LayoutTests/http/tests/security/contentSecurityPolicy/csp-header-is-sent.html - Issue 1009583003: Add CSP header for resources with an active policy

Side by Side Diff

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Side by Side Diff: LayoutTests/http/tests/security/contentSecurityPolicy/csp-header-is-sent.html

Issue 1009583003: Add CSP header for resources with an active policy (Closed) Base URL: https://chromium.googlesource.com/chromium/blink.git@master

Patch Set: consider plugin-types for sending CSP header on plugin requests Created 5 years, 9 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

OLD	NEW
(Empty)
	1 <!DOCTYPE HTML>

	2 <html>

	3 <head>

	4 <meta http-equiv="Content-Security-Policy" content="script-src http://127.0. 0.1:8000/">

	5 <script src="/resources/testharness.js"></script>

	6 <script src="/resources/testharnessreport.js"></script>

	7 <!-- This sets 'script_loaded' to true if the CSP header is present. -->
	Mike West 2015/03/20 14:53:54 Nit: Can you add a negative test as well, verifyin Nit: Can you add a negative test as well, verifying that we don't send the header when we don't have to? estark 2015/03/20 20:27:52 csp-header-is-sent.js already sends an XHR and che Show quoted text On 2015/03/20 14:53:54, Mike West wrote: > Nit: Can you add a negative test as well, verifying that we don't send the > header when we don't have to? csp-header-is-sent.js already sends an XHR and checks that the header is not sent on that request; is that what you mean? I think I'm going to go ahead and commit because I think that kind of test is what you're looking for, but if it isn't, then let me know and I'll add another test in a follow-up CL. Mike West 2015/03/21 11:33:39 You're right. I should have looked more carefully Show quoted text On 2015/03/20 20:27:52, emily wrote: > On 2015/03/20 14:53:54, Mike West wrote: > > Nit: Can you add a negative test as well, verifying that we don't send the > > header when we don't have to? > > csp-header-is-sent.js already sends an XHR and checks that the header is not > sent on that request; is that what you mean? > > I think I'm going to go ahead and commit because I think that kind of test is > what you're looking for, but if it isn't, then let me know and I'll add another > test in a follow-up CL. You're right. I should have looked more carefully at the js file. Thanks, and LGTM. :)
	8 <script src="resources/test-csp-header.pl"></script>

	9 <script src="resources/csp-header-is-sent.js"></script>

	10 </head>

	11 <body>

	12 </body>

	13 </html>

OLD	NEW