OLD | NEW |
1 <!DOCTYPE html> | 1 <!DOCTYPE html> |
2 <html> | 2 <html> |
3 <head> | 3 <head> |
4 <title>'X-Content-Type-Options: nosniff;' blocks scripts!</title> | 4 <title>'X-Content-Type-Options: nosniff;' blocks scripts!</title> |
5 <body> | 5 <body> |
6 <script src="/js-test-resources/js-test.js"></script> | 6 <script src="/js-test-resources/js-test.js"></script> |
7 <script> | 7 <script> |
8 description('Check that script sent with an \'X-Content-Type-Options: no
sniff\' header is correctly blocked if no \'Content-Type\' header is present.'); | 8 description('Check that script sent with an \'X-Content-Type-Options: no
sniff\' header is correctly blocked if the MIME type isn\'t scripty.'); |
9 window.jsTestIsAsync = true; | 9 window.jsTestIsAsync = true; |
| 10 |
10 window.scriptsSuccessfullyLoaded = 0; | 11 window.scriptsSuccessfullyLoaded = 0; |
| 12 |
| 13 var s = document.createElement('script'); |
| 14 s.src = './resources/script-with-header.pl?mime=application/json'; |
| 15 document.querySelector('head').appendChild(s); |
| 16 |
11 window.onload = function () { | 17 window.onload = function () { |
12 shouldBe('window.scriptsSuccessfullyLoaded', '0'); | 18 shouldBe('window.scriptsSuccessfullyLoaded', '0'); |
13 finishJSTest(); | 19 finishJSTest(); |
14 }; | 20 }; |
15 </script> | 21 </script> |
16 <script src="./resources/script-with-header.pl"></script> | |
17 </body> | 22 </body> |
18 </html> | 23 </html> |
OLD | NEW |