OLD | NEW |
---|---|
1 async_test(function(t) { | 1 async_test(function(t) { |
2 var xhr = new XMLHttpRequest(); | 2 var xhr = new XMLHttpRequest(); |
3 xhr.onload = function () { | 3 xhr.onload = function () { |
4 t.step(function () { assert_true(xhr.status === 404); t.done(); }); | 4 t.step(function () { assert_true(xhr.status === 404); t.done(); }); |
5 }; | 5 }; |
6 // Send a request that returns 200 if and only if CSP header is present. | 6 // Send a request that returns 200 if and only if CSP header is present. |
7 xhr.open( | 7 xhr.open( |
8 "GET", | 8 "GET", |
9 "http://127.0.0.1:8000/security/contentSecurityPolicy/resources/test-csp -header.pl", | 9 "http://127.0.0.1:8000/security/contentSecurityPolicy/resources/test-csp -header.pl", |
10 true | 10 true |
11 ); | 11 ); |
12 xhr.send(); | 12 xhr.send(); |
13 }, 'CSP header is not sent on resource requests for which there is no policy.'); | 13 }, 'CSP header is not sent on resource requests for which there is no policy.'); |
14 | 14 |
15 test(function() { | 15 test(function() { |
16 assert_true(typeof(script_loaded) !== "undefined"); | 16 assert_true(typeof(script_loaded) === "undefined"); |
17 }, 'CSP header is sent on resource requests for which there is a policy.'); | 17 }, 'CSP header is sent on resource requests for which there is a policy.'); |
Michael van Ouwerkerk
2015/05/15 12:50:06
Better update this message as well then.
| |
OLD | NEW |