diff options
Diffstat (limited to '')
-rw-r--r-- | testing/web-platform/tests/content-security-policy/embedded-enforcement/support/echo-allow-csp-from.py | 43 |
1 files changed, 43 insertions, 0 deletions
diff --git a/testing/web-platform/tests/content-security-policy/embedded-enforcement/support/echo-allow-csp-from.py b/testing/web-platform/tests/content-security-policy/embedded-enforcement/support/echo-allow-csp-from.py new file mode 100644 index 0000000000..3a91437967 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/embedded-enforcement/support/echo-allow-csp-from.py @@ -0,0 +1,43 @@ +import json +def main(request, response): + headers = [(b"Content-Type", b"text/html")] + if b"allow_csp_from" in request.GET: + headers.append((b"Allow-CSP-From", request.GET[b"allow_csp_from"])) + message = request.GET[b"id"] + return headers, b''' +<!DOCTYPE html> +<html> +<head> + <title>This page enforces embedder's policies</title> + <script nonce="123"> + document.addEventListener("securitypolicyviolation", function(e) { + var response = {}; + response["id"] = "%s"; + response["securitypolicyviolation"] = true; + response["blockedURI"] = e.blockedURI; + response["lineNumber"] = e.lineNumber; + window.top.postMessage(response, '*'); + }); + </script> +</head> +<body> + <script nonce="123"> + let img = document.createElement('img'); + img.src = "../../support/pass.png"; + img.onload = function() { window.top.postMessage("img loaded", '*'); } + document.body.appendChild(img); + </script> + <style> + body { + background-color: maroon; + } + </style> + <script nonce="abc"> + var response = {}; + response["id"] = "%s"; + response["loaded"] = true; + window.top.postMessage(response, '*'); + </script> +</body> +</html> +''' % (message, message) |