| Index: third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/multiple-policies-with-nonce.php
|
| diff --git a/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/multiple-policies-with-nonce.php b/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/multiple-policies-with-nonce.php
|
| index cae08214aa0ca39a58ebeec35f03f41e56065cc3..f321562df1b9f2290cfd2265c9bb675cc502fcbb 100644
|
| --- a/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/multiple-policies-with-nonce.php
|
| +++ b/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/multiple-policies-with-nonce.php
|
| @@ -1,5 +1,7 @@
|
| <?php
|
| -header("Content-Security-Policy: script-src 'nonce-abcd1234'");
|
| +# Note that the frame-ancestors directive is part of a *second* header and
|
| +# policy, not the first policy with the script-src.
|
| +header("Content-Security-Policy: script-src 'nonce-abcd1234', frame-ancestors 'self'");
|
| header("Content-Security-Policy-Report-Only: script-src 'self'");
|
| ?>
|
| <!DOCTYPE html>
|
| @@ -11,5 +13,5 @@ header("Content-Security-Policy-Report-Only: script-src 'self'");
|
| <script nonce="abcd1234">
|
| test(_ => {
|
| assert_true(true);
|
| - }, "This script block has a matching nonce, and should execute.");
|
| + }, "This script block has a matching nonce, and should execute.");
|
| </script>
|
|
|
Chromium Code Reviews
Issue 2006653005:
Fix bug where a second CSP without script-src would cause failure (Closed)
Base URL: https://chromium.googlesource.com/chromium/src@master