Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(101)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: LayoutTests/http/tests/security/contentSecurityPolicy/resources/worker.php

Issue 1128813003: Give shared workers their own content security policies (Closed) Base URL: https://chromium.googlesource.com/chromium/blink.git@master
Patch Set: rebase Created 5 years, 7 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « LayoutTests/http/tests/security/contentSecurityPolicy/resources/shared-worker-make-xhr.js ('k') | LayoutTests/http/tests/security/contentSecurityPolicy/shared-worker-connect-src-allowed.html » ('j') | Source/core/workers/WorkerScriptLoaderClient.cpp » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 <?php 1 <?php
2 header("Expires: Thu, 01 Dec 2003 16:00:00 GMT"); 2 header("Expires: Thu, 01 Dec 2003 16:00:00 GMT");
3 header("Cache-Control: no-cache, must-revalidate"); 3 header("Cache-Control: no-cache, must-revalidate");
4 header("Pragma: no-cache"); 4 header("Pragma: no-cache");
5 if ($_GET["csp"]) { 5 if ($_GET["csp"]) {
6 $csp = $_GET["csp"]; 6 $csp = $_GET["csp"];
7 // If the magic quotes option is enabled, the CSP could be escaped and 7 // If the magic quotes option is enabled, the CSP could be escaped and
8 // the test would fail. 8 // the test would fail.
9 if (get_magic_quotes_gpc()) { 9 if (get_magic_quotes_gpc()) {
10 $csp = stripslashes($csp); 10 $csp = stripslashes($csp);
(...skipping 16 matching lines...) Expand all
27 postMessage(id === 0 ? "eval blocked" : "eval allowed"); 27 postMessage(id === 0 ? "eval blocked" : "eval allowed");
28 28
29 <?php 29 <?php
30 } else if ($_GET["type"] == "function-function") { 30 } else if ($_GET["type"] == "function-function") {
31 ?> 31 ?>
32 32
33 var fn = function() { 33 var fn = function() {
34 postMessage('Function() function blocked'); 34 postMessage('Function() function blocked');
35 } 35 }
36 try { 36 try {
37 fn = new Function("", "postMessage('Function() function allowed');"); 37 fn = new Function("", "postMessage('Function() function allowed');");
38 } 38 }
39 catch(e) { 39 catch(e) {
40 } 40 }
41 fn(); 41 fn();
42 42
43 <?php 43 <?php
44 } else if ($_GET["type"] == "importscripts") { 44 } else if ($_GET["type"] == "importscripts") {
45 ?> 45 ?>
46 46
47 try { 47 try {
48 importScripts("http://localhost:8000/security/contentSecurityPolicy/resource s/post-message.js"); 48 importScripts("http://localhost:8000/security/contentSecurityPolicy/resource s/post-message.js");
49 postMessage("importScripts allowed"); 49 postMessage("importScripts allowed");
50 } catch(e) { 50 } catch(e) {
51 postMessage("importScripts blocked: " + e); 51 postMessage("importScripts blocked: " + e);
52 } 52 }
53 53
54 <?php 54 <?php
55 } else if ($_GET["type"] == "make-xhr") { 55 } else if ($_GET["type"] == "make-xhr") {
56 ?> 56 ?>
57 57
58 try { 58 try {
59 var xhr = new XMLHttpRequest; 59 var xhr = new XMLHttpRequest;
60 xhr.open("GET", "http://127.0.0.1:8000/xmlhttprequest/resources/get.txt", tr ue); 60 xhr.open("GET", "http://127.0.0.1:8000/xmlhttprequest/resources/get.txt", tr ue);
61 postMessage("xhr allowed"); 61 postMessage("xhr allowed");
62 } catch(e) { 62 } catch(e) {
63 postMessage("xhr blocked"); 63 postMessage("xhr blocked");
64 } 64 }
65 65
66 <?php 66 <?php
67 } else if ($_GET["type"] == "shared-make-xhr") {
68 ?>
69
70 onconnect = function (e) {
71 var port = e.ports[0];
72 try {
73 var xhr = new XMLHttpRequest;
74 xhr.open(
75 "GET",
76 "http://127.0.0.1:8000/xmlhttprequest/resources/get.txt",
77 true);
78 port.postMessage("xhr allowed");
79 } catch(e) {
80 port.postMessage("xhr blocked");
81 }
82 }
83
84 <?php
67 } else if ($_GET["type"] == "set-timeout") { 85 } else if ($_GET["type"] == "set-timeout") {
68 ?> 86 ?>
69 87
70 var id = 0; 88 var id = 0;
71 try { 89 try {
72 id = setTimeout("postMessage('handler invoked')", 100); 90 id = setTimeout("postMessage('handler invoked')", 100);
73 } catch(e) { 91 } catch(e) {
74 } 92 }
75 postMessage(id === 0 ? "setTimeout blocked" : "setTimeout allowed"); 93 postMessage(id === 0 ? "setTimeout blocked" : "setTimeout allowed");
76 94
77 <?php 95 <?php
78 } else if ($_GET["type"] == "alert-pass") { 96 } else if ($_GET["type"] == "alert-pass") {
79 ?> 97 ?>
80 98
81 alert('PASS'); 99 alert('PASS');
82 100
83 <?php 101 <?php
84 } else if ($_GET["type"] == "report-referrer") { 102 } else if ($_GET["type"] == "report-referrer") {
85 ?> 103 ?>
86 104
87 var xhr = new XMLHttpRequest; 105 var xhr = new XMLHttpRequest;
88 xhr.open("GET", "http://127.0.0.1:8000/security/resources/echo-referrer-header.p hp", true); 106 xhr.open("GET", "http://127.0.0.1:8000/security/resources/echo-referrer-header.p hp", true);
89 xhr.onload = function () { 107 xhr.onload = function () {
90 postMessage(this.responseText); 108 postMessage(this.responseText);
91 }; 109 };
92 xhr.send(); 110 xhr.send();
93 111
94 <?php 112 <?php
113 } else if ($_GET["type"] == "shared-report-referrer") {
114 ?>
115
116 onconnect = function (e) {
117 var port = e.ports[0];
118 var xhr = new XMLHttpRequest;
119 xhr.open(
120 "GET",
121 "http://127.0.0.1:8000/security/resources/echo-referrer-header.php",
122 true);
123 xhr.onload = function () {
124 port.postMessage(this.responseText);
125 };
126 xhr.send();
127 };
128
129 <?php
95 } 130 }
96 ?> 131 ?>
OLDNEW
« no previous file with comments | « LayoutTests/http/tests/security/contentSecurityPolicy/resources/shared-worker-make-xhr.js ('k') | LayoutTests/http/tests/security/contentSecurityPolicy/shared-worker-connect-src-allowed.html » ('j') | Source/core/workers/WorkerScriptLoaderClient.cpp » ('J')

Powered by Google App Engine
This is Rietveld 408576698