1 files changed, 33 insertions, 0 deletions

diff --git a/testing/web-platform/tests/content-security-policy/generic/support/304-response.py b/testing/web-platform/tests/content-security-policy/generic/support/304-response.py
new file mode 100644
index 0000000000..f9756555f7
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/generic/support/304-response.py
@@ -0,0 +1,33 @@
+def main(request, response):
+    if request.headers.get(b"If-None-Match"):
+        # we are now receing the second request, we will send back a different CSP
+        # with the 304 response
+        response.status = 304
+        headers = [(b"Content-Type", b"text/html"),
+                   (b"Content-Security-Policy", b"script-src 'nonce-def' 'sha256-IIB78ZS1RMMrAWpsLg/RrDbVPhI14rKm3sFOeKPYulw=';"),
+                   (b"Cache-Control", b"private, max-age=0, must-revalidate"),
+                   (b"ETag", b"123456")]
+        return headers, u""
+    else:
+        headers = [(b"Content-Type", b"text/html"),
+                   (b"Content-Security-Policy", b"script-src 'nonce-abc' 'sha256-IIB78ZS1RMMrAWpsLg/RrDbVPhI14rKm3sFOeKPYulw=';"),
+                   (b"Cache-Control", b"private, max-age=0, must-revalidate"),
+                   (b"Etag", b"123456")]
+        return headers, u'''
+<!DOCTYPE html>
+<html>
+<head>
+    <script>
+        window.addEventListener("securitypolicyviolation", function(e) {
+            top.postMessage(e.originalPolicy, '*');
+        });
+    </script>
+    <script nonce="abc">
+        top.postMessage('abc_executed', '*');
+    </script>
+    <script nonce="def">
+        top.postMessage('def_executed', '*');
+    </script>
+</head>
+</html>
+'''