Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(8)

Side by Side Diff: third_party/WebKit/LayoutTests/http/tests/security/mixedContent/strict-mode-image-reportonly.https.php

Issue 1931063004: Stop blocking 'http://127.0.0.1/' as mixed content. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Ugh. Created 4 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
OLDNEW
1 <?php 1 <?php
2 header("Content-Security-Policy-Report-Only: block-all-mixed-content"); 2 header("Content-Security-Policy-Report-Only: block-all-mixed-content");
3 ?> 3 ?>
4 <!doctype html> 4 <!doctype html>
5 <script src="/resources/testharness.js"></script> 5 <script src="/resources/testharness.js"></script>
6 <script src="/resources/testharnessreport.js"></script> 6 <script src="/resources/testharnessreport.js"></script>
7 <body> 7 <body>
8 <script> 8 <script>
9 function waitForEvent(t, el, name) { 9 function waitForEvent(t, el, name) {
10 return new EventWatcher(t, el, [name]).wait_for(name); 10 return new EventWatcher(t, el, [name]).wait_for(name);
11 } 11 }
12 12
13 async_test(t => { 13 async_test(t => {
14 var i = document.createElement('img'); 14 var i = document.createElement('img');
15 i.onerror = t.unreached_func(); 15 i.onerror = t.unreached_func();
16 16
17 Promise.all([ 17 Promise.all([
18 waitForEvent(t, i, 'load').then(_ => { 18 waitForEvent(t, i, 'load').then(_ => {
19 assert_equals(128, i.naturalWidth); 19 assert_equals(128, i.naturalWidth);
20 assert_equals(128, i.naturalHeight); 20 assert_equals(128, i.naturalHeight);
21 }), 21 }),
22 waitForEvent(t, document, 'securitypolicyviolation').then(e => { 22 waitForEvent(t, document, 'securitypolicyviolation').then(e => {
23 var expectations = { 23 var expectations = {
24 'documentURI': document.location.toString(), 24 'documentURI': document.location.toString(),
25 'referrer': document.referrer, 25 'referrer': document.referrer,
26 'blockedURI': 'http://127.0.0.1:8080/security/resources/comp ass.jpg?t=1', 26 'blockedURI': 'http://example.test:8080/security/resources/c ompass.jpg?t=1',
27 'violatedDirective': 'block-all-mixed-content', 27 'violatedDirective': 'block-all-mixed-content',
28 'effectiveDirective': 'block-all-mixed-content', 28 'effectiveDirective': 'block-all-mixed-content',
29 'originalPolicy': 'block-all-mixed-content', 29 'originalPolicy': 'block-all-mixed-content',
30 'sourceFile': '', 30 'sourceFile': '',
31 'lineNumber': 0, 31 'lineNumber': 0,
32 'columnNumber': 0, 32 'columnNumber': 0,
33 'statusCode': 0 33 'statusCode': 0
34 }; 34 };
35 for (key in expectations) 35 for (key in expectations)
36 assert_equals(expectations[key], e[key], key); 36 assert_equals(expectations[key], e[key], key);
37 }) 37 })
38 ]).then(t.step_func_done()); 38 ]).then(t.step_func_done());
39 39
40 i.src = "http://127.0.0.1:8080/security/resources/compass.jpg?t=1"; 40 i.src = "http://example.test:8080/security/resources/compass.jpg?t=1";
41 }, "Mixed images are allowed and generate CSP violation reports in the prese nce of 'block-all-mixed-content' in report-only mode."); 41 }, "Mixed images are allowed and generate CSP violation reports in the prese nce of 'block-all-mixed-content' in report-only mode.");
42 </script> 42 </script>
OLDNEW

Powered by Google App Engine
This is Rietveld 408576698