summaryrefslogtreecommitdiffstats
path: root/testing/web-platform/tests/content-security-policy/script-src/scriptnonce-specified-source.sub.html
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--testing/web-platform/tests/content-security-policy/script-src/scriptnonce-specified-source.sub.html43
-rw-r--r--testing/web-platform/tests/content-security-policy/script-src/scriptnonce-specified-source.sub.html.sub.headers1
2 files changed, 44 insertions, 0 deletions
diff --git a/testing/web-platform/tests/content-security-policy/script-src/scriptnonce-specified-source.sub.html b/testing/web-platform/tests/content-security-policy/script-src/scriptnonce-specified-source.sub.html
new file mode 100644
index 0000000000..154ab68de6
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/script-src/scriptnonce-specified-source.sub.html
@@ -0,0 +1,43 @@
+<!doctype html>
+<script nonce="specified" src="/resources/testharness.js"></script>
+<script nonce="specified" src="/resources/testharnessreport.js"></script>
+
+<div id=log></div>
+<script nonce="specified">
+ [
+ {
+ name: 'CSP with both source and nonce should allow matching source',
+ src: "http://{{host}}:{{ports[http][0]}}/content-security-policy/support/alert-pass.js",
+ nonce: "notspecified"
+ },
+ {
+ name: 'CSP with both source and nonce should allow both matching nonce and source',
+ src: "http://{{host}}:{{ports[http][0]}}/content-security-policy/support/alert-pass.js",
+ nonce: "specified"
+ }
+ ].forEach(elt => {
+ async_test((test) => {
+ const s = document.createElement('script');
+ s.src = elt.src;
+ s.nonce = elt.nonce;
+ s.onload = () => test.done();
+ s.onerror = test.unreached_func('Script should load correctly');
+ document.body.appendChild(s);
+ }, elt.name);
+ });
+
+ const t = async_test('No CSP violation should fire and all scripts should load');
+ let count = 0;
+ const expected = 2;
+ function alert_assert(msg) {
+ if (msg === "PASS") {
+ count++;
+ if (count == expected) {
+ t.done();
+ }
+ }
+ }
+
+ window.addEventListener('securitypolicyviolation',
+ t.unreached_func('No CSP violation should fire'));
+</script> \ No newline at end of file
diff --git a/testing/web-platform/tests/content-security-policy/script-src/scriptnonce-specified-source.sub.html.sub.headers b/testing/web-platform/tests/content-security-policy/script-src/scriptnonce-specified-source.sub.html.sub.headers
new file mode 100644
index 0000000000..d23494ca83
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/script-src/scriptnonce-specified-source.sub.html.sub.headers
@@ -0,0 +1 @@
+Content-Security-Policy: script-src {{host}}:{{ports[http][0]}} 'nonce-specified' \ No newline at end of file
generated by cgit v1.2.3 (git 2.39.1) at 2024-09-06 18:33:42 +0000