import-data.https.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-wildcard/worklet-paint-import-data.https.html.headers create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-wildcard/worklet-paint.https.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-wildcard/worklet-paint.https.html.headers create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.meta/script-src-self/script-tag.http.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.meta/script-src-self/script-tag.https.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.meta/script-src-self/sharedworker-classic.http.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.meta/script-src-self/sharedworker-classic.https.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.meta/script-src-self/sharedworker-import-data.http.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.meta/script-src-self/sharedworker-import-data.https.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.meta/script-src-self/sharedworker-import.http.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.meta/script-src-self/sharedworker-import.https.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.meta/script-src-self/sharedworker-module.http.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.meta/script-src-self/sharedworker-module.https.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.meta/script-src-self/worker-classic.http.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.meta/script-src-self/worker-classic.https.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.meta/script-src-self/worker-import-data.http.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.meta/script-src-self/worker-import-data.https.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.meta/script-src-self/worker-import.http.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.meta/script-src-self/worker-import.https.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.meta/script-src-self/worker-module.http.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.meta/script-src-self/worker-module.https.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.meta/script-src-self/worklet-animation-import-data.https.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.meta/script-src-self/worklet-animation.https.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.meta/script-src-self/worklet-audio-import-data.https.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.meta/script-src-self/worklet-audio.https.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.meta/script-src-self/worklet-layout-import-data.https.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.meta/script-src-self/worklet-layout.https.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.meta/script-src-self/worklet-paint-import-data.https.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.meta/script-src-self/worklet-paint.https.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.meta/script-src-wildcard/script-tag.http.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.meta/script-src-wildcard/script-tag.https.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.meta/script-src-wildcard/sharedworker-classic.http.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.meta/script-src-wildcard/sharedworker-classic.https.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.meta/script-src-wildcard/sharedworker-import-data.http.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.meta/script-src-wildcard/sharedworker-import-data.https.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.meta/script-src-wildcard/sharedworker-import.http.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.meta/script-src-wildcard/sharedworker-import.https.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.meta/script-src-wildcard/sharedworker-module.http.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.meta/script-src-wildcard/sharedworker-module.https.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.meta/script-src-wildcard/worker-classic.http.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.meta/script-src-wildcard/worker-classic.https.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.meta/script-src-wildcard/worker-import-data.http.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.meta/script-src-wildcard/worker-import-data.https.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.meta/script-src-wildcard/worker-import.http.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.meta/script-src-wildcard/worker-import.https.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.meta/script-src-wildcard/worker-module.http.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.meta/script-src-wildcard/worker-module.https.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.meta/script-src-wildcard/worklet-animation-import-data.https.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.meta/script-src-wildcard/worklet-animation.https.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.meta/script-src-wildcard/worklet-audio-import-data.https.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.meta/script-src-wildcard/worklet-audio.https.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.meta/script-src-wildcard/worklet-layout-import-data.https.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.meta/script-src-wildcard/worklet-layout.https.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.meta/script-src-wildcard/worklet-paint-import-data.https.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.meta/script-src-wildcard/worklet-paint.https.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-none/script-tag.http.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-none/script-tag.https.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-none/sharedworker-classic.http.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-none/sharedworker-classic.https.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-none/sharedworker-import-data.http.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-none/sharedworker-import-data.https.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-none/sharedworker-import.http.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-none/sharedworker-import.https.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-none/sharedworker-module.http.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-none/sharedworker-module.https.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-none/worker-classic.http.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-none/worker-classic.https.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-none/worker-import-data.http.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-none/worker-import-data.https.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-none/worker-import.http.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-none/worker-import.https.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-none/worker-module.http.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-none/worker-module.https.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-none/worklet-animation-import-data.https.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-none/worklet-animation.https.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-none/worklet-audio-import-data.https.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-none/worklet-audio.https.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-none/worklet-layout-import-data.https.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-none/worklet-layout.https.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-none/worklet-paint-import-data.https.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-none/worklet-paint.https.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-self/script-tag.http.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-self/script-tag.https.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-self/sharedworker-classic.http.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-self/sharedworker-classic.https.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-self/sharedworker-import-data.http.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-self/sharedworker-import-data.https.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-self/sharedworker-import.http.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-self/sharedworker-import.https.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-self/sharedworker-module.http.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-self/sharedworker-module.https.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-self/worker-classic.http.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-self/worker-classic.https.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-self/worker-import-data.http.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-self/worker-import-data.https.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-self/worker-import.http.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-self/worker-import.https.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-self/worker-module.http.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-self/worker-module.https.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-self/worklet-animation-import-data.https.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-self/worklet-animation.https.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-self/worklet-audio-import-data.https.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-self/worklet-audio.https.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-self/worklet-layout-import-data.https.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-self/worklet-layout.https.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-self/worklet-paint-import-data.https.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-self/worklet-paint.https.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-wildcard/script-tag.http.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-wildcard/script-tag.https.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-wildcard/sharedworker-classic.http.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-wildcard/sharedworker-classic.https.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-wildcard/sharedworker-import-data.http.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-wildcard/sharedworker-import-data.https.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-wildcard/sharedworker-import.http.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-wildcard/sharedworker-import.https.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-wildcard/sharedworker-module.http.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-wildcard/sharedworker-module.https.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-wildcard/worker-classic.http.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-wildcard/worker-classic.https.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-wildcard/worker-import-data.http.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-wildcard/worker-import-data.https.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-wildcard/worker-import.http.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-wildcard/worker-import.https.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-wildcard/worker-module.http.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-wildcard/worker-module.https.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-wildcard/worklet-animation-import-data.https.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-wildcard/worklet-animation.https.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-wildcard/worklet-audio-import-data.https.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-wildcard/worklet-audio.https.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-wildcard/worklet-layout-import-data.https.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-wildcard/worklet-layout.https.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-wildcard/worklet-paint-import-data.https.html create mode 100644 testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-wildcard/worklet-paint.https.html create mode 100644 testing/web-platform/tests/content-security-policy/generic/304-response-should-update-csp.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/generic/cspro-not-enforced-in-worker.html create mode 100644 testing/web-platform/tests/content-security-policy/generic/cspro-not-enforced-in-worker.html.sub.headers create mode 100644 testing/web-platform/tests/content-security-policy/generic/directive-name-case-insensitive.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/generic/duplicate-directive.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/generic/eval-typecheck-callout-order.tentative.html create mode 100644 testing/web-platform/tests/content-security-policy/generic/eval-typecheck-callout-order.tentative.html.headers create mode 100644 testing/web-platform/tests/content-security-policy/generic/fail-0_1.js create mode 100644 testing/web-platform/tests/content-security-policy/generic/filesystem-urls-do-not-match-self.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/generic/filesystem-urls-match-filesystem.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/generic/generic-0_1-img-src.html create mode 100644 testing/web-platform/tests/content-security-policy/generic/generic-0_1-script-src.html create mode 100644 testing/web-platform/tests/content-security-policy/generic/generic-0_10.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/generic/generic-0_10_1.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/generic/generic-0_2.html create mode 100644 testing/web-platform/tests/content-security-policy/generic/generic-0_2_2.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/generic/generic-0_2_3.html create mode 100644 testing/web-platform/tests/content-security-policy/generic/generic-0_8.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/generic/generic-0_8_1.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/generic/generic-0_9.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/generic/invalid-characters-in-policy.html create mode 100644 testing/web-platform/tests/content-security-policy/generic/negativeTests.js create mode 100644 testing/web-platform/tests/content-security-policy/generic/no-default-src.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/generic/no-default-src.sub.html.sub.headers create mode 100644 testing/web-platform/tests/content-security-policy/generic/only-valid-whitespaces-are-allowed.html create mode 100644 testing/web-platform/tests/content-security-policy/generic/pass-0_1.js create mode 100644 testing/web-platform/tests/content-security-policy/generic/policy-does-not-affect-child.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/generic/policy-inherited-correctly-by-plznavigate.html create mode 100644 testing/web-platform/tests/content-security-policy/generic/policy-inherited-correctly-by-plznavigate.html.sub.headers create mode 100644 testing/web-platform/tests/content-security-policy/generic/positiveTest.js create mode 100644 testing/web-platform/tests/content-security-policy/generic/support/304-response.py create mode 100644 testing/web-platform/tests/content-security-policy/generic/support/eval.js create mode 100644 testing/web-platform/tests/content-security-policy/generic/support/load_img_and_post_result_header.html create mode 100644 testing/web-platform/tests/content-security-policy/generic/support/load_img_and_post_result_header.html.sub.headers create mode 100644 testing/web-platform/tests/content-security-policy/generic/support/load_img_and_post_result_meta.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/generic/support/log-pass.html create mode 100644 testing/web-platform/tests/content-security-policy/generic/support/sandboxed-eval.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/generic/support/sandboxed-eval.sub.html.sub.headers create mode 100644 testing/web-platform/tests/content-security-policy/generic/test-case.sub.js create mode 100644 testing/web-platform/tests/content-security-policy/generic/unreached.js create mode 100644 testing/web-platform/tests/content-security-policy/generic/wildcardHostTest.js create mode 100644 testing/web-platform/tests/content-security-policy/generic/wildcardHostTestFailure.js create mode 100644 testing/web-platform/tests/content-security-policy/generic/wildcardHostTestSuceeds.js create mode 100644 testing/web-platform/tests/content-security-policy/generic/wildcardPortTest.js create mode 100644 testing/web-platform/tests/content-security-policy/generic/wildcardPortTestSuceeds.js create mode 100644 testing/web-platform/tests/content-security-policy/img-src/icon-allowed.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/img-src/icon-blocked.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/img-src/img-src-4_1.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/img-src/img-src-full-host-wildcard-blocked.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/img-src/img-src-host-partial-wildcard-allowed.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/img-src/img-src-none-blocks.html create mode 100644 testing/web-platform/tests/content-security-policy/img-src/img-src-port-wildcard-allowed.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/img-src/img-src-self-unique-origin.html create mode 100644 testing/web-platform/tests/content-security-policy/img-src/img-src-wildcard-allowed.html create mode 100644 testing/web-platform/tests/content-security-policy/img-src/report-blocked-data-uri.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/inheritance/blob-inherits-from-meta-http-equiv-with-invalid-characters.html create mode 100644 testing/web-platform/tests/content-security-policy/inheritance/blob-url-in-child-frame-self-navigate-inherits.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/inheritance/blob-url-in-main-window-self-navigate-inherits.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/inheritance/blob-url-inherits-from-initiator.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/inheritance/document-write-iframe.html create mode 100644 testing/web-platform/tests/content-security-policy/inheritance/frame-src-javascript-url.html create mode 100644 testing/web-platform/tests/content-security-policy/inheritance/history-iframe.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/inheritance/history.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/inheritance/iframe-all-local-schemes-inherit-self.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/inheritance/iframe-all-local-schemes.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/inheritance/iframe-srcdoc-history-inheritance.html create mode 100644 testing/web-platform/tests/content-security-policy/inheritance/iframe-srcdoc-inheritance.html create mode 100644 testing/web-platform/tests/content-security-policy/inheritance/inheritance-from-initiator.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/inheritance/inherited-csp-list-modifications-are-local.html create mode 100644 testing/web-platform/tests/content-security-policy/inheritance/javascript-url-open-in-main-window.html create mode 100644 testing/web-platform/tests/content-security-policy/inheritance/javascript-url-srcdoc-cross-origin-iframe-inheritance.html create mode 100644 testing/web-platform/tests/content-security-policy/inheritance/location-reload.html create mode 100644 testing/web-platform/tests/content-security-policy/inheritance/sandboxed-blob-scheme.html create mode 100644 testing/web-platform/tests/content-security-policy/inheritance/sandboxed-blob-scheme.html.sub.headers create mode 100644 testing/web-platform/tests/content-security-policy/inheritance/sandboxed-data-scheme.html create mode 100644 testing/web-platform/tests/content-security-policy/inheritance/sandboxed-data-scheme.html.sub.headers create mode 100644 testing/web-platform/tests/content-security-policy/inheritance/support/empty.html create mode 100644 testing/web-platform/tests/content-security-policy/inheritance/support/iframe-do.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/inheritance/support/javascript-url-srcdoc-cross-origin-iframe-inheritance-helper.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/inheritance/support/message-opener-and-navigate-back.html create mode 100644 testing/web-platform/tests/content-security-policy/inheritance/support/message-top-and-navigate-back.html create mode 100644 testing/web-platform/tests/content-security-policy/inheritance/support/navigate-parent-to-blob.html create mode 100644 testing/web-platform/tests/content-security-policy/inheritance/support/navigate-self-to-blob.html create mode 100644 testing/web-platform/tests/content-security-policy/inheritance/support/navigate-self-to-blob.html.sub.headers create mode 100644 testing/web-platform/tests/content-security-policy/inheritance/support/navigate-self-to-javascript.html create mode 100644 testing/web-platform/tests/content-security-policy/inheritance/support/postmessage-opener.html create mode 100644 testing/web-platform/tests/content-security-policy/inheritance/support/postmessage-top.html create mode 100644 testing/web-platform/tests/content-security-policy/inheritance/support/srcdoc-child-frame.html create mode 100644 testing/web-platform/tests/content-security-policy/inheritance/unsandboxed-blob-scheme.html create mode 100644 testing/web-platform/tests/content-security-policy/inheritance/unsandboxed-blob-scheme.html.sub.headers create mode 100644 testing/web-platform/tests/content-security-policy/inheritance/unsandboxed-data-scheme.html create mode 100644 testing/web-platform/tests/content-security-policy/inheritance/unsandboxed-data-scheme.html.sub.headers create mode 100644 testing/web-platform/tests/content-security-policy/inheritance/window-open-local-after-network-scheme.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/inheritance/window.html create mode 100644 testing/web-platform/tests/content-security-policy/inside-worker/dedicatedworker-connect-src.html create mode 100644 testing/web-platform/tests/content-security-policy/inside-worker/dedicatedworker-connect-src.html.sub.headers create mode 100644 testing/web-platform/tests/content-security-policy/inside-worker/dedicatedworker-report-only.html create mode 100644 testing/web-platform/tests/content-security-policy/inside-worker/dedicatedworker-report-only.html.sub.headers create mode 100644 testing/web-platform/tests/content-security-policy/inside-worker/dedicatedworker-script-src.html create mode 100644 testing/web-platform/tests/content-security-policy/inside-worker/dedicatedworker-script-src.html.sub.headers create mode 100644 testing/web-platform/tests/content-security-policy/inside-worker/serviceworker-connect-src.https.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/inside-worker/serviceworker-report-only.https.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/inside-worker/serviceworker-script-src.https.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/inside-worker/sharedworker-connect-src.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/inside-worker/sharedworker-report-only.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/inside-worker/sharedworker-script-src.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/inside-worker/support/connect-src-allow.sub.js create mode 100644 testing/web-platform/tests/content-security-policy/inside-worker/support/connect-src-self-report-only.sub.js create mode 100644 testing/web-platform/tests/content-security-policy/inside-worker/support/connect-src-self-report-only.sub.js.sub.headers create mode 100644 testing/web-platform/tests/content-security-policy/inside-worker/support/connect-src-self.sub.js create mode 100644 testing/web-platform/tests/content-security-policy/inside-worker/support/script-src-allow.sub.js create mode 100644 testing/web-platform/tests/content-security-policy/inside-worker/support/script-src-self.sub.js create mode 100644 testing/web-platform/tests/content-security-policy/media-src/media-src-7_1.html create mode 100644 testing/web-platform/tests/content-security-policy/media-src/media-src-7_1_2.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/media-src/media-src-7_2.html create mode 100644 testing/web-platform/tests/content-security-policy/media-src/media-src-7_2_2.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/media-src/media-src-7_3.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/media-src/media-src-7_3_2.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/media-src/media-src-blocked.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/media-src/media-src-redir-bug.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/meta/combine-header-and-meta-policies.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/meta/combine-header-and-meta-policies.sub.html.sub.headers create mode 100644 testing/web-platform/tests/content-security-policy/meta/meta-img-src.html create mode 100644 testing/web-platform/tests/content-security-policy/meta/meta-modified.html create mode 100644 testing/web-platform/tests/content-security-policy/meta/meta-outside-head.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/meta/meta-outside-head.sub.html.sub.headers create mode 100644 testing/web-platform/tests/content-security-policy/meta/sandbox-iframe.html create mode 100644 testing/web-platform/tests/content-security-policy/meta/support/metaHelper.js create mode 100644 testing/web-platform/tests/content-security-policy/navigate-to/anchor-navigation-always-allowed.html create mode 100644 testing/web-platform/tests/content-security-policy/navigate-to/anchor-navigation-always-allowed.html.headers create mode 100644 testing/web-platform/tests/content-security-policy/navigate-to/child-navigates-parent-allowed.html create mode 100644 testing/web-platform/tests/content-security-policy/navigate-to/child-navigates-parent-allowed.html.headers create mode 100644 testing/web-platform/tests/content-security-policy/navigate-to/child-navigates-parent-blocked.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/navigate-to/child-navigates-parent-blocked.sub.html.headers create mode 100644 testing/web-platform/tests/content-security-policy/navigate-to/form-action/form-action-allows-navigate-to-allows.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/navigate-to/form-action/form-action-allows-navigate-to-blocks.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/navigate-to/form-action/form-action-blocks-navigate-to-allows.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/navigate-to/form-action/form-action-blocks-navigate-to-blocks.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/navigate-to/form-allowed.html create mode 100644 testing/web-platform/tests/content-security-policy/navigate-to/form-blocked.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/navigate-to/form-cross-origin-allowed.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/navigate-to/form-cross-origin-blocked.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/navigate-to/form-redirected-allowed.html create mode 100644 testing/web-platform/tests/content-security-policy/navigate-to/form-redirected-blocked.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/navigate-to/href-location-allowed.html create mode 100644 testing/web-platform/tests/content-security-policy/navigate-to/href-location-blocked.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/navigate-to/href-location-cross-origin-allowed.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/navigate-to/href-location-cross-origin-blocked.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/navigate-to/href-location-redirected-allowed.html create mode 100644 testing/web-platform/tests/content-security-policy/navigate-to/href-location-redirected-blocked.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/navigate-to/link-click-allowed.html create mode 100644 testing/web-platform/tests/content-security-policy/navigate-to/link-click-blocked.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/navigate-to/link-click-cross-origin-allowed.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/navigate-to/link-click-cross-origin-blocked.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/navigate-to/link-click-redirected-allowed.html create mode 100644 testing/web-platform/tests/content-security-policy/navigate-to/link-click-redirected-blocked.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/navigate-to/meta-refresh-allowed.html create mode 100644 testing/web-platform/tests/content-security-policy/navigate-to/meta-refresh-blocked.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/navigate-to/meta-refresh-cross-origin-allowed.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/navigate-to/meta-refresh-cross-origin-blocked.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/navigate-to/meta-refresh-redirected-allowed.html create mode 100644 testing/web-platform/tests/content-security-policy/navigate-to/meta-refresh-redirected-blocked.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/navigate-to/parent-navigates-child-allowed.html create mode 100644 testing/web-platform/tests/content-security-policy/navigate-to/parent-navigates-child-allowed.html.headers create mode 100644 testing/web-platform/tests/content-security-policy/navigate-to/parent-navigates-child-blocked.html create mode 100644 testing/web-platform/tests/content-security-policy/navigate-to/parent-navigates-child-blocked.html.sub.headers create mode 100644 testing/web-platform/tests/content-security-policy/navigate-to/spv-only-sent-to-initiator.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/navigate-to/support/delayed_frame.py create mode 100644 testing/web-platform/tests/content-security-policy/navigate-to/support/form_action_navigation.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/navigate-to/support/form_action_navigation.sub.html.sub.headers create mode 100644 testing/web-platform/tests/content-security-policy/navigate-to/support/href_location_navigation.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/navigate-to/support/href_location_navigation.sub.html.sub.headers create mode 100644 testing/web-platform/tests/content-security-policy/navigate-to/support/link_click_navigation.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/navigate-to/support/link_click_navigation.sub.html.sub.headers create mode 100644 testing/web-platform/tests/content-security-policy/navigate-to/support/meta_refresh_navigation.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/navigate-to/support/meta_refresh_navigation.sub.html.sub.headers create mode 100644 testing/web-platform/tests/content-security-policy/navigate-to/support/navigate_parent.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/navigate-to/support/navigate_parent.sub.html.sub.headers create mode 100644 testing/web-platform/tests/content-security-policy/navigate-to/support/post_message_to_frame_owner.html create mode 100644 testing/web-platform/tests/content-security-policy/navigate-to/support/redirect_to_post_message_to_frame_owner.py create mode 100644 testing/web-platform/tests/content-security-policy/navigate-to/support/spv-test-iframe1.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/navigate-to/support/spv-test-iframe1.sub.html.sub.headers create mode 100644 testing/web-platform/tests/content-security-policy/navigate-to/support/spv-test-iframe2.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/navigate-to/support/spv-test-iframe3.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/navigate-to/support/wait_for_navigation.html create mode 100644 testing/web-platform/tests/content-security-policy/navigate-to/support/wait_for_navigation.html.sub.headers create mode 100644 testing/web-platform/tests/content-security-policy/navigate-to/unsafe-allow-redirects/allowed-end-of-chain-because-of-same-origin.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/navigate-to/unsafe-allow-redirects/allowed-end-of-chain.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/navigate-to/unsafe-allow-redirects/blocked-end-of-chain.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/navigation/javascript-url-navigation-inherits-csp.html create mode 100644 testing/web-platform/tests/content-security-policy/navigation/support/frame-with-csp.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/navigation/support/test_csp_self_window.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/navigation/support/test_csp_self_window.sub.html.sub.headers create mode 100644 testing/web-platform/tests/content-security-policy/navigation/to-javascript-parent-initiated-child-csp.html create mode 100644 testing/web-platform/tests/content-security-policy/navigation/to-javascript-parent-initiated-parent-csp-disallow.html create mode 100644 testing/web-platform/tests/content-security-policy/navigation/to-javascript-parent-initiated-parent-csp.html create mode 100644 testing/web-platform/tests/content-security-policy/navigation/to-javascript-url-frame-src.html create mode 100644 testing/web-platform/tests/content-security-policy/navigation/to-javascript-url-script-src.html create mode 100644 testing/web-platform/tests/content-security-policy/nonce-hiding/nonces.html create mode 100644 testing/web-platform/tests/content-security-policy/nonce-hiding/nonces.html.headers create mode 100644 testing/web-platform/tests/content-security-policy/nonce-hiding/script-nonces-hidden-meta.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/nonce-hiding/script-nonces-hidden.html create mode 100644 testing/web-platform/tests/content-security-policy/nonce-hiding/script-nonces-hidden.html.headers create mode 100644 testing/web-platform/tests/content-security-policy/nonce-hiding/svgscript-nonces-hidden-meta.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/nonce-hiding/svgscript-nonces-hidden.html create mode 100644 testing/web-platform/tests/content-security-policy/nonce-hiding/svgscript-nonces-hidden.html.headers create mode 100644 testing/web-platform/tests/content-security-policy/object-src/object-src-no-url-allowed.html create mode 100644 testing/web-platform/tests/content-security-policy/object-src/object-src-no-url-allowed.html.sub.headers create mode 100644 testing/web-platform/tests/content-security-policy/object-src/object-src-no-url-blocked.html create mode 100644 testing/web-platform/tests/content-security-policy/object-src/object-src-url-allowed.html create mode 100644 testing/web-platform/tests/content-security-policy/object-src/object-src-url-allowed.html.sub.headers create mode 100644 testing/web-platform/tests/content-security-policy/object-src/object-src-url-blocked.html create mode 100644 testing/web-platform/tests/content-security-policy/object-src/object-src-url-embed-allowed.html create mode 100644 testing/web-platform/tests/content-security-policy/object-src/object-src-url-embed-allowed.html.sub.headers create mode 100644 testing/web-platform/tests/content-security-policy/object-src/object-src-url-embed-blocked.html create mode 100644 testing/web-platform/tests/content-security-policy/object-src/object-src-url-redirect-allowed.html create mode 100644 testing/web-platform/tests/content-security-policy/object-src/object-src-url-redirect-allowed.html.sub.headers create mode 100644 testing/web-platform/tests/content-security-policy/object-src/object-src-url-redirect-blocked.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/parsing/invalid-directive.html create mode 100644 testing/web-platform/tests/content-security-policy/plugin-types/plugin-types-ignored.html create mode 100644 testing/web-platform/tests/content-security-policy/plugin-types/plugin-types-ignored.html.sub.headers create mode 100644 testing/web-platform/tests/content-security-policy/prefetch-src/prefetch-allowed.html create mode 100644 testing/web-platform/tests/content-security-policy/prefetch-src/prefetch-blocked-by-default.html create mode 100644 testing/web-platform/tests/content-security-policy/prefetch-src/prefetch-blocked.html create mode 100644 testing/web-platform/tests/content-security-policy/prefetch-src/prefetch-header-allowed.html create mode 100644 testing/web-platform/tests/content-security-policy/prefetch-src/prefetch-header-allowed.html.headers create mode 100644 testing/web-platform/tests/content-security-policy/prefetch-src/prefetch-header-blocked-by-default.html create mode 100644 testing/web-platform/tests/content-security-policy/prefetch-src/prefetch-header-blocked-by-default.html.headers create mode 100644 testing/web-platform/tests/content-security-policy/prefetch-src/prefetch-header-blocked.html create mode 100644 testing/web-platform/tests/content-security-policy/prefetch-src/prefetch-header-blocked.html.headers create mode 100644 testing/web-platform/tests/content-security-policy/reporting-api/report-to-directive-allowed-in-meta.https.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/reporting-api/report-to-directive-allowed-in-meta.https.sub.html.sub.headers create mode 100644 testing/web-platform/tests/content-security-policy/reporting-api/reporting-api-doesnt-send-reports-without-violation.https.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/reporting-api/reporting-api-doesnt-send-reports-without-violation.https.sub.html.sub.headers create mode 100644 testing/web-platform/tests/content-security-policy/reporting-api/reporting-api-report-only-sends-reports-on-violation.https.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/reporting-api/reporting-api-report-only-sends-reports-on-violation.https.sub.html.sub.headers create mode 100644 testing/web-platform/tests/content-security-policy/reporting-api/reporting-api-report-to-only-sends-reports-to-first-endpoint.https.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/reporting-api/reporting-api-report-to-only-sends-reports-to-first-endpoint.https.sub.html.sub.headers create mode 100644 testing/web-platform/tests/content-security-policy/reporting-api/reporting-api-report-to-overrides-report-uri-1.https.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/reporting-api/reporting-api-report-to-overrides-report-uri-1.https.sub.html.sub.headers create mode 100644 testing/web-platform/tests/content-security-policy/reporting-api/reporting-api-report-to-overrides-report-uri-2.https.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/reporting-api/reporting-api-report-to-overrides-report-uri-2.https.sub.html.sub.headers create mode 100644 testing/web-platform/tests/content-security-policy/reporting-api/reporting-api-sends-reports-on-violation.https.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/reporting-api/reporting-api-sends-reports-on-violation.https.sub.html.sub.headers create mode 100644 testing/web-platform/tests/content-security-policy/reporting-api/reporting-api-works-on-frame-ancestors.https.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/reporting-api/reporting-api-works-on-frame-ancestors.https.sub.html.sub.headers create mode 100644 testing/web-platform/tests/content-security-policy/reporting-api/reporting-api-works-on-frame-src.https.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/reporting-api/reporting-api-works-on-frame-src.https.sub.html.sub.headers create mode 100644 testing/web-platform/tests/content-security-policy/reporting-api/support/non-embeddable-frame.html create mode 100644 testing/web-platform/tests/content-security-policy/reporting-api/support/non-embeddable-frame.html.sub.headers create mode 100644 testing/web-platform/tests/content-security-policy/reporting/multiple-report-policies.html create mode 100644 testing/web-platform/tests/content-security-policy/reporting/multiple-report-policies.html.sub.headers create mode 100644 testing/web-platform/tests/content-security-policy/reporting/post-redirect-stacktrace.https.html create mode 100644 testing/web-platform/tests/content-security-policy/reporting/post-redirect-stacktrace.https.html.headers create mode 100644 testing/web-platform/tests/content-security-policy/reporting/report-and-enforce.html create mode 100644 testing/web-platform/tests/content-security-policy/reporting/report-and-enforce.html.sub.headers create mode 100644 testing/web-platform/tests/content-security-policy/reporting/report-blocked-data-uri.html create mode 100644 testing/web-platform/tests/content-security-policy/reporting/report-blocked-data-uri.html.sub.headers create mode 100644 testing/web-platform/tests/content-security-policy/reporting/report-blocked-uri-cross-origin.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/reporting/report-blocked-uri-cross-origin.sub.html.sub.headers create mode 100644 testing/web-platform/tests/content-security-policy/reporting/report-blocked-uri.html create mode 100644 testing/web-platform/tests/content-security-policy/reporting/report-blocked-uri.html.sub.headers create mode 100644 testing/web-platform/tests/content-security-policy/reporting/report-clips-sample.https.html create mode 100644 testing/web-platform/tests/content-security-policy/reporting/report-cross-origin-no-cookies.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/reporting/report-cross-origin-no-cookies.sub.html.sub.headers create mode 100644 testing/web-platform/tests/content-security-policy/reporting/report-frame-ancestors-with-x-frame-options.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/reporting/report-frame-ancestors.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/reporting/report-multiple-violations-01.html create mode 100644 testing/web-platform/tests/content-security-policy/reporting/report-multiple-violations-01.html.sub.headers create mode 100644 testing/web-platform/tests/content-security-policy/reporting/report-multiple-violations-02.html create mode 100644 testing/web-platform/tests/content-security-policy/reporting/report-multiple-violations-02.html.sub.headers create mode 100644 testing/web-platform/tests/content-security-policy/reporting/report-only-in-meta.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/reporting/report-only-in-meta.sub.html.sub.headers create mode 100644 testing/web-platform/tests/content-security-policy/reporting/report-only-unsafe-eval.html create mode 100644 testing/web-platform/tests/content-security-policy/reporting/report-only-unsafe-eval.html.sub.headers create mode 100644 testing/web-platform/tests/content-security-policy/reporting/report-original-url-on-mixed-content-frame.https.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/reporting/report-original-url-on-mixed-content-frame.https.sub.html.sub.headers create mode 100644 testing/web-platform/tests/content-security-policy/reporting/report-original-url.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/reporting/report-original-url.sub.html.sub.headers create mode 100644 testing/web-platform/tests/content-security-policy/reporting/report-preload-and-consume.https.html create mode 100644 testing/web-platform/tests/content-security-policy/reporting/report-same-origin-with-cookies.html create mode 100644 testing/web-platform/tests/content-security-policy/reporting/report-same-origin-with-cookies.html.sub.headers create mode 100644 testing/web-platform/tests/content-security-policy/reporting/report-strips-fragment.html create mode 100644 testing/web-platform/tests/content-security-policy/reporting/report-uri-effective-directive.html create mode 100644 testing/web-platform/tests/content-security-policy/reporting/report-uri-effective-directive.html.sub.headers create mode 100644 testing/web-platform/tests/content-security-policy/reporting/report-uri-from-child-frame.html create mode 100644 testing/web-platform/tests/content-security-policy/reporting/report-uri-from-inline-javascript.html create mode 100644 testing/web-platform/tests/content-security-policy/reporting/report-uri-from-inline-javascript.html.sub.headers create mode 100644 testing/web-platform/tests/content-security-policy/reporting/report-uri-from-javascript.html create mode 100644 testing/web-platform/tests/content-security-policy/reporting/report-uri-from-javascript.html.sub.headers create mode 100644 testing/web-platform/tests/content-security-policy/reporting/report-uri-multiple-reversed.html create mode 100644 testing/web-platform/tests/content-security-policy/reporting/report-uri-multiple-reversed.html.sub.headers create mode 100644 testing/web-platform/tests/content-security-policy/reporting/report-uri-multiple.html create mode 100644 testing/web-platform/tests/content-security-policy/reporting/report-uri-multiple.html.sub.headers create mode 100644 testing/web-platform/tests/content-security-policy/reporting/report-uri-scheme-relative.html create mode 100644 testing/web-platform/tests/content-security-policy/reporting/report-uri-scheme-relative.html.sub.headers create mode 100644 testing/web-platform/tests/content-security-policy/reporting/support/generate-csp-report.html create mode 100644 testing/web-platform/tests/content-security-policy/reporting/support/generate-csp-report.html.sub.headers create mode 100644 testing/web-platform/tests/content-security-policy/reporting/support/not-embeddable-frame.py create mode 100644 testing/web-platform/tests/content-security-policy/reporting/support/preload-csp-report.https.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/reporting/support/preload-csp-report.https.sub.html.sub.headers create mode 100644 testing/web-platform/tests/content-security-policy/reporting/support/redirect-throw-function.sub.py create mode 100644 testing/web-platform/tests/content-security-policy/reporting/support/set-cookie.py create mode 100644 testing/web-platform/tests/content-security-policy/reporting/support/throw-function.js create mode 100644 testing/web-platform/tests/content-security-policy/sandbox/iframe-inside-csp.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/sandbox/meta-element.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/sandbox/sandbox-allow-scripts-subframe.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/sandbox/sandbox-allow-scripts.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/sandbox/sandbox-empty-subframe.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/sandbox/sandbox-empty.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/sandbox/service-worker-sandbox.https.html create mode 100644 testing/web-platform/tests/content-security-policy/sandbox/shared-worker-sandbox.html create mode 100644 testing/web-platform/tests/content-security-policy/sandbox/support/empty.html create mode 100644 testing/web-platform/tests/content-security-policy/sandbox/support/post-origin-on-load-worker.js create mode 100644 testing/web-platform/tests/content-security-policy/sandbox/support/sandboxed-data-iframe.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/sandbox/support/sandboxed-data-iframe.sub.html.sub.headers create mode 100644 testing/web-platform/tests/content-security-policy/sandbox/support/sandboxed-eval.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/sandbox/support/sandboxed-eval.sub.html.sub.headers create mode 100644 testing/web-platform/tests/content-security-policy/sandbox/support/sandboxed-post-message-to-parent.html create mode 100644 testing/web-platform/tests/content-security-policy/sandbox/support/sandboxed-post-property-to-opener.html create mode 100644 testing/web-platform/tests/content-security-policy/sandbox/support/sandboxed-post-property-to-opener.html.sub.headers create mode 100644 testing/web-platform/tests/content-security-policy/sandbox/support/sandboxed-service-worker.js create mode 100644 testing/web-platform/tests/content-security-policy/sandbox/support/sandboxed-service-worker.js.headers create mode 100644 testing/web-platform/tests/content-security-policy/sandbox/support/sandboxed-shared-worker.js create mode 100644 testing/web-platform/tests/content-security-policy/sandbox/support/sandboxed-shared-worker.js.headers create mode 100644 testing/web-platform/tests/content-security-policy/sandbox/support/unsandboxed-post-property-to-opener.html create mode 100644 testing/web-platform/tests/content-security-policy/sandbox/window-reuse-sandboxed.html create mode 100644 testing/web-platform/tests/content-security-policy/sandbox/window-reuse-unsandboxed.html create mode 100644 testing/web-platform/tests/content-security-policy/script-src-attr-elem/script-src-attr-allowed-src-blocked.html create mode 100644 testing/web-platform/tests/content-security-policy/script-src-attr-elem/script-src-attr-blocked-src-allowed.html create mode 100644 testing/web-platform/tests/content-security-policy/script-src-attr-elem/script-src-elem-allowed-attr-blocked.html create mode 100644 testing/web-platform/tests/content-security-policy/script-src-attr-elem/script-src-elem-allowed-src-blocked.html create mode 100644 testing/web-platform/tests/content-security-policy/script-src-attr-elem/script-src-elem-blocked-attr-allowed.html create mode 100644 testing/web-platform/tests/content-security-policy/script-src-attr-elem/script-src-elem-blocked-src-allowed.html create mode 100644 testing/web-platform/tests/content-security-policy/script-src-attr-elem/strict-dynamic-elem-allowed-src-blocked.html create mode 100644 testing/web-platform/tests/content-security-policy/script-src-attr-elem/strict-dynamic-elem-blocked-src-allowed.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/script-src-attr-elem/support/t_done.js create mode 100644 testing/web-platform/tests/content-security-policy/script-src-attr-elem/support/t_fail.js create mode 100644 testing/web-platform/tests/content-security-policy/script-src/10_1_support_1.js create mode 100644 testing/web-platform/tests/content-security-policy/script-src/10_1_support_2.js create mode 100644 testing/web-platform/tests/content-security-policy/script-src/addInlineTestsWithDOMManipulation.js create mode 100644 testing/web-platform/tests/content-security-policy/script-src/buildInlineWorker.js create mode 100644 testing/web-platform/tests/content-security-policy/script-src/crossoriginScript.js create mode 100644 testing/web-platform/tests/content-security-policy/script-src/crossoriginScript.js.headers create mode 100644 testing/web-platform/tests/content-security-policy/script-src/eval-allowed-in-report-only-mode-and-sends-report.html create mode 100644 testing/web-platform/tests/content-security-policy/script-src/eval-allowed-in-report-only-mode-and-sends-report.html.sub.headers create mode 100644 testing/web-platform/tests/content-security-policy/script-src/eval-allowed-in-report-only-mode.html create mode 100644 testing/web-platform/tests/content-security-policy/script-src/eval-allowed-in-report-only-mode.html.sub.headers create mode 100644 testing/web-platform/tests/content-security-policy/script-src/externalScript.js create mode 100644 testing/web-platform/tests/content-security-policy/script-src/hash-always-converted-to-utf-8/iso-8859-1.html create mode 100644 testing/web-platform/tests/content-security-policy/script-src/hash-always-converted-to-utf-8/iso-8859-1.html.sub.headers create mode 100644 testing/web-platform/tests/content-security-policy/script-src/hash-always-converted-to-utf-8/iso-8859-3.html create mode 100644 testing/web-platform/tests/content-security-policy/script-src/hash-always-converted-to-utf-8/iso-8859-3.html.sub.headers create mode 100644 testing/web-platform/tests/content-security-policy/script-src/hash-always-converted-to-utf-8/iso-8859-7.html create mode 100644 testing/web-platform/tests/content-security-policy/script-src/hash-always-converted-to-utf-8/iso-8859-7.html.sub.headers create mode 100644 testing/web-platform/tests/content-security-policy/script-src/hash-always-converted-to-utf-8/iso-8859-9.html create mode 100644 testing/web-platform/tests/content-security-policy/script-src/hash-always-converted-to-utf-8/iso-8859-9.html.sub.headers create mode 100644 testing/web-platform/tests/content-security-policy/script-src/hash-always-converted-to-utf-8/utf-8-lone-surrogate.html create mode 100644 testing/web-platform/tests/content-security-policy/script-src/hash-always-converted-to-utf-8/utf-8-lone-surrogate.html.sub.headers create mode 100644 testing/web-platform/tests/content-security-policy/script-src/hash-always-converted-to-utf-8/utf-8.html create mode 100644 testing/web-platform/tests/content-security-policy/script-src/hash-always-converted-to-utf-8/utf-8.html.sub.headers create mode 100644 testing/web-platform/tests/content-security-policy/script-src/injected-inline-script-allowed.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/script-src/injected-inline-script-blocked.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/script-src/inlineSuccessTest.js create mode 100644 testing/web-platform/tests/content-security-policy/script-src/inlineTests.js create mode 100644 testing/web-platform/tests/content-security-policy/script-src/javascript-window-open-blocked.html create mode 100644 testing/web-platform/tests/content-security-policy/script-src/javascript-window-open-blocked.html.sub.headers create mode 100644 testing/web-platform/tests/content-security-policy/script-src/nonce-enforce-blocked.html create mode 100644 testing/web-platform/tests/content-security-policy/script-src/script-src-1_1.html create mode 100644 testing/web-platform/tests/content-security-policy/script-src/script-src-1_10.html create mode 100644 testing/web-platform/tests/content-security-policy/script-src/script-src-1_10_1.html create mode 100644 testing/web-platform/tests/content-security-policy/script-src/script-src-1_2.html create mode 100644 testing/web-platform/tests/content-security-policy/script-src/script-src-1_2_1.html create mode 100644 testing/web-platform/tests/content-security-policy/script-src/script-src-1_3.html create mode 100644 testing/web-platform/tests/content-security-policy/script-src/script-src-1_4.html create mode 100644 testing/web-platform/tests/content-security-policy/script-src/script-src-1_4_1.html create mode 100644 testing/web-platform/tests/content-security-policy/script-src/script-src-1_4_2.html create mode 100644 testing/web-platform/tests/content-security-policy/script-src/script-src-multiple-policies-multiple-hashing-algorithms.html create mode 100644 testing/web-platform/tests/content-security-policy/script-src/script-src-multiple-policies-multiple-hashing-algorithms.html.sub.headers create mode 100644 testing/web-platform/tests/content-security-policy/script-src/script-src-multiple-policies-one-using-hashing-algorithms.html create mode 100644 testing/web-platform/tests/content-security-policy/script-src/script-src-multiple-policies-one-using-hashing-algorithms.html.sub.headers create mode 100644 testing/web-platform/tests/content-security-policy/script-src/script-src-overrides-default-src.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/script-src/script-src-report-only-policy-works-with-external-hash-policy.html create mode 100644 testing/web-platform/tests/content-security-policy/script-src/script-src-report-only-policy-works-with-external-hash-policy.html.sub.headers create mode 100644 testing/web-platform/tests/content-security-policy/script-src/script-src-report-only-policy-works-with-hash-policy.html create mode 100644 testing/web-platform/tests/content-security-policy/script-src/script-src-report-only-policy-works-with-hash-policy.html.sub.headers create mode 100644 testing/web-platform/tests/content-security-policy/script-src/script-src-sri_hash.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/script-src/script-src-sri_hash.sub.html.sub.headers create mode 100644 testing/web-platform/tests/content-security-policy/script-src/script-src-strict_dynamic_and_unsafe_eval_eval.html create mode 100644 testing/web-platform/tests/content-security-policy/script-src/script-src-strict_dynamic_and_unsafe_eval_eval.html.headers create mode 100644 testing/web-platform/tests/content-security-policy/script-src/script-src-strict_dynamic_and_unsafe_eval_new_function.html create mode 100644 testing/web-platform/tests/content-security-policy/script-src/script-src-strict_dynamic_and_unsafe_eval_new_function.html.headers create mode 100644 testing/web-platform/tests/content-security-policy/script-src/script-src-strict_dynamic_discard_source_expressions.html create mode 100644 testing/web-platform/tests/content-security-policy/script-src/script-src-strict_dynamic_discard_source_expressions.html.headers create mode 100644 testing/web-platform/tests/content-security-policy/script-src/script-src-strict_dynamic_double_policy_different_nonce.html create mode 100644 testing/web-platform/tests/content-security-policy/script-src/script-src-strict_dynamic_double_policy_different_nonce.html.headers create mode 100644 testing/web-platform/tests/content-security-policy/script-src/script-src-strict_dynamic_double_policy_honor_source_expressions.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/script-src/script-src-strict_dynamic_double_policy_honor_source_expressions.sub.html.headers create mode 100644 testing/web-platform/tests/content-security-policy/script-src/script-src-strict_dynamic_double_policy_report_only.html create mode 100644 testing/web-platform/tests/content-security-policy/script-src/script-src-strict_dynamic_double_policy_report_only.html.headers create mode 100644 testing/web-platform/tests/content-security-policy/script-src/script-src-strict_dynamic_eval.html create mode 100644 testing/web-platform/tests/content-security-policy/script-src/script-src-strict_dynamic_eval.html.headers create mode 100644 testing/web-platform/tests/content-security-policy/script-src/script-src-strict_dynamic_hashes.html create mode 100644 testing/web-platform/tests/content-security-policy/script-src/script-src-strict_dynamic_hashes.html.headers create mode 100644 testing/web-platform/tests/content-security-policy/script-src/script-src-strict_dynamic_in_img-src.html create mode 100644 testing/web-platform/tests/content-security-policy/script-src/script-src-strict_dynamic_in_img-src.html.headers create mode 100644 testing/web-platform/tests/content-security-policy/script-src/script-src-strict_dynamic_javascript_uri.html create mode 100644 testing/web-platform/tests/content-security-policy/script-src/script-src-strict_dynamic_javascript_uri.html.headers create mode 100644 testing/web-platform/tests/content-security-policy/script-src/script-src-strict_dynamic_meta_tag.html create mode 100644 testing/web-platform/tests/content-security-policy/script-src/script-src-strict_dynamic_meta_tag.html.headers create mode 100644 testing/web-platform/tests/content-security-policy/script-src/script-src-strict_dynamic_new_function.html create mode 100644 testing/web-platform/tests/content-security-policy/script-src/script-src-strict_dynamic_new_function.html.headers create mode 100644 testing/web-platform/tests/content-security-policy/script-src/script-src-strict_dynamic_non_parser_inserted.html create mode 100644 testing/web-platform/tests/content-security-policy/script-src/script-src-strict_dynamic_non_parser_inserted.html.headers create mode 100644 testing/web-platform/tests/content-security-policy/script-src/script-src-strict_dynamic_non_parser_inserted_incorrect_nonce.html create mode 100644 testing/web-platform/tests/content-security-policy/script-src/script-src-strict_dynamic_non_parser_inserted_incorrect_nonce.html.headers create mode 100644 testing/web-platform/tests/content-security-policy/script-src/script-src-strict_dynamic_parser_inserted.html create mode 100644 testing/web-platform/tests/content-security-policy/script-src/script-src-strict_dynamic_parser_inserted.html.headers create mode 100644 testing/web-platform/tests/content-security-policy/script-src/script-src-strict_dynamic_parser_inserted_correct_nonce.html create mode 100644 testing/web-platform/tests/content-security-policy/script-src/script-src-strict_dynamic_parser_inserted_correct_nonce.html.headers create mode 100644 testing/web-platform/tests/content-security-policy/script-src/script-src-strict_dynamic_worker-importScripts.https.html create mode 100644 testing/web-platform/tests/content-security-policy/script-src/script-src-strict_dynamic_worker.https.html create mode 100644 testing/web-platform/tests/content-security-policy/script-src/script-src-wildcards-disallowed.html create mode 100644 testing/web-platform/tests/content-security-policy/script-src/scripthash-allowed.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/script-src/scripthash-base64url-converts-to-base64.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/script-src/scripthash-basic-blocked-error-event.html create mode 100644 testing/web-platform/tests/content-security-policy/script-src/scripthash-basic-blocked.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/script-src/scripthash-case-insensitive.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/script-src/scripthash-changed-1.html create mode 100644 testing/web-platform/tests/content-security-policy/script-src/scripthash-changed-2.html create mode 100644 testing/web-platform/tests/content-security-policy/script-src/scripthash-default-src.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/script-src/scripthash-ignore-unsafeinline.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/script-src/scripthash-unicode-normalization.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/script-src/scriptnonce-allowed.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/script-src/scriptnonce-and-scripthash.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/script-src/scriptnonce-basic-blocked.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/script-src/scriptnonce-changed-1.html create mode 100644 testing/web-platform/tests/content-security-policy/script-src/scriptnonce-changed-2.html create mode 100644 testing/web-platform/tests/content-security-policy/script-src/scriptnonce-ignore-unsafeinline.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/script-src/scriptnonce-redirect.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/script-src/scriptnonce-specified-source.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/script-src/scriptnonce-specified-source.sub.html.sub.headers create mode 100644 testing/web-platform/tests/content-security-policy/script-src/simpleSourcedScript.js create mode 100644 testing/web-platform/tests/content-security-policy/script-src/srcdoc-doesnt-bypass-script-src.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/script-src/support/change-scripthash-before-execute.js create mode 100644 testing/web-platform/tests/content-security-policy/script-src/support/change-scriptnonce-before-execute.js create mode 100644 testing/web-platform/tests/content-security-policy/script-src/support/empty.css create mode 100644 testing/web-platform/tests/content-security-policy/script-src/support/inject-script.js create mode 100644 testing/web-platform/tests/content-security-policy/script-src/support/inline-script-should-be-blocked.js create mode 100644 testing/web-platform/tests/content-security-policy/script-src/support/post-message.js create mode 100644 testing/web-platform/tests/content-security-policy/script-src/support/worker-eval.js create mode 100644 testing/web-platform/tests/content-security-policy/script-src/support/worker-eval.js.sub.headers create mode 100644 testing/web-platform/tests/content-security-policy/script-src/support/worker-function-function.js create mode 100644 testing/web-platform/tests/content-security-policy/script-src/support/worker-function-function.js.sub.headers create mode 100644 testing/web-platform/tests/content-security-policy/script-src/support/worker-with-script-src-none-importscripts.js create mode 100644 testing/web-platform/tests/content-security-policy/script-src/support/worker-with-script-src-none-importscripts.js.sub.headers create mode 100644 testing/web-platform/tests/content-security-policy/script-src/support/worker-with-script-src-none-set-timeout.js create mode 100644 testing/web-platform/tests/content-security-policy/script-src/support/worker-with-script-src-none-set-timeout.js.sub.headers create mode 100644 testing/web-platform/tests/content-security-policy/script-src/worker-data-set-timeout.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/script-src/worker-eval-blocked.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/script-src/worker-function-function-blocked.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/script-src/worker-importscripts.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/script-src/worker-script-src.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/script-src/worker-set-timeout.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/securitypolicyviolation/blockeduri-eval.html create mode 100644 testing/web-platform/tests/content-security-policy/securitypolicyviolation/blockeduri-inline.html create mode 100644 testing/web-platform/tests/content-security-policy/securitypolicyviolation/blockeduri-ws-wss-scheme.html create mode 100644 testing/web-platform/tests/content-security-policy/securitypolicyviolation/constructor-required-fields.html create mode 100644 testing/web-platform/tests/content-security-policy/securitypolicyviolation/idlharness.window.js create mode 100644 testing/web-platform/tests/content-security-policy/securitypolicyviolation/img-src-redirect-upgrade-reporting.https.html create mode 100644 testing/web-platform/tests/content-security-policy/securitypolicyviolation/img-src-redirect-upgrade-reporting.https.html.headers create mode 100644 testing/web-platform/tests/content-security-policy/securitypolicyviolation/img-src-redirect.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/securitypolicyviolation/inside-dedicated-worker.html create mode 100644 testing/web-platform/tests/content-security-policy/securitypolicyviolation/inside-service-worker.https.html create mode 100644 testing/web-platform/tests/content-security-policy/securitypolicyviolation/inside-shared-worker.html create mode 100644 testing/web-platform/tests/content-security-policy/securitypolicyviolation/script-sample-no-opt-in.html create mode 100644 testing/web-platform/tests/content-security-policy/securitypolicyviolation/script-sample.html create mode 100644 testing/web-platform/tests/content-security-policy/securitypolicyviolation/securitypolicyviolation-block-cross-origin-image-from-script.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/securitypolicyviolation/securitypolicyviolation-block-cross-origin-image.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/securitypolicyviolation/securitypolicyviolation-block-image-from-script.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/securitypolicyviolation/securitypolicyviolation-block-image.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/securitypolicyviolation/source-file-blob-scheme.html create mode 100644 testing/web-platform/tests/content-security-policy/securitypolicyviolation/source-file-data-scheme.html create mode 100644 testing/web-platform/tests/content-security-policy/securitypolicyviolation/source-file.html create mode 100644 testing/web-platform/tests/content-security-policy/securitypolicyviolation/style-sample-no-opt-in.html create mode 100644 testing/web-platform/tests/content-security-policy/securitypolicyviolation/style-sample.html create mode 100644 testing/web-platform/tests/content-security-policy/securitypolicyviolation/support/inside-worker.sub.js create mode 100644 testing/web-platform/tests/content-security-policy/securitypolicyviolation/support/inside-worker.sub.js.headers create mode 100644 testing/web-platform/tests/content-security-policy/securitypolicyviolation/support/testharness-helper.sub.js create mode 100644 testing/web-platform/tests/content-security-policy/securitypolicyviolation/targeting.html create mode 100644 testing/web-platform/tests/content-security-policy/securitypolicyviolation/upgrade-insecure-requests-reporting.https.html create mode 100644 testing/web-platform/tests/content-security-policy/securitypolicyviolation/upgrade-insecure-requests-reporting.https.html.headers create mode 100644 testing/web-platform/tests/content-security-policy/spec.src.json create mode 100644 testing/web-platform/tests/content-security-policy/style-src-attr-elem/style-src-attr-allowed-src-blocked.html create mode 100644 testing/web-platform/tests/content-security-policy/style-src-attr-elem/style-src-attr-blocked-src-allowed.html create mode 100644 testing/web-platform/tests/content-security-policy/style-src-attr-elem/style-src-elem-allowed-attr-blocked.html create mode 100644 testing/web-platform/tests/content-security-policy/style-src-attr-elem/style-src-elem-allowed-src-blocked.html create mode 100644 testing/web-platform/tests/content-security-policy/style-src-attr-elem/style-src-elem-blocked-attr-allowed.html create mode 100644 testing/web-platform/tests/content-security-policy/style-src-attr-elem/style-src-elem-blocked-src-allowed.html create mode 100644 testing/web-platform/tests/content-security-policy/style-src/injected-inline-style-allowed.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/style-src/injected-inline-style-blocked.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/style-src/inline-style-allowed-while-cloning-objects.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/style-src/inline-style-allowed.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/style-src/inline-style-attribute-allowed.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/style-src/inline-style-attribute-blocked.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/style-src/inline-style-attribute-on-html.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/style-src/inline-style-blocked.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/style-src/resources/allowed.css create mode 100644 testing/web-platform/tests/content-security-policy/style-src/resources/style-src-import.sub.css create mode 100644 testing/web-platform/tests/content-security-policy/style-src/resources/style-src-inject-style.js create mode 100644 testing/web-platform/tests/content-security-policy/style-src/resources/style-src.css create mode 100644 testing/web-platform/tests/content-security-policy/style-src/style-allowed.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/style-src/style-blocked.html create mode 100644 testing/web-platform/tests/content-security-policy/style-src/style-src-error-event-fires.html create mode 100644 testing/web-platform/tests/content-security-policy/style-src/style-src-hash-allowed.html create mode 100644 testing/web-platform/tests/content-security-policy/style-src/style-src-hash-blocked.html create mode 100644 testing/web-platform/tests/content-security-policy/style-src/style-src-hash-case-insensitive.html create mode 100644 testing/web-platform/tests/content-security-policy/style-src/style-src-hash-default-src-allowed.html create mode 100644 testing/web-platform/tests/content-security-policy/style-src/style-src-imported-style-allowed.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/style-src/style-src-imported-style-blocked.html create mode 100644 testing/web-platform/tests/content-security-policy/style-src/style-src-injected-inline-style-allowed-with-content-hash.html create mode 100644 testing/web-platform/tests/content-security-policy/style-src/style-src-injected-inline-style-allowed.html create mode 100644 testing/web-platform/tests/content-security-policy/style-src/style-src-injected-inline-style-blocked.html create mode 100644 testing/web-platform/tests/content-security-policy/style-src/style-src-injected-stylesheet-allowed.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/style-src/style-src-injected-stylesheet-blocked.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/style-src/style-src-inline-style-allowed.html create mode 100644 testing/web-platform/tests/content-security-policy/style-src/style-src-inline-style-attribute-allowed.html create mode 100644 testing/web-platform/tests/content-security-policy/style-src/style-src-inline-style-attribute-blocked.html create mode 100644 testing/web-platform/tests/content-security-policy/style-src/style-src-inline-style-blocked.html create mode 100644 testing/web-platform/tests/content-security-policy/style-src/style-src-inline-style-nonce-allowed.html create mode 100644 testing/web-platform/tests/content-security-policy/style-src/style-src-inline-style-nonce-blocked-error-event.html create mode 100644 testing/web-platform/tests/content-security-policy/style-src/style-src-inline-style-nonce-blocked.html create mode 100644 testing/web-platform/tests/content-security-policy/style-src/style-src-multiple-policies-multiple-hashing-algorithms.html create mode 100644 testing/web-platform/tests/content-security-policy/style-src/style-src-multiple-policies-multiple-hashing-algorithms.html.sub.headers create mode 100644 testing/web-platform/tests/content-security-policy/style-src/style-src-none-blocked.html create mode 100644 testing/web-platform/tests/content-security-policy/style-src/style-src-star-allowed.html create mode 100644 testing/web-platform/tests/content-security-policy/style-src/style-src-stylesheet-nonce-allowed.html create mode 100644 testing/web-platform/tests/content-security-policy/style-src/style-src-stylesheet-nonce-blocked.html create mode 100644 testing/web-platform/tests/content-security-policy/style-src/stylehash-allowed.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/style-src/stylehash-basic-blocked.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/style-src/stylehash-default-src.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/style-src/stylenonce-allowed.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/style-src/stylenonce-blocked.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/style-src/support/inject-style.js create mode 100644 testing/web-platform/tests/content-security-policy/support/alert-pass.js create mode 100644 testing/web-platform/tests/content-security-policy/support/alertAssert.sub.js create mode 100644 testing/web-platform/tests/content-security-policy/support/checkReport.sub.js create mode 100644 testing/web-platform/tests/content-security-policy/support/dedicated-worker-helper.js create mode 100644 testing/web-platform/tests/content-security-policy/support/document-write-alert-fail.js create mode 100644 testing/web-platform/tests/content-security-policy/support/echo-policy.py create mode 100644 testing/web-platform/tests/content-security-policy/support/fail.asis create mode 100644 testing/web-platform/tests/content-security-policy/support/fail.html create mode 100644 testing/web-platform/tests/content-security-policy/support/fail.js create mode 100644 testing/web-platform/tests/content-security-policy/support/fail.png create mode 100644 testing/web-platform/tests/content-security-policy/support/file-prefetch-allowed.html create mode 100644 testing/web-platform/tests/content-security-policy/support/fonts.css create mode 100644 testing/web-platform/tests/content-security-policy/support/import-scripts.js create mode 100644 testing/web-platform/tests/content-security-policy/support/inject-image.js create mode 100644 testing/web-platform/tests/content-security-policy/support/inject-image.sub.js create mode 100644 testing/web-platform/tests/content-security-policy/support/logTest.sub.js create mode 100644 testing/web-platform/tests/content-security-policy/support/manifest.json create mode 100644 testing/web-platform/tests/content-security-policy/support/media/flash.swf create mode 100644 testing/web-platform/tests/content-security-policy/support/nonce-should-be-blocked.js create mode 100644 testing/web-platform/tests/content-security-policy/support/pass.png create mode 100644 testing/web-platform/tests/content-security-policy/support/pass2.png create mode 100644 testing/web-platform/tests/content-security-policy/support/ping.js create mode 100644 testing/web-platform/tests/content-security-policy/support/post-message.js create mode 100644 testing/web-platform/tests/content-security-policy/support/postmessage-fail.html create mode 100644 testing/web-platform/tests/content-security-policy/support/postmessage-pass-to-opener.html create mode 100644 testing/web-platform/tests/content-security-policy/support/postmessage-pass.html create mode 100644 testing/web-platform/tests/content-security-policy/support/prefetch-helper.js create mode 100644 testing/web-platform/tests/content-security-policy/support/prefetch-subresource.css create mode 100644 testing/web-platform/tests/content-security-policy/support/prefetch-subresource.css.headers create mode 100644 testing/web-platform/tests/content-security-policy/support/resource.py create mode 100644 testing/web-platform/tests/content-security-policy/support/service-worker-helper.js create mode 100644 testing/web-platform/tests/content-security-policy/support/shared-worker-helper.js create mode 100644 testing/web-platform/tests/content-security-policy/support/siblingPath.js create mode 100644 testing/web-platform/tests/content-security-policy/support/testharness-helper.js create mode 100644 testing/web-platform/tests/content-security-policy/support/var-a.js create mode 100644 testing/web-platform/tests/content-security-policy/svg/including.sub.svg create mode 100644 testing/web-platform/tests/content-security-policy/svg/including.sub.svg.sub.headers create mode 100644 testing/web-platform/tests/content-security-policy/svg/object-in-svg-foreignobject.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/svg/scripted.svg create mode 100644 testing/web-platform/tests/content-security-policy/svg/scripted.svg.sub.headers create mode 100644 testing/web-platform/tests/content-security-policy/svg/svg-from-guid.html create mode 100644 testing/web-platform/tests/content-security-policy/svg/svg-inline.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/svg/svg-policy-resource-doc-includes.html create mode 100644 testing/web-platform/tests/content-security-policy/svg/svg-policy-with-resource.html create mode 100644 testing/web-platform/tests/content-security-policy/unsafe-eval/eval-allowed.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/unsafe-eval/eval-blocked-and-sends-report.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/unsafe-eval/eval-blocked-in-about-blank-iframe.html create mode 100644 testing/web-platform/tests/content-security-policy/unsafe-eval/eval-blocked.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/unsafe-eval/eval-in-iframe.html create mode 100644 testing/web-platform/tests/content-security-policy/unsafe-eval/eval-scripts-setInterval-allowed.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/unsafe-eval/eval-scripts-setInterval-blocked.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/unsafe-eval/eval-scripts-setTimeout-allowed.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/unsafe-eval/eval-scripts-setTimeout-blocked.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/unsafe-eval/function-constructor-allowed.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/unsafe-eval/function-constructor-blocked.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/unsafe-eval/support/echo-eval-with-policy.py create mode 100644 testing/web-platform/tests/content-security-policy/unsafe-hashes/javascript_src_allowed-href.html create mode 100644 testing/web-platform/tests/content-security-policy/unsafe-hashes/javascript_src_allowed-href_blank-script-src-attr.html create mode 100644 testing/web-platform/tests/content-security-policy/unsafe-hashes/javascript_src_allowed-href_blank-script-src-elem.html create mode 100644 testing/web-platform/tests/content-security-policy/unsafe-hashes/javascript_src_allowed-href_blank.html create mode 100644 testing/web-platform/tests/content-security-policy/unsafe-hashes/javascript_src_allowed-window_location.html create mode 100644 testing/web-platform/tests/content-security-policy/unsafe-hashes/javascript_src_allowed-window_open.html create mode 100644 testing/web-platform/tests/content-security-policy/unsafe-hashes/javascript_src_denied_missing_unsafe_hashes-href.html create mode 100644 testing/web-platform/tests/content-security-policy/unsafe-hashes/javascript_src_denied_missing_unsafe_hashes-href_blank-script-src-attr.html create mode 100644 testing/web-platform/tests/content-security-policy/unsafe-hashes/javascript_src_denied_missing_unsafe_hashes-href_blank-script-src-elem.html create mode 100644 testing/web-platform/tests/content-security-policy/unsafe-hashes/javascript_src_denied_missing_unsafe_hashes-href_blank.html create mode 100644 testing/web-platform/tests/content-security-policy/unsafe-hashes/javascript_src_denied_missing_unsafe_hashes-window_location.html create mode 100644 testing/web-platform/tests/content-security-policy/unsafe-hashes/javascript_src_denied_missing_unsafe_hashes-window_open.html create mode 100644 testing/web-platform/tests/content-security-policy/unsafe-hashes/javascript_src_denied_wrong_hash-href.html create mode 100644 testing/web-platform/tests/content-security-policy/unsafe-hashes/javascript_src_denied_wrong_hash-href_blank-script-src-attr.html create mode 100644 testing/web-platform/tests/content-security-policy/unsafe-hashes/javascript_src_denied_wrong_hash-href_blank-script-src-elem.html create mode 100644 testing/web-platform/tests/content-security-policy/unsafe-hashes/javascript_src_denied_wrong_hash-href_blank.html create mode 100644 testing/web-platform/tests/content-security-policy/unsafe-hashes/javascript_src_denied_wrong_hash-window_location.html create mode 100644 testing/web-platform/tests/content-security-policy/unsafe-hashes/javascript_src_denied_wrong_hash-window_open.html create mode 100644 testing/web-platform/tests/content-security-policy/unsafe-hashes/script_event_handlers_allowed.html create mode 100644 testing/web-platform/tests/content-security-policy/unsafe-hashes/script_event_handlers_denied_missing_unsafe_hashes.html create mode 100644 testing/web-platform/tests/content-security-policy/unsafe-hashes/script_event_handlers_denied_wrong_hash.html create mode 100644 testing/web-platform/tests/content-security-policy/unsafe-hashes/style_attribute_allowed.html create mode 100644 testing/web-platform/tests/content-security-policy/unsafe-hashes/style_attribute_denied_missing_unsafe_hashes.html create mode 100644 testing/web-platform/tests/content-security-policy/unsafe-hashes/style_attribute_denied_wrong_hash.html create mode 100644 testing/web-platform/tests/content-security-policy/unsafe-hashes/support/child_window_location_navigate.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/unsafe-hashes/support/helper.js create mode 100644 testing/web-platform/tests/content-security-policy/wasm-unsafe-eval/default-src-blocks-wasm.any.js create mode 100644 testing/web-platform/tests/content-security-policy/wasm-unsafe-eval/default-src-blocks-wasm.any.js.headers create mode 100644 testing/web-platform/tests/content-security-policy/wasm-unsafe-eval/default-src-unsafe-eval-allows-wasm.any.js create mode 100644 testing/web-platform/tests/content-security-policy/wasm-unsafe-eval/default-src-unsafe-eval-allows-wasm.any.js.headers create mode 100644 testing/web-platform/tests/content-security-policy/wasm-unsafe-eval/default-src-wasm-unsafe-eval-allows-wasm.any.js create mode 100644 testing/web-platform/tests/content-security-policy/wasm-unsafe-eval/default-src-wasm-unsafe-eval-allows-wasm.any.js.headers create mode 100644 testing/web-platform/tests/content-security-policy/wasm-unsafe-eval/postMessage-wasm-module.html create mode 100644 testing/web-platform/tests/content-security-policy/wasm-unsafe-eval/script-src-blocks-wasm.any.js create mode 100644 testing/web-platform/tests/content-security-policy/wasm-unsafe-eval/script-src-blocks-wasm.any.js.headers create mode 100644 testing/web-platform/tests/content-security-policy/wasm-unsafe-eval/script-src-spv-asynch.any.js create mode 100644 testing/web-platform/tests/content-security-policy/wasm-unsafe-eval/script-src-spv-asynch.any.js.headers create mode 100644 testing/web-platform/tests/content-security-policy/wasm-unsafe-eval/script-src-unsafe-eval-allows-wasm.any.js create mode 100644 testing/web-platform/tests/content-security-policy/wasm-unsafe-eval/script-src-unsafe-eval-allows-wasm.any.js.headers create mode 100644 testing/web-platform/tests/content-security-policy/wasm-unsafe-eval/script-src-wasm-unsafe-eval-allows-wasm.any.js create mode 100644 testing/web-platform/tests/content-security-policy/wasm-unsafe-eval/script-src-wasm-unsafe-eval-allows-wasm.any.js.headers create mode 100644 testing/web-platform/tests/content-security-policy/wasm-unsafe-eval/support/iframe.html create mode 100644 testing/web-platform/tests/content-security-policy/wasm-unsafe-eval/support/iframe.html.headers create mode 100644 testing/web-platform/tests/content-security-policy/webrtc/webrtc-allowed-default-src-none.html create mode 100644 testing/web-platform/tests/content-security-policy/webrtc/webrtc-allowed-explicit.html create mode 100644 testing/web-platform/tests/content-security-policy/webrtc/webrtc-allowed-nopolicy.html create mode 100644 testing/web-platform/tests/content-security-policy/webrtc/webrtc-blocked-explicit.html create mode 100644 testing/web-platform/tests/content-security-policy/webrtc/webrtc-blocked-unknown.html create mode 100644 testing/web-platform/tests/content-security-policy/webrtc/webrtc.js create mode 100644 testing/web-platform/tests/content-security-policy/worker-src/dedicated-child.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/worker-src/dedicated-fallback.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/worker-src/dedicated-list.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/worker-src/dedicated-none.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/worker-src/dedicated-self.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/worker-src/dedicated-worker-src-child-fallback-blocked.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/worker-src/dedicated-worker-src-child-fallback.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/worker-src/dedicated-worker-src-default-fallback.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/worker-src/dedicated-worker-src-script-fallback.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/worker-src/dedicated-worker-src-self-fallback.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/worker-src/service-child.https.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/worker-src/service-fallback.https.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/worker-src/service-list.https.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/worker-src/service-none.https.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/worker-src/service-self.https.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/worker-src/service-worker-src-child-fallback-blocked.https.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/worker-src/service-worker-src-child-fallback.https.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/worker-src/service-worker-src-default-fallback.https.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/worker-src/service-worker-src-script-fallback.https.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/worker-src/service-worker-src-self-fallback.https.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/worker-src/shared-child.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/worker-src/shared-fallback.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/worker-src/shared-list.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/worker-src/shared-none.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/worker-src/shared-self.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/worker-src/shared-worker-src-child-fallback-blocked.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/worker-src/shared-worker-src-child-fallback.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/worker-src/shared-worker-src-default-fallback.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/worker-src/shared-worker-src-script-fallback.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/worker-src/shared-worker-src-self-fallback.sub.html (limited to 'testing/web-platform/tests/content-security-policy') diff --git a/testing/web-platform/tests/content-security-policy/META.yml b/testing/web-platform/tests/content-security-policy/META.yml new file mode 100644 index 0000000000..ee8f1ea7e0 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/META.yml @@ -0,0 +1,4 @@ +spec: https://w3c.github.io/webappsec-csp/ +suggested_reviewers: + - andypaicu + - hillbrad diff --git a/testing/web-platform/tests/content-security-policy/README.css b/testing/web-platform/tests/content-security-policy/README.css new file mode 100644 index 0000000000..d47a5034ba --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/README.css @@ -0,0 +1,27 @@ + +.code { + font-family: monospace; + color: darkorange; +} + +.codeTitle { + font-family: sans-serif; + padding: .3em; + margin-bottom: -1em; + background: #ffe; + border-color: #ccc; + border-width: 1px; + border-style: groove; +} + +.highlight1 { + background: yellow; +} + +.highlight2 { + background: pink; +} + +body { + font-family: sans-serif; +} diff --git a/testing/web-platform/tests/content-security-policy/README.html b/testing/web-platform/tests/content-security-policy/README.html new file mode 100644 index 0000000000..07ddcc7a4d --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/README.html @@ -0,0 +1,118 @@ + + + + + Introduction to Writing Content Security Policy Tests + + + + + + + +

Introduction to Writing Content Security Policy Tests

+

The CSP test suite uses the standard W3C testharness.js framework, but there are a few additional things you'll need to do because of the unique way CSP works, even if you're already an expert at writing W3C tests. These tests require the use of the + wptserve server (included in the web-platform-tests repository) to operate correctly.

+ +

What's different about writing CSP tests?

+ +

Headers

+

Content Security Policy is preferentially set through an HTTP header. This means we can't do our tests just as a simple set of HTML+CSS+JS files. Luckily the wptserver framework provides an easy method to add headers to a file.

+

If my file is named example.html then I can create a file + example.html.headers to define the headers that will be served with it. If I need to do template substitutions in the headers, I can instead create a file named example.html.sub.headers.

+ +

Negative Test Cases and Blocked Script Execution

+

Another interesting feature of CSP is that it prevents things from happening. It even can and prevent script from running. How do we write tests that detect something didn't happen?

+ +

Checking Reports

+

CSP also has a feature to send a report. We ideally want to check that whenever a policy is enforced, a report is sent. This also helps us with the previous problem - if it is difficult to observe something not happening, we can still check that a report fired.

+ +

Putting it Together

+

Here's an example of a simple test. (ignore the highlights for now...) This file lives in the + /content-security-policy/script-src/ directory.

+ +

script-src-1_1.html

+ 
<!DOCTYPE HTML>
+<html>
+<head>
+    <script src='/resources/testharness.js'></script>
+    <script src='/resources/testharnessreport.js'></script>
+</head>
+<body>
+    <h1>Inline script should not run without 'unsafe-inline' script-src directive.</h1>
+    <div id='log'></div>
+
+    <script>
+    test(function() {
+        assert_unreached('Unsafe inline script ran.')},
+        'Inline script in a script tag should not run without an unsafe-inline directive'
+    );
+    </script>
+
+    <img src='doesnotexist.jpg' onerror='test(function() { assert_false(true, "Unsafe inline event handler ran.") }, "Inline event handlers should not run without an unsafe-inline directive");'>
+
+    <script async defer src='../support/checkReport.sub.js?reportField=violated-directive&reportValue=script-src%20%27self%27'></script>
+
+</body>
+</html>
+
+ + +

This code includes three tests. The first one in the script block will generate a failure if it runs. The second one, in the onerror handler for the img which does not exist should also generate a failure if it runs. But for a successful CSP implementation, neither of these tests does run. The final test is run by the link to ../support/checkReport.sub.js. It will load some script in the page (make sure its not blocked by your policy!) which contacts the server asynchronously and sees if the expected report was sent. This should always run an generate a positive or negative result even if the inline tests are blocked as we expect.

+ +

Now, to actually exercise these tests against a policy, we'll need to set headers. In the same directory we'll place this file:

+ +

script-src-1_1.html.sub.headers

+ 

+Expires: Mon, 26 Jul 1997 05:00:00 GMT
+Cache-Control: no-store, no-cache, must-revalidate
+Cache-Control: post-check=0, pre-check=0, false
+Pragma: no-cache
+Set-Cookie: script-src-1_1={{$id:uuid()}}; Path=/content-security-policy/script-src/
+Content-Security-Policy: script-src 'self'; report-uri  /reporting/resources/report.py?op=put&reportID={{$id}}
+
+

This sets some headers to prevent caching (just so we are more likely to see our latest changes if we're actively developing this test) sets a cookie (more on that later) and sets the relevant Content-Security-Policy header for our test case.

+ +

What about those highlights?

+

In production code we don't like to repeat ourselves. For this test suite, we'll relax that rule a little bit. Why? It's easier to have many people contributing "safe" files using some template substitutions than require every file to be executable content like Python or PHP which would require much more careful code review. The highlights show where you have to be careful as you repeat yourself in more limited static files. +

+ +

The YELLOW highlighted text is information that must be the same between both files for report checking to work correctly. In the html file, we're telling + checkReport.sub.js to check the value of the + violated-directive key in the report JSON. So it needs to match (after URL encoding) the directive we set in the header.

+ +

The PINK highlighted text is information that must be repeated from the path and filename of your test file into the headers file. The name of the cookie must match the name of the test file without its extension, the path for the cookie must be correct, and the relative path component to the report-uri must also be corrected if you nest your tests more than one directory deep.

+ +

Check Your Effects!

+

A good test case should also verify the state of the DOM in addition to checking the report - after all, a browser might send a report without actually blocking the banned content. Note that in a browser without CSP support there will be three failures on the example page as the inline script executes.

+

How exactly you check your effects will depend on the directive, but don't hesitate to use script for testing to see if computed styles are as expected, if layouts changed or if certain elements were added to the DOM. Checking that the report also fired is just the final step of verifing correct behavior.

+ +

Note that avoiding inline script is good style and good habits, but not 100% necessary for every test case. Go ahead and specify 'unsafe-inline' if it makes your life easier.

+ +

Report Existence Only and Double-Negative Tests

+

If you want to check that a report exists, or verify that a report wasn't sent for a double-negative test case, + you can pass ?reportExists=[true|false] to checkReport.sub.js instead of reportField and reportValue.

+ +

How does the magic happen?

+

Behind the scenes, a few things are going on in the framework.

+
    +
  1. The {{$id:uuid}} templating marker in the headers file tells the wptserve HTTP server to create a new unique id and assign it to a variable, which we can re-use as {{$id}}.
    2. +
  2. We'll use this UUID in two places: +
      +
    1. As a GET parameter to our reporting script, to uniquely identify this instance of the test case so our report can be stored and retrieved. +
      2. +
    2. As a cookie value associated with the filename, so script in the page context can learn what UUID the report was sent under.
      3. +
    +
    3. +
  3. The report listener is a simple python file that stashes the report value under its UUID and allows it to be retrieved again, exactly once.
    4. +
  4. checkReport.sub.js then grabs the current path information and uses that to find the cookie holding the report UUID. It deletes that cookie (otherwise the test suite would overrun the maximum size of a cookie header allowed) then makes an XMLHttpRequest to the report listener to retrieve the report, parse it and verify the contents as per the parameters it was loaded with.
    5. +
+ +

Why all these gymnastics? CSP reports are delivered by an anonymous fetch. This means that the browser does not process the response headers, body, or allow any state changes as a result. So we can't pull a trick like just echoing the report contents back in a Set-Cookie header or writing them to local storage.

+ +

Luckily, you shouldn't have to worry about this magic much, as long as you get the incantation correct.

+ + + diff --git a/testing/web-platform/tests/content-security-policy/base-uri/base-uri-allow.sub.html b/testing/web-platform/tests/content-security-policy/base-uri/base-uri-allow.sub.html new file mode 100644 index 0000000000..cda0c2db44 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/base-uri/base-uri-allow.sub.html @@ -0,0 +1,24 @@ + + + + + + + + + + + + + + diff --git a/testing/web-platform/tests/content-security-policy/base-uri/base-uri-deny.sub.html b/testing/web-platform/tests/content-security-policy/base-uri/base-uri-deny.sub.html new file mode 100644 index 0000000000..a5a78ae1a3 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/base-uri/base-uri-deny.sub.html @@ -0,0 +1,25 @@ + + + + + + + + + + + + + + diff --git a/testing/web-platform/tests/content-security-policy/base-uri/base-uri_iframe_sandbox.sub.html b/testing/web-platform/tests/content-security-policy/base-uri/base-uri_iframe_sandbox.sub.html new file mode 100644 index 0000000000..299383c469 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/base-uri/base-uri_iframe_sandbox.sub.html @@ -0,0 +1,79 @@ + + + + + + + base-uri works correctly inside a sandboxed iframe. + + + + + +

base-uri works correctly inside a sandboxed iframe.

+
+ + + + + + diff --git a/testing/web-platform/tests/content-security-policy/base-uri/report-uri-does-not-respect-base-uri.sub.html b/testing/web-platform/tests/content-security-policy/base-uri/report-uri-does-not-respect-base-uri.sub.html new file mode 100644 index 0000000000..408c0116eb --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/base-uri/report-uri-does-not-respect-base-uri.sub.html @@ -0,0 +1,27 @@ + + + + Test that base does not affect report-uri + + + + + + + + + + + + diff --git a/testing/web-platform/tests/content-security-policy/base-uri/report-uri-does-not-respect-base-uri.sub.html.sub.headers b/testing/web-platform/tests/content-security-policy/base-uri/report-uri-does-not-respect-base-uri.sub.html.sub.headers new file mode 100644 index 0000000000..811125d83a --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/base-uri/report-uri-does-not-respect-base-uri.sub.html.sub.headers @@ -0,0 +1,5 @@ +Expires: Mon, 26 Jul 1997 05:00:00 GMT +Cache-Control: no-store, no-cache, must-revalidate +Pragma: no-cache +Set-Cookie: report-uri-does-not-respect-base-uri={{$id:uuid()}}; Path=/content-security-policy/base-uri +Content-Security-Policy: script-src 'self' 'unsafe-inline'; img-src 'none'; report-uri /reporting/resources/report.py?op=put&reportID={{$id}} diff --git a/testing/web-platform/tests/content-security-policy/blob/blob-urls-do-not-match-self.sub.html b/testing/web-platform/tests/content-security-policy/blob/blob-urls-do-not-match-self.sub.html new file mode 100644 index 0000000000..cafa1e3660 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/blob/blob-urls-do-not-match-self.sub.html @@ -0,0 +1,36 @@ + + + + + + + blob-urls-do-not-match-self + + + + + + + +

+ blob: URLs are same-origin with the page in which they were created, but explicitly do not match the 'self' or '*' source in CSP directives because they are more akin to 'unsafe-inline' content. +

+ +
+ + + diff --git a/testing/web-platform/tests/content-security-policy/blob/blob-urls-match-blob.sub.html b/testing/web-platform/tests/content-security-policy/blob/blob-urls-match-blob.sub.html new file mode 100644 index 0000000000..2b8db3a99f --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/blob/blob-urls-match-blob.sub.html @@ -0,0 +1,37 @@ + + + + + + + blob-urls-match-blob + + + + + + + +

+ blob: URLs are same-origin with the page in which they were created, but match only if the blob: scheme is specified. +

+ +
+ + + diff --git a/testing/web-platform/tests/content-security-policy/blob/self-doesnt-match-blob.sub.html b/testing/web-platform/tests/content-security-policy/blob/self-doesnt-match-blob.sub.html new file mode 100644 index 0000000000..c7002aba19 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/blob/self-doesnt-match-blob.sub.html @@ -0,0 +1,49 @@ + + + + + + + worker-connect-src-blocked + + + + + +

This test loads a worker, from a guid. + The worker should be blocked from loading with a child-src policy of 'self' + as the blob: scheme must be specified explicitly. + A report should be sent to the report-uri specified + with this resource.

+ + +
+ + + diff --git a/testing/web-platform/tests/content-security-policy/blob/star-doesnt-match-blob.sub.html b/testing/web-platform/tests/content-security-policy/blob/star-doesnt-match-blob.sub.html new file mode 100644 index 0000000000..f2fd01f827 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/blob/star-doesnt-match-blob.sub.html @@ -0,0 +1,49 @@ + + + + + + + worker-connect-src-blocked + + + + + +

This test loads a worker, from a guid. + The worker should be blocked from loading with a child-src policy of * + as the blob: scheme must be specified explicitly. + A report should be sent to the report-uri specified + with this resource.

+ + +
+ + + diff --git a/testing/web-platform/tests/content-security-policy/child-src/child-src-about-blank-allowed-by-default.sub.html b/testing/web-platform/tests/content-security-policy/child-src/child-src-about-blank-allowed-by-default.sub.html new file mode 100644 index 0000000000..c546a7a27f --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/child-src/child-src-about-blank-allowed-by-default.sub.html @@ -0,0 +1,29 @@ + + + + + + + child-src-about-blank-allowed-by-default + + +

These frames should not be blocked by Content-Security-Policy. + It's pointless to block about:blank iframes because + blocking a frame just results in displaying about:blank anyway! +

+ + + + + +
+ + + + + diff --git a/testing/web-platform/tests/content-security-policy/child-src/child-src-about-blank-allowed-by-scheme.sub.html b/testing/web-platform/tests/content-security-policy/child-src/child-src-about-blank-allowed-by-scheme.sub.html new file mode 100644 index 0000000000..2de5484c0f --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/child-src/child-src-about-blank-allowed-by-scheme.sub.html @@ -0,0 +1,25 @@ + + + + + + + child-src-about-blank-allowed-by-scheme + + +

This frame should not be blocked by Content-Security-Policy. +

+ + + +
+ + + + + \ No newline at end of file diff --git a/testing/web-platform/tests/content-security-policy/child-src/child-src-allowed.sub.html b/testing/web-platform/tests/content-security-policy/child-src/child-src-allowed.sub.html new file mode 100644 index 0000000000..3d4964e24b --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/child-src/child-src-allowed.sub.html @@ -0,0 +1,64 @@ + + + + + child-src-allowed + + + + + +

+ This iframe should be allowed. +

+ + + + + +
+ + + diff --git a/testing/web-platform/tests/content-security-policy/child-src/child-src-blocked.sub.html b/testing/web-platform/tests/content-security-policy/child-src/child-src-blocked.sub.html new file mode 100644 index 0000000000..9141aeba46 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/child-src/child-src-blocked.sub.html @@ -0,0 +1,62 @@ + + + + + + + child-src-blocked + + + + +

+ IFrames blocked by CSP should generate a 'load', not 'error' event, regardless of blocked state. This means they appear to be normal cross-origin loads, thereby not leaking URL information directly to JS. +

+ + + + + +
+ + + diff --git a/testing/web-platform/tests/content-security-policy/child-src/child-src-conflicting-frame-src.sub.html b/testing/web-platform/tests/content-security-policy/child-src/child-src-conflicting-frame-src.sub.html new file mode 100644 index 0000000000..7f6f9294fa --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/child-src/child-src-conflicting-frame-src.sub.html @@ -0,0 +1,65 @@ + + + + child-src-blocked + + + + + + +

+ A more permissive child-src should not relax restrictions from a less- + permissive frame-src. Directives still combine for least privilege, even when + one obsoletes another. +

+ + + + + +
+ + + diff --git a/testing/web-platform/tests/content-security-policy/child-src/child-src-cross-origin-load.sub.html b/testing/web-platform/tests/content-security-policy/child-src/child-src-cross-origin-load.sub.html new file mode 100644 index 0000000000..192f69b854 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/child-src/child-src-cross-origin-load.sub.html @@ -0,0 +1,42 @@ + + + + + + diff --git a/testing/web-platform/tests/content-security-policy/child-src/child-src-redirect-blocked.sub.html b/testing/web-platform/tests/content-security-policy/child-src/child-src-redirect-blocked.sub.html new file mode 100644 index 0000000000..d73284e20a --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/child-src/child-src-redirect-blocked.sub.html @@ -0,0 +1,65 @@ + + + + + + + child-src-blocked + + + + + +

+ IFrames blocked by CSP should generate a 'load', not 'error' event, regardless of blocked state. This means they appear to be normal cross-origin loads, thereby not leaking URL information directly to JS. +

+ + + + + +
+ + + diff --git a/testing/web-platform/tests/content-security-policy/child-src/child-src-worker-allowed.sub.html b/testing/web-platform/tests/content-security-policy/child-src/child-src-worker-allowed.sub.html new file mode 100644 index 0000000000..d02abaef19 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/child-src/child-src-worker-allowed.sub.html @@ -0,0 +1,38 @@ + + + + + child-src-worker-allowed + + + + + + +

This test used to check the child-src csp controlling worker creation. This behaviour has been deprecated but it's still supported + until the transition is done. This still tests that behaviour but we need to go through extra hoops to make sure 'script-src' + does not affect the result in any way (for instance by allowing 'self'). +

+ +
+ + + diff --git a/testing/web-platform/tests/content-security-policy/child-src/child-src-worker-blocked.sub.html b/testing/web-platform/tests/content-security-policy/child-src/child-src-worker-blocked.sub.html new file mode 100644 index 0000000000..675cd95ea4 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/child-src/child-src-worker-blocked.sub.html @@ -0,0 +1,44 @@ + + + + + child-src-worker-blocked + + + + + + +

This test used to check the child-src csp controlling worker creation. This behaviour has been deprecated but it's still supported + until the transition is done. This still tests that behaviour but we need to go through extra hoops to make sure 'script-src' + does not affect the result in any way (for instance by allowing 'self'). +

+ +
+ + diff --git a/testing/web-platform/tests/content-security-policy/connect-src/connect-src-beacon-allowed.sub.html b/testing/web-platform/tests/content-security-policy/connect-src/connect-src-beacon-allowed.sub.html new file mode 100644 index 0000000000..de032a9f47 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/connect-src/connect-src-beacon-allowed.sub.html @@ -0,0 +1,39 @@ + + + + + + + connect-src-beacon-allowed + + + + + + + + + +
+ + + diff --git a/testing/web-platform/tests/content-security-policy/connect-src/connect-src-beacon-blocked.sub.html b/testing/web-platform/tests/content-security-policy/connect-src/connect-src-beacon-blocked.sub.html new file mode 100644 index 0000000000..025a720184 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/connect-src/connect-src-beacon-blocked.sub.html @@ -0,0 +1,39 @@ + + + + + + + connect-src-beacon-blocked + + + + + + + + + +
+ + + diff --git a/testing/web-platform/tests/content-security-policy/connect-src/connect-src-beacon-redirect-to-blocked.sub.html b/testing/web-platform/tests/content-security-policy/connect-src/connect-src-beacon-redirect-to-blocked.sub.html new file mode 100644 index 0000000000..b0cbea51f5 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/connect-src/connect-src-beacon-redirect-to-blocked.sub.html @@ -0,0 +1,36 @@ + + + + + + + connect-src-beacon-redirect-to-blocked + + + + + + + + +

The beacon should not follow the redirect to http://www1.{{host}}:{{ports[http][0]}}/content-security-policy/support/fail.png and send a CSP violation report.

+

Verify that a CSP connect-src directive blocks redirects.

+ +
+ + + diff --git a/testing/web-platform/tests/content-security-policy/connect-src/connect-src-eventsource-allowed.sub.html b/testing/web-platform/tests/content-security-policy/connect-src/connect-src-eventsource-allowed.sub.html new file mode 100644 index 0000000000..1edaf319dc --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/connect-src/connect-src-eventsource-allowed.sub.html @@ -0,0 +1,36 @@ + + + + + + + connect-src-eventsource-allowed + + + + + + + + +
+ + + diff --git a/testing/web-platform/tests/content-security-policy/connect-src/connect-src-eventsource-blocked.sub.html b/testing/web-platform/tests/content-security-policy/connect-src/connect-src-eventsource-blocked.sub.html new file mode 100644 index 0000000000..df8a9a1e3d --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/connect-src/connect-src-eventsource-blocked.sub.html @@ -0,0 +1,39 @@ + + + + + + + connect-src-eventsource-blocked + + + + + + + + +
+ + + diff --git a/testing/web-platform/tests/content-security-policy/connect-src/connect-src-eventsource-redirect-to-blocked.sub.html b/testing/web-platform/tests/content-security-policy/connect-src/connect-src-eventsource-redirect-to-blocked.sub.html new file mode 100644 index 0000000000..32709cd2d4 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/connect-src/connect-src-eventsource-redirect-to-blocked.sub.html @@ -0,0 +1,40 @@ + + + + + + + connect-src-eventsource-redirect-to-blocked + + + + + + + + + +
+ + + diff --git a/testing/web-platform/tests/content-security-policy/connect-src/connect-src-websocket-allowed.sub.html b/testing/web-platform/tests/content-security-policy/connect-src/connect-src-websocket-allowed.sub.html new file mode 100644 index 0000000000..4263d97fe2 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/connect-src/connect-src-websocket-allowed.sub.html @@ -0,0 +1,36 @@ + + + + + + + connect-src-websocket-blocked + + + + + + + + +
+ + + diff --git a/testing/web-platform/tests/content-security-policy/connect-src/connect-src-websocket-blocked.sub.html b/testing/web-platform/tests/content-security-policy/connect-src/connect-src-websocket-blocked.sub.html new file mode 100644 index 0000000000..02c52837bb --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/connect-src/connect-src-websocket-blocked.sub.html @@ -0,0 +1,36 @@ + + + + + + + connect-src-websocket-blocked + + + + + + + + +
+ + + diff --git a/testing/web-platform/tests/content-security-policy/connect-src/connect-src-websocket-self.sub.html b/testing/web-platform/tests/content-security-policy/connect-src/connect-src-websocket-self.sub.html new file mode 100644 index 0000000000..6db324ea0e --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/connect-src/connect-src-websocket-self.sub.html @@ -0,0 +1,47 @@ + + + + + + connect-src-websocket-blocked + + + + + + + + +
+ + + diff --git a/testing/web-platform/tests/content-security-policy/connect-src/connect-src-xmlhttprequest-allowed.sub.html b/testing/web-platform/tests/content-security-policy/connect-src/connect-src-xmlhttprequest-allowed.sub.html new file mode 100644 index 0000000000..bde5eeea10 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/connect-src/connect-src-xmlhttprequest-allowed.sub.html @@ -0,0 +1,32 @@ + + + + + + + connect-src-xmlhttprequest-allowed + + + + + + + + +
+ + + diff --git a/testing/web-platform/tests/content-security-policy/connect-src/connect-src-xmlhttprequest-blocked.sub.html b/testing/web-platform/tests/content-security-policy/connect-src/connect-src-xmlhttprequest-blocked.sub.html new file mode 100644 index 0000000000..f4215909d9 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/connect-src/connect-src-xmlhttprequest-blocked.sub.html @@ -0,0 +1,38 @@ + + + + + + + connect-src-xmlhttprequest-blocked + + + + + + + + +
+ + + diff --git a/testing/web-platform/tests/content-security-policy/connect-src/connect-src-xmlhttprequest-redirect-to-blocked.sub.html b/testing/web-platform/tests/content-security-policy/connect-src/connect-src-xmlhttprequest-redirect-to-blocked.sub.html new file mode 100644 index 0000000000..429e463c53 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/connect-src/connect-src-xmlhttprequest-redirect-to-blocked.sub.html @@ -0,0 +1,46 @@ + + + + + + + connect-src-xmlhttprequest-redirect-to-blocked + + + + + + + + + +
+ + + diff --git a/testing/web-platform/tests/content-security-policy/connect-src/resources/simple-event-stream b/testing/web-platform/tests/content-security-policy/connect-src/resources/simple-event-stream new file mode 100644 index 0000000000..bdd2d486c2 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/connect-src/resources/simple-event-stream @@ -0,0 +1 @@ +data: hello \ No newline at end of file diff --git a/testing/web-platform/tests/content-security-policy/connect-src/resources/simple-event-stream.headers b/testing/web-platform/tests/content-security-policy/connect-src/resources/simple-event-stream.headers new file mode 100644 index 0000000000..450c9f2d23 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/connect-src/resources/simple-event-stream.headers @@ -0,0 +1 @@ +Content-Type: text/event-stream \ No newline at end of file diff --git a/testing/web-platform/tests/content-security-policy/connect-src/shared-worker-connect-src-allowed.sub.html b/testing/web-platform/tests/content-security-policy/connect-src/shared-worker-connect-src-allowed.sub.html new file mode 100644 index 0000000000..f772b2402a --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/connect-src/shared-worker-connect-src-allowed.sub.html @@ -0,0 +1,39 @@ + + + + + + + shared-worker-connect-src-allowed + + + + + + + + +
+ + + diff --git a/testing/web-platform/tests/content-security-policy/connect-src/shared-worker-connect-src-blocked.sub.html b/testing/web-platform/tests/content-security-policy/connect-src/shared-worker-connect-src-blocked.sub.html new file mode 100644 index 0000000000..f229d561dc --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/connect-src/shared-worker-connect-src-blocked.sub.html @@ -0,0 +1,44 @@ + + + + + + + shared-worker-connect-src-blocked + + + + + + + +

This test loads a shared worker, delivered with its own + policy. The worker should be blocked from making an XHR + as that policy specifies a connect-src 'none', though + this resource's policy is connect-src *. No report + should be sent since the worker's policy doesn't specify + a report-uri.

+ +
+ + + diff --git a/testing/web-platform/tests/content-security-policy/connect-src/support/shared-worker-make-xhr-allowed.sub.js b/testing/web-platform/tests/content-security-policy/connect-src/support/shared-worker-make-xhr-allowed.sub.js new file mode 100644 index 0000000000..1e9700832d --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/connect-src/support/shared-worker-make-xhr-allowed.sub.js @@ -0,0 +1,23 @@ +onconnect = function (event) { + var port = event.ports[0]; + var xhr = new XMLHttpRequest; + xhr.onerror = function () { + port.postMessage("xhr blocked"); + port.postMessage("TEST COMPLETE"); + }; + xhr.onload = function () { + if (xhr.responseText == "FAIL") { + port.postMessage("xhr allowed"); + } else { + port.postMessage("xhr blocked"); + } + port.postMessage("TEST COMPLETE"); + }; + try { + xhr.open("GET", "http://{{domains[www1]}}:{{ports[http][0]}}/content-security-policy/support/fail.asis", true); + xhr.send(); + } catch (e) { + port.postMessage("xhr blocked"); + port.postMessage("TEST COMPLETE"); + } +} \ No newline at end of file diff --git a/testing/web-platform/tests/content-security-policy/connect-src/support/shared-worker-make-xhr-blocked.sub.js b/testing/web-platform/tests/content-security-policy/connect-src/support/shared-worker-make-xhr-blocked.sub.js new file mode 100644 index 0000000000..1e9700832d --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/connect-src/support/shared-worker-make-xhr-blocked.sub.js @@ -0,0 +1,23 @@ +onconnect = function (event) { + var port = event.ports[0]; + var xhr = new XMLHttpRequest; + xhr.onerror = function () { + port.postMessage("xhr blocked"); + port.postMessage("TEST COMPLETE"); + }; + xhr.onload = function () { + if (xhr.responseText == "FAIL") { + port.postMessage("xhr allowed"); + } else { + port.postMessage("xhr blocked"); + } + port.postMessage("TEST COMPLETE"); + }; + try { + xhr.open("GET", "http://{{domains[www1]}}:{{ports[http][0]}}/content-security-policy/support/fail.asis", true); + xhr.send(); + } catch (e) { + port.postMessage("xhr blocked"); + port.postMessage("TEST COMPLETE"); + } +} \ No newline at end of file diff --git a/testing/web-platform/tests/content-security-policy/connect-src/support/shared-worker-make-xhr-blocked.sub.js.sub.headers b/testing/web-platform/tests/content-security-policy/connect-src/support/shared-worker-make-xhr-blocked.sub.js.sub.headers new file mode 100644 index 0000000000..ac7368c32e --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/connect-src/support/shared-worker-make-xhr-blocked.sub.js.sub.headers @@ -0,0 +1 @@ +Content-Security-Policy: connect-src 'none' \ No newline at end of file diff --git a/testing/web-platform/tests/content-security-policy/connect-src/support/worker-make-xhr-blocked.sub.js b/testing/web-platform/tests/content-security-policy/connect-src/support/worker-make-xhr-blocked.sub.js new file mode 100644 index 0000000000..22819d57a2 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/connect-src/support/worker-make-xhr-blocked.sub.js @@ -0,0 +1,21 @@ +var xhr = new XMLHttpRequest; +xhr.onerror = function () { + postMessage("xhr blocked"); + postMessage("TEST COMPLETE"); +}; +xhr.onload = function () { + //cons/**/ole.log(xhr.responseText); + if (xhr.responseText == "FAIL") { + postMessage("xhr allowed"); + } else { + postMessage("xhr blocked"); + } + postMessage("TEST COMPLETE"); +}; +try { + xhr.open("GET", "/common/redirect.py?location=http://www1.{{host}}:{{ports[http][0]}}/content-security-policy/support/fail.asis", true); + xhr.send(); +} catch (e) { + postMessage("xhr blocked"); + postMessage("TEST COMPLETE"); +} \ No newline at end of file diff --git a/testing/web-platform/tests/content-security-policy/connect-src/support/worker-make-xhr-blocked.sub.js.sub.headers b/testing/web-platform/tests/content-security-policy/connect-src/support/worker-make-xhr-blocked.sub.js.sub.headers new file mode 100644 index 0000000000..ac7368c32e --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/connect-src/support/worker-make-xhr-blocked.sub.js.sub.headers @@ -0,0 +1 @@ +Content-Security-Policy: connect-src 'none' \ No newline at end of file diff --git a/testing/web-platform/tests/content-security-policy/connect-src/support/worker-make-xhr.sub.js b/testing/web-platform/tests/content-security-policy/connect-src/support/worker-make-xhr.sub.js new file mode 100644 index 0000000000..73359a39ea --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/connect-src/support/worker-make-xhr.sub.js @@ -0,0 +1,21 @@ +var xhr = new XMLHttpRequest; +xhr.onerror = function () { + postMessage("xhr blocked"); + postMessage("TEST COMPLETE"); +}; +xhr.onload = function () { + //cons/**/ole.log(xhr.responseText); + if (xhr.responseText == "FAIL") { + postMessage("xhr allowed"); + } else { + postMessage("xhr blocked"); + } + postMessage("TEST COMPLETE"); +}; +try { + xhr.open("GET", "/common/redirect.py?location=http://{{host}}:{{ports[http][0]}}/content-security-policy/support/fail.asis", true); + xhr.send(); +} catch (e) { + postMessage("xhr blocked"); + postMessage("TEST COMPLETE"); +} \ No newline at end of file diff --git a/testing/web-platform/tests/content-security-policy/connect-src/worker-connect-src-allowed.sub.html b/testing/web-platform/tests/content-security-policy/connect-src/worker-connect-src-allowed.sub.html new file mode 100644 index 0000000000..4ce5c99573 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/connect-src/worker-connect-src-allowed.sub.html @@ -0,0 +1,34 @@ + + + + + + + worker-connect-src-allowed + + + + + + + + + +
+ + + diff --git a/testing/web-platform/tests/content-security-policy/connect-src/worker-connect-src-blocked.sub.html b/testing/web-platform/tests/content-security-policy/connect-src/worker-connect-src-blocked.sub.html new file mode 100644 index 0000000000..d375771542 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/connect-src/worker-connect-src-blocked.sub.html @@ -0,0 +1,38 @@ + + + + + + + worker-connect-src-blocked + + + + + +

This test loads a worker, which is delivered with its own + policy. The worker should be blocked from making an XHR + as that policy specifies a connect-src 'none', though + this resource's policy is connect-src *. No report + should be sent since the worker's policy doesn't specify + a report-uri.

+ + +
+ + + diff --git a/testing/web-platform/tests/content-security-policy/connect-src/worker-from-guid.sub.html b/testing/web-platform/tests/content-security-policy/connect-src/worker-from-guid.sub.html new file mode 100644 index 0000000000..045afb8082 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/connect-src/worker-from-guid.sub.html @@ -0,0 +1,64 @@ + + + + + + + worker-connect-src-blocked + + + + + +

This test loads a worker, from a guid. + The worker should be blocked from making an XHR + to www1 as this resource's policy is connect-src 'self + and a guid Worker should inherit is parent's policy. + A report should be sent to the report-uri specified + with this resource.

+ + +
+ + + diff --git a/testing/web-platform/tests/content-security-policy/default-src/default-src-inline-allowed.sub.html b/testing/web-platform/tests/content-security-policy/default-src/default-src-inline-allowed.sub.html new file mode 100644 index 0000000000..8f9bd81d39 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/default-src/default-src-inline-allowed.sub.html @@ -0,0 +1,28 @@ + + + + + + + + default-src-inline-allowed + + + + + + + + + +
+ + + diff --git a/testing/web-platform/tests/content-security-policy/default-src/default-src-inline-blocked.sub.html b/testing/web-platform/tests/content-security-policy/default-src/default-src-inline-blocked.sub.html new file mode 100644 index 0000000000..0cb4ca5538 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/default-src/default-src-inline-blocked.sub.html @@ -0,0 +1,31 @@ + + + + + + + + default-src-inline-blocked + + + + + + + +

This test passes if the inline scripts don't create failing tests and a CSP report is sent.

+ + +
+ + + diff --git a/testing/web-platform/tests/content-security-policy/default-src/default-src-strict_dynamic_and_unsafe_inline.html b/testing/web-platform/tests/content-security-policy/default-src/default-src-strict_dynamic_and_unsafe_inline.html new file mode 100644 index 0000000000..bf45820ade --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/default-src/default-src-strict_dynamic_and_unsafe_inline.html @@ -0,0 +1,23 @@ + + + + + `strict-dynamic` policy should discard `unsafe-inline` policy. + + + + + + + + + + + diff --git a/testing/web-platform/tests/content-security-policy/embedded-enforcement/META.yml b/testing/web-platform/tests/content-security-policy/embedded-enforcement/META.yml new file mode 100644 index 0000000000..1cdc709f21 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/embedded-enforcement/META.yml @@ -0,0 +1 @@ +spec: https://w3c.github.io/webappsec-cspee/ diff --git a/testing/web-platform/tests/content-security-policy/embedded-enforcement/allow_csp_from-header.html b/testing/web-platform/tests/content-security-policy/embedded-enforcement/allow_csp_from-header.html new file mode 100644 index 0000000000..dd66bb77ac --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/embedded-enforcement/allow_csp_from-header.html @@ -0,0 +1,94 @@ + + + +Embedded Enforcement: Allow-CSP-From header. + + + + + + + + diff --git a/testing/web-platform/tests/content-security-policy/embedded-enforcement/blocked-iframe-are-cross-origin.html b/testing/web-platform/tests/content-security-policy/embedded-enforcement/blocked-iframe-are-cross-origin.html new file mode 100644 index 0000000000..0095fa3624 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/embedded-enforcement/blocked-iframe-are-cross-origin.html @@ -0,0 +1,59 @@ + + + + Embedded Enforcement: blocked iframes are cross-origin. + + + + + + + + diff --git a/testing/web-platform/tests/content-security-policy/embedded-enforcement/change-csp-attribute-and-history-navigation.html b/testing/web-platform/tests/content-security-policy/embedded-enforcement/change-csp-attribute-and-history-navigation.html new file mode 100644 index 0000000000..64b5206177 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/embedded-enforcement/change-csp-attribute-and-history-navigation.html @@ -0,0 +1,93 @@ + + + + + + + + diff --git a/testing/web-platform/tests/content-security-policy/embedded-enforcement/idlharness.window.js b/testing/web-platform/tests/content-security-policy/embedded-enforcement/idlharness.window.js new file mode 100644 index 0000000000..2845f82c95 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/embedded-enforcement/idlharness.window.js @@ -0,0 +1,16 @@ +// META: script=/resources/WebIDLParser.js +// META: script=/resources/idlharness.js + +// https://w3c.github.io/webappsec-csp/embedded/ + +'use strict'; + +idl_test( + ['csp-embedded-enforcement'], + ['html', 'dom'], + idl_array => { + idl_array.add_objects({ + HTMLIFrameElement: ['document.createElement("iframe")'], + }); + } +); diff --git a/testing/web-platform/tests/content-security-policy/embedded-enforcement/iframe-csp-attribute.html b/testing/web-platform/tests/content-security-policy/embedded-enforcement/iframe-csp-attribute.html new file mode 100644 index 0000000000..f23be1d0e9 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/embedded-enforcement/iframe-csp-attribute.html @@ -0,0 +1,35 @@ + + + + + + + + + + diff --git a/testing/web-platform/tests/content-security-policy/embedded-enforcement/required-csp-header-cascade.html b/testing/web-platform/tests/content-security-policy/embedded-enforcement/required-csp-header-cascade.html new file mode 100644 index 0000000000..92fe2dd431 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/embedded-enforcement/required-csp-header-cascade.html @@ -0,0 +1,67 @@ + + + +Embedded Enforcement: Sec-Required-CSP header. + + + + + + + + diff --git a/testing/web-platform/tests/content-security-policy/embedded-enforcement/required_csp-header-crlf.html b/testing/web-platform/tests/content-security-policy/embedded-enforcement/required_csp-header-crlf.html new file mode 100644 index 0000000000..414f9b73f5 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/embedded-enforcement/required_csp-header-crlf.html @@ -0,0 +1,87 @@ + + + + Embedded Enforcement: Sec-Required-CSP header. + + + + + + + + + + diff --git a/testing/web-platform/tests/content-security-policy/embedded-enforcement/required_csp-header.html b/testing/web-platform/tests/content-security-policy/embedded-enforcement/required_csp-header.html new file mode 100644 index 0000000000..e0a31db8e2 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/embedded-enforcement/required_csp-header.html @@ -0,0 +1,119 @@ + + + + Embedded Enforcement: Sec-Required-CSP header. + + + + + + + + + + + diff --git a/testing/web-platform/tests/content-security-policy/embedded-enforcement/subsumption_algorithm-general.html b/testing/web-platform/tests/content-security-policy/embedded-enforcement/subsumption_algorithm-general.html new file mode 100644 index 0000000000..8df4945000 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/embedded-enforcement/subsumption_algorithm-general.html @@ -0,0 +1,96 @@ + + + +Embedded Enforcement: Subsumption Algorithm - Basic implementation. + + + + + + + + diff --git a/testing/web-platform/tests/content-security-policy/embedded-enforcement/subsumption_algorithm-hashes.html b/testing/web-platform/tests/content-security-policy/embedded-enforcement/subsumption_algorithm-hashes.html new file mode 100644 index 0000000000..0d8b0bc8f4 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/embedded-enforcement/subsumption_algorithm-hashes.html @@ -0,0 +1,80 @@ + + + +Embedded Enforcement: Subsumption Algorithm - Hashes. + + + + + + + + diff --git a/testing/web-platform/tests/content-security-policy/embedded-enforcement/subsumption_algorithm-host_sources-hosts.html b/testing/web-platform/tests/content-security-policy/embedded-enforcement/subsumption_algorithm-host_sources-hosts.html new file mode 100644 index 0000000000..db3d443b83 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/embedded-enforcement/subsumption_algorithm-host_sources-hosts.html @@ -0,0 +1,42 @@ + + + +Embedded Enforcement: Subsumption Algorithm - Host parts in host source expressions. + + + + + + + + diff --git a/testing/web-platform/tests/content-security-policy/embedded-enforcement/subsumption_algorithm-host_sources-paths.html b/testing/web-platform/tests/content-security-policy/embedded-enforcement/subsumption_algorithm-host_sources-paths.html new file mode 100644 index 0000000000..c40b572de0 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/embedded-enforcement/subsumption_algorithm-host_sources-paths.html @@ -0,0 +1,58 @@ + + + +Embedded Enforcement: Subsumption Algorithm - Path parts in host source expressions. + + + + + + + + diff --git a/testing/web-platform/tests/content-security-policy/embedded-enforcement/subsumption_algorithm-host_sources-ports.html b/testing/web-platform/tests/content-security-policy/embedded-enforcement/subsumption_algorithm-host_sources-ports.html new file mode 100644 index 0000000000..bf7ad94f6e --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/embedded-enforcement/subsumption_algorithm-host_sources-ports.html @@ -0,0 +1,82 @@ + + + +Embedded Enforcement: Subsumption Algorithm - Port parts in host source expressions. + + + + + + + + diff --git a/testing/web-platform/tests/content-security-policy/embedded-enforcement/subsumption_algorithm-host_sources-protocols.html b/testing/web-platform/tests/content-security-policy/embedded-enforcement/subsumption_algorithm-host_sources-protocols.html new file mode 100644 index 0000000000..9949b8cc1a --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/embedded-enforcement/subsumption_algorithm-host_sources-protocols.html @@ -0,0 +1,66 @@ + + + +Embedded Enforcement: Subsumption Algorithm - Scheme parts in host source expressions. + + + + + + + + diff --git a/testing/web-platform/tests/content-security-policy/embedded-enforcement/subsumption_algorithm-nonces.html b/testing/web-platform/tests/content-security-policy/embedded-enforcement/subsumption_algorithm-nonces.html new file mode 100644 index 0000000000..33551be57d --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/embedded-enforcement/subsumption_algorithm-nonces.html @@ -0,0 +1,59 @@ + + + +Embedded Enforcement: Subsumption Algorithm - Nonces. + + + + + + + + diff --git a/testing/web-platform/tests/content-security-policy/embedded-enforcement/subsumption_algorithm-none.html b/testing/web-platform/tests/content-security-policy/embedded-enforcement/subsumption_algorithm-none.html new file mode 100644 index 0000000000..0338e067b3 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/embedded-enforcement/subsumption_algorithm-none.html @@ -0,0 +1,113 @@ + + + +Embedded Enforcement: Subsumption Algorithm - 'none' keyword. + + + + + + + + \ No newline at end of file diff --git a/testing/web-platform/tests/content-security-policy/embedded-enforcement/subsumption_algorithm-self.html b/testing/web-platform/tests/content-security-policy/embedded-enforcement/subsumption_algorithm-self.html new file mode 100644 index 0000000000..bac21cefe8 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/embedded-enforcement/subsumption_algorithm-self.html @@ -0,0 +1,49 @@ + + + +Embedded Enforcement: Subsumption Algorithm - 'self' keyword. + + + + + + + + diff --git a/testing/web-platform/tests/content-security-policy/embedded-enforcement/subsumption_algorithm-source_list-wildcards.html b/testing/web-platform/tests/content-security-policy/embedded-enforcement/subsumption_algorithm-source_list-wildcards.html new file mode 100644 index 0000000000..a2baef1d42 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/embedded-enforcement/subsumption_algorithm-source_list-wildcards.html @@ -0,0 +1,125 @@ + + + +Embedded Enforcement: Subsumption Algorithm - Wildcard lists. + + + + + + + + diff --git a/testing/web-platform/tests/content-security-policy/embedded-enforcement/subsumption_algorithm-strict_dynamic.html b/testing/web-platform/tests/content-security-policy/embedded-enforcement/subsumption_algorithm-strict_dynamic.html new file mode 100644 index 0000000000..1c35d29b71 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/embedded-enforcement/subsumption_algorithm-strict_dynamic.html @@ -0,0 +1,72 @@ + + + +Embedded Enforcement: Subsumption Algorithm - 'strict-dynamic' keyword. + + + + + + + + diff --git a/testing/web-platform/tests/content-security-policy/embedded-enforcement/subsumption_algorithm-unsafe_eval.html b/testing/web-platform/tests/content-security-policy/embedded-enforcement/subsumption_algorithm-unsafe_eval.html new file mode 100644 index 0000000000..f39fbd77c2 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/embedded-enforcement/subsumption_algorithm-unsafe_eval.html @@ -0,0 +1,54 @@ + + + +Embedded Enforcement: Subsumption Algorithm - 'unsafe-eval' keyword. + + + + + + + + diff --git a/testing/web-platform/tests/content-security-policy/embedded-enforcement/subsumption_algorithm-unsafe_hashes.html b/testing/web-platform/tests/content-security-policy/embedded-enforcement/subsumption_algorithm-unsafe_hashes.html new file mode 100644 index 0000000000..2d5fa1574a --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/embedded-enforcement/subsumption_algorithm-unsafe_hashes.html @@ -0,0 +1,54 @@ + + + +Embedded Enforcement: Subsumption Algorithm - 'unsafe-hashes' keyword. + + + + + + + + diff --git a/testing/web-platform/tests/content-security-policy/embedded-enforcement/subsumption_algorithm-unsafe_inline.html b/testing/web-platform/tests/content-security-policy/embedded-enforcement/subsumption_algorithm-unsafe_inline.html new file mode 100644 index 0000000000..4b839209c6 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/embedded-enforcement/subsumption_algorithm-unsafe_inline.html @@ -0,0 +1,103 @@ + + + +Embedded Enforcement: Subsumption Algorithm - 'unsafe-inline' keyword. + + + + + + + + diff --git a/testing/web-platform/tests/content-security-policy/embedded-enforcement/support/echo-allow-csp-from.py b/testing/web-platform/tests/content-security-policy/embedded-enforcement/support/echo-allow-csp-from.py new file mode 100644 index 0000000000..3a91437967 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/embedded-enforcement/support/echo-allow-csp-from.py @@ -0,0 +1,43 @@ +import json +def main(request, response): + headers = [(b"Content-Type", b"text/html")] + if b"allow_csp_from" in request.GET: + headers.append((b"Allow-CSP-From", request.GET[b"allow_csp_from"])) + message = request.GET[b"id"] + return headers, b''' + + + + This page enforces embedder's policies + + + + + + + + +''' % (message, message) diff --git a/testing/web-platform/tests/content-security-policy/embedded-enforcement/support/echo-policy-multiple.py b/testing/web-platform/tests/content-security-policy/embedded-enforcement/support/echo-policy-multiple.py new file mode 100644 index 0000000000..b91bf0d5ea --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/embedded-enforcement/support/echo-policy-multiple.py @@ -0,0 +1,25 @@ +def main(request, response): + headers = [(b"Content-Type", b"text/html")] + if b"policy" in request.GET: + headers.append((b"Content-Security-Policy", request.GET[b"policy"])) + if b"policy2" in request.GET: + headers.append((b"Content-Security-Policy", request.GET[b"policy2"])) + if b"policy3" in request.GET: + headers.append((b"Content-Security-Policy", request.GET[b"policy3"])) + message = request.GET[b"id"] + return headers, b''' + + + + This page sets given CSP upon itself. + + + + + +''' % (message) diff --git a/testing/web-platform/tests/content-security-policy/embedded-enforcement/support/echo-required-csp.py b/testing/web-platform/tests/content-security-policy/embedded-enforcement/support/echo-required-csp.py new file mode 100644 index 0000000000..b704dfe92f --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/embedded-enforcement/support/echo-required-csp.py @@ -0,0 +1,47 @@ +import json + +from wptserve.utils import isomorphic_decode + +def main(request, response): + message = {} + + header = request.headers.get(b"Test-Header-Injection"); + message[u'test_header_injection'] = isomorphic_decode(header) if header else None + + header = request.headers.get(b"Sec-Required-CSP"); + message[u'required_csp'] = isomorphic_decode(header) if header else None + + second_level_iframe_code = u"" + if b"include_second_level_iframe" in request.GET: + if b"second_level_iframe_csp" in request.GET and request.GET[b"second_level_iframe_csp"] != b"": + second_level_iframe_code = u''''''.format(isomorphic_decode(request.GET[b"second_level_iframe_csp"])) + else: + second_level_iframe_code = u'''''' + + return [(b"Content-Type", b"text/html"), (b"Allow-CSP-From", b"*")], u''' + + + + + + + +{1} + + +'''.format(json.dumps(message), second_level_iframe_code, str(request.headers)) diff --git a/testing/web-platform/tests/content-security-policy/embedded-enforcement/support/embed-img-and-message-top.html b/testing/web-platform/tests/content-security-policy/embedded-enforcement/support/embed-img-and-message-top.html new file mode 100644 index 0000000000..ab0e22d82f --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/embedded-enforcement/support/embed-img-and-message-top.html @@ -0,0 +1,14 @@ + + + + + + diff --git a/testing/web-platform/tests/content-security-policy/embedded-enforcement/support/executor.html b/testing/web-platform/tests/content-security-policy/embedded-enforcement/support/executor.html new file mode 100644 index 0000000000..dc277a6ef0 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/embedded-enforcement/support/executor.html @@ -0,0 +1,3 @@ + diff --git a/testing/web-platform/tests/content-security-policy/embedded-enforcement/support/testharness-helper.sub.js b/testing/web-platform/tests/content-security-policy/embedded-enforcement/support/testharness-helper.sub.js new file mode 100644 index 0000000000..4adc521696 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/embedded-enforcement/support/testharness-helper.sub.js @@ -0,0 +1,170 @@ +const Host = { + SAME_ORIGIN: "same-origin", + CROSS_ORIGIN: "cross-origin", +}; + +const PolicyHeader = { + CSP: "echo-policy.py?policy=", + CSP_MULTIPLE: "echo-policy-multiple.py", + REQUIRED_CSP: "echo-required-csp.py", + ALLOW_CSP_FROM: "echo-allow-csp-from.py", +}; + +const IframeLoad = { + EXPECT_BLOCK: true, + EXPECT_LOAD: false, +}; + +function getOrigin() { + var url = new URL("http://{{host}}:{{ports[http][0]}}/"); + return url.origin; +} + +function getCrossOrigin() { + var url = new URL("http://{{domains[天気ã®è‰¯ã„æ—¥]}}:{{ports[http][0]}}/"); + return url.toString(); +} + +function getSecureCrossOrigin() { + // Since wptserve spins up servers on non-default port, 'self' matches + // http://[host]:[specified-port] and https://[host]:[specified-port], but not + // https://[host]:[https-port]. So, we use the http port for this https origin + // in order to verify that a secure variant of a non-secure URL matches 'self'. + var url = new URL("https://{{domains[天気ã®è‰¯ã„æ—¥]}}:{{ports[http][0]}}"); + return url.toString(); +} + +function generateURL(host, path, include_second_level_iframe, second_level_iframe_csp) { + var url = new URL("http://{{host}}:{{ports[http][0]}}/content-security-policy/embedded-enforcement/support/"); + url.hostname = host == Host.SAME_ORIGIN ? "{{host}}" : "{{domains[天気ã®è‰¯ã„æ—¥]}}"; + url.pathname += path; + if (include_second_level_iframe) { + url.searchParams.append("include_second_level_iframe", ""); + if (second_level_iframe_csp) + url.searchParams.append("second_level_iframe_csp", second_level_iframe_csp); + } + + return url; +} + +function generateURLString(host, path) { + return generateURL(host, path, false, "").toString(); +} + +function generateURLStringWithSecondIframeParams(host, path, second_level_iframe_csp) { + return generateURL(host, path, true, second_level_iframe_csp).toString(); +} + +function generateRedirect(host, target) { + var url = new URL("http://{{host}}:{{ports[http][0]}}/common/redirect.py?location=" + + encodeURIComponent(target)); + url.hostname = host == Host.SAME_ORIGIN ? "{{host}}" : "{{domains[天気ã®è‰¯ã„æ—¥]}}"; + + return url.toString(); +} + +function generateUrlWithPolicies(host, policy) { + var url = generateURL(host, PolicyHeader.CSP_MULTIPLE); + if (policy != null) + url.searchParams.append("policy", policy); + return url; +} + +function generateUrlWithAllowCSPFrom(host, allowCspFrom) { + var url = generateURL(host, PolicyHeader.ALLOW_CSP_FROM); + if (allowCspFrom != null) + url.searchParams.append("allow_csp_from", allowCspFrom); + return url; +} + +function assert_required_csp(t, url, csp, expected) { + var i = document.createElement('iframe'); + if(csp) + i.csp = csp; + i.src = url; + + window.addEventListener('message', t.step_func(e => { + if (e.source != i.contentWindow || !('required_csp' in e.data)) + return; + + if (expected.indexOf(e.data['required_csp']) == -1) + assert_unreached('Child iframes have unexpected csp:"' + e.data['required_csp'] + '"'); + + expected.splice(expected.indexOf(e.data['required_csp']), 1); + + if (e.data['test_header_injection'] != null) + assert_unreached('HTTP header injection was successful'); + + if (expected.length == 0) + t.done(); + })); + + document.body.appendChild(i); +} + +function assert_iframe_with_csp(t, url, csp, shouldBlock, urlId, blockedURI) { + var i = document.createElement('iframe'); + url.searchParams.append("id", urlId); + i.src = url.toString(); + if (csp != null) + i.csp = csp; + + var loaded = {}; + window.addEventListener("message", function (e) { + if (e.source != i.contentWindow) + return; + if (e.data["loaded"]) + loaded[e.data["id"]] = true; + }); + + if (shouldBlock) { + // Assert iframe does not load and is inaccessible. + window.onmessage = t.step_func(function(e) { + if (e.source != i.contentWindow) + return; + assert_unreached('No message should be sent from the frame.'); + }); + i.onload = t.step_func(function () { + // Delay the check until after the postMessage has a chance to execute. + setTimeout(t.step_func_done(function () { + assert_equals(loaded[urlId], undefined); + }), 500); + assert_throws_dom("SecurityError", () => { + var x = i.contentWindow.location.href; + }); + }); + } else if (blockedURI) { + // Assert iframe loads with an expected violation. + window.addEventListener('message', t.step_func(e => { + if (e.source != i.contentWindow) + return; + if (!e.data.securitypolicyviolation) + return; + assert_equals(e.data["blockedURI"], blockedURI); + t.done(); + })); + } else { + // Assert iframe loads. Wait for the load event, the postMessage from the + // script and the img load event. + let postMessage_received = false; + let img_loaded = false; + window.addEventListener('message', t.step_func(e => { + if (e.source != i.contentWindow) + return; + if (e.data.loaded) { + assert_true(loaded[urlId]); + postMessage_received = true; + } else if (e.data === "img.loaded") + img_loaded = true; + + if (i.onloadReceived && postMessage_received && img_loaded) + t.done(); + })); + i.onload = t.step_func(function () { + if (loaded[urlId]) + t.done(); + i.onloadReceived = true; + }); + } + document.body.appendChild(i); +} diff --git a/testing/web-platform/tests/content-security-policy/font-src/font-match-allowed.sub.html b/testing/web-platform/tests/content-security-policy/font-src/font-match-allowed.sub.html new file mode 100644 index 0000000000..ebba1e0096 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/font-src/font-match-allowed.sub.html @@ -0,0 +1,23 @@ + + + + + Test font loads if it matches font-src. + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/font-src/font-mismatch-blocked.sub.html b/testing/web-platform/tests/content-security-policy/font-src/font-mismatch-blocked.sub.html new file mode 100644 index 0000000000..b164cf0f17 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/font-src/font-mismatch-blocked.sub.html @@ -0,0 +1,22 @@ + + + + + Test font does not load if it does not match font-src. + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/font-src/font-none-blocked.sub.html b/testing/web-platform/tests/content-security-policy/font-src/font-none-blocked.sub.html new file mode 100644 index 0000000000..eae1b4986d --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/font-src/font-none-blocked.sub.html @@ -0,0 +1,22 @@ + + + + + Test font does not load if it does not match font-src. + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/font-src/font-self-allowed.html b/testing/web-platform/tests/content-security-policy/font-src/font-self-allowed.html new file mode 100644 index 0000000000..b8d46e5c98 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/font-src/font-self-allowed.html @@ -0,0 +1,23 @@ + + + + + Test font loads if it matches font-src. + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/font-src/font-stylesheet-font-blocked.sub.html b/testing/web-platform/tests/content-security-policy/font-src/font-stylesheet-font-blocked.sub.html new file mode 100644 index 0000000000..3b47d0b2e2 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/font-src/font-stylesheet-font-blocked.sub.html @@ -0,0 +1,25 @@ + + + + + Test font does not load if it does not match font-src. + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/form-action/form-action-self-allowed-target-blank.html b/testing/web-platform/tests/content-security-policy/form-action/form-action-self-allowed-target-blank.html new file mode 100644 index 0000000000..bc81a63b62 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/form-action/form-action-self-allowed-target-blank.html @@ -0,0 +1,40 @@ + + + + + + + + + + +
+
+ +

+ Test that "form-action 'self'" works correctly when the form uses + target="_blank". If this test passes, a new window must open after pressing + "submit". +

+ + + + + diff --git a/testing/web-platform/tests/content-security-policy/form-action/form-action-src-allowed-target-blank.sub.html b/testing/web-platform/tests/content-security-policy/form-action/form-action-src-allowed-target-blank.sub.html new file mode 100644 index 0000000000..8727a82119 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/form-action/form-action-src-allowed-target-blank.sub.html @@ -0,0 +1,33 @@ + + + + form-action-src-redirect-allowed-target-blank + + + + + + +
+ + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/form-action/form-action-src-allowed-target-frame.sub.html b/testing/web-platform/tests/content-security-policy/form-action/form-action-src-allowed-target-frame.sub.html new file mode 100644 index 0000000000..81921d395e --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/form-action/form-action-src-allowed-target-frame.sub.html @@ -0,0 +1,34 @@ + + + + form-action-src-allowed-target-frame + + + + + + +
+ + +
+ + + + diff --git a/testing/web-platform/tests/content-security-policy/form-action/form-action-src-allowed.sub.html b/testing/web-platform/tests/content-security-policy/form-action/form-action-src-allowed.sub.html new file mode 100644 index 0000000000..418d6f51b0 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/form-action/form-action-src-allowed.sub.html @@ -0,0 +1,40 @@ + + + + + + + form-action-src-allowed + + + + + + + + + + +
+ + +
+

Tests that allowed form actions work correctly.

+
+ + + diff --git a/testing/web-platform/tests/content-security-policy/form-action/form-action-src-blocked.sub.html b/testing/web-platform/tests/content-security-policy/form-action/form-action-src-blocked.sub.html new file mode 100644 index 0000000000..a113d9a264 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/form-action/form-action-src-blocked.sub.html @@ -0,0 +1,40 @@ + + + + + + + form-action-src-blocked + + + + + + + + + +
+ + +
+

Tests that blocking form actions works correctly.

+
+ + + + diff --git a/testing/web-platform/tests/content-security-policy/form-action/form-action-src-default-ignored.sub.html b/testing/web-platform/tests/content-security-policy/form-action/form-action-src-default-ignored.sub.html new file mode 100644 index 0000000000..58db5bf735 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/form-action/form-action-src-default-ignored.sub.html @@ -0,0 +1,40 @@ + + + + + + + form-action-src-default-ignored + + + + + + + + + + +
+ + +
+

Tests that default-src does not cascade to form-action.

+
+ + + diff --git a/testing/web-platform/tests/content-security-policy/form-action/form-action-src-get-allowed.sub.html b/testing/web-platform/tests/content-security-policy/form-action/form-action-src-get-allowed.sub.html new file mode 100644 index 0000000000..1dd7fbcd41 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/form-action/form-action-src-get-allowed.sub.html @@ -0,0 +1,41 @@ + + + + + + + form-action-src-allowed + + + + + + + + + + +
+ + +
+

Tests that allowed form actions work correctly + with GET and a redirect.

+
+ + + \ No newline at end of file diff --git a/testing/web-platform/tests/content-security-policy/form-action/form-action-src-get-blocked.sub.html b/testing/web-platform/tests/content-security-policy/form-action/form-action-src-get-blocked.sub.html new file mode 100644 index 0000000000..638badc73a --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/form-action/form-action-src-get-blocked.sub.html @@ -0,0 +1,42 @@ + + + + + + + form-action-src-allowed + + + + + + + + + + +
+ + +
+

Tests that disallowed form actions are blocked + with GET and redirects.

+
+"> + + + diff --git a/testing/web-platform/tests/content-security-policy/form-action/form-action-src-javascript-blocked.sub.html b/testing/web-platform/tests/content-security-policy/form-action/form-action-src-javascript-blocked.sub.html new file mode 100644 index 0000000000..6997ef6e86 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/form-action/form-action-src-javascript-blocked.sub.html @@ -0,0 +1,34 @@ + + + + + + + form-action-src-javascript-blocked + + + + + + + + +
+ + +
+

Tests that blocking form actions works correctly. If this test passes, a CSP violation will be generated, and will not see a JavaScript alert.

+
+ + + diff --git a/testing/web-platform/tests/content-security-policy/form-action/form-action-src-javascript-blocked.sub.html.sub.headers b/testing/web-platform/tests/content-security-policy/form-action/form-action-src-javascript-blocked.sub.html.sub.headers new file mode 100644 index 0000000000..e69de29bb2 diff --git a/testing/web-platform/tests/content-security-policy/form-action/form-action-src-javascript-prevented.html b/testing/web-platform/tests/content-security-policy/form-action/form-action-src-javascript-prevented.html new file mode 100644 index 0000000000..feae47ee79 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/form-action/form-action-src-javascript-prevented.html @@ -0,0 +1,46 @@ + + + + + + + + + + +
+ +
+ +

+ Test that "form-action 'none'" doesn't create a violation report if the event was prevented. +

+ + + + + diff --git a/testing/web-platform/tests/content-security-policy/form-action/form-action-src-redirect-allowed-target-blank.sub.html b/testing/web-platform/tests/content-security-policy/form-action/form-action-src-redirect-allowed-target-blank.sub.html new file mode 100644 index 0000000000..e1f23db73c --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/form-action/form-action-src-redirect-allowed-target-blank.sub.html @@ -0,0 +1,33 @@ + + + + form-action-src-redirect-allowed-target-blank + + + + + + +
+ +
+ + diff --git a/testing/web-platform/tests/content-security-policy/form-action/form-action-src-redirect-allowed-target-frame.sub.html b/testing/web-platform/tests/content-security-policy/form-action/form-action-src-redirect-allowed-target-frame.sub.html new file mode 100644 index 0000000000..6afd4459b0 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/form-action/form-action-src-redirect-allowed-target-frame.sub.html @@ -0,0 +1,34 @@ + + + + form-action-src-redirect-allowed-target-frame + + + + + + +
+ +
+ + + + diff --git a/testing/web-platform/tests/content-security-policy/form-action/form-action-src-redirect-blocked.sub.html b/testing/web-platform/tests/content-security-policy/form-action/form-action-src-redirect-blocked.sub.html new file mode 100644 index 0000000000..ac25e03d5c --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/form-action/form-action-src-redirect-blocked.sub.html @@ -0,0 +1,42 @@ + + + + + + + form-action-src-redirect-blocked + + + + + + + + + + +
+ + +
+

Tests that blocking a POST form with a redirect works correctly. If this test passes, a CSP violation will be generated.

+
+ + + diff --git a/testing/web-platform/tests/content-security-policy/form-action/support/post-message-to-opener.sub.html b/testing/web-platform/tests/content-security-policy/form-action/support/post-message-to-opener.sub.html new file mode 100644 index 0000000000..0348139057 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/form-action/support/post-message-to-opener.sub.html @@ -0,0 +1,3 @@ + diff --git a/testing/web-platform/tests/content-security-policy/form-action/support/post-message-to-parent.sub.html b/testing/web-platform/tests/content-security-policy/form-action/support/post-message-to-parent.sub.html new file mode 100644 index 0000000000..63e464be21 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/form-action/support/post-message-to-parent.sub.html @@ -0,0 +1,3 @@ + diff --git a/testing/web-platform/tests/content-security-policy/frame-ancestors/frame-ancestors-from-serviceworker.https.html b/testing/web-platform/tests/content-security-policy/frame-ancestors/frame-ancestors-from-serviceworker.https.html new file mode 100644 index 0000000000..a0656a97a7 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/frame-ancestors/frame-ancestors-from-serviceworker.https.html @@ -0,0 +1,46 @@ + + + + + + + + + + + + diff --git a/testing/web-platform/tests/content-security-policy/frame-ancestors/frame-ancestors-nested-cross-in-cross-none-block.html b/testing/web-platform/tests/content-security-policy/frame-ancestors/frame-ancestors-nested-cross-in-cross-none-block.html new file mode 100644 index 0000000000..674deb655a --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/frame-ancestors/frame-ancestors-nested-cross-in-cross-none-block.html @@ -0,0 +1,15 @@ + + + + + + + + + + + diff --git a/testing/web-platform/tests/content-security-policy/frame-ancestors/frame-ancestors-nested-cross-in-cross-self-block.html b/testing/web-platform/tests/content-security-policy/frame-ancestors/frame-ancestors-nested-cross-in-cross-self-block.html new file mode 100644 index 0000000000..85b7f0efdc --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/frame-ancestors/frame-ancestors-nested-cross-in-cross-self-block.html @@ -0,0 +1,15 @@ + + + + + + + + + + + diff --git a/testing/web-platform/tests/content-security-policy/frame-ancestors/frame-ancestors-nested-cross-in-cross-star-allow.html b/testing/web-platform/tests/content-security-policy/frame-ancestors/frame-ancestors-nested-cross-in-cross-star-allow.html new file mode 100644 index 0000000000..7f5a867de9 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/frame-ancestors/frame-ancestors-nested-cross-in-cross-star-allow.html @@ -0,0 +1,15 @@ + + + + + + + + + + + diff --git a/testing/web-platform/tests/content-security-policy/frame-ancestors/frame-ancestors-nested-cross-in-cross-url-allow.html b/testing/web-platform/tests/content-security-policy/frame-ancestors/frame-ancestors-nested-cross-in-cross-url-allow.html new file mode 100644 index 0000000000..99ab0718e8 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/frame-ancestors/frame-ancestors-nested-cross-in-cross-url-allow.html @@ -0,0 +1,15 @@ + + + + + + + + + + + diff --git a/testing/web-platform/tests/content-security-policy/frame-ancestors/frame-ancestors-nested-cross-in-cross-url-block.html b/testing/web-platform/tests/content-security-policy/frame-ancestors/frame-ancestors-nested-cross-in-cross-url-block.html new file mode 100644 index 0000000000..9bcf63735e --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/frame-ancestors/frame-ancestors-nested-cross-in-cross-url-block.html @@ -0,0 +1,15 @@ + + + + + + + + + + + diff --git a/testing/web-platform/tests/content-security-policy/frame-ancestors/frame-ancestors-nested-cross-in-same-none-block.html b/testing/web-platform/tests/content-security-policy/frame-ancestors/frame-ancestors-nested-cross-in-same-none-block.html new file mode 100644 index 0000000000..1cdd540149 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/frame-ancestors/frame-ancestors-nested-cross-in-same-none-block.html @@ -0,0 +1,16 @@ + + + + + + + + + + + + diff --git a/testing/web-platform/tests/content-security-policy/frame-ancestors/frame-ancestors-nested-cross-in-same-self-block.html b/testing/web-platform/tests/content-security-policy/frame-ancestors/frame-ancestors-nested-cross-in-same-self-block.html new file mode 100644 index 0000000000..da97339711 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/frame-ancestors/frame-ancestors-nested-cross-in-same-self-block.html @@ -0,0 +1,15 @@ + + + + + + + + + + + diff --git a/testing/web-platform/tests/content-security-policy/frame-ancestors/frame-ancestors-nested-cross-in-same-star-allow.html b/testing/web-platform/tests/content-security-policy/frame-ancestors/frame-ancestors-nested-cross-in-same-star-allow.html new file mode 100644 index 0000000000..3658fb6502 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/frame-ancestors/frame-ancestors-nested-cross-in-same-star-allow.html @@ -0,0 +1,17 @@ + + + + + + + + + + + + diff --git a/testing/web-platform/tests/content-security-policy/frame-ancestors/frame-ancestors-nested-cross-in-same-url-allow.html b/testing/web-platform/tests/content-security-policy/frame-ancestors/frame-ancestors-nested-cross-in-same-url-allow.html new file mode 100644 index 0000000000..1f1ffb9f89 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/frame-ancestors/frame-ancestors-nested-cross-in-same-url-allow.html @@ -0,0 +1,16 @@ + + + + + + + + + + + diff --git a/testing/web-platform/tests/content-security-policy/frame-ancestors/frame-ancestors-nested-cross-in-same-url-block.html b/testing/web-platform/tests/content-security-policy/frame-ancestors/frame-ancestors-nested-cross-in-same-url-block.html new file mode 100644 index 0000000000..62dd1c1ef6 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/frame-ancestors/frame-ancestors-nested-cross-in-same-url-block.html @@ -0,0 +1,15 @@ + + + + + + + + + + + diff --git a/testing/web-platform/tests/content-security-policy/frame-ancestors/frame-ancestors-nested-cross-in-sandboxed-cross-url-block.html b/testing/web-platform/tests/content-security-policy/frame-ancestors/frame-ancestors-nested-cross-in-sandboxed-cross-url-block.html new file mode 100644 index 0000000000..d7c83ae2f5 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/frame-ancestors/frame-ancestors-nested-cross-in-sandboxed-cross-url-block.html @@ -0,0 +1,16 @@ + + + + + + + + + + + diff --git a/testing/web-platform/tests/content-security-policy/frame-ancestors/frame-ancestors-nested-same-in-cross-none-block.html b/testing/web-platform/tests/content-security-policy/frame-ancestors/frame-ancestors-nested-same-in-cross-none-block.html new file mode 100644 index 0000000000..f01c6d766f --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/frame-ancestors/frame-ancestors-nested-same-in-cross-none-block.html @@ -0,0 +1,15 @@ + + + + + + + + + + + diff --git a/testing/web-platform/tests/content-security-policy/frame-ancestors/frame-ancestors-nested-same-in-cross-self-block.html b/testing/web-platform/tests/content-security-policy/frame-ancestors/frame-ancestors-nested-same-in-cross-self-block.html new file mode 100644 index 0000000000..bae5992e86 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/frame-ancestors/frame-ancestors-nested-same-in-cross-self-block.html @@ -0,0 +1,15 @@ + + + + + + + + + + + diff --git a/testing/web-platform/tests/content-security-policy/frame-ancestors/frame-ancestors-nested-same-in-cross-star-allow.html b/testing/web-platform/tests/content-security-policy/frame-ancestors/frame-ancestors-nested-same-in-cross-star-allow.html new file mode 100644 index 0000000000..85d66f660a --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/frame-ancestors/frame-ancestors-nested-same-in-cross-star-allow.html @@ -0,0 +1,15 @@ + + + + + + + + + + + diff --git a/testing/web-platform/tests/content-security-policy/frame-ancestors/frame-ancestors-nested-same-in-cross-url-allow.html b/testing/web-platform/tests/content-security-policy/frame-ancestors/frame-ancestors-nested-same-in-cross-url-allow.html new file mode 100644 index 0000000000..dff041be9a --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/frame-ancestors/frame-ancestors-nested-same-in-cross-url-allow.html @@ -0,0 +1,15 @@ + + + + + + + + + + + diff --git a/testing/web-platform/tests/content-security-policy/frame-ancestors/frame-ancestors-nested-same-in-cross-url-block.html b/testing/web-platform/tests/content-security-policy/frame-ancestors/frame-ancestors-nested-same-in-cross-url-block.html new file mode 100644 index 0000000000..5d2fc57ac1 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/frame-ancestors/frame-ancestors-nested-same-in-cross-url-block.html @@ -0,0 +1,15 @@ + + + + + + + + + + + diff --git a/testing/web-platform/tests/content-security-policy/frame-ancestors/frame-ancestors-nested-same-in-same-none-block.html b/testing/web-platform/tests/content-security-policy/frame-ancestors/frame-ancestors-nested-same-in-same-none-block.html new file mode 100644 index 0000000000..234cca82c8 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/frame-ancestors/frame-ancestors-nested-same-in-same-none-block.html @@ -0,0 +1,15 @@ + + + + + + + + + + + diff --git a/testing/web-platform/tests/content-security-policy/frame-ancestors/frame-ancestors-nested-same-in-same-self-allow.html b/testing/web-platform/tests/content-security-policy/frame-ancestors/frame-ancestors-nested-same-in-same-self-allow.html new file mode 100644 index 0000000000..747c563696 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/frame-ancestors/frame-ancestors-nested-same-in-same-self-allow.html @@ -0,0 +1,15 @@ + + + + + + + + + + + diff --git a/testing/web-platform/tests/content-security-policy/frame-ancestors/frame-ancestors-nested-same-in-same-star-allow.html b/testing/web-platform/tests/content-security-policy/frame-ancestors/frame-ancestors-nested-same-in-same-star-allow.html new file mode 100644 index 0000000000..d7eaf73fd6 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/frame-ancestors/frame-ancestors-nested-same-in-same-star-allow.html @@ -0,0 +1,15 @@ + + + + + + + + + + + diff --git a/testing/web-platform/tests/content-security-policy/frame-ancestors/frame-ancestors-nested-same-in-same-url-allow.html b/testing/web-platform/tests/content-security-policy/frame-ancestors/frame-ancestors-nested-same-in-same-url-allow.html new file mode 100644 index 0000000000..432c25f0d2 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/frame-ancestors/frame-ancestors-nested-same-in-same-url-allow.html @@ -0,0 +1,15 @@ + + + + + + + + + + + diff --git a/testing/web-platform/tests/content-security-policy/frame-ancestors/frame-ancestors-nested-same-in-same-url-block.html b/testing/web-platform/tests/content-security-policy/frame-ancestors/frame-ancestors-nested-same-in-same-url-block.html new file mode 100644 index 0000000000..c02091bf4f --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/frame-ancestors/frame-ancestors-nested-same-in-same-url-block.html @@ -0,0 +1,15 @@ + + + + + + + + + + + diff --git a/testing/web-platform/tests/content-security-policy/frame-ancestors/frame-ancestors-none-block.html b/testing/web-platform/tests/content-security-policy/frame-ancestors/frame-ancestors-none-block.html new file mode 100644 index 0000000000..f494468e37 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/frame-ancestors/frame-ancestors-none-block.html @@ -0,0 +1,23 @@ + + + + + + + + + + + diff --git a/testing/web-platform/tests/content-security-policy/frame-ancestors/frame-ancestors-overrides-xfo.html b/testing/web-platform/tests/content-security-policy/frame-ancestors/frame-ancestors-overrides-xfo.html new file mode 100644 index 0000000000..9e6d3d729c --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/frame-ancestors/frame-ancestors-overrides-xfo.html @@ -0,0 +1,39 @@ + + + + + + + + + + diff --git a/testing/web-platform/tests/content-security-policy/frame-ancestors/frame-ancestors-sandbox-same-origin-self.html b/testing/web-platform/tests/content-security-policy/frame-ancestors/frame-ancestors-sandbox-same-origin-self.html new file mode 100644 index 0000000000..4a2a19698d --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/frame-ancestors/frame-ancestors-sandbox-same-origin-self.html @@ -0,0 +1,17 @@ + + + + + + + + + + + diff --git a/testing/web-platform/tests/content-security-policy/frame-ancestors/frame-ancestors-self-allow.html b/testing/web-platform/tests/content-security-policy/frame-ancestors/frame-ancestors-self-allow.html new file mode 100644 index 0000000000..a8a295dfc4 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/frame-ancestors/frame-ancestors-self-allow.html @@ -0,0 +1,16 @@ + + + + + + + + + + + + diff --git a/testing/web-platform/tests/content-security-policy/frame-ancestors/frame-ancestors-self-block.html b/testing/web-platform/tests/content-security-policy/frame-ancestors/frame-ancestors-self-block.html new file mode 100644 index 0000000000..438f2b8eb2 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/frame-ancestors/frame-ancestors-self-block.html @@ -0,0 +1,15 @@ + + + + + + + + + + + diff --git a/testing/web-platform/tests/content-security-policy/frame-ancestors/frame-ancestors-star-allow-crossorigin.html b/testing/web-platform/tests/content-security-policy/frame-ancestors/frame-ancestors-star-allow-crossorigin.html new file mode 100644 index 0000000000..09ee28bbea --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/frame-ancestors/frame-ancestors-star-allow-crossorigin.html @@ -0,0 +1,16 @@ + + + + + + + + + + + diff --git a/testing/web-platform/tests/content-security-policy/frame-ancestors/frame-ancestors-star-allow-sameorigin.html b/testing/web-platform/tests/content-security-policy/frame-ancestors/frame-ancestors-star-allow-sameorigin.html new file mode 100644 index 0000000000..62bbe45b25 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/frame-ancestors/frame-ancestors-star-allow-sameorigin.html @@ -0,0 +1,15 @@ + + + + + + + + + + + diff --git a/testing/web-platform/tests/content-security-policy/frame-ancestors/frame-ancestors-url-allow.sub.html b/testing/web-platform/tests/content-security-policy/frame-ancestors/frame-ancestors-url-allow.sub.html new file mode 100644 index 0000000000..f4f42e475f --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/frame-ancestors/frame-ancestors-url-allow.sub.html @@ -0,0 +1,15 @@ + + + + + + + + + + + diff --git a/testing/web-platform/tests/content-security-policy/frame-ancestors/frame-ancestors-url-block.html b/testing/web-platform/tests/content-security-policy/frame-ancestors/frame-ancestors-url-block.html new file mode 100644 index 0000000000..c320370be5 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/frame-ancestors/frame-ancestors-url-block.html @@ -0,0 +1,15 @@ + + + + + + + + + + + diff --git a/testing/web-platform/tests/content-security-policy/frame-ancestors/report-blocked-frame.sub.html b/testing/web-platform/tests/content-security-policy/frame-ancestors/report-blocked-frame.sub.html new file mode 100644 index 0000000000..a7532b7cf2 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/frame-ancestors/report-blocked-frame.sub.html @@ -0,0 +1,13 @@ + + + + + + + Blocked frames are reported correctly + + + + + + diff --git a/testing/web-platform/tests/content-security-policy/frame-ancestors/report-only-frame.sub.html b/testing/web-platform/tests/content-security-policy/frame-ancestors/report-only-frame.sub.html new file mode 100644 index 0000000000..55289db6d6 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/frame-ancestors/report-only-frame.sub.html @@ -0,0 +1,13 @@ + + + + + + + Blocked frames are reported correctly + + + + + + diff --git a/testing/web-platform/tests/content-security-policy/frame-ancestors/support/content-security-policy-report-only.sub.html b/testing/web-platform/tests/content-security-policy/frame-ancestors/support/content-security-policy-report-only.sub.html new file mode 100644 index 0000000000..c8317b91cf --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/frame-ancestors/support/content-security-policy-report-only.sub.html @@ -0,0 +1,6 @@ + + + +

This is an IFrame sending a Content-Security-Policy-Report-Only header containing "{{GET[policy]}}".

+ + diff --git a/testing/web-platform/tests/content-security-policy/frame-ancestors/support/content-security-policy-report-only.sub.html.sub.headers b/testing/web-platform/tests/content-security-policy/frame-ancestors/support/content-security-policy-report-only.sub.html.sub.headers new file mode 100644 index 0000000000..ccb142e569 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/frame-ancestors/support/content-security-policy-report-only.sub.html.sub.headers @@ -0,0 +1 @@ +Content-Security-Policy-Report-Only: {{GET[policy]}} diff --git a/testing/web-platform/tests/content-security-policy/frame-ancestors/support/content-security-policy.sub.html b/testing/web-platform/tests/content-security-policy/frame-ancestors/support/content-security-policy.sub.html new file mode 100644 index 0000000000..2182f4a3d2 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/frame-ancestors/support/content-security-policy.sub.html @@ -0,0 +1,6 @@ + + + +

This is an IFrame sending a Content Security Policy header containing "{{GET[policy]}}".

+ + diff --git a/testing/web-platform/tests/content-security-policy/frame-ancestors/support/content-security-policy.sub.html.sub.headers b/testing/web-platform/tests/content-security-policy/frame-ancestors/support/content-security-policy.sub.html.sub.headers new file mode 100644 index 0000000000..322c99d518 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/frame-ancestors/support/content-security-policy.sub.html.sub.headers @@ -0,0 +1 @@ +Content-Security-Policy: {{GET[policy]}} diff --git a/testing/web-platform/tests/content-security-policy/frame-ancestors/support/frame-ancestors-and-x-frame-options.sub.html b/testing/web-platform/tests/content-security-policy/frame-ancestors/support/frame-ancestors-and-x-frame-options.sub.html new file mode 100644 index 0000000000..e22fea3ccd --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/frame-ancestors/support/frame-ancestors-and-x-frame-options.sub.html @@ -0,0 +1,9 @@ + + + +

This is an IFrame sending a Content Security Policy header containing "frame-ancestors {{GET[policy]}}" and "X-Frame-Options: {{GET[xfo]}}".

+ + + diff --git a/testing/web-platform/tests/content-security-policy/frame-ancestors/support/frame-ancestors-and-x-frame-options.sub.html.sub.headers b/testing/web-platform/tests/content-security-policy/frame-ancestors/support/frame-ancestors-and-x-frame-options.sub.html.sub.headers new file mode 100644 index 0000000000..636e0facde --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/frame-ancestors/support/frame-ancestors-and-x-frame-options.sub.html.sub.headers @@ -0,0 +1,3 @@ +Content-Type: text/html; charset=UTF-8 +Content-Security-Policy: frame-ancestors {{GET[policy]}} +X-Frame-Options: {{GET[xfo]}} diff --git a/testing/web-platform/tests/content-security-policy/frame-ancestors/support/frame-ancestors-test.sub.js b/testing/web-platform/tests/content-security-policy/frame-ancestors/support/frame-ancestors-test.sub.js new file mode 100644 index 0000000000..6e816e89b3 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/frame-ancestors/support/frame-ancestors-test.sub.js @@ -0,0 +1,147 @@ +var SAME_ORIGIN = true; +var CROSS_ORIGIN = false; + +var EXPECT_BLOCK = true; +var EXPECT_LOAD = false; + +var SAMEORIGIN_ORIGIN = "{{location[scheme]}}://{{location[host]}}"; +var CROSSORIGIN_ORIGIN = "http://{{domains[www1]}}:{{ports[http][1]}}"; + +var test; + +function endTest(failed, message) { + if (typeof test === 'undefined') return; + + if (failed) { + test.step(function() { + assert_unreached(message); + test.done(); + }); + } + else test.done({message: message}); +} + +window.addEventListener("message", function (e) { + if (window.parent != window) + window.parent.postMessage(e.data, "*"); + else + if (e.data.type === 'test_result') + endTest(e.data.failed, "Inner IFrame msg: " + e.data.message); +}); + +function injectNestedIframe(policy, parent, child, expectation, isSandboxed) { + var iframe = document.createElement("iframe"); + + var url = "/content-security-policy/frame-ancestors/support/frame-in-frame.sub.html" + + "?policy=" + policy + + "&parent=" + parent + + "&child=" + child + + "&expectation=" + expectation; + url = (parent == "same" ? SAMEORIGIN_ORIGIN : CROSSORIGIN_ORIGIN) + url; + + iframe.src = url; + + if (isSandboxed) + iframe.sandbox = 'allow-scripts'; + + document.body.appendChild(iframe); +} + +let timer; +function pollForLoadCompletion({iframe, expectBlock}) { + let fn = iframeLoaded({expectBlock, isPoll: true}); + timer = test.step_timeout(() => fn({target: iframe}), 10); +} + +function injectIFrame(policy, sameOrigin, expectBlock) { + var iframe = document.createElement("iframe"); + iframe.addEventListener("load", iframeLoaded({expectBlock, isPoll: false})); + iframe.addEventListener("error", iframeLoaded({expectBlock, isPoll: false})); + + var url = "/content-security-policy/frame-ancestors/support/frame-ancestors.sub.html?policy=" + policy; + if (sameOrigin) + url = SAMEORIGIN_ORIGIN + url; + else + url = CROSSORIGIN_ORIGIN + url; + + iframe.src = url; + document.body.appendChild(iframe); + pollForLoadCompletion({iframe, expectBlock}); +} + +function iframeLoaded({isPoll, expectBlock}) { + return function(ev) { + clearTimeout(timer); + var failed = true; + var message = ""; + try { + let url = ev.target.contentWindow.location.href; + if (isPoll && (url === "about:blank" || ev.target.contentDocument.readyState !== "complete")) { + pollForLoadCompletion({iframe: ev.target, expectBlock}); + return; + } + if (expectBlock) { + message = "The IFrame should have been blocked (or cross-origin). It wasn't."; + failed = true; + } else { + message = "The IFrame should not have been blocked. It wasn't."; + failed = false; + } + } catch (ex) { + if (expectBlock) { + message = "The IFrame should have been blocked (or cross-origin). It was."; + failed = false; + } else { + message = "The IFrame should not have been blocked. It was."; + failed = true; + } + } + if (window.parent != window) + window.parent.postMessage({type: 'test_result', failed: failed, message: message}, '*'); + else + endTest(failed, message); + }; +} + +function originFrameShouldBe(child, expectation, policy) { + if (child == "cross" && expectation == "blocked") crossOriginFrameShouldBeBlocked(policy); + if (child == "same" && expectation == "blocked") sameOriginFrameShouldBeBlocked(policy); + if (child == "cross" && expectation == "allowed") crossOriginFrameShouldBeAllowed(policy); + if (child == "same" && expectation == "allowed") sameOriginFrameShouldBeAllowed(policy); +} + +function crossOriginFrameShouldBeBlocked(policy) { + window.onload = function () { + injectIFrame(policy, CROSS_ORIGIN, EXPECT_BLOCK); + }; +} + +function crossOriginFrameShouldBeAllowed(policy) { + window.onload = function () { + injectIFrame(policy, CROSS_ORIGIN, EXPECT_LOAD); + }; +} + +function sameOriginFrameShouldBeBlocked(policy) { + window.onload = function () { + injectIFrame(policy, SAME_ORIGIN, EXPECT_BLOCK); + }; +} + +function sameOriginFrameShouldBeAllowed(policy) { + window.onload = function () { + injectIFrame(policy, SAME_ORIGIN, EXPECT_LOAD); + }; +} + +function testNestedIFrame(policy, parent, child, expectation) { + window.onload = function () { + injectNestedIframe(policy, parent == SAME_ORIGIN ? "same" : "cross", child == SAME_ORIGIN ? "same" : "cross", expectation == EXPECT_LOAD ? "allowed" : "blocked", false /* isSandboxed */); + }; +} + +function testNestedSandboxedIFrame(policy, parent, child, expectation) { + window.onload = function () { + injectNestedIframe(policy, parent == SAME_ORIGIN ? "same" : "cross", child == SAME_ORIGIN ? "same" : "cross", expectation == EXPECT_LOAD ? "allowed" : "blocked", true /* isSandboxed */); + }; +} diff --git a/testing/web-platform/tests/content-security-policy/frame-ancestors/support/frame-ancestors.sub.html b/testing/web-platform/tests/content-security-policy/frame-ancestors/support/frame-ancestors.sub.html new file mode 100644 index 0000000000..de65277343 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/frame-ancestors/support/frame-ancestors.sub.html @@ -0,0 +1,9 @@ + + + +

This is an IFrame sending a Content Security Policy header containing "frame-ancestors {{GET[policy]}}".

+ + + diff --git a/testing/web-platform/tests/content-security-policy/frame-ancestors/support/frame-ancestors.sub.html.sub.headers b/testing/web-platform/tests/content-security-policy/frame-ancestors/support/frame-ancestors.sub.html.sub.headers new file mode 100644 index 0000000000..9369a4101f --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/frame-ancestors/support/frame-ancestors.sub.html.sub.headers @@ -0,0 +1,2 @@ +Content-Type: text/html; charset=UTF-8 +Content-Security-Policy: frame-ancestors {{GET[policy]}} diff --git a/testing/web-platform/tests/content-security-policy/frame-ancestors/support/frame-in-frame.sub.html b/testing/web-platform/tests/content-security-policy/frame-ancestors/support/frame-in-frame.sub.html new file mode 100644 index 0000000000..993b6bfd4b --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/frame-ancestors/support/frame-in-frame.sub.html @@ -0,0 +1,16 @@ + + + + + + + + {{GET[policy]}} + + + + diff --git a/testing/web-platform/tests/content-security-policy/frame-ancestors/support/frame-in-frame.sub.html.sub.headers b/testing/web-platform/tests/content-security-policy/frame-ancestors/support/frame-in-frame.sub.html.sub.headers new file mode 100644 index 0000000000..e853d6cee5 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/frame-ancestors/support/frame-in-frame.sub.html.sub.headers @@ -0,0 +1 @@ +Content-Type: text/html; charset=UTF-8 diff --git a/testing/web-platform/tests/content-security-policy/frame-ancestors/support/service-worker.js b/testing/web-platform/tests/content-security-policy/frame-ancestors/support/service-worker.js new file mode 100644 index 0000000000..ebced90f50 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/frame-ancestors/support/service-worker.js @@ -0,0 +1,10 @@ +self.onfetch = e => { + e.respondWith(function() { + return new Promise((resolve) => { + var headers = new Headers; + headers.append("Content-Security-Policy", "frame-ancestors 'none'"); + var response = new Response("", { "headers" : headers, "status": 200, "statusText" : "OK" }); + resolve(response); + }); + }()); +}; diff --git a/testing/web-platform/tests/content-security-policy/frame-src/frame-src-about-blank-allowed-by-default.sub.html b/testing/web-platform/tests/content-security-policy/frame-src/frame-src-about-blank-allowed-by-default.sub.html new file mode 100644 index 0000000000..a9d40adee0 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/frame-src/frame-src-about-blank-allowed-by-default.sub.html @@ -0,0 +1,32 @@ + + + + + + + frame-src-about-blank-allowed-by-default + + + + + +

These frames should not be blocked by Content-Security-Policy. + It's pointless to block about:blank iframes because + blocking a frame just results in displaying about:blank anyway! +

+ + + + + +
+ + + + \ No newline at end of file diff --git a/testing/web-platform/tests/content-security-policy/frame-src/frame-src-about-blank-allowed-by-scheme.sub.html b/testing/web-platform/tests/content-security-policy/frame-src/frame-src-about-blank-allowed-by-scheme.sub.html new file mode 100644 index 0000000000..f5b62aaa2f --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/frame-src/frame-src-about-blank-allowed-by-scheme.sub.html @@ -0,0 +1,28 @@ + + + + + + + frame-src-about-blank-allowed-by-scheme + + + + + +

This frame should not be blocked by Content-Security-Policy. +

+ + + +
+ + + + \ No newline at end of file diff --git a/testing/web-platform/tests/content-security-policy/frame-src/frame-src-allowed.sub.html b/testing/web-platform/tests/content-security-policy/frame-src/frame-src-allowed.sub.html new file mode 100644 index 0000000000..8421a9cbfb --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/frame-src/frame-src-allowed.sub.html @@ -0,0 +1,64 @@ + + + + + frame-src-allowed + + + + + +

+ This iframe should be allowed. +

+ + + + + +
+ + + diff --git a/testing/web-platform/tests/content-security-policy/frame-src/frame-src-blocked.sub.html b/testing/web-platform/tests/content-security-policy/frame-src/frame-src-blocked.sub.html new file mode 100644 index 0000000000..a4957f8715 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/frame-src/frame-src-blocked.sub.html @@ -0,0 +1,62 @@ + + + + + + + frame-src-blocked + + + + +

+ IFrames blocked by CSP should generate a 'load', not 'error' event, regardless of blocked state. This means they appear to be normal cross-origin loads, thereby not leaking URL information directly to JS. +

+ + + + + +
+ + + diff --git a/testing/web-platform/tests/content-security-policy/frame-src/frame-src-cross-origin-load.sub.html b/testing/web-platform/tests/content-security-policy/frame-src/frame-src-cross-origin-load.sub.html new file mode 100644 index 0000000000..956c79fbf0 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/frame-src/frame-src-cross-origin-load.sub.html @@ -0,0 +1,68 @@ + + + + + + + frame-src-cross-origin-load + + + + + +

+ IFrames blocked by CSP should generate a 'load', not 'error' event, regardless of blocked state. This means they appear to be normal cross-origin loads, thereby not leaking URL information directly to JS. +

+ + + + + + + +
+ + + diff --git a/testing/web-platform/tests/content-security-policy/frame-src/frame-src-cross-origin-same-document-navigation.window.js b/testing/web-platform/tests/content-security-policy/frame-src/frame-src-cross-origin-same-document-navigation.window.js new file mode 100644 index 0000000000..4c77193541 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/frame-src/frame-src-cross-origin-same-document-navigation.window.js @@ -0,0 +1,45 @@ +// META: script=/common/get-host-info.sub.js +// META: script=/common/utils.js +// META: script=/common/dispatcher/dispatcher.js + +// Regression test for https://crbug.com/1262203 +// +// A cross-origin document initiates a same-document navigation. This navigation +// is subject to CSP:frame-src 'none', but this doesn't apply, since it's a +// same-document navigation. This test checks this doesn't lead to a crash. + +promise_test(async test => { + const child_token = token(); + const child = new RemoteContext(child_token); + const iframe = document.createElement("iframe"); + iframe.src = remoteExecutorUrl(child_token, { + host: get_host_info().REMOTE_HOST + }); + document.body.appendChild(iframe); + + // Install a promise waiting for a same-document navigation to happen in the + // child. + await child.execute_script(() => { + window.sameDocumentNavigation = new Promise(resolve => { + window.addEventListener("popstate", resolve); + }); + }); + + // Append a new CSP, disallowing new iframe navigations. + const meta = document.createElement("meta"); + meta.httpEquiv = "Content-Security-Policy"; + meta.content = "frame-src 'none'"; + document.head.appendChild(meta); + + document.addEventListener( + "securitypolicyviolation", + test.unreached_func("same-document navigations aren't subject to CSP")); + + // Create a same-document navigation, inititated cross-origin in the iframe. + // It must not be blocked by the CSP above. + iframe.src += "#foo"; + + // Make sure the navigation succeeded and was indeed a same-document one: + await child.execute_script(() => sameDocumentNavigation); + assert_equals(await child.execute_script(() => location.href), iframe.src); +}) diff --git a/testing/web-platform/tests/content-security-policy/frame-src/frame-src-redirect.html b/testing/web-platform/tests/content-security-policy/frame-src/frame-src-redirect.html new file mode 100644 index 0000000000..f5ac88b052 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/frame-src/frame-src-redirect.html @@ -0,0 +1,35 @@ + + + + + + + diff --git a/testing/web-platform/tests/content-security-policy/frame-src/frame-src-redirect.html.headers b/testing/web-platform/tests/content-security-policy/frame-src/frame-src-redirect.html.headers new file mode 100644 index 0000000000..338bea13b8 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/frame-src/frame-src-redirect.html.headers @@ -0,0 +1,2 @@ +Content-Security-Policy: frame-src 'self' +Content-Security-Policy-Report-Only: frame-src http://foo.test diff --git a/testing/web-platform/tests/content-security-policy/frame-src/frame-src-same-document-meta.sub.html b/testing/web-platform/tests/content-security-policy/frame-src/frame-src-same-document-meta.sub.html new file mode 100644 index 0000000000..f4122f3d35 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/frame-src/frame-src-same-document-meta.sub.html @@ -0,0 +1,52 @@ + + + + + + diff --git a/testing/web-platform/tests/content-security-policy/frame-src/frame-src-same-document.sub.html b/testing/web-platform/tests/content-security-policy/frame-src/frame-src-same-document.sub.html new file mode 100644 index 0000000000..9868f92955 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/frame-src/frame-src-same-document.sub.html @@ -0,0 +1,22 @@ + + + + + + diff --git a/testing/web-platform/tests/content-security-policy/frame-src/frame-src-same-document.sub.html.headers b/testing/web-platform/tests/content-security-policy/frame-src/frame-src-same-document.sub.html.headers new file mode 100644 index 0000000000..6502444407 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/frame-src/frame-src-same-document.sub.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: frame-src 'none' diff --git a/testing/web-platform/tests/content-security-policy/frame-src/frame-src-sandboxed-allowed.html b/testing/web-platform/tests/content-security-policy/frame-src/frame-src-sandboxed-allowed.html new file mode 100644 index 0000000000..419a14458b --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/frame-src/frame-src-sandboxed-allowed.html @@ -0,0 +1,29 @@ + + + + Frame-src: 'self' matches even if the parent's origin is unique. + + + + + + + diff --git a/testing/web-platform/tests/content-security-policy/frame-src/frame-src-sandboxed-allowed.html.headers b/testing/web-platform/tests/content-security-policy/frame-src/frame-src-sandboxed-allowed.html.headers new file mode 100644 index 0000000000..ec9e8deb59 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/frame-src/frame-src-sandboxed-allowed.html.headers @@ -0,0 +1,4 @@ +Expires: Mon, 26 Jul 1997 05:00:00 GMT +Cache-Control: no-store, no-cache, must-revalidate +Pragma: no-cache +Content-Security-Policy: frame-src 'self'; sandbox allow-scripts diff --git a/testing/web-platform/tests/content-security-policy/frame-src/frame-src-self-unique-origin.html b/testing/web-platform/tests/content-security-policy/frame-src/frame-src-self-unique-origin.html new file mode 100644 index 0000000000..3d04a08ad7 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/frame-src/frame-src-self-unique-origin.html @@ -0,0 +1,49 @@ + + + + + frame-src-self-unique-origin + + + + + +

+ The origin of an URL is called "unique" when it is considered to be + different from every origin, including itself. The origin of a + data-url is unique. When the current origin is unique, the CSP source + 'self' must not match any URL. +

+ + + + diff --git a/testing/web-platform/tests/content-security-policy/frame-src/support/frame.html b/testing/web-platform/tests/content-security-policy/frame-src/support/frame.html new file mode 100644 index 0000000000..50be429587 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/frame-src/support/frame.html @@ -0,0 +1,2 @@ + + diff --git a/testing/web-platform/tests/content-security-policy/frame-src/support/testharness-helper.sub.js b/testing/web-platform/tests/content-security-policy/frame-src/support/testharness-helper.sub.js new file mode 100644 index 0000000000..b9e9a6c856 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/frame-src/support/testharness-helper.sub.js @@ -0,0 +1,5 @@ +function generateCrossOriginRedirectFrame() { + var target = "http://{{domains[天気ã®è‰¯ã„æ—¥]}}:" + document.location.port + "/content-security-policy/frame-src/support/frame.html"; + var url = "/common/redirect.py?location=" + encodeURIComponent(target); + return { url: url, target: target }; +} diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-self/script-tag.http.html b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-self/script-tag.http.html new file mode 100644 index 0000000000..a5505da3ec --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-self/script-tag.http.html @@ -0,0 +1,82 @@ + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-self/script-tag.http.html.headers b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-self/script-tag.http.html.headers new file mode 100644 index 0000000000..32b65539e6 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-self/script-tag.http.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: script-src 'self' 'unsafe-inline' diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-self/script-tag.https.html b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-self/script-tag.https.html new file mode 100644 index 0000000000..1001b8934c --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-self/script-tag.https.html @@ -0,0 +1,82 @@ + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-self/script-tag.https.html.headers b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-self/script-tag.https.html.headers new file mode 100644 index 0000000000..32b65539e6 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-self/script-tag.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: script-src 'self' 'unsafe-inline' diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-self/sharedworker-classic.http.html b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-self/sharedworker-classic.http.html new file mode 100644 index 0000000000..9539763e52 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-self/sharedworker-classic.http.html @@ -0,0 +1,42 @@ + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-self/sharedworker-classic.http.html.headers b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-self/sharedworker-classic.http.html.headers new file mode 100644 index 0000000000..32b65539e6 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-self/sharedworker-classic.http.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: script-src 'self' 'unsafe-inline' diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-self/sharedworker-classic.https.html b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-self/sharedworker-classic.https.html new file mode 100644 index 0000000000..e8f4411aa2 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-self/sharedworker-classic.https.html @@ -0,0 +1,42 @@ + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-self/sharedworker-classic.https.html.headers b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-self/sharedworker-classic.https.html.headers new file mode 100644 index 0000000000..32b65539e6 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-self/sharedworker-classic.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: script-src 'self' 'unsafe-inline' diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-self/sharedworker-import-data.http.html b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-self/sharedworker-import-data.http.html new file mode 100644 index 0000000000..dca4996e6b --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-self/sharedworker-import-data.http.html @@ -0,0 +1,82 @@ + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-self/sharedworker-import-data.http.html.headers b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-self/sharedworker-import-data.http.html.headers new file mode 100644 index 0000000000..32b65539e6 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-self/sharedworker-import-data.http.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: script-src 'self' 'unsafe-inline' diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-self/sharedworker-import-data.https.html b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-self/sharedworker-import-data.https.html new file mode 100644 index 0000000000..e082a0aabd --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-self/sharedworker-import-data.https.html @@ -0,0 +1,82 @@ + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-self/sharedworker-import-data.https.html.headers b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-self/sharedworker-import-data.https.html.headers new file mode 100644 index 0000000000..32b65539e6 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-self/sharedworker-import-data.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: script-src 'self' 'unsafe-inline' diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-self/sharedworker-import.http.html b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-self/sharedworker-import.http.html new file mode 100644 index 0000000000..79880d3822 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-self/sharedworker-import.http.html @@ -0,0 +1,82 @@ + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-self/sharedworker-import.http.html.headers b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-self/sharedworker-import.http.html.headers new file mode 100644 index 0000000000..32b65539e6 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-self/sharedworker-import.http.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: script-src 'self' 'unsafe-inline' diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-self/sharedworker-import.https.html b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-self/sharedworker-import.https.html new file mode 100644 index 0000000000..b561c096e0 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-self/sharedworker-import.https.html @@ -0,0 +1,82 @@ + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-self/sharedworker-import.https.html.headers b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-self/sharedworker-import.https.html.headers new file mode 100644 index 0000000000..32b65539e6 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-self/sharedworker-import.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: script-src 'self' 'unsafe-inline' diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-self/sharedworker-module.http.html b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-self/sharedworker-module.http.html new file mode 100644 index 0000000000..a8fd6b61f4 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-self/sharedworker-module.http.html @@ -0,0 +1,42 @@ + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-self/sharedworker-module.http.html.headers b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-self/sharedworker-module.http.html.headers new file mode 100644 index 0000000000..32b65539e6 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-self/sharedworker-module.http.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: script-src 'self' 'unsafe-inline' diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-self/sharedworker-module.https.html b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-self/sharedworker-module.https.html new file mode 100644 index 0000000000..a9ccaf5f8d --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-self/sharedworker-module.https.html @@ -0,0 +1,42 @@ + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-self/sharedworker-module.https.html.headers b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-self/sharedworker-module.https.html.headers new file mode 100644 index 0000000000..32b65539e6 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-self/sharedworker-module.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: script-src 'self' 'unsafe-inline' diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-self/worker-classic.http.html b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-self/worker-classic.http.html new file mode 100644 index 0000000000..755e1cfcc8 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-self/worker-classic.http.html @@ -0,0 +1,42 @@ + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-self/worker-classic.http.html.headers b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-self/worker-classic.http.html.headers new file mode 100644 index 0000000000..32b65539e6 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-self/worker-classic.http.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: script-src 'self' 'unsafe-inline' diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-self/worker-classic.https.html b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-self/worker-classic.https.html new file mode 100644 index 0000000000..f745886d17 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-self/worker-classic.https.html @@ -0,0 +1,42 @@ + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-self/worker-classic.https.html.headers b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-self/worker-classic.https.html.headers new file mode 100644 index 0000000000..32b65539e6 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-self/worker-classic.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: script-src 'self' 'unsafe-inline' diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-self/worker-import-data.http.html b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-self/worker-import-data.http.html new file mode 100644 index 0000000000..128bca9dc5 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-self/worker-import-data.http.html @@ -0,0 +1,82 @@ + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-self/worker-import-data.http.html.headers b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-self/worker-import-data.http.html.headers new file mode 100644 index 0000000000..32b65539e6 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-self/worker-import-data.http.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: script-src 'self' 'unsafe-inline' diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-self/worker-import-data.https.html b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-self/worker-import-data.https.html new file mode 100644 index 0000000000..a819b2f680 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-self/worker-import-data.https.html @@ -0,0 +1,82 @@ + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-self/worker-import-data.https.html.headers b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-self/worker-import-data.https.html.headers new file mode 100644 index 0000000000..32b65539e6 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-self/worker-import-data.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: script-src 'self' 'unsafe-inline' diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-self/worker-import.http.html b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-self/worker-import.http.html new file mode 100644 index 0000000000..c15a45c6cf --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-self/worker-import.http.html @@ -0,0 +1,82 @@ + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-self/worker-import.http.html.headers b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-self/worker-import.http.html.headers new file mode 100644 index 0000000000..32b65539e6 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-self/worker-import.http.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: script-src 'self' 'unsafe-inline' diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-self/worker-import.https.html b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-self/worker-import.https.html new file mode 100644 index 0000000000..fb93bdec2e --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-self/worker-import.https.html @@ -0,0 +1,82 @@ + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-self/worker-import.https.html.headers b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-self/worker-import.https.html.headers new file mode 100644 index 0000000000..32b65539e6 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-self/worker-import.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: script-src 'self' 'unsafe-inline' diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-self/worker-module.http.html b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-self/worker-module.http.html new file mode 100644 index 0000000000..ae0d919833 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-self/worker-module.http.html @@ -0,0 +1,42 @@ + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-self/worker-module.http.html.headers b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-self/worker-module.http.html.headers new file mode 100644 index 0000000000..32b65539e6 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-self/worker-module.http.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: script-src 'self' 'unsafe-inline' diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-self/worker-module.https.html b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-self/worker-module.https.html new file mode 100644 index 0000000000..f630ea0ff1 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-self/worker-module.https.html @@ -0,0 +1,42 @@ + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-self/worker-module.https.html.headers b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-self/worker-module.https.html.headers new file mode 100644 index 0000000000..32b65539e6 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-self/worker-module.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: script-src 'self' 'unsafe-inline' diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-self/worklet-animation-import-data.https.html b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-self/worklet-animation-import-data.https.html new file mode 100644 index 0000000000..c743fc6561 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-self/worklet-animation-import-data.https.html @@ -0,0 +1,82 @@ + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-self/worklet-animation-import-data.https.html.headers b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-self/worklet-animation-import-data.https.html.headers new file mode 100644 index 0000000000..32b65539e6 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-self/worklet-animation-import-data.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: script-src 'self' 'unsafe-inline' diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-self/worklet-animation.https.html b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-self/worklet-animation.https.html new file mode 100644 index 0000000000..b25544c193 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-self/worklet-animation.https.html @@ -0,0 +1,82 @@ + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-self/worklet-animation.https.html.headers b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-self/worklet-animation.https.html.headers new file mode 100644 index 0000000000..32b65539e6 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-self/worklet-animation.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: script-src 'self' 'unsafe-inline' diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-self/worklet-audio-import-data.https.html b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-self/worklet-audio-import-data.https.html new file mode 100644 index 0000000000..46ed3a0bf1 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-self/worklet-audio-import-data.https.html @@ -0,0 +1,82 @@ + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-self/worklet-audio-import-data.https.html.headers b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-self/worklet-audio-import-data.https.html.headers new file mode 100644 index 0000000000..32b65539e6 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-self/worklet-audio-import-data.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: script-src 'self' 'unsafe-inline' diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-self/worklet-audio.https.html b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-self/worklet-audio.https.html new file mode 100644 index 0000000000..57d8809f75 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-self/worklet-audio.https.html @@ -0,0 +1,82 @@ + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-self/worklet-audio.https.html.headers b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-self/worklet-audio.https.html.headers new file mode 100644 index 0000000000..32b65539e6 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-self/worklet-audio.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: script-src 'self' 'unsafe-inline' diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-self/worklet-layout-import-data.https.html b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-self/worklet-layout-import-data.https.html new file mode 100644 index 0000000000..1503c93758 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-self/worklet-layout-import-data.https.html @@ -0,0 +1,82 @@ + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-self/worklet-layout-import-data.https.html.headers b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-self/worklet-layout-import-data.https.html.headers new file mode 100644 index 0000000000..32b65539e6 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-self/worklet-layout-import-data.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: script-src 'self' 'unsafe-inline' diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-self/worklet-layout.https.html b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-self/worklet-layout.https.html new file mode 100644 index 0000000000..c3fae6d44f --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-self/worklet-layout.https.html @@ -0,0 +1,82 @@ + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-self/worklet-layout.https.html.headers b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-self/worklet-layout.https.html.headers new file mode 100644 index 0000000000..32b65539e6 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-self/worklet-layout.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: script-src 'self' 'unsafe-inline' diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-self/worklet-paint-import-data.https.html b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-self/worklet-paint-import-data.https.html new file mode 100644 index 0000000000..122cedef88 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-self/worklet-paint-import-data.https.html @@ -0,0 +1,82 @@ + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-self/worklet-paint-import-data.https.html.headers b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-self/worklet-paint-import-data.https.html.headers new file mode 100644 index 0000000000..32b65539e6 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-self/worklet-paint-import-data.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: script-src 'self' 'unsafe-inline' diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-self/worklet-paint.https.html b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-self/worklet-paint.https.html new file mode 100644 index 0000000000..843b00e675 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-self/worklet-paint.https.html @@ -0,0 +1,82 @@ + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-self/worklet-paint.https.html.headers b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-self/worklet-paint.https.html.headers new file mode 100644 index 0000000000..32b65539e6 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-self/worklet-paint.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: script-src 'self' 'unsafe-inline' diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-wildcard/script-tag.http.html b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-wildcard/script-tag.http.html new file mode 100644 index 0000000000..4a8673d320 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-wildcard/script-tag.http.html @@ -0,0 +1,82 @@ + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-wildcard/script-tag.http.html.headers b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-wildcard/script-tag.http.html.headers new file mode 100644 index 0000000000..cbc7a1b54f --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-wildcard/script-tag.http.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: script-src * 'unsafe-inline' diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-wildcard/script-tag.https.html b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-wildcard/script-tag.https.html new file mode 100644 index 0000000000..99d3fa4dbc --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-wildcard/script-tag.https.html @@ -0,0 +1,82 @@ + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-wildcard/script-tag.https.html.headers b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-wildcard/script-tag.https.html.headers new file mode 100644 index 0000000000..cbc7a1b54f --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-wildcard/script-tag.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: script-src * 'unsafe-inline' diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-wildcard/sharedworker-classic.http.html b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-wildcard/sharedworker-classic.http.html new file mode 100644 index 0000000000..9539763e52 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-wildcard/sharedworker-classic.http.html @@ -0,0 +1,42 @@ + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-wildcard/sharedworker-classic.http.html.headers b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-wildcard/sharedworker-classic.http.html.headers new file mode 100644 index 0000000000..cbc7a1b54f --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-wildcard/sharedworker-classic.http.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: script-src * 'unsafe-inline' diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-wildcard/sharedworker-classic.https.html b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-wildcard/sharedworker-classic.https.html new file mode 100644 index 0000000000..e8f4411aa2 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-wildcard/sharedworker-classic.https.html @@ -0,0 +1,42 @@ + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-wildcard/sharedworker-classic.https.html.headers b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-wildcard/sharedworker-classic.https.html.headers new file mode 100644 index 0000000000..cbc7a1b54f --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-wildcard/sharedworker-classic.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: script-src * 'unsafe-inline' diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-wildcard/sharedworker-import-data.http.html b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-wildcard/sharedworker-import-data.http.html new file mode 100644 index 0000000000..dca4996e6b --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-wildcard/sharedworker-import-data.http.html @@ -0,0 +1,82 @@ + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-wildcard/sharedworker-import-data.http.html.headers b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-wildcard/sharedworker-import-data.http.html.headers new file mode 100644 index 0000000000..cbc7a1b54f --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-wildcard/sharedworker-import-data.http.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: script-src * 'unsafe-inline' diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-wildcard/sharedworker-import-data.https.html b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-wildcard/sharedworker-import-data.https.html new file mode 100644 index 0000000000..e082a0aabd --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-wildcard/sharedworker-import-data.https.html @@ -0,0 +1,82 @@ + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-wildcard/sharedworker-import-data.https.html.headers b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-wildcard/sharedworker-import-data.https.html.headers new file mode 100644 index 0000000000..cbc7a1b54f --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-wildcard/sharedworker-import-data.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: script-src * 'unsafe-inline' diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-wildcard/sharedworker-import.http.html b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-wildcard/sharedworker-import.http.html new file mode 100644 index 0000000000..235eb3b5ea --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-wildcard/sharedworker-import.http.html @@ -0,0 +1,82 @@ + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-wildcard/sharedworker-import.http.html.headers b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-wildcard/sharedworker-import.http.html.headers new file mode 100644 index 0000000000..cbc7a1b54f --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-wildcard/sharedworker-import.http.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: script-src * 'unsafe-inline' diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-wildcard/sharedworker-import.https.html b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-wildcard/sharedworker-import.https.html new file mode 100644 index 0000000000..c0e60c1197 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-wildcard/sharedworker-import.https.html @@ -0,0 +1,82 @@ + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-wildcard/sharedworker-import.https.html.headers b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-wildcard/sharedworker-import.https.html.headers new file mode 100644 index 0000000000..cbc7a1b54f --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-wildcard/sharedworker-import.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: script-src * 'unsafe-inline' diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-wildcard/sharedworker-module.http.html b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-wildcard/sharedworker-module.http.html new file mode 100644 index 0000000000..a8fd6b61f4 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-wildcard/sharedworker-module.http.html @@ -0,0 +1,42 @@ + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-wildcard/sharedworker-module.http.html.headers b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-wildcard/sharedworker-module.http.html.headers new file mode 100644 index 0000000000..cbc7a1b54f --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-wildcard/sharedworker-module.http.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: script-src * 'unsafe-inline' diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-wildcard/sharedworker-module.https.html b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-wildcard/sharedworker-module.https.html new file mode 100644 index 0000000000..a9ccaf5f8d --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-wildcard/sharedworker-module.https.html @@ -0,0 +1,42 @@ + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-wildcard/sharedworker-module.https.html.headers b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-wildcard/sharedworker-module.https.html.headers new file mode 100644 index 0000000000..cbc7a1b54f --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-wildcard/sharedworker-module.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: script-src * 'unsafe-inline' diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-wildcard/worker-classic.http.html b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-wildcard/worker-classic.http.html new file mode 100644 index 0000000000..755e1cfcc8 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-wildcard/worker-classic.http.html @@ -0,0 +1,42 @@ + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-wildcard/worker-classic.http.html.headers b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-wildcard/worker-classic.http.html.headers new file mode 100644 index 0000000000..cbc7a1b54f --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-wildcard/worker-classic.http.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: script-src * 'unsafe-inline' diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-wildcard/worker-classic.https.html b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-wildcard/worker-classic.https.html new file mode 100644 index 0000000000..f745886d17 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-wildcard/worker-classic.https.html @@ -0,0 +1,42 @@ + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-wildcard/worker-classic.https.html.headers b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-wildcard/worker-classic.https.html.headers new file mode 100644 index 0000000000..cbc7a1b54f --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-wildcard/worker-classic.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: script-src * 'unsafe-inline' diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-wildcard/worker-import-data.http.html b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-wildcard/worker-import-data.http.html new file mode 100644 index 0000000000..128bca9dc5 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-wildcard/worker-import-data.http.html @@ -0,0 +1,82 @@ + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-wildcard/worker-import-data.http.html.headers b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-wildcard/worker-import-data.http.html.headers new file mode 100644 index 0000000000..cbc7a1b54f --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-wildcard/worker-import-data.http.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: script-src * 'unsafe-inline' diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-wildcard/worker-import-data.https.html b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-wildcard/worker-import-data.https.html new file mode 100644 index 0000000000..a819b2f680 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-wildcard/worker-import-data.https.html @@ -0,0 +1,82 @@ + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-wildcard/worker-import-data.https.html.headers b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-wildcard/worker-import-data.https.html.headers new file mode 100644 index 0000000000..cbc7a1b54f --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-wildcard/worker-import-data.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: script-src * 'unsafe-inline' diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-wildcard/worker-import.http.html b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-wildcard/worker-import.http.html new file mode 100644 index 0000000000..8e729f63bd --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-wildcard/worker-import.http.html @@ -0,0 +1,82 @@ + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-wildcard/worker-import.http.html.headers b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-wildcard/worker-import.http.html.headers new file mode 100644 index 0000000000..cbc7a1b54f --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-wildcard/worker-import.http.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: script-src * 'unsafe-inline' diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-wildcard/worker-import.https.html b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-wildcard/worker-import.https.html new file mode 100644 index 0000000000..ecb08bfb33 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-wildcard/worker-import.https.html @@ -0,0 +1,82 @@ + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-wildcard/worker-import.https.html.headers b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-wildcard/worker-import.https.html.headers new file mode 100644 index 0000000000..cbc7a1b54f --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-wildcard/worker-import.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: script-src * 'unsafe-inline' diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-wildcard/worker-module.http.html b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-wildcard/worker-module.http.html new file mode 100644 index 0000000000..ae0d919833 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-wildcard/worker-module.http.html @@ -0,0 +1,42 @@ + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-wildcard/worker-module.http.html.headers b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-wildcard/worker-module.http.html.headers new file mode 100644 index 0000000000..cbc7a1b54f --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-wildcard/worker-module.http.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: script-src * 'unsafe-inline' diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-wildcard/worker-module.https.html b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-wildcard/worker-module.https.html new file mode 100644 index 0000000000..f630ea0ff1 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-wildcard/worker-module.https.html @@ -0,0 +1,42 @@ + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-wildcard/worker-module.https.html.headers b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-wildcard/worker-module.https.html.headers new file mode 100644 index 0000000000..cbc7a1b54f --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-wildcard/worker-module.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: script-src * 'unsafe-inline' diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-wildcard/worklet-animation-import-data.https.html b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-wildcard/worklet-animation-import-data.https.html new file mode 100644 index 0000000000..c743fc6561 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-wildcard/worklet-animation-import-data.https.html @@ -0,0 +1,82 @@ + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-wildcard/worklet-animation-import-data.https.html.headers b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-wildcard/worklet-animation-import-data.https.html.headers new file mode 100644 index 0000000000..cbc7a1b54f --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-wildcard/worklet-animation-import-data.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: script-src * 'unsafe-inline' diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-wildcard/worklet-animation.https.html b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-wildcard/worklet-animation.https.html new file mode 100644 index 0000000000..35f658cb06 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-wildcard/worklet-animation.https.html @@ -0,0 +1,82 @@ + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-wildcard/worklet-animation.https.html.headers b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-wildcard/worklet-animation.https.html.headers new file mode 100644 index 0000000000..cbc7a1b54f --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-wildcard/worklet-animation.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: script-src * 'unsafe-inline' diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-wildcard/worklet-audio-import-data.https.html b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-wildcard/worklet-audio-import-data.https.html new file mode 100644 index 0000000000..46ed3a0bf1 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-wildcard/worklet-audio-import-data.https.html @@ -0,0 +1,82 @@ + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-wildcard/worklet-audio-import-data.https.html.headers b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-wildcard/worklet-audio-import-data.https.html.headers new file mode 100644 index 0000000000..cbc7a1b54f --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-wildcard/worklet-audio-import-data.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: script-src * 'unsafe-inline' diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-wildcard/worklet-audio.https.html b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-wildcard/worklet-audio.https.html new file mode 100644 index 0000000000..e2b02e941f --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-wildcard/worklet-audio.https.html @@ -0,0 +1,82 @@ + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-wildcard/worklet-audio.https.html.headers b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-wildcard/worklet-audio.https.html.headers new file mode 100644 index 0000000000..cbc7a1b54f --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-wildcard/worklet-audio.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: script-src * 'unsafe-inline' diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-wildcard/worklet-layout-import-data.https.html b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-wildcard/worklet-layout-import-data.https.html new file mode 100644 index 0000000000..1503c93758 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-wildcard/worklet-layout-import-data.https.html @@ -0,0 +1,82 @@ + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-wildcard/worklet-layout-import-data.https.html.headers b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-wildcard/worklet-layout-import-data.https.html.headers new file mode 100644 index 0000000000..cbc7a1b54f --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-wildcard/worklet-layout-import-data.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: script-src * 'unsafe-inline' diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-wildcard/worklet-layout.https.html b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-wildcard/worklet-layout.https.html new file mode 100644 index 0000000000..e8c8564561 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-wildcard/worklet-layout.https.html @@ -0,0 +1,82 @@ + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-wildcard/worklet-layout.https.html.headers b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-wildcard/worklet-layout.https.html.headers new file mode 100644 index 0000000000..cbc7a1b54f --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-wildcard/worklet-layout.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: script-src * 'unsafe-inline' diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-wildcard/worklet-paint-import-data.https.html b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-wildcard/worklet-paint-import-data.https.html new file mode 100644 index 0000000000..122cedef88 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-wildcard/worklet-paint-import-data.https.html @@ -0,0 +1,82 @@ + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-wildcard/worklet-paint-import-data.https.html.headers b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-wildcard/worklet-paint-import-data.https.html.headers new file mode 100644 index 0000000000..cbc7a1b54f --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-wildcard/worklet-paint-import-data.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: script-src * 'unsafe-inline' diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-wildcard/worklet-paint.https.html b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-wildcard/worklet-paint.https.html new file mode 100644 index 0000000000..e06edb7be2 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-wildcard/worklet-paint.https.html @@ -0,0 +1,82 @@ + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-wildcard/worklet-paint.https.html.headers b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-wildcard/worklet-paint.https.html.headers new file mode 100644 index 0000000000..cbc7a1b54f --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/script-src-wildcard/worklet-paint.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: script-src * 'unsafe-inline' diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-none/script-tag.http.html b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-none/script-tag.http.html new file mode 100644 index 0000000000..4a8673d320 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-none/script-tag.http.html @@ -0,0 +1,82 @@ + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-none/script-tag.http.html.headers b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-none/script-tag.http.html.headers new file mode 100644 index 0000000000..c75aa51ab4 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-none/script-tag.http.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: worker-src 'none' diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-none/script-tag.https.html b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-none/script-tag.https.html new file mode 100644 index 0000000000..99d3fa4dbc --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-none/script-tag.https.html @@ -0,0 +1,82 @@ + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-none/script-tag.https.html.headers b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-none/script-tag.https.html.headers new file mode 100644 index 0000000000..c75aa51ab4 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-none/script-tag.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: worker-src 'none' diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-none/sharedworker-classic.http.html b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-none/sharedworker-classic.http.html new file mode 100644 index 0000000000..2cf32d1d11 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-none/sharedworker-classic.http.html @@ -0,0 +1,42 @@ + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-none/sharedworker-classic.http.html.headers b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-none/sharedworker-classic.http.html.headers new file mode 100644 index 0000000000..c75aa51ab4 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-none/sharedworker-classic.http.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: worker-src 'none' diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-none/sharedworker-classic.https.html b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-none/sharedworker-classic.https.html new file mode 100644 index 0000000000..377eeaccc7 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-none/sharedworker-classic.https.html @@ -0,0 +1,42 @@ + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-none/sharedworker-classic.https.html.headers b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-none/sharedworker-classic.https.html.headers new file mode 100644 index 0000000000..c75aa51ab4 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-none/sharedworker-classic.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: worker-src 'none' diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-none/sharedworker-import-data.http.html b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-none/sharedworker-import-data.http.html new file mode 100644 index 0000000000..dca4996e6b --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-none/sharedworker-import-data.http.html @@ -0,0 +1,82 @@ + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-none/sharedworker-import-data.http.html.headers b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-none/sharedworker-import-data.http.html.headers new file mode 100644 index 0000000000..c75aa51ab4 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-none/sharedworker-import-data.http.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: worker-src 'none' diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-none/sharedworker-import-data.https.html b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-none/sharedworker-import-data.https.html new file mode 100644 index 0000000000..e082a0aabd --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-none/sharedworker-import-data.https.html @@ -0,0 +1,82 @@ + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-none/sharedworker-import-data.https.html.headers b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-none/sharedworker-import-data.https.html.headers new file mode 100644 index 0000000000..c75aa51ab4 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-none/sharedworker-import-data.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: worker-src 'none' diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-none/sharedworker-import.http.html b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-none/sharedworker-import.http.html new file mode 100644 index 0000000000..53d060edeb --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-none/sharedworker-import.http.html @@ -0,0 +1,82 @@ + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-none/sharedworker-import.http.html.headers b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-none/sharedworker-import.http.html.headers new file mode 100644 index 0000000000..c75aa51ab4 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-none/sharedworker-import.http.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: worker-src 'none' diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-none/sharedworker-import.https.html b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-none/sharedworker-import.https.html new file mode 100644 index 0000000000..3537249e42 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-none/sharedworker-import.https.html @@ -0,0 +1,82 @@ + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-none/sharedworker-import.https.html.headers b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-none/sharedworker-import.https.html.headers new file mode 100644 index 0000000000..c75aa51ab4 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-none/sharedworker-import.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: worker-src 'none' diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-none/sharedworker-module.http.html b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-none/sharedworker-module.http.html new file mode 100644 index 0000000000..8cfd3c6332 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-none/sharedworker-module.http.html @@ -0,0 +1,42 @@ + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-none/sharedworker-module.http.html.headers b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-none/sharedworker-module.http.html.headers new file mode 100644 index 0000000000..c75aa51ab4 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-none/sharedworker-module.http.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: worker-src 'none' diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-none/sharedworker-module.https.html b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-none/sharedworker-module.https.html new file mode 100644 index 0000000000..5982ad0521 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-none/sharedworker-module.https.html @@ -0,0 +1,42 @@ + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-none/sharedworker-module.https.html.headers b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-none/sharedworker-module.https.html.headers new file mode 100644 index 0000000000..c75aa51ab4 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-none/sharedworker-module.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: worker-src 'none' diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-none/worker-classic.http.html b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-none/worker-classic.http.html new file mode 100644 index 0000000000..403963d561 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-none/worker-classic.http.html @@ -0,0 +1,42 @@ + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-none/worker-classic.http.html.headers b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-none/worker-classic.http.html.headers new file mode 100644 index 0000000000..c75aa51ab4 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-none/worker-classic.http.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: worker-src 'none' diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-none/worker-classic.https.html b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-none/worker-classic.https.html new file mode 100644 index 0000000000..ceb78f54f2 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-none/worker-classic.https.html @@ -0,0 +1,42 @@ + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-none/worker-classic.https.html.headers b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-none/worker-classic.https.html.headers new file mode 100644 index 0000000000..c75aa51ab4 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-none/worker-classic.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: worker-src 'none' diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-none/worker-import-data.http.html b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-none/worker-import-data.http.html new file mode 100644 index 0000000000..128bca9dc5 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-none/worker-import-data.http.html @@ -0,0 +1,82 @@ + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-none/worker-import-data.http.html.headers b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-none/worker-import-data.http.html.headers new file mode 100644 index 0000000000..c75aa51ab4 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-none/worker-import-data.http.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: worker-src 'none' diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-none/worker-import-data.https.html b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-none/worker-import-data.https.html new file mode 100644 index 0000000000..a819b2f680 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-none/worker-import-data.https.html @@ -0,0 +1,82 @@ + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-none/worker-import-data.https.html.headers b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-none/worker-import-data.https.html.headers new file mode 100644 index 0000000000..c75aa51ab4 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-none/worker-import-data.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: worker-src 'none' diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-none/worker-import.http.html b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-none/worker-import.http.html new file mode 100644 index 0000000000..0a5e46bcac --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-none/worker-import.http.html @@ -0,0 +1,82 @@ + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-none/worker-import.http.html.headers b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-none/worker-import.http.html.headers new file mode 100644 index 0000000000..c75aa51ab4 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-none/worker-import.http.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: worker-src 'none' diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-none/worker-import.https.html b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-none/worker-import.https.html new file mode 100644 index 0000000000..777ec91f99 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-none/worker-import.https.html @@ -0,0 +1,82 @@ + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-none/worker-import.https.html.headers b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-none/worker-import.https.html.headers new file mode 100644 index 0000000000..c75aa51ab4 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-none/worker-import.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: worker-src 'none' diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-none/worker-module.http.html b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-none/worker-module.http.html new file mode 100644 index 0000000000..8e418f50b7 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-none/worker-module.http.html @@ -0,0 +1,42 @@ + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-none/worker-module.http.html.headers b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-none/worker-module.http.html.headers new file mode 100644 index 0000000000..c75aa51ab4 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-none/worker-module.http.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: worker-src 'none' diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-none/worker-module.https.html b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-none/worker-module.https.html new file mode 100644 index 0000000000..7ebb8250cd --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-none/worker-module.https.html @@ -0,0 +1,42 @@ + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-none/worker-module.https.html.headers b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-none/worker-module.https.html.headers new file mode 100644 index 0000000000..c75aa51ab4 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-none/worker-module.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: worker-src 'none' diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-none/worklet-animation-import-data.https.html b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-none/worklet-animation-import-data.https.html new file mode 100644 index 0000000000..e76d985825 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-none/worklet-animation-import-data.https.html @@ -0,0 +1,82 @@ + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-none/worklet-animation-import-data.https.html.headers b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-none/worklet-animation-import-data.https.html.headers new file mode 100644 index 0000000000..c75aa51ab4 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-none/worklet-animation-import-data.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: worker-src 'none' diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-none/worklet-animation.https.html b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-none/worklet-animation.https.html new file mode 100644 index 0000000000..35f658cb06 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-none/worklet-animation.https.html @@ -0,0 +1,82 @@ + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-none/worklet-animation.https.html.headers b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-none/worklet-animation.https.html.headers new file mode 100644 index 0000000000..c75aa51ab4 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-none/worklet-animation.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: worker-src 'none' diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-none/worklet-audio-import-data.https.html b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-none/worklet-audio-import-data.https.html new file mode 100644 index 0000000000..88f6fa6ff8 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-none/worklet-audio-import-data.https.html @@ -0,0 +1,82 @@ + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-none/worklet-audio-import-data.https.html.headers b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-none/worklet-audio-import-data.https.html.headers new file mode 100644 index 0000000000..c75aa51ab4 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-none/worklet-audio-import-data.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: worker-src 'none' diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-none/worklet-audio.https.html b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-none/worklet-audio.https.html new file mode 100644 index 0000000000..e2b02e941f --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-none/worklet-audio.https.html @@ -0,0 +1,82 @@ + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-none/worklet-audio.https.html.headers b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-none/worklet-audio.https.html.headers new file mode 100644 index 0000000000..c75aa51ab4 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-none/worklet-audio.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: worker-src 'none' diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-none/worklet-layout-import-data.https.html b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-none/worklet-layout-import-data.https.html new file mode 100644 index 0000000000..84d673d706 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-none/worklet-layout-import-data.https.html @@ -0,0 +1,82 @@ + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-none/worklet-layout-import-data.https.html.headers b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-none/worklet-layout-import-data.https.html.headers new file mode 100644 index 0000000000..c75aa51ab4 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-none/worklet-layout-import-data.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: worker-src 'none' diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-none/worklet-layout.https.html b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-none/worklet-layout.https.html new file mode 100644 index 0000000000..e8c8564561 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-none/worklet-layout.https.html @@ -0,0 +1,82 @@ + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-none/worklet-layout.https.html.headers b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-none/worklet-layout.https.html.headers new file mode 100644 index 0000000000..c75aa51ab4 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-none/worklet-layout.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: worker-src 'none' diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-none/worklet-paint-import-data.https.html b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-none/worklet-paint-import-data.https.html new file mode 100644 index 0000000000..5c4c1c57b9 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-none/worklet-paint-import-data.https.html @@ -0,0 +1,82 @@ + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-none/worklet-paint-import-data.https.html.headers b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-none/worklet-paint-import-data.https.html.headers new file mode 100644 index 0000000000..c75aa51ab4 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-none/worklet-paint-import-data.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: worker-src 'none' diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-none/worklet-paint.https.html b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-none/worklet-paint.https.html new file mode 100644 index 0000000000..e06edb7be2 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-none/worklet-paint.https.html @@ -0,0 +1,82 @@ + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-none/worklet-paint.https.html.headers b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-none/worklet-paint.https.html.headers new file mode 100644 index 0000000000..c75aa51ab4 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-none/worklet-paint.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: worker-src 'none' diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-self/script-tag.http.html b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-self/script-tag.http.html new file mode 100644 index 0000000000..4a8673d320 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-self/script-tag.http.html @@ -0,0 +1,82 @@ + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-self/script-tag.http.html.headers b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-self/script-tag.http.html.headers new file mode 100644 index 0000000000..d55f863f72 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-self/script-tag.http.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: worker-src 'self' diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-self/script-tag.https.html b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-self/script-tag.https.html new file mode 100644 index 0000000000..99d3fa4dbc --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-self/script-tag.https.html @@ -0,0 +1,82 @@ + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-self/script-tag.https.html.headers b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-self/script-tag.https.html.headers new file mode 100644 index 0000000000..d55f863f72 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-self/script-tag.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: worker-src 'self' diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-self/sharedworker-classic.http.html b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-self/sharedworker-classic.http.html new file mode 100644 index 0000000000..9539763e52 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-self/sharedworker-classic.http.html @@ -0,0 +1,42 @@ + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-self/sharedworker-classic.http.html.headers b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-self/sharedworker-classic.http.html.headers new file mode 100644 index 0000000000..d55f863f72 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-self/sharedworker-classic.http.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: worker-src 'self' diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-self/sharedworker-classic.https.html b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-self/sharedworker-classic.https.html new file mode 100644 index 0000000000..e8f4411aa2 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-self/sharedworker-classic.https.html @@ -0,0 +1,42 @@ + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-self/sharedworker-classic.https.html.headers b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-self/sharedworker-classic.https.html.headers new file mode 100644 index 0000000000..d55f863f72 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-self/sharedworker-classic.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: worker-src 'self' diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-self/sharedworker-import-data.http.html b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-self/sharedworker-import-data.http.html new file mode 100644 index 0000000000..dca4996e6b --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-self/sharedworker-import-data.http.html @@ -0,0 +1,82 @@ + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-self/sharedworker-import-data.http.html.headers b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-self/sharedworker-import-data.http.html.headers new file mode 100644 index 0000000000..d55f863f72 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-self/sharedworker-import-data.http.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: worker-src 'self' diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-self/sharedworker-import-data.https.html b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-self/sharedworker-import-data.https.html new file mode 100644 index 0000000000..e082a0aabd --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-self/sharedworker-import-data.https.html @@ -0,0 +1,82 @@ + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-self/sharedworker-import-data.https.html.headers b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-self/sharedworker-import-data.https.html.headers new file mode 100644 index 0000000000..d55f863f72 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-self/sharedworker-import-data.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: worker-src 'self' diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-self/sharedworker-import.http.html b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-self/sharedworker-import.http.html new file mode 100644 index 0000000000..79880d3822 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-self/sharedworker-import.http.html @@ -0,0 +1,82 @@ + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-self/sharedworker-import.http.html.headers b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-self/sharedworker-import.http.html.headers new file mode 100644 index 0000000000..d55f863f72 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-self/sharedworker-import.http.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: worker-src 'self' diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-self/sharedworker-import.https.html b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-self/sharedworker-import.https.html new file mode 100644 index 0000000000..b561c096e0 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-self/sharedworker-import.https.html @@ -0,0 +1,82 @@ + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-self/sharedworker-import.https.html.headers b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-self/sharedworker-import.https.html.headers new file mode 100644 index 0000000000..d55f863f72 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-self/sharedworker-import.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: worker-src 'self' diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-self/sharedworker-module.http.html b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-self/sharedworker-module.http.html new file mode 100644 index 0000000000..a8fd6b61f4 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-self/sharedworker-module.http.html @@ -0,0 +1,42 @@ + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-self/sharedworker-module.http.html.headers b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-self/sharedworker-module.http.html.headers new file mode 100644 index 0000000000..d55f863f72 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-self/sharedworker-module.http.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: worker-src 'self' diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-self/sharedworker-module.https.html b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-self/sharedworker-module.https.html new file mode 100644 index 0000000000..a9ccaf5f8d --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-self/sharedworker-module.https.html @@ -0,0 +1,42 @@ + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-self/sharedworker-module.https.html.headers b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-self/sharedworker-module.https.html.headers new file mode 100644 index 0000000000..d55f863f72 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-self/sharedworker-module.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: worker-src 'self' diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-self/worker-classic.http.html b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-self/worker-classic.http.html new file mode 100644 index 0000000000..755e1cfcc8 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-self/worker-classic.http.html @@ -0,0 +1,42 @@ + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-self/worker-classic.http.html.headers b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-self/worker-classic.http.html.headers new file mode 100644 index 0000000000..d55f863f72 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-self/worker-classic.http.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: worker-src 'self' diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-self/worker-classic.https.html b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-self/worker-classic.https.html new file mode 100644 index 0000000000..f745886d17 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-self/worker-classic.https.html @@ -0,0 +1,42 @@ + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-self/worker-classic.https.html.headers b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-self/worker-classic.https.html.headers new file mode 100644 index 0000000000..d55f863f72 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-self/worker-classic.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: worker-src 'self' diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-self/worker-import-data.http.html b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-self/worker-import-data.http.html new file mode 100644 index 0000000000..128bca9dc5 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-self/worker-import-data.http.html @@ -0,0 +1,82 @@ + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-self/worker-import-data.http.html.headers b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-self/worker-import-data.http.html.headers new file mode 100644 index 0000000000..d55f863f72 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-self/worker-import-data.http.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: worker-src 'self' diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-self/worker-import-data.https.html b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-self/worker-import-data.https.html new file mode 100644 index 0000000000..a819b2f680 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-self/worker-import-data.https.html @@ -0,0 +1,82 @@ + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-self/worker-import-data.https.html.headers b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-self/worker-import-data.https.html.headers new file mode 100644 index 0000000000..d55f863f72 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-self/worker-import-data.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: worker-src 'self' diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-self/worker-import.http.html b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-self/worker-import.http.html new file mode 100644 index 0000000000..c15a45c6cf --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-self/worker-import.http.html @@ -0,0 +1,82 @@ + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-self/worker-import.http.html.headers b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-self/worker-import.http.html.headers new file mode 100644 index 0000000000..d55f863f72 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-self/worker-import.http.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: worker-src 'self' diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-self/worker-import.https.html b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-self/worker-import.https.html new file mode 100644 index 0000000000..fb93bdec2e --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-self/worker-import.https.html @@ -0,0 +1,82 @@ + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-self/worker-import.https.html.headers b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-self/worker-import.https.html.headers new file mode 100644 index 0000000000..d55f863f72 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-self/worker-import.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: worker-src 'self' diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-self/worker-module.http.html b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-self/worker-module.http.html new file mode 100644 index 0000000000..ae0d919833 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-self/worker-module.http.html @@ -0,0 +1,42 @@ + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-self/worker-module.http.html.headers b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-self/worker-module.http.html.headers new file mode 100644 index 0000000000..d55f863f72 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-self/worker-module.http.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: worker-src 'self' diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-self/worker-module.https.html b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-self/worker-module.https.html new file mode 100644 index 0000000000..f630ea0ff1 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-self/worker-module.https.html @@ -0,0 +1,42 @@ + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-self/worker-module.https.html.headers b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-self/worker-module.https.html.headers new file mode 100644 index 0000000000..d55f863f72 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-self/worker-module.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: worker-src 'self' diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-self/worklet-animation-import-data.https.html b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-self/worklet-animation-import-data.https.html new file mode 100644 index 0000000000..e76d985825 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-self/worklet-animation-import-data.https.html @@ -0,0 +1,82 @@ + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-self/worklet-animation-import-data.https.html.headers b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-self/worklet-animation-import-data.https.html.headers new file mode 100644 index 0000000000..d55f863f72 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-self/worklet-animation-import-data.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: worker-src 'self' diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-self/worklet-animation.https.html b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-self/worklet-animation.https.html new file mode 100644 index 0000000000..35f658cb06 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-self/worklet-animation.https.html @@ -0,0 +1,82 @@ + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-self/worklet-animation.https.html.headers b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-self/worklet-animation.https.html.headers new file mode 100644 index 0000000000..d55f863f72 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-self/worklet-animation.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: worker-src 'self' diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-self/worklet-audio-import-data.https.html b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-self/worklet-audio-import-data.https.html new file mode 100644 index 0000000000..88f6fa6ff8 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-self/worklet-audio-import-data.https.html @@ -0,0 +1,82 @@ + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-self/worklet-audio-import-data.https.html.headers b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-self/worklet-audio-import-data.https.html.headers new file mode 100644 index 0000000000..d55f863f72 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-self/worklet-audio-import-data.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: worker-src 'self' diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-self/worklet-audio.https.html b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-self/worklet-audio.https.html new file mode 100644 index 0000000000..e2b02e941f --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-self/worklet-audio.https.html @@ -0,0 +1,82 @@ + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-self/worklet-audio.https.html.headers b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-self/worklet-audio.https.html.headers new file mode 100644 index 0000000000..d55f863f72 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-self/worklet-audio.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: worker-src 'self' diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-self/worklet-layout-import-data.https.html b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-self/worklet-layout-import-data.https.html new file mode 100644 index 0000000000..84d673d706 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-self/worklet-layout-import-data.https.html @@ -0,0 +1,82 @@ + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-self/worklet-layout-import-data.https.html.headers b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-self/worklet-layout-import-data.https.html.headers new file mode 100644 index 0000000000..d55f863f72 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-self/worklet-layout-import-data.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: worker-src 'self' diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-self/worklet-layout.https.html b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-self/worklet-layout.https.html new file mode 100644 index 0000000000..e8c8564561 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-self/worklet-layout.https.html @@ -0,0 +1,82 @@ + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-self/worklet-layout.https.html.headers b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-self/worklet-layout.https.html.headers new file mode 100644 index 0000000000..d55f863f72 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-self/worklet-layout.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: worker-src 'self' diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-self/worklet-paint-import-data.https.html b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-self/worklet-paint-import-data.https.html new file mode 100644 index 0000000000..5c4c1c57b9 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-self/worklet-paint-import-data.https.html @@ -0,0 +1,82 @@ + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-self/worklet-paint-import-data.https.html.headers b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-self/worklet-paint-import-data.https.html.headers new file mode 100644 index 0000000000..d55f863f72 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-self/worklet-paint-import-data.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: worker-src 'self' diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-self/worklet-paint.https.html b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-self/worklet-paint.https.html new file mode 100644 index 0000000000..e06edb7be2 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-self/worklet-paint.https.html @@ -0,0 +1,82 @@ + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-self/worklet-paint.https.html.headers b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-self/worklet-paint.https.html.headers new file mode 100644 index 0000000000..d55f863f72 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-self/worklet-paint.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: worker-src 'self' diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-wildcard/script-tag.http.html b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-wildcard/script-tag.http.html new file mode 100644 index 0000000000..4a8673d320 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-wildcard/script-tag.http.html @@ -0,0 +1,82 @@ + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-wildcard/script-tag.http.html.headers b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-wildcard/script-tag.http.html.headers new file mode 100644 index 0000000000..59e5c0fc4a --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-wildcard/script-tag.http.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: worker-src * diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-wildcard/script-tag.https.html b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-wildcard/script-tag.https.html new file mode 100644 index 0000000000..99d3fa4dbc --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-wildcard/script-tag.https.html @@ -0,0 +1,82 @@ + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-wildcard/script-tag.https.html.headers b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-wildcard/script-tag.https.html.headers new file mode 100644 index 0000000000..59e5c0fc4a --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-wildcard/script-tag.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: worker-src * diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-wildcard/sharedworker-classic.http.html b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-wildcard/sharedworker-classic.http.html new file mode 100644 index 0000000000..9539763e52 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-wildcard/sharedworker-classic.http.html @@ -0,0 +1,42 @@ + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-wildcard/sharedworker-classic.http.html.headers b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-wildcard/sharedworker-classic.http.html.headers new file mode 100644 index 0000000000..59e5c0fc4a --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-wildcard/sharedworker-classic.http.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: worker-src * diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-wildcard/sharedworker-classic.https.html b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-wildcard/sharedworker-classic.https.html new file mode 100644 index 0000000000..e8f4411aa2 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-wildcard/sharedworker-classic.https.html @@ -0,0 +1,42 @@ + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-wildcard/sharedworker-classic.https.html.headers b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-wildcard/sharedworker-classic.https.html.headers new file mode 100644 index 0000000000..59e5c0fc4a --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-wildcard/sharedworker-classic.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: worker-src * diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-wildcard/sharedworker-import-data.http.html b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-wildcard/sharedworker-import-data.http.html new file mode 100644 index 0000000000..dca4996e6b --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-wildcard/sharedworker-import-data.http.html @@ -0,0 +1,82 @@ + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-wildcard/sharedworker-import-data.http.html.headers b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-wildcard/sharedworker-import-data.http.html.headers new file mode 100644 index 0000000000..59e5c0fc4a --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-wildcard/sharedworker-import-data.http.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: worker-src * diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-wildcard/sharedworker-import-data.https.html b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-wildcard/sharedworker-import-data.https.html new file mode 100644 index 0000000000..e082a0aabd --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-wildcard/sharedworker-import-data.https.html @@ -0,0 +1,82 @@ + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-wildcard/sharedworker-import-data.https.html.headers b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-wildcard/sharedworker-import-data.https.html.headers new file mode 100644 index 0000000000..59e5c0fc4a --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-wildcard/sharedworker-import-data.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: worker-src * diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-wildcard/sharedworker-import.http.html b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-wildcard/sharedworker-import.http.html new file mode 100644 index 0000000000..235eb3b5ea --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-wildcard/sharedworker-import.http.html @@ -0,0 +1,82 @@ + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-wildcard/sharedworker-import.http.html.headers b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-wildcard/sharedworker-import.http.html.headers new file mode 100644 index 0000000000..59e5c0fc4a --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-wildcard/sharedworker-import.http.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: worker-src * diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-wildcard/sharedworker-import.https.html b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-wildcard/sharedworker-import.https.html new file mode 100644 index 0000000000..c0e60c1197 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-wildcard/sharedworker-import.https.html @@ -0,0 +1,82 @@ + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-wildcard/sharedworker-import.https.html.headers b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-wildcard/sharedworker-import.https.html.headers new file mode 100644 index 0000000000..59e5c0fc4a --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-wildcard/sharedworker-import.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: worker-src * diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-wildcard/sharedworker-module.http.html b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-wildcard/sharedworker-module.http.html new file mode 100644 index 0000000000..a8fd6b61f4 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-wildcard/sharedworker-module.http.html @@ -0,0 +1,42 @@ + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-wildcard/sharedworker-module.http.html.headers b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-wildcard/sharedworker-module.http.html.headers new file mode 100644 index 0000000000..59e5c0fc4a --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-wildcard/sharedworker-module.http.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: worker-src * diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-wildcard/sharedworker-module.https.html b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-wildcard/sharedworker-module.https.html new file mode 100644 index 0000000000..a9ccaf5f8d --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-wildcard/sharedworker-module.https.html @@ -0,0 +1,42 @@ + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-wildcard/sharedworker-module.https.html.headers b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-wildcard/sharedworker-module.https.html.headers new file mode 100644 index 0000000000..59e5c0fc4a --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-wildcard/sharedworker-module.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: worker-src * diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-wildcard/worker-classic.http.html b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-wildcard/worker-classic.http.html new file mode 100644 index 0000000000..755e1cfcc8 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-wildcard/worker-classic.http.html @@ -0,0 +1,42 @@ + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-wildcard/worker-classic.http.html.headers b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-wildcard/worker-classic.http.html.headers new file mode 100644 index 0000000000..59e5c0fc4a --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-wildcard/worker-classic.http.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: worker-src * diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-wildcard/worker-classic.https.html b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-wildcard/worker-classic.https.html new file mode 100644 index 0000000000..f745886d17 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-wildcard/worker-classic.https.html @@ -0,0 +1,42 @@ + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-wildcard/worker-classic.https.html.headers b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-wildcard/worker-classic.https.html.headers new file mode 100644 index 0000000000..59e5c0fc4a --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-wildcard/worker-classic.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: worker-src * diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-wildcard/worker-import-data.http.html b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-wildcard/worker-import-data.http.html new file mode 100644 index 0000000000..128bca9dc5 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-wildcard/worker-import-data.http.html @@ -0,0 +1,82 @@ + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-wildcard/worker-import-data.http.html.headers b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-wildcard/worker-import-data.http.html.headers new file mode 100644 index 0000000000..59e5c0fc4a --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-wildcard/worker-import-data.http.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: worker-src * diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-wildcard/worker-import-data.https.html b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-wildcard/worker-import-data.https.html new file mode 100644 index 0000000000..a819b2f680 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-wildcard/worker-import-data.https.html @@ -0,0 +1,82 @@ + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-wildcard/worker-import-data.https.html.headers b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-wildcard/worker-import-data.https.html.headers new file mode 100644 index 0000000000..59e5c0fc4a --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-wildcard/worker-import-data.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: worker-src * diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-wildcard/worker-import.http.html b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-wildcard/worker-import.http.html new file mode 100644 index 0000000000..8e729f63bd --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-wildcard/worker-import.http.html @@ -0,0 +1,82 @@ + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-wildcard/worker-import.http.html.headers b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-wildcard/worker-import.http.html.headers new file mode 100644 index 0000000000..59e5c0fc4a --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-wildcard/worker-import.http.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: worker-src * diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-wildcard/worker-import.https.html b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-wildcard/worker-import.https.html new file mode 100644 index 0000000000..ecb08bfb33 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-wildcard/worker-import.https.html @@ -0,0 +1,82 @@ + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-wildcard/worker-import.https.html.headers b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-wildcard/worker-import.https.html.headers new file mode 100644 index 0000000000..59e5c0fc4a --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-wildcard/worker-import.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: worker-src * diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-wildcard/worker-module.http.html b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-wildcard/worker-module.http.html new file mode 100644 index 0000000000..ae0d919833 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-wildcard/worker-module.http.html @@ -0,0 +1,42 @@ + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-wildcard/worker-module.http.html.headers b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-wildcard/worker-module.http.html.headers new file mode 100644 index 0000000000..59e5c0fc4a --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-wildcard/worker-module.http.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: worker-src * diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-wildcard/worker-module.https.html b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-wildcard/worker-module.https.html new file mode 100644 index 0000000000..f630ea0ff1 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-wildcard/worker-module.https.html @@ -0,0 +1,42 @@ + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-wildcard/worker-module.https.html.headers b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-wildcard/worker-module.https.html.headers new file mode 100644 index 0000000000..59e5c0fc4a --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-wildcard/worker-module.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: worker-src * diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-wildcard/worklet-animation-import-data.https.html b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-wildcard/worklet-animation-import-data.https.html new file mode 100644 index 0000000000..e76d985825 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-wildcard/worklet-animation-import-data.https.html @@ -0,0 +1,82 @@ + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-wildcard/worklet-animation-import-data.https.html.headers b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-wildcard/worklet-animation-import-data.https.html.headers new file mode 100644 index 0000000000..59e5c0fc4a --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-wildcard/worklet-animation-import-data.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: worker-src * diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-wildcard/worklet-animation.https.html b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-wildcard/worklet-animation.https.html new file mode 100644 index 0000000000..35f658cb06 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-wildcard/worklet-animation.https.html @@ -0,0 +1,82 @@ + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-wildcard/worklet-animation.https.html.headers b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-wildcard/worklet-animation.https.html.headers new file mode 100644 index 0000000000..59e5c0fc4a --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-wildcard/worklet-animation.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: worker-src * diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-wildcard/worklet-audio-import-data.https.html b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-wildcard/worklet-audio-import-data.https.html new file mode 100644 index 0000000000..88f6fa6ff8 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-wildcard/worklet-audio-import-data.https.html @@ -0,0 +1,82 @@ + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-wildcard/worklet-audio-import-data.https.html.headers b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-wildcard/worklet-audio-import-data.https.html.headers new file mode 100644 index 0000000000..59e5c0fc4a --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-wildcard/worklet-audio-import-data.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: worker-src * diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-wildcard/worklet-audio.https.html b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-wildcard/worklet-audio.https.html new file mode 100644 index 0000000000..e2b02e941f --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-wildcard/worklet-audio.https.html @@ -0,0 +1,82 @@ + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-wildcard/worklet-audio.https.html.headers b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-wildcard/worklet-audio.https.html.headers new file mode 100644 index 0000000000..59e5c0fc4a --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-wildcard/worklet-audio.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: worker-src * diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-wildcard/worklet-layout-import-data.https.html b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-wildcard/worklet-layout-import-data.https.html new file mode 100644 index 0000000000..84d673d706 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-wildcard/worklet-layout-import-data.https.html @@ -0,0 +1,82 @@ + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-wildcard/worklet-layout-import-data.https.html.headers b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-wildcard/worklet-layout-import-data.https.html.headers new file mode 100644 index 0000000000..59e5c0fc4a --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-wildcard/worklet-layout-import-data.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: worker-src * diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-wildcard/worklet-layout.https.html b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-wildcard/worklet-layout.https.html new file mode 100644 index 0000000000..e8c8564561 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-wildcard/worklet-layout.https.html @@ -0,0 +1,82 @@ + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-wildcard/worklet-layout.https.html.headers b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-wildcard/worklet-layout.https.html.headers new file mode 100644 index 0000000000..59e5c0fc4a --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-wildcard/worklet-layout.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: worker-src * diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-wildcard/worklet-paint-import-data.https.html b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-wildcard/worklet-paint-import-data.https.html new file mode 100644 index 0000000000..5c4c1c57b9 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-wildcard/worklet-paint-import-data.https.html @@ -0,0 +1,82 @@ + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-wildcard/worklet-paint-import-data.https.html.headers b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-wildcard/worklet-paint-import-data.https.html.headers new file mode 100644 index 0000000000..59e5c0fc4a --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-wildcard/worklet-paint-import-data.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: worker-src * diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-wildcard/worklet-paint.https.html b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-wildcard/worklet-paint.https.html new file mode 100644 index 0000000000..e06edb7be2 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-wildcard/worklet-paint.https.html @@ -0,0 +1,82 @@ + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-wildcard/worklet-paint.https.html.headers b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-wildcard/worklet-paint.https.html.headers new file mode 100644 index 0000000000..59e5c0fc4a --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.http-rp/worker-src-wildcard/worklet-paint.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: worker-src * diff --git a/testing/web-platform/tests/content-security-policy/gen/top.meta/script-src-self/script-tag.http.html b/testing/web-platform/tests/content-security-policy/gen/top.meta/script-src-self/script-tag.http.html new file mode 100644 index 0000000000..2490b51d29 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.meta/script-src-self/script-tag.http.html @@ -0,0 +1,83 @@ + + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.meta/script-src-self/script-tag.https.html b/testing/web-platform/tests/content-security-policy/gen/top.meta/script-src-self/script-tag.https.html new file mode 100644 index 0000000000..ce2d9dcc40 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.meta/script-src-self/script-tag.https.html @@ -0,0 +1,83 @@ + + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.meta/script-src-self/sharedworker-classic.http.html b/testing/web-platform/tests/content-security-policy/gen/top.meta/script-src-self/sharedworker-classic.http.html new file mode 100644 index 0000000000..3d8a6c917d --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.meta/script-src-self/sharedworker-classic.http.html @@ -0,0 +1,43 @@ + + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.meta/script-src-self/sharedworker-classic.https.html b/testing/web-platform/tests/content-security-policy/gen/top.meta/script-src-self/sharedworker-classic.https.html new file mode 100644 index 0000000000..017f25415f --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.meta/script-src-self/sharedworker-classic.https.html @@ -0,0 +1,43 @@ + + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.meta/script-src-self/sharedworker-import-data.http.html b/testing/web-platform/tests/content-security-policy/gen/top.meta/script-src-self/sharedworker-import-data.http.html new file mode 100644 index 0000000000..8b65298fe2 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.meta/script-src-self/sharedworker-import-data.http.html @@ -0,0 +1,83 @@ + + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.meta/script-src-self/sharedworker-import-data.https.html b/testing/web-platform/tests/content-security-policy/gen/top.meta/script-src-self/sharedworker-import-data.https.html new file mode 100644 index 0000000000..07ee2c8474 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.meta/script-src-self/sharedworker-import-data.https.html @@ -0,0 +1,83 @@ + + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.meta/script-src-self/sharedworker-import.http.html b/testing/web-platform/tests/content-security-policy/gen/top.meta/script-src-self/sharedworker-import.http.html new file mode 100644 index 0000000000..1f64e8ab9d --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.meta/script-src-self/sharedworker-import.http.html @@ -0,0 +1,83 @@ + + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.meta/script-src-self/sharedworker-import.https.html b/testing/web-platform/tests/content-security-policy/gen/top.meta/script-src-self/sharedworker-import.https.html new file mode 100644 index 0000000000..d91caff000 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.meta/script-src-self/sharedworker-import.https.html @@ -0,0 +1,83 @@ + + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.meta/script-src-self/sharedworker-module.http.html b/testing/web-platform/tests/content-security-policy/gen/top.meta/script-src-self/sharedworker-module.http.html new file mode 100644 index 0000000000..1645db76b4 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.meta/script-src-self/sharedworker-module.http.html @@ -0,0 +1,43 @@ + + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.meta/script-src-self/sharedworker-module.https.html b/testing/web-platform/tests/content-security-policy/gen/top.meta/script-src-self/sharedworker-module.https.html new file mode 100644 index 0000000000..1be825f89e --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.meta/script-src-self/sharedworker-module.https.html @@ -0,0 +1,43 @@ + + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.meta/script-src-self/worker-classic.http.html b/testing/web-platform/tests/content-security-policy/gen/top.meta/script-src-self/worker-classic.http.html new file mode 100644 index 0000000000..9c0a4f09b4 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.meta/script-src-self/worker-classic.http.html @@ -0,0 +1,43 @@ + + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.meta/script-src-self/worker-classic.https.html b/testing/web-platform/tests/content-security-policy/gen/top.meta/script-src-self/worker-classic.https.html new file mode 100644 index 0000000000..1c05c68113 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.meta/script-src-self/worker-classic.https.html @@ -0,0 +1,43 @@ + + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.meta/script-src-self/worker-import-data.http.html b/testing/web-platform/tests/content-security-policy/gen/top.meta/script-src-self/worker-import-data.http.html new file mode 100644 index 0000000000..9d779e5c32 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.meta/script-src-self/worker-import-data.http.html @@ -0,0 +1,83 @@ + + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.meta/script-src-self/worker-import-data.https.html b/testing/web-platform/tests/content-security-policy/gen/top.meta/script-src-self/worker-import-data.https.html new file mode 100644 index 0000000000..811604d52c --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.meta/script-src-self/worker-import-data.https.html @@ -0,0 +1,83 @@ + + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.meta/script-src-self/worker-import.http.html b/testing/web-platform/tests/content-security-policy/gen/top.meta/script-src-self/worker-import.http.html new file mode 100644 index 0000000000..5d4e86c55d --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.meta/script-src-self/worker-import.http.html @@ -0,0 +1,83 @@ + + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.meta/script-src-self/worker-import.https.html b/testing/web-platform/tests/content-security-policy/gen/top.meta/script-src-self/worker-import.https.html new file mode 100644 index 0000000000..4813ae58bb --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.meta/script-src-self/worker-import.https.html @@ -0,0 +1,83 @@ + + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.meta/script-src-self/worker-module.http.html b/testing/web-platform/tests/content-security-policy/gen/top.meta/script-src-self/worker-module.http.html new file mode 100644 index 0000000000..0fe08ca09c --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.meta/script-src-self/worker-module.http.html @@ -0,0 +1,43 @@ + + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.meta/script-src-self/worker-module.https.html b/testing/web-platform/tests/content-security-policy/gen/top.meta/script-src-self/worker-module.https.html new file mode 100644 index 0000000000..c116226abe --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.meta/script-src-self/worker-module.https.html @@ -0,0 +1,43 @@ + + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.meta/script-src-self/worklet-animation-import-data.https.html b/testing/web-platform/tests/content-security-policy/gen/top.meta/script-src-self/worklet-animation-import-data.https.html new file mode 100644 index 0000000000..d8eb6d72cb --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.meta/script-src-self/worklet-animation-import-data.https.html @@ -0,0 +1,83 @@ + + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.meta/script-src-self/worklet-animation.https.html b/testing/web-platform/tests/content-security-policy/gen/top.meta/script-src-self/worklet-animation.https.html new file mode 100644 index 0000000000..755ec46954 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.meta/script-src-self/worklet-animation.https.html @@ -0,0 +1,83 @@ + + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.meta/script-src-self/worklet-audio-import-data.https.html b/testing/web-platform/tests/content-security-policy/gen/top.meta/script-src-self/worklet-audio-import-data.https.html new file mode 100644 index 0000000000..bd31e5a853 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.meta/script-src-self/worklet-audio-import-data.https.html @@ -0,0 +1,83 @@ + + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.meta/script-src-self/worklet-audio.https.html b/testing/web-platform/tests/content-security-policy/gen/top.meta/script-src-self/worklet-audio.https.html new file mode 100644 index 0000000000..63dbc4fcbc --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.meta/script-src-self/worklet-audio.https.html @@ -0,0 +1,83 @@ + + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.meta/script-src-self/worklet-layout-import-data.https.html b/testing/web-platform/tests/content-security-policy/gen/top.meta/script-src-self/worklet-layout-import-data.https.html new file mode 100644 index 0000000000..2dd7414c44 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.meta/script-src-self/worklet-layout-import-data.https.html @@ -0,0 +1,83 @@ + + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.meta/script-src-self/worklet-layout.https.html b/testing/web-platform/tests/content-security-policy/gen/top.meta/script-src-self/worklet-layout.https.html new file mode 100644 index 0000000000..6e8ab9f324 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.meta/script-src-self/worklet-layout.https.html @@ -0,0 +1,83 @@ + + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.meta/script-src-self/worklet-paint-import-data.https.html b/testing/web-platform/tests/content-security-policy/gen/top.meta/script-src-self/worklet-paint-import-data.https.html new file mode 100644 index 0000000000..ed95e243c4 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.meta/script-src-self/worklet-paint-import-data.https.html @@ -0,0 +1,83 @@ + + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.meta/script-src-self/worklet-paint.https.html b/testing/web-platform/tests/content-security-policy/gen/top.meta/script-src-self/worklet-paint.https.html new file mode 100644 index 0000000000..6619a3c6a8 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.meta/script-src-self/worklet-paint.https.html @@ -0,0 +1,83 @@ + + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.meta/script-src-wildcard/script-tag.http.html b/testing/web-platform/tests/content-security-policy/gen/top.meta/script-src-wildcard/script-tag.http.html new file mode 100644 index 0000000000..298019cfae --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.meta/script-src-wildcard/script-tag.http.html @@ -0,0 +1,83 @@ + + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.meta/script-src-wildcard/script-tag.https.html b/testing/web-platform/tests/content-security-policy/gen/top.meta/script-src-wildcard/script-tag.https.html new file mode 100644 index 0000000000..bcd9e41164 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.meta/script-src-wildcard/script-tag.https.html @@ -0,0 +1,83 @@ + + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.meta/script-src-wildcard/sharedworker-classic.http.html b/testing/web-platform/tests/content-security-policy/gen/top.meta/script-src-wildcard/sharedworker-classic.http.html new file mode 100644 index 0000000000..8af7a3b337 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.meta/script-src-wildcard/sharedworker-classic.http.html @@ -0,0 +1,43 @@ + + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.meta/script-src-wildcard/sharedworker-classic.https.html b/testing/web-platform/tests/content-security-policy/gen/top.meta/script-src-wildcard/sharedworker-classic.https.html new file mode 100644 index 0000000000..1b52800782 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.meta/script-src-wildcard/sharedworker-classic.https.html @@ -0,0 +1,43 @@ + + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.meta/script-src-wildcard/sharedworker-import-data.http.html b/testing/web-platform/tests/content-security-policy/gen/top.meta/script-src-wildcard/sharedworker-import-data.http.html new file mode 100644 index 0000000000..b9663e2993 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.meta/script-src-wildcard/sharedworker-import-data.http.html @@ -0,0 +1,83 @@ + + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.meta/script-src-wildcard/sharedworker-import-data.https.html b/testing/web-platform/tests/content-security-policy/gen/top.meta/script-src-wildcard/sharedworker-import-data.https.html new file mode 100644 index 0000000000..7f97a53c5b --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.meta/script-src-wildcard/sharedworker-import-data.https.html @@ -0,0 +1,83 @@ + + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.meta/script-src-wildcard/sharedworker-import.http.html b/testing/web-platform/tests/content-security-policy/gen/top.meta/script-src-wildcard/sharedworker-import.http.html new file mode 100644 index 0000000000..f91d542671 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.meta/script-src-wildcard/sharedworker-import.http.html @@ -0,0 +1,83 @@ + + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.meta/script-src-wildcard/sharedworker-import.https.html b/testing/web-platform/tests/content-security-policy/gen/top.meta/script-src-wildcard/sharedworker-import.https.html new file mode 100644 index 0000000000..0ed064fa95 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.meta/script-src-wildcard/sharedworker-import.https.html @@ -0,0 +1,83 @@ + + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.meta/script-src-wildcard/sharedworker-module.http.html b/testing/web-platform/tests/content-security-policy/gen/top.meta/script-src-wildcard/sharedworker-module.http.html new file mode 100644 index 0000000000..b3c7e12802 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.meta/script-src-wildcard/sharedworker-module.http.html @@ -0,0 +1,43 @@ + + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.meta/script-src-wildcard/sharedworker-module.https.html b/testing/web-platform/tests/content-security-policy/gen/top.meta/script-src-wildcard/sharedworker-module.https.html new file mode 100644 index 0000000000..f2731a389e --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.meta/script-src-wildcard/sharedworker-module.https.html @@ -0,0 +1,43 @@ + + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.meta/script-src-wildcard/worker-classic.http.html b/testing/web-platform/tests/content-security-policy/gen/top.meta/script-src-wildcard/worker-classic.http.html new file mode 100644 index 0000000000..17ed6fc9c6 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.meta/script-src-wildcard/worker-classic.http.html @@ -0,0 +1,43 @@ + + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.meta/script-src-wildcard/worker-classic.https.html b/testing/web-platform/tests/content-security-policy/gen/top.meta/script-src-wildcard/worker-classic.https.html new file mode 100644 index 0000000000..9a397d129f --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.meta/script-src-wildcard/worker-classic.https.html @@ -0,0 +1,43 @@ + + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.meta/script-src-wildcard/worker-import-data.http.html b/testing/web-platform/tests/content-security-policy/gen/top.meta/script-src-wildcard/worker-import-data.http.html new file mode 100644 index 0000000000..4d4134b88f --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.meta/script-src-wildcard/worker-import-data.http.html @@ -0,0 +1,83 @@ + + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.meta/script-src-wildcard/worker-import-data.https.html b/testing/web-platform/tests/content-security-policy/gen/top.meta/script-src-wildcard/worker-import-data.https.html new file mode 100644 index 0000000000..34f4bc67fd --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.meta/script-src-wildcard/worker-import-data.https.html @@ -0,0 +1,83 @@ + + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.meta/script-src-wildcard/worker-import.http.html b/testing/web-platform/tests/content-security-policy/gen/top.meta/script-src-wildcard/worker-import.http.html new file mode 100644 index 0000000000..ce1b63e280 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.meta/script-src-wildcard/worker-import.http.html @@ -0,0 +1,83 @@ + + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.meta/script-src-wildcard/worker-import.https.html b/testing/web-platform/tests/content-security-policy/gen/top.meta/script-src-wildcard/worker-import.https.html new file mode 100644 index 0000000000..9f2b25ea2b --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.meta/script-src-wildcard/worker-import.https.html @@ -0,0 +1,83 @@ + + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.meta/script-src-wildcard/worker-module.http.html b/testing/web-platform/tests/content-security-policy/gen/top.meta/script-src-wildcard/worker-module.http.html new file mode 100644 index 0000000000..f939428700 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.meta/script-src-wildcard/worker-module.http.html @@ -0,0 +1,43 @@ + + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.meta/script-src-wildcard/worker-module.https.html b/testing/web-platform/tests/content-security-policy/gen/top.meta/script-src-wildcard/worker-module.https.html new file mode 100644 index 0000000000..df6fa84aab --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.meta/script-src-wildcard/worker-module.https.html @@ -0,0 +1,43 @@ + + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.meta/script-src-wildcard/worklet-animation-import-data.https.html b/testing/web-platform/tests/content-security-policy/gen/top.meta/script-src-wildcard/worklet-animation-import-data.https.html new file mode 100644 index 0000000000..abd386200f --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.meta/script-src-wildcard/worklet-animation-import-data.https.html @@ -0,0 +1,83 @@ + + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.meta/script-src-wildcard/worklet-animation.https.html b/testing/web-platform/tests/content-security-policy/gen/top.meta/script-src-wildcard/worklet-animation.https.html new file mode 100644 index 0000000000..258bebb569 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.meta/script-src-wildcard/worklet-animation.https.html @@ -0,0 +1,83 @@ + + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.meta/script-src-wildcard/worklet-audio-import-data.https.html b/testing/web-platform/tests/content-security-policy/gen/top.meta/script-src-wildcard/worklet-audio-import-data.https.html new file mode 100644 index 0000000000..4fbd224b57 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.meta/script-src-wildcard/worklet-audio-import-data.https.html @@ -0,0 +1,83 @@ + + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.meta/script-src-wildcard/worklet-audio.https.html b/testing/web-platform/tests/content-security-policy/gen/top.meta/script-src-wildcard/worklet-audio.https.html new file mode 100644 index 0000000000..91920cfde7 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.meta/script-src-wildcard/worklet-audio.https.html @@ -0,0 +1,83 @@ + + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.meta/script-src-wildcard/worklet-layout-import-data.https.html b/testing/web-platform/tests/content-security-policy/gen/top.meta/script-src-wildcard/worklet-layout-import-data.https.html new file mode 100644 index 0000000000..fcaaba6d1d --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.meta/script-src-wildcard/worklet-layout-import-data.https.html @@ -0,0 +1,83 @@ + + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.meta/script-src-wildcard/worklet-layout.https.html b/testing/web-platform/tests/content-security-policy/gen/top.meta/script-src-wildcard/worklet-layout.https.html new file mode 100644 index 0000000000..25aa1900fc --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.meta/script-src-wildcard/worklet-layout.https.html @@ -0,0 +1,83 @@ + + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.meta/script-src-wildcard/worklet-paint-import-data.https.html b/testing/web-platform/tests/content-security-policy/gen/top.meta/script-src-wildcard/worklet-paint-import-data.https.html new file mode 100644 index 0000000000..8eb2ccf20c --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.meta/script-src-wildcard/worklet-paint-import-data.https.html @@ -0,0 +1,83 @@ + + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.meta/script-src-wildcard/worklet-paint.https.html b/testing/web-platform/tests/content-security-policy/gen/top.meta/script-src-wildcard/worklet-paint.https.html new file mode 100644 index 0000000000..4c1c9d9442 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.meta/script-src-wildcard/worklet-paint.https.html @@ -0,0 +1,83 @@ + + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-none/script-tag.http.html b/testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-none/script-tag.http.html new file mode 100644 index 0000000000..808f87b8af --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-none/script-tag.http.html @@ -0,0 +1,83 @@ + + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-none/script-tag.https.html b/testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-none/script-tag.https.html new file mode 100644 index 0000000000..3984c0aca0 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-none/script-tag.https.html @@ -0,0 +1,83 @@ + + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-none/sharedworker-classic.http.html b/testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-none/sharedworker-classic.http.html new file mode 100644 index 0000000000..c9a52b9e8a --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-none/sharedworker-classic.http.html @@ -0,0 +1,43 @@ + + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-none/sharedworker-classic.https.html b/testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-none/sharedworker-classic.https.html new file mode 100644 index 0000000000..9c5d99d653 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-none/sharedworker-classic.https.html @@ -0,0 +1,43 @@ + + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-none/sharedworker-import-data.http.html b/testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-none/sharedworker-import-data.http.html new file mode 100644 index 0000000000..67aa293d60 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-none/sharedworker-import-data.http.html @@ -0,0 +1,83 @@ + + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-none/sharedworker-import-data.https.html b/testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-none/sharedworker-import-data.https.html new file mode 100644 index 0000000000..962656cf85 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-none/sharedworker-import-data.https.html @@ -0,0 +1,83 @@ + + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-none/sharedworker-import.http.html b/testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-none/sharedworker-import.http.html new file mode 100644 index 0000000000..d7d3fde214 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-none/sharedworker-import.http.html @@ -0,0 +1,83 @@ + + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-none/sharedworker-import.https.html b/testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-none/sharedworker-import.https.html new file mode 100644 index 0000000000..a71218033e --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-none/sharedworker-import.https.html @@ -0,0 +1,83 @@ + + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-none/sharedworker-module.http.html b/testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-none/sharedworker-module.http.html new file mode 100644 index 0000000000..eab9578956 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-none/sharedworker-module.http.html @@ -0,0 +1,43 @@ + + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-none/sharedworker-module.https.html b/testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-none/sharedworker-module.https.html new file mode 100644 index 0000000000..54ee491d2c --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-none/sharedworker-module.https.html @@ -0,0 +1,43 @@ + + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-none/worker-classic.http.html b/testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-none/worker-classic.http.html new file mode 100644 index 0000000000..fb2a513be6 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-none/worker-classic.http.html @@ -0,0 +1,43 @@ + + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-none/worker-classic.https.html b/testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-none/worker-classic.https.html new file mode 100644 index 0000000000..b858ab6fd3 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-none/worker-classic.https.html @@ -0,0 +1,43 @@ + + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-none/worker-import-data.http.html b/testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-none/worker-import-data.http.html new file mode 100644 index 0000000000..c51f5fdfc9 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-none/worker-import-data.http.html @@ -0,0 +1,83 @@ + + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-none/worker-import-data.https.html b/testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-none/worker-import-data.https.html new file mode 100644 index 0000000000..ba72382263 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-none/worker-import-data.https.html @@ -0,0 +1,83 @@ + + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-none/worker-import.http.html b/testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-none/worker-import.http.html new file mode 100644 index 0000000000..ecc354b42c --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-none/worker-import.http.html @@ -0,0 +1,83 @@ + + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-none/worker-import.https.html b/testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-none/worker-import.https.html new file mode 100644 index 0000000000..d46f8002c7 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-none/worker-import.https.html @@ -0,0 +1,83 @@ + + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-none/worker-module.http.html b/testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-none/worker-module.http.html new file mode 100644 index 0000000000..dbb3736d8c --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-none/worker-module.http.html @@ -0,0 +1,43 @@ + + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-none/worker-module.https.html b/testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-none/worker-module.https.html new file mode 100644 index 0000000000..ecb46e6c5a --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-none/worker-module.https.html @@ -0,0 +1,43 @@ + + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-none/worklet-animation-import-data.https.html b/testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-none/worklet-animation-import-data.https.html new file mode 100644 index 0000000000..cd1323b7b9 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-none/worklet-animation-import-data.https.html @@ -0,0 +1,83 @@ + + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-none/worklet-animation.https.html b/testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-none/worklet-animation.https.html new file mode 100644 index 0000000000..56a7b38990 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-none/worklet-animation.https.html @@ -0,0 +1,83 @@ + + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-none/worklet-audio-import-data.https.html b/testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-none/worklet-audio-import-data.https.html new file mode 100644 index 0000000000..4b6d27f353 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-none/worklet-audio-import-data.https.html @@ -0,0 +1,83 @@ + + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-none/worklet-audio.https.html b/testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-none/worklet-audio.https.html new file mode 100644 index 0000000000..230b24b0cb --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-none/worklet-audio.https.html @@ -0,0 +1,83 @@ + + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-none/worklet-layout-import-data.https.html b/testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-none/worklet-layout-import-data.https.html new file mode 100644 index 0000000000..256d27bd5a --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-none/worklet-layout-import-data.https.html @@ -0,0 +1,83 @@ + + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-none/worklet-layout.https.html b/testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-none/worklet-layout.https.html new file mode 100644 index 0000000000..f91d5994b4 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-none/worklet-layout.https.html @@ -0,0 +1,83 @@ + + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-none/worklet-paint-import-data.https.html b/testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-none/worklet-paint-import-data.https.html new file mode 100644 index 0000000000..0a4ce7eea9 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-none/worklet-paint-import-data.https.html @@ -0,0 +1,83 @@ + + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-none/worklet-paint.https.html b/testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-none/worklet-paint.https.html new file mode 100644 index 0000000000..70d2bc43d5 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-none/worklet-paint.https.html @@ -0,0 +1,83 @@ + + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-self/script-tag.http.html b/testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-self/script-tag.http.html new file mode 100644 index 0000000000..01473eca10 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-self/script-tag.http.html @@ -0,0 +1,83 @@ + + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-self/script-tag.https.html b/testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-self/script-tag.https.html new file mode 100644 index 0000000000..9e2b8e4fcc --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-self/script-tag.https.html @@ -0,0 +1,83 @@ + + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-self/sharedworker-classic.http.html b/testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-self/sharedworker-classic.http.html new file mode 100644 index 0000000000..da84d477fe --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-self/sharedworker-classic.http.html @@ -0,0 +1,43 @@ + + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-self/sharedworker-classic.https.html b/testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-self/sharedworker-classic.https.html new file mode 100644 index 0000000000..c8a0fe0962 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-self/sharedworker-classic.https.html @@ -0,0 +1,43 @@ + + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-self/sharedworker-import-data.http.html b/testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-self/sharedworker-import-data.http.html new file mode 100644 index 0000000000..53c2883a53 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-self/sharedworker-import-data.http.html @@ -0,0 +1,83 @@ + + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-self/sharedworker-import-data.https.html b/testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-self/sharedworker-import-data.https.html new file mode 100644 index 0000000000..88c76a0e94 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-self/sharedworker-import-data.https.html @@ -0,0 +1,83 @@ + + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-self/sharedworker-import.http.html b/testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-self/sharedworker-import.http.html new file mode 100644 index 0000000000..d758a8ea94 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-self/sharedworker-import.http.html @@ -0,0 +1,83 @@ + + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-self/sharedworker-import.https.html b/testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-self/sharedworker-import.https.html new file mode 100644 index 0000000000..856627977e --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-self/sharedworker-import.https.html @@ -0,0 +1,83 @@ + + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-self/sharedworker-module.http.html b/testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-self/sharedworker-module.http.html new file mode 100644 index 0000000000..4f8ac90112 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-self/sharedworker-module.http.html @@ -0,0 +1,43 @@ + + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-self/sharedworker-module.https.html b/testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-self/sharedworker-module.https.html new file mode 100644 index 0000000000..21540178d4 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-self/sharedworker-module.https.html @@ -0,0 +1,43 @@ + + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-self/worker-classic.http.html b/testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-self/worker-classic.http.html new file mode 100644 index 0000000000..3bbe1c567e --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-self/worker-classic.http.html @@ -0,0 +1,43 @@ + + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-self/worker-classic.https.html b/testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-self/worker-classic.https.html new file mode 100644 index 0000000000..f6324c395b --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-self/worker-classic.https.html @@ -0,0 +1,43 @@ + + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-self/worker-import-data.http.html b/testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-self/worker-import-data.http.html new file mode 100644 index 0000000000..3fd637403f --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-self/worker-import-data.http.html @@ -0,0 +1,83 @@ + + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-self/worker-import-data.https.html b/testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-self/worker-import-data.https.html new file mode 100644 index 0000000000..44847d3730 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-self/worker-import-data.https.html @@ -0,0 +1,83 @@ + + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-self/worker-import.http.html b/testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-self/worker-import.http.html new file mode 100644 index 0000000000..739c7dc36c --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-self/worker-import.http.html @@ -0,0 +1,83 @@ + + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-self/worker-import.https.html b/testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-self/worker-import.https.html new file mode 100644 index 0000000000..0b39eecc3b --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-self/worker-import.https.html @@ -0,0 +1,83 @@ + + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-self/worker-module.http.html b/testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-self/worker-module.http.html new file mode 100644 index 0000000000..bca26ecf79 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-self/worker-module.http.html @@ -0,0 +1,43 @@ + + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-self/worker-module.https.html b/testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-self/worker-module.https.html new file mode 100644 index 0000000000..830632fffe --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-self/worker-module.https.html @@ -0,0 +1,43 @@ + + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-self/worklet-animation-import-data.https.html b/testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-self/worklet-animation-import-data.https.html new file mode 100644 index 0000000000..ccc4ff906c --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-self/worklet-animation-import-data.https.html @@ -0,0 +1,83 @@ + + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-self/worklet-animation.https.html b/testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-self/worklet-animation.https.html new file mode 100644 index 0000000000..26d075f78f --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-self/worklet-animation.https.html @@ -0,0 +1,83 @@ + + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-self/worklet-audio-import-data.https.html b/testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-self/worklet-audio-import-data.https.html new file mode 100644 index 0000000000..1cd0b7cb78 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-self/worklet-audio-import-data.https.html @@ -0,0 +1,83 @@ + + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-self/worklet-audio.https.html b/testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-self/worklet-audio.https.html new file mode 100644 index 0000000000..02fc8f4aa7 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-self/worklet-audio.https.html @@ -0,0 +1,83 @@ + + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-self/worklet-layout-import-data.https.html b/testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-self/worklet-layout-import-data.https.html new file mode 100644 index 0000000000..e76314d865 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-self/worklet-layout-import-data.https.html @@ -0,0 +1,83 @@ + + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-self/worklet-layout.https.html b/testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-self/worklet-layout.https.html new file mode 100644 index 0000000000..47c069f349 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-self/worklet-layout.https.html @@ -0,0 +1,83 @@ + + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-self/worklet-paint-import-data.https.html b/testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-self/worklet-paint-import-data.https.html new file mode 100644 index 0000000000..3667b8f711 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-self/worklet-paint-import-data.https.html @@ -0,0 +1,83 @@ + + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-self/worklet-paint.https.html b/testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-self/worklet-paint.https.html new file mode 100644 index 0000000000..f8acb0ce05 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-self/worklet-paint.https.html @@ -0,0 +1,83 @@ + + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-wildcard/script-tag.http.html b/testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-wildcard/script-tag.http.html new file mode 100644 index 0000000000..bfde09236b --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-wildcard/script-tag.http.html @@ -0,0 +1,83 @@ + + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-wildcard/script-tag.https.html b/testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-wildcard/script-tag.https.html new file mode 100644 index 0000000000..4374b3ee74 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-wildcard/script-tag.https.html @@ -0,0 +1,83 @@ + + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-wildcard/sharedworker-classic.http.html b/testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-wildcard/sharedworker-classic.http.html new file mode 100644 index 0000000000..b8f7ada43e --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-wildcard/sharedworker-classic.http.html @@ -0,0 +1,43 @@ + + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-wildcard/sharedworker-classic.https.html b/testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-wildcard/sharedworker-classic.https.html new file mode 100644 index 0000000000..5cba138c77 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-wildcard/sharedworker-classic.https.html @@ -0,0 +1,43 @@ + + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-wildcard/sharedworker-import-data.http.html b/testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-wildcard/sharedworker-import-data.http.html new file mode 100644 index 0000000000..946e251e9a --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-wildcard/sharedworker-import-data.http.html @@ -0,0 +1,83 @@ + + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-wildcard/sharedworker-import-data.https.html b/testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-wildcard/sharedworker-import-data.https.html new file mode 100644 index 0000000000..172ef2c982 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-wildcard/sharedworker-import-data.https.html @@ -0,0 +1,83 @@ + + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-wildcard/sharedworker-import.http.html b/testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-wildcard/sharedworker-import.http.html new file mode 100644 index 0000000000..e0128ae1e9 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-wildcard/sharedworker-import.http.html @@ -0,0 +1,83 @@ + + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-wildcard/sharedworker-import.https.html b/testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-wildcard/sharedworker-import.https.html new file mode 100644 index 0000000000..9ecc4b4ede --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-wildcard/sharedworker-import.https.html @@ -0,0 +1,83 @@ + + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-wildcard/sharedworker-module.http.html b/testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-wildcard/sharedworker-module.http.html new file mode 100644 index 0000000000..60825b9f16 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-wildcard/sharedworker-module.http.html @@ -0,0 +1,43 @@ + + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-wildcard/sharedworker-module.https.html b/testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-wildcard/sharedworker-module.https.html new file mode 100644 index 0000000000..4ce3dc37ca --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-wildcard/sharedworker-module.https.html @@ -0,0 +1,43 @@ + + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-wildcard/worker-classic.http.html b/testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-wildcard/worker-classic.http.html new file mode 100644 index 0000000000..b0cb7ddfaf --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-wildcard/worker-classic.http.html @@ -0,0 +1,43 @@ + + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-wildcard/worker-classic.https.html b/testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-wildcard/worker-classic.https.html new file mode 100644 index 0000000000..ae6eef0c91 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-wildcard/worker-classic.https.html @@ -0,0 +1,43 @@ + + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-wildcard/worker-import-data.http.html b/testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-wildcard/worker-import-data.http.html new file mode 100644 index 0000000000..0cc445bc9f --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-wildcard/worker-import-data.http.html @@ -0,0 +1,83 @@ + + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-wildcard/worker-import-data.https.html b/testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-wildcard/worker-import-data.https.html new file mode 100644 index 0000000000..a84d5bedc8 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-wildcard/worker-import-data.https.html @@ -0,0 +1,83 @@ + + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-wildcard/worker-import.http.html b/testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-wildcard/worker-import.http.html new file mode 100644 index 0000000000..2a7ceb247b --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-wildcard/worker-import.http.html @@ -0,0 +1,83 @@ + + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-wildcard/worker-import.https.html b/testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-wildcard/worker-import.https.html new file mode 100644 index 0000000000..ce4a52582d --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-wildcard/worker-import.https.html @@ -0,0 +1,83 @@ + + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-wildcard/worker-module.http.html b/testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-wildcard/worker-module.http.html new file mode 100644 index 0000000000..fd0c39f350 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-wildcard/worker-module.http.html @@ -0,0 +1,43 @@ + + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-wildcard/worker-module.https.html b/testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-wildcard/worker-module.https.html new file mode 100644 index 0000000000..8eaab9e278 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-wildcard/worker-module.https.html @@ -0,0 +1,43 @@ + + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-wildcard/worklet-animation-import-data.https.html b/testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-wildcard/worklet-animation-import-data.https.html new file mode 100644 index 0000000000..3569ae6faa --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-wildcard/worklet-animation-import-data.https.html @@ -0,0 +1,83 @@ + + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-wildcard/worklet-animation.https.html b/testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-wildcard/worklet-animation.https.html new file mode 100644 index 0000000000..0fa6c1f84a --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-wildcard/worklet-animation.https.html @@ -0,0 +1,83 @@ + + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-wildcard/worklet-audio-import-data.https.html b/testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-wildcard/worklet-audio-import-data.https.html new file mode 100644 index 0000000000..dcb8922876 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-wildcard/worklet-audio-import-data.https.html @@ -0,0 +1,83 @@ + + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-wildcard/worklet-audio.https.html b/testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-wildcard/worklet-audio.https.html new file mode 100644 index 0000000000..16a020813e --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-wildcard/worklet-audio.https.html @@ -0,0 +1,83 @@ + + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-wildcard/worklet-layout-import-data.https.html b/testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-wildcard/worklet-layout-import-data.https.html new file mode 100644 index 0000000000..2ef11440f2 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-wildcard/worklet-layout-import-data.https.html @@ -0,0 +1,83 @@ + + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-wildcard/worklet-layout.https.html b/testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-wildcard/worklet-layout.https.html new file mode 100644 index 0000000000..6f85b4f0bb --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-wildcard/worklet-layout.https.html @@ -0,0 +1,83 @@ + + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-wildcard/worklet-paint-import-data.https.html b/testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-wildcard/worklet-paint-import-data.https.html new file mode 100644 index 0000000000..e1ffaaccfd --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-wildcard/worklet-paint-import-data.https.html @@ -0,0 +1,83 @@ + + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-wildcard/worklet-paint.https.html b/testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-wildcard/worklet-paint.https.html new file mode 100644 index 0000000000..27c2573a69 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/gen/top.meta/worker-src-wildcard/worklet-paint.https.html @@ -0,0 +1,83 @@ + + + + + + + + + + + + + + +
+ + diff --git a/testing/web-platform/tests/content-security-policy/generic/304-response-should-update-csp.sub.html b/testing/web-platform/tests/content-security-policy/generic/304-response-should-update-csp.sub.html new file mode 100644 index 0000000000..b16eadaedc --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/generic/304-response-should-update-csp.sub.html @@ -0,0 +1,52 @@ + + + + + + Test that a 304 response will update the CSP header + + + + + + diff --git a/testing/web-platform/tests/content-security-policy/generic/cspro-not-enforced-in-worker.html b/testing/web-platform/tests/content-security-policy/generic/cspro-not-enforced-in-worker.html new file mode 100644 index 0000000000..784cdc8875 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/generic/cspro-not-enforced-in-worker.html @@ -0,0 +1,22 @@ + + + + + + + + + + + diff --git a/testing/web-platform/tests/content-security-policy/generic/cspro-not-enforced-in-worker.html.sub.headers b/testing/web-platform/tests/content-security-policy/generic/cspro-not-enforced-in-worker.html.sub.headers new file mode 100644 index 0000000000..877e192bbf --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/generic/cspro-not-enforced-in-worker.html.sub.headers @@ -0,0 +1 @@ +Content-Security-Policy-Report-Only: script-src 'self' 'nonce-abc'; diff --git a/testing/web-platform/tests/content-security-policy/generic/directive-name-case-insensitive.sub.html b/testing/web-platform/tests/content-security-policy/generic/directive-name-case-insensitive.sub.html new file mode 100644 index 0000000000..c65c59fb23 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/generic/directive-name-case-insensitive.sub.html @@ -0,0 +1,32 @@ + + + + + + + + + + + + + + + + + + diff --git a/testing/web-platform/tests/content-security-policy/generic/duplicate-directive.sub.html b/testing/web-platform/tests/content-security-policy/generic/duplicate-directive.sub.html new file mode 100644 index 0000000000..0ab708356c --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/generic/duplicate-directive.sub.html @@ -0,0 +1,27 @@ + + + + + + + duplicate-directive + + + + + + + + +

+ This tests the effect of duplicated directives. It passes if the alert_assert() is executed. +

+
+ + + diff --git a/testing/web-platform/tests/content-security-policy/generic/eval-typecheck-callout-order.tentative.html b/testing/web-platform/tests/content-security-policy/generic/eval-typecheck-callout-order.tentative.html new file mode 100644 index 0000000000..0be7cf29a2 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/generic/eval-typecheck-callout-order.tentative.html @@ -0,0 +1,28 @@ + + + + + + Test for order of Type(evalInput) and host callout + + +
+ + + + + diff --git a/testing/web-platform/tests/content-security-policy/generic/eval-typecheck-callout-order.tentative.html.headers b/testing/web-platform/tests/content-security-policy/generic/eval-typecheck-callout-order.tentative.html.headers new file mode 100644 index 0000000000..85de8bd415 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/generic/eval-typecheck-callout-order.tentative.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: script-src 'nonce-abc' diff --git a/testing/web-platform/tests/content-security-policy/generic/fail-0_1.js b/testing/web-platform/tests/content-security-policy/generic/fail-0_1.js new file mode 100644 index 0000000000..5c580273dc --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/generic/fail-0_1.js @@ -0,0 +1,3 @@ +(function () { + scriptsrc1.step(function() { assert_unreached('Unsafe inline script ran.') }); +})(); diff --git a/testing/web-platform/tests/content-security-policy/generic/filesystem-urls-do-not-match-self.sub.html b/testing/web-platform/tests/content-security-policy/generic/filesystem-urls-do-not-match-self.sub.html new file mode 100644 index 0000000000..afb272cf36 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/generic/filesystem-urls-do-not-match-self.sub.html @@ -0,0 +1,60 @@ + + + + + + + filesystem-urls-do-not-match-self + + + + + + + +

+ filesystem: URLs are same-origin with the page in which they were created, but explicitly do not match the 'self' or '*' source in CSP directives because they are more akin to 'unsafe-inline' content.. +

+ +
+ + + + diff --git a/testing/web-platform/tests/content-security-policy/generic/filesystem-urls-match-filesystem.sub.html b/testing/web-platform/tests/content-security-policy/generic/filesystem-urls-match-filesystem.sub.html new file mode 100644 index 0000000000..f629228f9f --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/generic/filesystem-urls-match-filesystem.sub.html @@ -0,0 +1,57 @@ + + + + + + + filesystem-urls-match-filesystem + + + + + + + +

+ filesystem: URLs are same-origin with the page in which they were created, but explicitly do not match the 'self' or '*' source in CSP directives because they are more akin to 'unsafe-inline' content, but should match filesystem: source. +

+ +
+ + + diff --git a/testing/web-platform/tests/content-security-policy/generic/generic-0_1-img-src.html b/testing/web-platform/tests/content-security-policy/generic/generic-0_1-img-src.html new file mode 100644 index 0000000000..71ff3219b6 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/generic/generic-0_1-img-src.html @@ -0,0 +1,38 @@ + + + + default-src should cascade to img-src directive + + + + + + +

default-src should cascade to img-src directive

+
+ + + + + + + + + diff --git a/testing/web-platform/tests/content-security-policy/generic/generic-0_1-script-src.html b/testing/web-platform/tests/content-security-policy/generic/generic-0_1-script-src.html new file mode 100644 index 0000000000..b374b8b88e --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/generic/generic-0_1-script-src.html @@ -0,0 +1,38 @@ + + + + default-src should cascade to script-src directive + + + + + + +

default-src should cascade to script-src directive

+
+ + + + + + + + diff --git a/testing/web-platform/tests/content-security-policy/generic/generic-0_10.sub.html b/testing/web-platform/tests/content-security-policy/generic/generic-0_10.sub.html new file mode 100644 index 0000000000..62b69fb8fd --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/generic/generic-0_10.sub.html @@ -0,0 +1,27 @@ + + + + test implicit port number matching (requires port 80) + + + + + + + + +

test implicit port number matching (requires port 80)

+
+ + diff --git a/testing/web-platform/tests/content-security-policy/generic/generic-0_10_1.sub.html b/testing/web-platform/tests/content-security-policy/generic/generic-0_10_1.sub.html new file mode 100644 index 0000000000..f48c1e3c56 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/generic/generic-0_10_1.sub.html @@ -0,0 +1,26 @@ + + + + implicit port number matching fails with a different port + + + + + + + +

implicit port number matching fails with a different port

+
+ + diff --git a/testing/web-platform/tests/content-security-policy/generic/generic-0_2.html b/testing/web-platform/tests/content-security-policy/generic/generic-0_2.html new file mode 100644 index 0000000000..4f295441cd --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/generic/generic-0_2.html @@ -0,0 +1,28 @@ + + + + 'self' keyword positive test + + + + + + + + +

'self' keyword positive test

+
+ + diff --git a/testing/web-platform/tests/content-security-policy/generic/generic-0_2_2.sub.html b/testing/web-platform/tests/content-security-policy/generic/generic-0_2_2.sub.html new file mode 100644 index 0000000000..6cb75e31ae --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/generic/generic-0_2_2.sub.html @@ -0,0 +1,26 @@ + + + + 'self' fails with a different port + + + + + + + +

'self' fails with a different port

+
+ + diff --git a/testing/web-platform/tests/content-security-policy/generic/generic-0_2_3.html b/testing/web-platform/tests/content-security-policy/generic/generic-0_2_3.html new file mode 100644 index 0000000000..d9c230d2a5 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/generic/generic-0_2_3.html @@ -0,0 +1,26 @@ + + + + 'self' fails with a different host (including sub-host e.g. foo.com as self with content from bar.foo.com) + + + + + + + +

'self' fails with a different host (including sub-host e.g. foo.com as self with content from bar.foo.com)

+
+ + diff --git a/testing/web-platform/tests/content-security-policy/generic/generic-0_8.sub.html b/testing/web-platform/tests/content-security-policy/generic/generic-0_8.sub.html new file mode 100644 index 0000000000..a9a76c825e --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/generic/generic-0_8.sub.html @@ -0,0 +1,27 @@ + + + + test wildcard host name matching (asterisk as a subdomain of the current domain) + + + + + + + +

test wildcard host name matching (asterisk as a subdomain of the current domain)

+
+ + diff --git a/testing/web-platform/tests/content-security-policy/generic/generic-0_8_1.sub.html b/testing/web-platform/tests/content-security-policy/generic/generic-0_8_1.sub.html new file mode 100644 index 0000000000..c326af0e54 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/generic/generic-0_8_1.sub.html @@ -0,0 +1,31 @@ + + + + test wildcard host name matching (asterisk as part of a subdomain is not accepted) + + + + + + + +

test wildcard host name matching (asterisk as part of a subdomain is not accepted)

+
+ + diff --git a/testing/web-platform/tests/content-security-policy/generic/generic-0_9.sub.html b/testing/web-platform/tests/content-security-policy/generic/generic-0_9.sub.html new file mode 100644 index 0000000000..564927bd7e --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/generic/generic-0_9.sub.html @@ -0,0 +1,27 @@ + + + + test wildcard port number matching + + + + + + + +

test wildcard port number matching

+
+ + diff --git a/testing/web-platform/tests/content-security-policy/generic/invalid-characters-in-policy.html b/testing/web-platform/tests/content-security-policy/generic/invalid-characters-in-policy.html new file mode 100644 index 0000000000..e46449117f --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/generic/invalid-characters-in-policy.html @@ -0,0 +1,75 @@ + + + + + + + + + + diff --git a/testing/web-platform/tests/content-security-policy/generic/negativeTests.js b/testing/web-platform/tests/content-security-policy/generic/negativeTests.js new file mode 100644 index 0000000000..44b4d7f683 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/generic/negativeTests.js @@ -0,0 +1,3 @@ +var t1 = async_test("Prevents access to external scripts."); + +onload = function() {t1.done();} diff --git a/testing/web-platform/tests/content-security-policy/generic/no-default-src.sub.html b/testing/web-platform/tests/content-security-policy/generic/no-default-src.sub.html new file mode 100644 index 0000000000..9a89ec05ad --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/generic/no-default-src.sub.html @@ -0,0 +1,41 @@ + + + + no default src doesn't behave exactly like * + + + + + + + + +

no default src doesn't behave exactly like *

+ This page has a CSP header but an unknown directive. + This should have no impact on an img loaded from a data: + uri, or an inline script, although that would be blocked by a default-src policy of *. +
+ + + +
+ + + + diff --git a/testing/web-platform/tests/content-security-policy/generic/no-default-src.sub.html.sub.headers b/testing/web-platform/tests/content-security-policy/generic/no-default-src.sub.html.sub.headers new file mode 100644 index 0000000000..b40d6ffbab --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/generic/no-default-src.sub.html.sub.headers @@ -0,0 +1,6 @@ +Expires: Mon, 26 Jul 1997 05:00:00 GMT +Cache-Control: no-store, no-cache, must-revalidate +Cache-Control: post-check=0, pre-check=0, false +Pragma: no-cache +Set-Cookie: no-default-src={{$id:uuid()}}; Path=/content-security-policy/generic/ +Content-Security-Policy: foobar; report-uri /reporting/resources/report.py?op=put&reportID={{$id}} diff --git a/testing/web-platform/tests/content-security-policy/generic/only-valid-whitespaces-are-allowed.html b/testing/web-platform/tests/content-security-policy/generic/only-valid-whitespaces-are-allowed.html new file mode 100644 index 0000000000..9b3636c9fe --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/generic/only-valid-whitespaces-are-allowed.html @@ -0,0 +1,67 @@ + + + + + + + + + + diff --git a/testing/web-platform/tests/content-security-policy/generic/pass-0_1.js b/testing/web-platform/tests/content-security-policy/generic/pass-0_1.js new file mode 100644 index 0000000000..3a08dd5621 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/generic/pass-0_1.js @@ -0,0 +1,3 @@ +(function () { + allowedScriptRan = true; +})(); diff --git a/testing/web-platform/tests/content-security-policy/generic/policy-does-not-affect-child.sub.html b/testing/web-platform/tests/content-security-policy/generic/policy-does-not-affect-child.sub.html new file mode 100644 index 0000000000..e36ca477b5 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/generic/policy-does-not-affect-child.sub.html @@ -0,0 +1,24 @@ + + + + + + + object-src-url-blocked + + + + + + + + + +
+ + + diff --git a/testing/web-platform/tests/content-security-policy/generic/policy-inherited-correctly-by-plznavigate.html b/testing/web-platform/tests/content-security-policy/generic/policy-inherited-correctly-by-plznavigate.html new file mode 100644 index 0000000000..e21bede418 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/generic/policy-inherited-correctly-by-plznavigate.html @@ -0,0 +1,43 @@ + + + + + + + + + + + + diff --git a/testing/web-platform/tests/content-security-policy/generic/policy-inherited-correctly-by-plznavigate.html.sub.headers b/testing/web-platform/tests/content-security-policy/generic/policy-inherited-correctly-by-plznavigate.html.sub.headers new file mode 100644 index 0000000000..73fb991fb1 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/generic/policy-inherited-correctly-by-plznavigate.html.sub.headers @@ -0,0 +1,5 @@ +Expires: Mon, 26 Jul 1997 05:00:00 GMT +Cache-Control: no-store, no-cache, must-revalidate +Pragma: no-cache +Set-Cookie: policy-inherited-correctly-by-plznavigate={{$id:uuid()}}; Path=/content-security-policy/generic/ +Content-Security-Policy: frame-src 'none'; script-src 'self' 'unsafe-inline'; report-uri /reporting/resources/report.py?op=put&reportID={{$id}} diff --git a/testing/web-platform/tests/content-security-policy/generic/positiveTest.js b/testing/web-platform/tests/content-security-policy/generic/positiveTest.js new file mode 100644 index 0000000000..15053e055d --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/generic/positiveTest.js @@ -0,0 +1 @@ +window.cspPositiveTest = true; diff --git a/testing/web-platform/tests/content-security-policy/generic/support/304-response.py b/testing/web-platform/tests/content-security-policy/generic/support/304-response.py new file mode 100644 index 0000000000..f9756555f7 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/generic/support/304-response.py @@ -0,0 +1,33 @@ +def main(request, response): + if request.headers.get(b"If-None-Match"): + # we are now receing the second request, we will send back a different CSP + # with the 304 response + response.status = 304 + headers = [(b"Content-Type", b"text/html"), + (b"Content-Security-Policy", b"script-src 'nonce-def' 'sha256-IIB78ZS1RMMrAWpsLg/RrDbVPhI14rKm3sFOeKPYulw=';"), + (b"Cache-Control", b"private, max-age=0, must-revalidate"), + (b"ETag", b"123456")] + return headers, u"" + else: + headers = [(b"Content-Type", b"text/html"), + (b"Content-Security-Policy", b"script-src 'nonce-abc' 'sha256-IIB78ZS1RMMrAWpsLg/RrDbVPhI14rKm3sFOeKPYulw=';"), + (b"Cache-Control", b"private, max-age=0, must-revalidate"), + (b"Etag", b"123456")] + return headers, u''' + + + + + + + + +''' diff --git a/testing/web-platform/tests/content-security-policy/generic/support/eval.js b/testing/web-platform/tests/content-security-policy/generic/support/eval.js new file mode 100644 index 0000000000..d8ba2a5589 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/generic/support/eval.js @@ -0,0 +1,2 @@ +postMessage('unsafe-inline allowed'); +eval("postMessage('unsafe-eval allowed')"); diff --git a/testing/web-platform/tests/content-security-policy/generic/support/load_img_and_post_result_header.html b/testing/web-platform/tests/content-security-policy/generic/support/load_img_and_post_result_header.html new file mode 100644 index 0000000000..c7a2e75dba --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/generic/support/load_img_and_post_result_header.html @@ -0,0 +1,11 @@ + + + + + diff --git a/testing/web-platform/tests/content-security-policy/generic/support/load_img_and_post_result_header.html.sub.headers b/testing/web-platform/tests/content-security-policy/generic/support/load_img_and_post_result_header.html.sub.headers new file mode 100644 index 0000000000..e9bf21bab4 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/generic/support/load_img_and_post_result_header.html.sub.headers @@ -0,0 +1 @@ +Content-Security-Policy: {{GET[csp]}} diff --git a/testing/web-platform/tests/content-security-policy/generic/support/load_img_and_post_result_meta.sub.html b/testing/web-platform/tests/content-security-policy/generic/support/load_img_and_post_result_meta.sub.html new file mode 100644 index 0000000000..ac0cf39dd0 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/generic/support/load_img_and_post_result_meta.sub.html @@ -0,0 +1,14 @@ + + + + + + + + diff --git a/testing/web-platform/tests/content-security-policy/generic/support/log-pass.html b/testing/web-platform/tests/content-security-policy/generic/support/log-pass.html new file mode 100644 index 0000000000..4334ea4c66 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/generic/support/log-pass.html @@ -0,0 +1,3 @@ + diff --git a/testing/web-platform/tests/content-security-policy/generic/support/sandboxed-eval.sub.html b/testing/web-platform/tests/content-security-policy/generic/support/sandboxed-eval.sub.html new file mode 100644 index 0000000000..9480e521de --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/generic/support/sandboxed-eval.sub.html @@ -0,0 +1,4 @@ + \ No newline at end of file diff --git a/testing/web-platform/tests/content-security-policy/generic/support/sandboxed-eval.sub.html.sub.headers b/testing/web-platform/tests/content-security-policy/generic/support/sandboxed-eval.sub.html.sub.headers new file mode 100644 index 0000000000..c7e4e7cc5b --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/generic/support/sandboxed-eval.sub.html.sub.headers @@ -0,0 +1 @@ +Content-Security-Policy: sandbox allow-scripts \ No newline at end of file diff --git a/testing/web-platform/tests/content-security-policy/generic/test-case.sub.js b/testing/web-platform/tests/content-security-policy/generic/test-case.sub.js new file mode 100644 index 0000000000..d9a6494dd3 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/generic/test-case.sub.js @@ -0,0 +1,98 @@ +function TestCase(scenarios, sanityChecker) { + function runTest(scenario) { + sanityChecker.checkScenario(scenario, subresourceMap); + + const urls = getRequestURLs(scenario.subresource, + scenario.origin, + scenario.redirection); + + /** @type {Subresource} */ + const subresource = { + subresourceType: scenario.subresource, + url: urls.testUrl, + policyDeliveries: scenario.subresource_policy_deliveries, + }; + + let violationEventResolve; + // Resolved with an array of securitypolicyviolation events. + const violationEventPromise = new Promise(resolve => { + violationEventResolve = resolve; + }); + + promise_test(async t => { + await xhrRequest(urls.announceUrl); + + // Currently only requests from top-level Documents are tested + // (specified by `spec.src.json`) and thus securitypolicyviolation + // events are assumed to be fired on the top-level Document here. + // When adding non-top-level Document tests, securitypolicyviolation + // events should be caught in appropriate contexts. + const violationEvents = []; + const listener = e => { violationEvents.push(e); }; + document.addEventListener('securitypolicyviolation', listener); + + try { + // Send out the real resource request. + // This should tear down the key if it's not blocked. + const mainPromise = invokeRequest(subresource, scenario.source_context_list); + if (scenario.expectation === 'allowed') { + await mainPromise; + } else { + await mainPromise + .then(t.unreached_func('main promise resolved unexpectedly')) + .catch(_ => {}); + } + } finally { + // Always perform post-processing/clean up for + // 'securitypolicyviolation' events and resolve + // `violationEventPromise`, to prevent timeout of the + // promise_test() below. + + // securitypolicyviolation events are fired in a queued task in + // https://w3c.github.io/webappsec-csp/#report-violation + // so wait for queued tasks to run using setTimeout(). + let timeout = 0; + if (scenario.subresource.startsWith('worklet-') && + navigator.userAgent.includes("Firefox/")) { + // https://bugzilla.mozilla.org/show_bug.cgi?id=1808911 + // In Firefox sometimes violations from Worklets are delayed. + timeout = 10; + } + await new Promise(resolve => setTimeout(resolve, timeout)); + + // Pass violation events to `violationEventPromise` (which will be tested + // in the subsequent promise_test()) and clean up the listener. + violationEventResolve(violationEvents); + document.removeEventListener('securitypolicyviolation', listener); + } + + // Send request to check if the key has been torn down. + const assertResult = await xhrRequest(urls.assertUrl); + + // Now check if the value has been torn down. If it's still there, + // we have blocked the request by content security policy. + assert_equals(assertResult.status, scenario.expectation, + "The resource request should be '" + scenario.expectation + "'."); + + }, scenario.test_description); + + promise_test(async _ => { + const violationEvents = await violationEventPromise; + if (scenario.expectation === 'allowed') { + assert_array_equals(violationEvents, [], + 'no violation events should be fired'); + } else { + assert_equals(violationEvents.length, 1, + 'One violation event should be fired'); + } + }, scenario.test_description + ": securitypolicyviolation"); + } // runTest + + function runTests() { + for (const scenario of scenarios) { + runTest(scenario); + } + } + + return {start: runTests}; +} diff --git a/testing/web-platform/tests/content-security-policy/generic/unreached.js b/testing/web-platform/tests/content-security-policy/generic/unreached.js new file mode 100644 index 0000000000..893fb5eba1 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/generic/unreached.js @@ -0,0 +1,3 @@ +onload = function() { + t1.step(function() {assert_unreached("Script should not have ran.");}); +} diff --git a/testing/web-platform/tests/content-security-policy/generic/wildcardHostTest.js b/testing/web-platform/tests/content-security-policy/generic/wildcardHostTest.js new file mode 100644 index 0000000000..da3e2790f5 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/generic/wildcardHostTest.js @@ -0,0 +1,8 @@ +wildcardHostTestRan = false; + +onload = function() { + test(function() { + assert_true(wildcardHostTestRan, 'Script should have ran.')}, + "Wildcard host matching works." + ); +} diff --git a/testing/web-platform/tests/content-security-policy/generic/wildcardHostTestFailure.js b/testing/web-platform/tests/content-security-policy/generic/wildcardHostTestFailure.js new file mode 100644 index 0000000000..75ec8cf80e --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/generic/wildcardHostTestFailure.js @@ -0,0 +1,8 @@ +wildcardHostTestRan = false; + +onload = function() { + test(function() { + assert_false(wildcardHostTestRan, 'Script should not have ran.')}, + "Wildcard host matching works." + ); +} diff --git a/testing/web-platform/tests/content-security-policy/generic/wildcardHostTestSuceeds.js b/testing/web-platform/tests/content-security-policy/generic/wildcardHostTestSuceeds.js new file mode 100644 index 0000000000..8b115d7fc4 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/generic/wildcardHostTestSuceeds.js @@ -0,0 +1 @@ +wildcardHostTestRan = true; diff --git a/testing/web-platform/tests/content-security-policy/generic/wildcardPortTest.js b/testing/web-platform/tests/content-security-policy/generic/wildcardPortTest.js new file mode 100644 index 0000000000..3cd1d2eaed --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/generic/wildcardPortTest.js @@ -0,0 +1,8 @@ +wildcardPortTestRan = false; + +onload = function() { + test(function() { + assert_true(wildcardPortTestRan, 'Script should have ran.')}, + "Wildcard port matching works." + ); +} diff --git a/testing/web-platform/tests/content-security-policy/generic/wildcardPortTestSuceeds.js b/testing/web-platform/tests/content-security-policy/generic/wildcardPortTestSuceeds.js new file mode 100644 index 0000000000..0138deb2ee --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/generic/wildcardPortTestSuceeds.js @@ -0,0 +1 @@ +wildcardPortTestRan = true; \ No newline at end of file diff --git a/testing/web-platform/tests/content-security-policy/img-src/icon-allowed.sub.html b/testing/web-platform/tests/content-security-policy/img-src/icon-allowed.sub.html new file mode 100644 index 0000000000..5c8ecdee13 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/img-src/icon-allowed.sub.html @@ -0,0 +1,28 @@ + + + + + + + + +

Use callbacks to show that favicons are loaded as allowed by CSP when link tags are dynamically added to the page.

+ + + diff --git a/testing/web-platform/tests/content-security-policy/img-src/icon-blocked.sub.html b/testing/web-platform/tests/content-security-policy/img-src/icon-blocked.sub.html new file mode 100644 index 0000000000..cc882347a1 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/img-src/icon-blocked.sub.html @@ -0,0 +1,33 @@ + + + + + + + + +

Use callbacks to show that favicons are not loaded in violation of CSP when link tags are dynamically added to the page.

+ + + + diff --git a/testing/web-platform/tests/content-security-policy/img-src/img-src-4_1.sub.html b/testing/web-platform/tests/content-security-policy/img-src/img-src-4_1.sub.html new file mode 100644 index 0000000000..9e4e345a16 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/img-src/img-src-4_1.sub.html @@ -0,0 +1,35 @@ + + + + + img element src attribute must match src list. + + + + +
+ + + + diff --git a/testing/web-platform/tests/content-security-policy/img-src/img-src-full-host-wildcard-blocked.sub.html b/testing/web-platform/tests/content-security-policy/img-src/img-src-full-host-wildcard-blocked.sub.html new file mode 100644 index 0000000000..23c33d5655 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/img-src/img-src-full-host-wildcard-blocked.sub.html @@ -0,0 +1,20 @@ + + + + + img-src with full host and wildcard blocks correctly. + + + + +
+ + + + + + diff --git a/testing/web-platform/tests/content-security-policy/img-src/img-src-host-partial-wildcard-allowed.sub.html b/testing/web-platform/tests/content-security-policy/img-src/img-src-host-partial-wildcard-allowed.sub.html new file mode 100644 index 0000000000..d2d36d1341 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/img-src/img-src-host-partial-wildcard-allowed.sub.html @@ -0,0 +1,20 @@ + + + + + img-src works correctly with partial host wildcard. + + + + +
+ + + + + + diff --git a/testing/web-platform/tests/content-security-policy/img-src/img-src-none-blocks.html b/testing/web-platform/tests/content-security-policy/img-src/img-src-none-blocks.html new file mode 100644 index 0000000000..9bc0326ef8 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/img-src/img-src-none-blocks.html @@ -0,0 +1,20 @@ + + + + + img element src attribute must match src list. + + + + +
+ + + + + + diff --git a/testing/web-platform/tests/content-security-policy/img-src/img-src-port-wildcard-allowed.sub.html b/testing/web-platform/tests/content-security-policy/img-src/img-src-port-wildcard-allowed.sub.html new file mode 100644 index 0000000000..215c10089b --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/img-src/img-src-port-wildcard-allowed.sub.html @@ -0,0 +1,20 @@ + + + + + img-src works correctly with port wildcard source + + + + +
+ + + + + + diff --git a/testing/web-platform/tests/content-security-policy/img-src/img-src-self-unique-origin.html b/testing/web-platform/tests/content-security-policy/img-src/img-src-self-unique-origin.html new file mode 100644 index 0000000000..dd689c02f3 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/img-src/img-src-self-unique-origin.html @@ -0,0 +1,49 @@ + + + + + img-src-self-unique-origin + + + + + +

+ The origin of an URL is called "unique" when it is considered to be + different from every origin, including itself. The origin of a + data-url is unique. When the current origin is unique, the CSP source + 'self' must not match any URL. +

+ + + + diff --git a/testing/web-platform/tests/content-security-policy/img-src/img-src-wildcard-allowed.html b/testing/web-platform/tests/content-security-policy/img-src/img-src-wildcard-allowed.html new file mode 100644 index 0000000000..72326ee6fc --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/img-src/img-src-wildcard-allowed.html @@ -0,0 +1,40 @@ + + + + + img element src attribute must match src list. + + + + +
+ + + + + + + diff --git a/testing/web-platform/tests/content-security-policy/img-src/report-blocked-data-uri.sub.html b/testing/web-platform/tests/content-security-policy/img-src/report-blocked-data-uri.sub.html new file mode 100644 index 0000000000..d7405cd255 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/img-src/report-blocked-data-uri.sub.html @@ -0,0 +1,25 @@ + + + + + + + report-blocked-data-uri + + + + + + + + + + +
+ + + diff --git a/testing/web-platform/tests/content-security-policy/inheritance/blob-inherits-from-meta-http-equiv-with-invalid-characters.html b/testing/web-platform/tests/content-security-policy/inheritance/blob-inherits-from-meta-http-equiv-with-invalid-characters.html new file mode 100644 index 0000000000..8463a2eaf1 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/inheritance/blob-inherits-from-meta-http-equiv-with-invalid-characters.html @@ -0,0 +1,19 @@ + + + + + + + + + diff --git a/testing/web-platform/tests/content-security-policy/inheritance/blob-url-in-child-frame-self-navigate-inherits.sub.html b/testing/web-platform/tests/content-security-policy/inheritance/blob-url-in-child-frame-self-navigate-inherits.sub.html new file mode 100644 index 0000000000..f2b3d063e9 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/inheritance/blob-url-in-child-frame-self-navigate-inherits.sub.html @@ -0,0 +1,17 @@ + + + + + + + + + + + + + + + diff --git a/testing/web-platform/tests/content-security-policy/inheritance/blob-url-in-main-window-self-navigate-inherits.sub.html b/testing/web-platform/tests/content-security-policy/inheritance/blob-url-in-main-window-self-navigate-inherits.sub.html new file mode 100644 index 0000000000..3b54528d56 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/inheritance/blob-url-in-main-window-self-navigate-inherits.sub.html @@ -0,0 +1,23 @@ + + + + + + + + + + + + + + + diff --git a/testing/web-platform/tests/content-security-policy/inheritance/blob-url-inherits-from-initiator.sub.html b/testing/web-platform/tests/content-security-policy/inheritance/blob-url-inherits-from-initiator.sub.html new file mode 100644 index 0000000000..72d59325d1 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/inheritance/blob-url-inherits-from-initiator.sub.html @@ -0,0 +1,43 @@ + + +Blob URL inherits CSP from initiator. + + + diff --git a/testing/web-platform/tests/content-security-policy/inheritance/document-write-iframe.html b/testing/web-platform/tests/content-security-policy/inheritance/document-write-iframe.html new file mode 100644 index 0000000000..d6ad88ddc9 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/inheritance/document-write-iframe.html @@ -0,0 +1,65 @@ + + + + + + document.open() does not change Content Security Policies + + + + + diff --git a/testing/web-platform/tests/content-security-policy/inheritance/frame-src-javascript-url.html b/testing/web-platform/tests/content-security-policy/inheritance/frame-src-javascript-url.html new file mode 100644 index 0000000000..b08da85e87 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/inheritance/frame-src-javascript-url.html @@ -0,0 +1,40 @@ + + + + + + diff --git a/testing/web-platform/tests/content-security-policy/inheritance/history-iframe.sub.html b/testing/web-platform/tests/content-security-policy/inheritance/history-iframe.sub.html new file mode 100644 index 0000000000..412b3ac346 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/inheritance/history-iframe.sub.html @@ -0,0 +1,178 @@ + + + + + + + + + diff --git a/testing/web-platform/tests/content-security-policy/inheritance/history.sub.html b/testing/web-platform/tests/content-security-policy/inheritance/history.sub.html new file mode 100644 index 0000000000..5ea6abe8fb --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/inheritance/history.sub.html @@ -0,0 +1,195 @@ + + + + + + + + diff --git a/testing/web-platform/tests/content-security-policy/inheritance/iframe-all-local-schemes-inherit-self.sub.html b/testing/web-platform/tests/content-security-policy/inheritance/iframe-all-local-schemes-inherit-self.sub.html new file mode 100644 index 0000000000..73e974e51a --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/inheritance/iframe-all-local-schemes-inherit-self.sub.html @@ -0,0 +1,102 @@ + + + + + + + + + diff --git a/testing/web-platform/tests/content-security-policy/inheritance/iframe-all-local-schemes.sub.html b/testing/web-platform/tests/content-security-policy/inheritance/iframe-all-local-schemes.sub.html new file mode 100644 index 0000000000..4b787e0c18 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/inheritance/iframe-all-local-schemes.sub.html @@ -0,0 +1,180 @@ + + + + + + + + + diff --git a/testing/web-platform/tests/content-security-policy/inheritance/iframe-srcdoc-history-inheritance.html b/testing/web-platform/tests/content-security-policy/inheritance/iframe-srcdoc-history-inheritance.html new file mode 100644 index 0000000000..907c88e813 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/inheritance/iframe-srcdoc-history-inheritance.html @@ -0,0 +1,63 @@ + + + + + + + + + + + diff --git a/testing/web-platform/tests/content-security-policy/inheritance/iframe-srcdoc-inheritance.html b/testing/web-platform/tests/content-security-policy/inheritance/iframe-srcdoc-inheritance.html new file mode 100644 index 0000000000..e05150762f --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/inheritance/iframe-srcdoc-inheritance.html @@ -0,0 +1,34 @@ + + + + + + + + + + + diff --git a/testing/web-platform/tests/content-security-policy/inheritance/inheritance-from-initiator.sub.html b/testing/web-platform/tests/content-security-policy/inheritance/inheritance-from-initiator.sub.html new file mode 100644 index 0000000000..4621c57d45 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/inheritance/inheritance-from-initiator.sub.html @@ -0,0 +1,173 @@ + + + + + + + + diff --git a/testing/web-platform/tests/content-security-policy/inheritance/inherited-csp-list-modifications-are-local.html b/testing/web-platform/tests/content-security-policy/inheritance/inherited-csp-list-modifications-are-local.html new file mode 100644 index 0000000000..c473b3f426 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/inheritance/inherited-csp-list-modifications-are-local.html @@ -0,0 +1,49 @@ + + + + + + + + + + + diff --git a/testing/web-platform/tests/content-security-policy/inheritance/javascript-url-open-in-main-window.html b/testing/web-platform/tests/content-security-policy/inheritance/javascript-url-open-in-main-window.html new file mode 100644 index 0000000000..2366284fc5 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/inheritance/javascript-url-open-in-main-window.html @@ -0,0 +1,13 @@ + + + diff --git a/testing/web-platform/tests/content-security-policy/inheritance/javascript-url-srcdoc-cross-origin-iframe-inheritance.html b/testing/web-platform/tests/content-security-policy/inheritance/javascript-url-srcdoc-cross-origin-iframe-inheritance.html new file mode 100644 index 0000000000..81210fe30f --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/inheritance/javascript-url-srcdoc-cross-origin-iframe-inheritance.html @@ -0,0 +1,28 @@ + + + + Content Security Policy: nested inheritance + + + + + + + diff --git a/testing/web-platform/tests/content-security-policy/inheritance/location-reload.html b/testing/web-platform/tests/content-security-policy/inheritance/location-reload.html new file mode 100644 index 0000000000..5d68e381bc --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/inheritance/location-reload.html @@ -0,0 +1,120 @@ + + + + + + + + diff --git a/testing/web-platform/tests/content-security-policy/inheritance/sandboxed-blob-scheme.html b/testing/web-platform/tests/content-security-policy/inheritance/sandboxed-blob-scheme.html new file mode 100644 index 0000000000..590fa7ec1a --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/inheritance/sandboxed-blob-scheme.html @@ -0,0 +1,23 @@ + + + + + + + + + + + + + + diff --git a/testing/web-platform/tests/content-security-policy/inheritance/sandboxed-blob-scheme.html.sub.headers b/testing/web-platform/tests/content-security-policy/inheritance/sandboxed-blob-scheme.html.sub.headers new file mode 100644 index 0000000000..adc398d890 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/inheritance/sandboxed-blob-scheme.html.sub.headers @@ -0,0 +1,5 @@ +Expires: Mon, 26 Jul 1997 05:00:00 GMT +Cache-Control: no-store, no-cache, must-revalidate +Pragma: no-cache +Set-Cookie: sandboxed-blob-scheme={{$id:uuid()}}; Path=/content-security-policy/inheritance/ +Content-Security-Policy: script-src 'nonce-abc'; report-uri http://{{host}}:{{ports[http][0]}}/reporting/resources/report.py?op=put&reportID={{$id}} diff --git a/testing/web-platform/tests/content-security-policy/inheritance/sandboxed-data-scheme.html b/testing/web-platform/tests/content-security-policy/inheritance/sandboxed-data-scheme.html new file mode 100644 index 0000000000..b97bfb0c05 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/inheritance/sandboxed-data-scheme.html @@ -0,0 +1,21 @@ + + + + + + + + + + + + + + diff --git a/testing/web-platform/tests/content-security-policy/inheritance/sandboxed-data-scheme.html.sub.headers b/testing/web-platform/tests/content-security-policy/inheritance/sandboxed-data-scheme.html.sub.headers new file mode 100644 index 0000000000..96da6514b8 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/inheritance/sandboxed-data-scheme.html.sub.headers @@ -0,0 +1,5 @@ +Expires: Mon, 26 Jul 1997 05:00:00 GMT +Cache-Control: no-store, no-cache, must-revalidate +Pragma: no-cache +Set-Cookie: sandboxed-data-scheme={{$id:uuid()}}; Path=/content-security-policy/inheritance/ +Content-Security-Policy: script-src 'nonce-abc'; report-uri http://{{host}}:{{ports[http][0]}}/reporting/resources/report.py?op=put&reportID={{$id}} diff --git a/testing/web-platform/tests/content-security-policy/inheritance/support/empty.html b/testing/web-platform/tests/content-security-policy/inheritance/support/empty.html new file mode 100644 index 0000000000..e69de29bb2 diff --git a/testing/web-platform/tests/content-security-policy/inheritance/support/iframe-do.sub.html b/testing/web-platform/tests/content-security-policy/inheritance/support/iframe-do.sub.html new file mode 100644 index 0000000000..effc1adcdd --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/inheritance/support/iframe-do.sub.html @@ -0,0 +1,8 @@ + + + diff --git a/testing/web-platform/tests/content-security-policy/inheritance/support/javascript-url-srcdoc-cross-origin-iframe-inheritance-helper.sub.html b/testing/web-platform/tests/content-security-policy/inheritance/support/javascript-url-srcdoc-cross-origin-iframe-inheritance-helper.sub.html new file mode 100644 index 0000000000..afe4753cf9 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/inheritance/support/javascript-url-srcdoc-cross-origin-iframe-inheritance-helper.sub.html @@ -0,0 +1,24 @@ + + + + + + diff --git a/testing/web-platform/tests/content-security-policy/inheritance/support/message-opener-and-navigate-back.html b/testing/web-platform/tests/content-security-policy/inheritance/support/message-opener-and-navigate-back.html new file mode 100644 index 0000000000..75ee5bee7c --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/inheritance/support/message-opener-and-navigate-back.html @@ -0,0 +1,5 @@ + diff --git a/testing/web-platform/tests/content-security-policy/inheritance/support/message-top-and-navigate-back.html b/testing/web-platform/tests/content-security-policy/inheritance/support/message-top-and-navigate-back.html new file mode 100644 index 0000000000..53d5a18cb3 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/inheritance/support/message-top-and-navigate-back.html @@ -0,0 +1,5 @@ + diff --git a/testing/web-platform/tests/content-security-policy/inheritance/support/navigate-parent-to-blob.html b/testing/web-platform/tests/content-security-policy/inheritance/support/navigate-parent-to-blob.html new file mode 100644 index 0000000000..df4a443893 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/inheritance/support/navigate-parent-to-blob.html @@ -0,0 +1,23 @@ + + + + + + + + + diff --git a/testing/web-platform/tests/content-security-policy/inheritance/support/navigate-self-to-blob.html b/testing/web-platform/tests/content-security-policy/inheritance/support/navigate-self-to-blob.html new file mode 100644 index 0000000000..9ea069969c --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/inheritance/support/navigate-self-to-blob.html @@ -0,0 +1,6 @@ + diff --git a/testing/web-platform/tests/content-security-policy/inheritance/support/navigate-self-to-blob.html.sub.headers b/testing/web-platform/tests/content-security-policy/inheritance/support/navigate-self-to-blob.html.sub.headers new file mode 100644 index 0000000000..2642b0fa06 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/inheritance/support/navigate-self-to-blob.html.sub.headers @@ -0,0 +1,4 @@ +Expires: Mon, 26 Jul 1997 05:00:00 GMT +Cache-Control: no-store, no-cache, must-revalidate +Pragma: no-cache +Content-Security-Policy: {{GET[csp]}}; report-uri http://{{host}}:{{ports[http][0]}}/reporting/resources/report.py?op=put&reportID={{GET[report_id]}} diff --git a/testing/web-platform/tests/content-security-policy/inheritance/support/navigate-self-to-javascript.html b/testing/web-platform/tests/content-security-policy/inheritance/support/navigate-self-to-javascript.html new file mode 100644 index 0000000000..86ea60c283 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/inheritance/support/navigate-self-to-javascript.html @@ -0,0 +1,12 @@ + + diff --git a/testing/web-platform/tests/content-security-policy/inheritance/support/postmessage-opener.html b/testing/web-platform/tests/content-security-policy/inheritance/support/postmessage-opener.html new file mode 100644 index 0000000000..7ee11bc78d --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/inheritance/support/postmessage-opener.html @@ -0,0 +1,4 @@ + diff --git a/testing/web-platform/tests/content-security-policy/inheritance/support/postmessage-top.html b/testing/web-platform/tests/content-security-policy/inheritance/support/postmessage-top.html new file mode 100644 index 0000000000..242063a80e --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/inheritance/support/postmessage-top.html @@ -0,0 +1,5 @@ + + diff --git a/testing/web-platform/tests/content-security-policy/inheritance/support/srcdoc-child-frame.html b/testing/web-platform/tests/content-security-policy/inheritance/support/srcdoc-child-frame.html new file mode 100644 index 0000000000..9148be203d --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/inheritance/support/srcdoc-child-frame.html @@ -0,0 +1,19 @@ + + + + + + diff --git a/testing/web-platform/tests/content-security-policy/inheritance/unsandboxed-blob-scheme.html b/testing/web-platform/tests/content-security-policy/inheritance/unsandboxed-blob-scheme.html new file mode 100644 index 0000000000..cab192f836 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/inheritance/unsandboxed-blob-scheme.html @@ -0,0 +1,22 @@ + + + + + + + + + + + + + + diff --git a/testing/web-platform/tests/content-security-policy/inheritance/unsandboxed-blob-scheme.html.sub.headers b/testing/web-platform/tests/content-security-policy/inheritance/unsandboxed-blob-scheme.html.sub.headers new file mode 100644 index 0000000000..b1054d3506 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/inheritance/unsandboxed-blob-scheme.html.sub.headers @@ -0,0 +1,5 @@ +Expires: Mon, 26 Jul 1997 05:00:00 GMT +Cache-Control: no-store, no-cache, must-revalidate +Pragma: no-cache +Set-Cookie: unsandboxed-blob-scheme={{$id:uuid()}}; Path=/content-security-policy/inheritance/ +Content-Security-Policy: script-src 'nonce-abc'; report-uri http://{{host}}:{{ports[http][0]}}/reporting/resources/report.py?op=put&reportID={{$id}} diff --git a/testing/web-platform/tests/content-security-policy/inheritance/unsandboxed-data-scheme.html b/testing/web-platform/tests/content-security-policy/inheritance/unsandboxed-data-scheme.html new file mode 100644 index 0000000000..a9d8e207dc --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/inheritance/unsandboxed-data-scheme.html @@ -0,0 +1,20 @@ + + + + + + + + + + + + + + diff --git a/testing/web-platform/tests/content-security-policy/inheritance/unsandboxed-data-scheme.html.sub.headers b/testing/web-platform/tests/content-security-policy/inheritance/unsandboxed-data-scheme.html.sub.headers new file mode 100644 index 0000000000..f4a6088578 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/inheritance/unsandboxed-data-scheme.html.sub.headers @@ -0,0 +1,5 @@ +Expires: Mon, 26 Jul 1997 05:00:00 GMT +Cache-Control: no-store, no-cache, must-revalidate +Pragma: no-cache +Set-Cookie: unsandboxed-data-scheme={{$id:uuid()}}; Path=/content-security-policy/inheritance/ +Content-Security-Policy: script-src 'nonce-abc'; report-uri http://{{host}}:{{ports[http][0]}}/reporting/resources/report.py?op=put&reportID={{$id}} diff --git a/testing/web-platform/tests/content-security-policy/inheritance/window-open-local-after-network-scheme.sub.html b/testing/web-platform/tests/content-security-policy/inheritance/window-open-local-after-network-scheme.sub.html new file mode 100644 index 0000000000..0cdc03ce92 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/inheritance/window-open-local-after-network-scheme.sub.html @@ -0,0 +1,83 @@ + + + + + + +about:blank in popup inherits CSPs from the navigation initiator + + + diff --git a/testing/web-platform/tests/content-security-policy/inheritance/window.html b/testing/web-platform/tests/content-security-policy/inheritance/window.html new file mode 100644 index 0000000000..73def60ceb --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/inheritance/window.html @@ -0,0 +1,66 @@ + + + + + + + + + diff --git a/testing/web-platform/tests/content-security-policy/inside-worker/dedicatedworker-connect-src.html b/testing/web-platform/tests/content-security-policy/inside-worker/dedicatedworker-connect-src.html new file mode 100644 index 0000000000..a1117d2e73 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/inside-worker/dedicatedworker-connect-src.html @@ -0,0 +1,57 @@ + + + + + diff --git a/testing/web-platform/tests/content-security-policy/inside-worker/dedicatedworker-connect-src.html.sub.headers b/testing/web-platform/tests/content-security-policy/inside-worker/dedicatedworker-connect-src.html.sub.headers new file mode 100644 index 0000000000..6a1d758ce7 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/inside-worker/dedicatedworker-connect-src.html.sub.headers @@ -0,0 +1,6 @@ +Expires: Mon, 26 Jul 1997 05:00:00 GMT +Cache-Control: no-store, no-cache, must-revalidate +Cache-Control: post-check=0, pre-check=0, false +Pragma: no-cache +Set-Cookie: dedicatedworker-connect-src={{$id:uuid()}}; Path=/content-security-policy/inside-worker/ +Content-Security-Policy: connect-src 'self' ; report-uri /reporting/resources/report.py?op=put&reportID={{$id}} diff --git a/testing/web-platform/tests/content-security-policy/inside-worker/dedicatedworker-report-only.html b/testing/web-platform/tests/content-security-policy/inside-worker/dedicatedworker-report-only.html new file mode 100644 index 0000000000..270e705415 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/inside-worker/dedicatedworker-report-only.html @@ -0,0 +1,15 @@ + + + + + diff --git a/testing/web-platform/tests/content-security-policy/inside-worker/dedicatedworker-report-only.html.sub.headers b/testing/web-platform/tests/content-security-policy/inside-worker/dedicatedworker-report-only.html.sub.headers new file mode 100644 index 0000000000..f82fd74759 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/inside-worker/dedicatedworker-report-only.html.sub.headers @@ -0,0 +1,6 @@ +Expires: Mon, 26 Jul 1997 05:00:00 GMT +Cache-Control: no-store, no-cache, must-revalidate +Cache-Control: post-check=0, pre-check=0, false +Pragma: no-cache +Set-Cookie: dedicatedworker-report-only={{$id:uuid()}}; Path=/content-security-policy/inside-worker/ +Content-Security-Policy-Report-Only: connect-src 'self'; report-uri /reporting/resources/report.py?op=put&reportID={{$id}} diff --git a/testing/web-platform/tests/content-security-policy/inside-worker/dedicatedworker-script-src.html b/testing/web-platform/tests/content-security-policy/inside-worker/dedicatedworker-script-src.html new file mode 100644 index 0000000000..296ba58f5e --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/inside-worker/dedicatedworker-script-src.html @@ -0,0 +1,57 @@ + + + + + diff --git a/testing/web-platform/tests/content-security-policy/inside-worker/dedicatedworker-script-src.html.sub.headers b/testing/web-platform/tests/content-security-policy/inside-worker/dedicatedworker-script-src.html.sub.headers new file mode 100644 index 0000000000..c7768a5af0 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/inside-worker/dedicatedworker-script-src.html.sub.headers @@ -0,0 +1,6 @@ +Expires: Mon, 26 Jul 1997 05:00:00 GMT +Cache-Control: no-store, no-cache, must-revalidate +Cache-Control: post-check=0, pre-check=0, false +Pragma: no-cache +Set-Cookie: dedicatedworker-script-src={{$id:uuid()}}; Path=/content-security-policy/inside-worker/ +Content-Security-Policy: script-src 'self' 'nonce-a' blob: filesystem: ; report-uri /reporting/resources/report.py?op=put&reportID={{$id}} diff --git a/testing/web-platform/tests/content-security-policy/inside-worker/serviceworker-connect-src.https.sub.html b/testing/web-platform/tests/content-security-policy/inside-worker/serviceworker-connect-src.https.sub.html new file mode 100644 index 0000000000..f455fe6a16 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/inside-worker/serviceworker-connect-src.https.sub.html @@ -0,0 +1,32 @@ + + + + + + diff --git a/testing/web-platform/tests/content-security-policy/inside-worker/serviceworker-report-only.https.sub.html b/testing/web-platform/tests/content-security-policy/inside-worker/serviceworker-report-only.https.sub.html new file mode 100644 index 0000000000..b2bf3e566f --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/inside-worker/serviceworker-report-only.https.sub.html @@ -0,0 +1,15 @@ + + + + + diff --git a/testing/web-platform/tests/content-security-policy/inside-worker/serviceworker-script-src.https.sub.html b/testing/web-platform/tests/content-security-policy/inside-worker/serviceworker-script-src.https.sub.html new file mode 100644 index 0000000000..5631786cc5 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/inside-worker/serviceworker-script-src.https.sub.html @@ -0,0 +1,32 @@ + + + + + + diff --git a/testing/web-platform/tests/content-security-policy/inside-worker/sharedworker-connect-src.sub.html b/testing/web-platform/tests/content-security-policy/inside-worker/sharedworker-connect-src.sub.html new file mode 100644 index 0000000000..24717bc9c6 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/inside-worker/sharedworker-connect-src.sub.html @@ -0,0 +1,30 @@ + + + + + + diff --git a/testing/web-platform/tests/content-security-policy/inside-worker/sharedworker-report-only.sub.html b/testing/web-platform/tests/content-security-policy/inside-worker/sharedworker-report-only.sub.html new file mode 100644 index 0000000000..8233f00075 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/inside-worker/sharedworker-report-only.sub.html @@ -0,0 +1,8 @@ + + + + + diff --git a/testing/web-platform/tests/content-security-policy/inside-worker/sharedworker-script-src.sub.html b/testing/web-platform/tests/content-security-policy/inside-worker/sharedworker-script-src.sub.html new file mode 100644 index 0000000000..88f56bdba7 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/inside-worker/sharedworker-script-src.sub.html @@ -0,0 +1,30 @@ + + + + + + diff --git a/testing/web-platform/tests/content-security-policy/inside-worker/support/connect-src-allow.sub.js b/testing/web-platform/tests/content-security-policy/inside-worker/support/connect-src-allow.sub.js new file mode 100644 index 0000000000..5812faf5fa --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/inside-worker/support/connect-src-allow.sub.js @@ -0,0 +1,71 @@ +importScripts("{{location[server]}}/resources/testharness.js"); +importScripts("{{location[server]}}/content-security-policy/support/testharness-helper.js"); + +let base_same_origin_url = + "{{location[server]}}/content-security-policy/support/resource.py"; +let base_cross_origin_url = + "https://{{hosts[][www]}}:{{ports[https][1]}}" + + "/content-security-policy/support/resource.py"; + +// Same-origin +promise_test(t => { + let url = `${base_same_origin_url}?same-origin-fetch`; + assert_no_csp_event_for_url(t, url); + + return fetch(url) + .then(t.step_func(r => assert_equals(r.status, 200))); +}, "Same-origin 'fetch()' in " + self.location.protocol + " without CSP"); + +// XHR is not available in service workers. +if (self.XMLHttpRequest) { + promise_test(t => { + let url = `${base_same_origin_url}?same-origin-xhr`; + assert_no_csp_event_for_url(t, url); + + return new Promise((resolve, reject) => { + let xhr = new XMLHttpRequest(); + xhr.open("GET", url); + xhr.onload = resolve; + xhr.onerror = _ => reject("xhr.open should success."); + xhr.send(); + }); + }, "Same-origin XHR in " + self.location.protocol + " without CSP"); +} + +// Cross-origin +promise_test(t => { + let url = `${base_cross_origin_url}?cross-origin-fetch`; + assert_no_csp_event_for_url(t, url); + + return fetch(url) + .then(t.step_func(r => assert_equals(r.status, 200))); +}, "Cross-origin 'fetch()' in " + self.location.protocol + " without CSP"); + +// XHR is not available in service workers. +if (self.XMLHttpRequest) { + promise_test(t => { + let url = `${base_cross_origin_url}?cross-origin-xhr`; + assert_no_csp_event_for_url(t, url); + + return new Promise((resolve, reject) => { + let xhr = new XMLHttpRequest(); + xhr.open("GET", url); + xhr.onload = resolve; + xhr.onerror = _ => reject("xhr.open should success."); + xhr.send(); + }); + }, "Cross-origin XHR in " + self.location.protocol + " without CSP"); +} + +// Same-origin redirecting to cross-origin +promise_test(t => { + let url = `{{location[server]}}/common/redirect-opt-in.py?` + + `status=307&location=${base_cross_origin_url}?cross-origin-fetch`; + assert_no_csp_event_for_url(t, url); + + return fetch(url) + .then(t.step_func(r => assert_equals(r.status, 200))); +}, "Same-origin => cross-origin 'fetch()' in " + self.location.protocol + + " without CSP"); + +done(); diff --git a/testing/web-platform/tests/content-security-policy/inside-worker/support/connect-src-self-report-only.sub.js b/testing/web-platform/tests/content-security-policy/inside-worker/support/connect-src-self-report-only.sub.js new file mode 100644 index 0000000000..0287f110d4 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/inside-worker/support/connect-src-self-report-only.sub.js @@ -0,0 +1,117 @@ +importScripts("{{location[server]}}/resources/testharness.js"); +importScripts("{{location[server]}}/content-security-policy/support/testharness-helper.js"); + +let base_same_origin_url = + "{{location[server]}}/content-security-policy/support/resource.py"; + +// Same-origin +promise_test(t => { + let url = `${base_same_origin_url}?same-origin-fetch`; + assert_no_csp_event_for_url(t, url); + + return fetch(url) + .then(t.step_func(r => assert_equals(r.status, 200))); +}, "Same-origin 'fetch()'."); + +// XHR is not available in service workers. +if (self.XMLHttpRequest) { + promise_test(t => { + let url = `${base_same_origin_url}?same-origin-xhr`; + assert_no_csp_event_for_url(t, url); + + return new Promise((resolve, reject) => { + var xhr = new XMLHttpRequest(); + xhr.open("GET", url); + xhr.onload = resolve; + xhr.onerror = _ => reject("xhr.open should success."); + xhr.send(); + }); + }, "Same-origin XHR."); +} + +let base_cross_origin_url = + "https://{{hosts[][www]}}:{{ports[https][1]}}" + + "/content-security-policy/support/resource.py"; +let fetch_cross_origin_url = `${base_cross_origin_url}?cross-origin-fetch`; + +// Cross-origin +promise_test(t => { + let url = fetch_cross_origin_url; + + return Promise.all([ + waitUntilCSPEventForURL(t, url), + fetch(url) + ]); +}, "Cross-origin 'fetch()'."); + +let xhr_cross_origin_url = `${base_cross_origin_url}?cross-origin-xhr`; + +// XHR is not available in service workers. +if (self.XMLHttpRequest) { + promise_test(t => { + let url = xhr_cross_origin_url; + + return Promise.all([ + waitUntilCSPEventForURL(t, url), + new Promise((resolve, reject) => { + var xhr = new XMLHttpRequest(); + xhr.open("GET", url); + xhr.onload = resolve; + xhr.onerror = _ => reject("xhr.open should not have thrown."); + xhr.send(); + }) + ]); + }, "Cross-origin XHR."); +} + +let redirect_url = `{{location[server]}}/common/redirect-opt-in.py?` + + `status=307&location=${fetch_cross_origin_url}`; + +// Same-origin redirecting to cross-origin +promise_test(t => { + let url = redirect_url; + + return Promise.all([ + waitUntilCSPEventForURL(t, url), + fetch(url) + ]); +}, "Same-origin => cross-origin 'fetch()'."); + +let expected_blocked_urls = self.XMLHttpRequest + ? [ fetch_cross_origin_url, xhr_cross_origin_url, redirect_url ] + : [ fetch_cross_origin_url, redirect_url ]; + +promise_test(async t => { + let report_url = `{{location[server]}}/reporting/resources/report.py?` + + `?op=retrieve_report&reportID={{GET[id]}}` + + `&min_count=${expected_blocked_urls.length}`; + + let response = await fetch(report_url); + assert_equals(response.status, 200, "Fetching reports failed"); + + let response_json = await response.json(); + let reports = response_json.map(x => x["csp-report"]); + + assert_array_equals( + reports.map(x => x["blocked-uri"]).sort(), + expected_blocked_urls.sort(), + "Reports do not match"); + reports.forEach(x => { + assert_equals( + x["violated-directive"], "connect-src", + "Violated directive in report does not match"); + assert_equals( + x["effective-directive"], "connect-src", + "Effective directive in report does not match"); + assert_equals( + x["disposition"], "report", + "Disposition in report does not match"); + assert_equals( + x["document-uri"], + "{{location[server]}}/content-security-policy/inside-worker/" + + "support/connect-src-self-report-only.sub.js?id={{GET[id]}}", + "Document uri in report does not match"); + }); +}); + +done(); diff --git a/testing/web-platform/tests/content-security-policy/inside-worker/support/connect-src-self-report-only.sub.js.sub.headers b/testing/web-platform/tests/content-security-policy/inside-worker/support/connect-src-self-report-only.sub.js.sub.headers new file mode 100644 index 0000000000..02e8e1f433 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/inside-worker/support/connect-src-self-report-only.sub.js.sub.headers @@ -0,0 +1,5 @@ +Expires: Mon, 26 Jul 1997 05:00:00 GMT +Cache-Control: no-store, no-cache, must-revalidate +Cache-Control: post-check=0, pre-check=0, false +Pragma: no-cache +Content-Security-Policy-Report-Only: connect-src 'self'; report-uri /reporting/resources/report.py?op=put&reportID={{GET[id]}} diff --git a/testing/web-platform/tests/content-security-policy/inside-worker/support/connect-src-self.sub.js b/testing/web-platform/tests/content-security-policy/inside-worker/support/connect-src-self.sub.js new file mode 100644 index 0000000000..fd639c29cf --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/inside-worker/support/connect-src-self.sub.js @@ -0,0 +1,123 @@ +importScripts("{{location[server]}}/resources/testharness.js"); +importScripts("{{location[server]}}/content-security-policy/support/testharness-helper.js"); + +let base_same_origin_url = + "{{location[server]}}/content-security-policy/support/resource.py"; +let base_cross_origin_url = + "https://{{hosts[][www]}}:{{ports[https][1]}}" + + "/content-security-policy/support/resource.py"; + +// Same-origin +promise_test(t => { + let url = `${base_same_origin_url}?same-origin-fetch`; + assert_no_csp_event_for_url(t, url); + + return fetch(url) + .then(t.step_func(r => assert_equals(r.status, 200))); +}, "Same-origin 'fetch()' in " + self.location.protocol + + " with {{GET[test-name]}}"); + +// XHR is not available in service workers. +if (self.XMLHttpRequest) { + promise_test(t => { + let url = `${base_same_origin_url}?same-origin-xhr`; + assert_no_csp_event_for_url(t, url); + + return new Promise((resolve, reject) => { + let xhr = new XMLHttpRequest(); + xhr.open("GET", url); + xhr.onload = resolve; + xhr.onerror = _ => reject("xhr.open should success."); + xhr.send(); + }); + }, "Same-origin XHR in " + self.location.protocol + + " with {{GET[test-name]}}"); +} + +let fetch_cross_origin_url = `${base_cross_origin_url}?cross-origin-fetch`; + +// Cross-origin +promise_test(t => { + let url = fetch_cross_origin_url; + + return Promise.all([ + waitUntilCSPEventForURL(t, url), + fetch(url) + .then(t.step_func(_ => assert_unreached( + "cross-origin fetch should have thrown."))) + .catch(t.step_func(e => assert_true(e instanceof TypeError))) + ]); +}, "Cross-origin 'fetch()' in " + self.location.protocol + + " with {{GET[test-name]}}"); + +let xhr_cross_origin_url = `${base_cross_origin_url}?cross-origin-xhr`; + +// XHR is not available in service workers. +if (self.XMLHttpRequest) { + promise_test(t => { + let url = xhr_cross_origin_url; + + return Promise.all([ + waitUntilCSPEventForURL(t, url), + new Promise((resolve, reject) => { + let xhr = new XMLHttpRequest(); + xhr.open("GET", url); + xhr.onload = _ => reject("xhr.open should have thrown."); + xhr.onerror = resolve; + xhr.send(); + }) + ]); + }, "Cross-origin XHR in " + self.location.protocol + + " with {{GET[test-name]}}"); +} + +let redirect_url = `{{location[server]}}/common/redirect-opt-in.py?` + + `status=307&location=${fetch_cross_origin_url}`; + +// Same-origin redirecting to cross-origin +promise_test(t => { + let url = redirect_url; + + return Promise.all([ + waitUntilCSPEventForURL(t, url), + fetch(url) + .then(t.step_func(_ => assert_unreached( + "cross-origin redirect should have thrown."))) + .catch(t.step_func(e => assert_true(e instanceof TypeError))) + ]); +}, "Same-origin => cross-origin 'fetch()' in " + self.location.protocol + + " with {{GET[test-name]}}"); + +let expected_blocked_urls = self.XMLHttpRequest + ? [ fetch_cross_origin_url, xhr_cross_origin_url, redirect_url ] + : [ fetch_cross_origin_url, redirect_url ]; + +promise_test(async t => { + let report_url = `{{location[server]}}/reporting/resources/report.py` + + `?op=retrieve_report&reportID={{GET[id]}}` + + `&min_count=${expected_blocked_urls.length}`; + + let response = await fetch(report_url); + assert_equals(response.status, 200, "Fetching reports failed"); + + let response_json = await response.json(); + let reports = response_json.map(x => x["csp-report"]); + + assert_array_equals( + reports.map(x => x["blocked-uri"]).sort(), + expected_blocked_urls.sort(), + "Reports do not match"); + reports.forEach(x => { + assert_equals( + x["violated-directive"], "connect-src", + "Violated directive in report does not match"); + assert_equals( + x["effective-directive"], "connect-src", + "Effective directive in report does not match"); + assert_equals( + x["disposition"], "enforce", + "Effective directive in report does not match"); + }); +}, "Reports match in " + self.location.protocol + " with {{GET[test-name]}}"); + +done(); diff --git a/testing/web-platform/tests/content-security-policy/inside-worker/support/script-src-allow.sub.js b/testing/web-platform/tests/content-security-policy/inside-worker/support/script-src-allow.sub.js new file mode 100644 index 0000000000..7c66953154 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/inside-worker/support/script-src-allow.sub.js @@ -0,0 +1,24 @@ +importScripts("{{location[server]}}/resources/testharness.js"); + +test(t => { + importScripts("https://{{hosts[][www]}}:{{ports[https][1]}}" + + "/content-security-policy/support/testharness-helper.js"); +}, "Cross-origin `importScripts()` not blocked in " + self.location.protocol + + " withour CSP"); + +test(t => { + assert_equals(2, eval("1+1")); + assert_equals(2, (new Function("return 1+1;"))()); +}, "`eval()` not blocked in " + self.location.protocol + + " without CSP"); + +async_test(t => { + self.callback = t.step_func_done(); + + setTimeout("self.callback();", 1); + setTimeout(t.step_func(_ => + assert_unreached("callback not called.")), 2); +}, "`setTimeout([string])` not blocked in " + self.location.protocol + + " without CSP"); + +done(); diff --git a/testing/web-platform/tests/content-security-policy/inside-worker/support/script-src-self.sub.js b/testing/web-platform/tests/content-security-policy/inside-worker/support/script-src-self.sub.js new file mode 100644 index 0000000000..aac5b4326d --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/inside-worker/support/script-src-self.sub.js @@ -0,0 +1,71 @@ +importScripts("{{location[server]}}/resources/testharness.js"); +importScripts("{{location[server]}}/content-security-policy/support/testharness-helper.js"); + +let importscripts_url ="https://{{hosts[][www]}}:{{ports[https][1]}}" + + "/content-security-policy/support/var-a.js"; + +promise_test(async t => { + self.a = false; + assert_throws_dom("NetworkError", + _ => importScripts(importscripts_url), + "importScripts should throw `NetworkError`"); + assert_false(self.a); + return waitUntilCSPEventForURL(t, importscripts_url); +}, "Cross-origin `importScripts()` blocked in " + self.location.protocol + + " with {{GET[test-name]}}"); + +promise_test(t => { + assert_throws_js(EvalError, + _ => eval("1 + 1"), + "`eval()` should throw 'EvalError'."); + + assert_throws_js(EvalError, + _ => new Function("1 + 1"), + "`new Function()` should throw 'EvalError'."); + return Promise.all([ + waitUntilCSPEventForEval(t, 19), + waitUntilCSPEventForEval(t, 23), + ]); +}, "`eval()` blocked in " + self.location.protocol + + " with {{GET[test-name]}}"); + +promise_test(t => { + self.setTimeoutTest = t; + let result = setTimeout("(self.setTimeoutTest.unreached_func(" + + "'setTimeout([string]) should not execute.'))()", 1); + assert_equals(result, 0); + return waitUntilCSPEventForEval(t, 34); +}, "`setTimeout([string])` blocked in " + self.location.protocol + + " with {{GET[test-name]}}"); + +promise_test(async t => { + let report_url = "{{location[server]}}/reporting/resources/report.py" + + "?op=retrieve_report&reportID={{GET[id]}}&min_count=4"; + + let response = await fetch(report_url); + assert_equals(response.status, 200, "Fetching reports failed"); + + let response_json = await response.json(); + let reports = response_json.map(x => x["csp-report"]); + + assert_array_equals( + reports.map(x => x["blocked-uri"]).sort(), + [ importscripts_url, "eval", "eval", "eval" ].sort(), + "Reports do not match"); + assert_array_equals( + reports.map(x => x["violated-directive"]).sort(), + [ "script-src-elem", "script-src", "script-src", "script-src" ].sort(), + "Violated directive in report does not match"); + assert_array_equals( + reports.map(x => x["effective-directive"]).sort(), + [ "script-src-elem", "script-src", "script-src", "script-src" ].sort(), + "Effective directive in report does not match"); + reports.forEach(x => { + assert_equals( + x["disposition"], "enforce", + "Disposition in report does not match"); + }); +}, "Reports are sent for " + self.location.protocol + + " with {{GET[test-name]}}"); + +done(); diff --git a/testing/web-platform/tests/content-security-policy/media-src/media-src-7_1.html b/testing/web-platform/tests/content-security-policy/media-src/media-src-7_1.html new file mode 100644 index 0000000000..8fd094e955 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/media-src/media-src-7_1.html @@ -0,0 +1,48 @@ + + + + Video element src attribute must match src list - positive test + + + + + +

Video element src attribute must match src list - positive test

+
+ + + + +