OLD | NEW |
(Empty) | |
| 1 <?php |
| 2 header("Content-Security-Policy-Report-Only: require-sri-for style; script-s
rc 'self' 'unsafe-inline'"); |
| 3 ?> |
| 4 <!doctype html> |
| 5 <script src="/resources/testharness.js"></script> |
| 6 <script src="/resources/testharnessreport.js"></script> |
| 7 <link rel="stylesheet" crossorigin integrity="sha256-48sSy1L+0pGBMr3XQog56zBcXid
1hhmpAwenUuKoe5w=" href="/security/contentSecurityPolicy/resources/style-set-red
.css"> |
| 8 <script> |
| 9 async_test(t => { |
| 10 var watcher = new EventWatcher(t, document, ['securitypolicyviolation'])
; |
| 11 watcher |
| 12 .wait_for('securitypolicyviolation') |
| 13 .then(t.step_func_done(e => { |
| 14 assert_equals(e.blockedURI, "http://127.0.0.1:8000/security/cont
entSecurityPolicy/blue.css"); |
| 15 assert_equals(e.lineNumber, 16); |
| 16 })); |
| 17 }, "Stylesheets without integrity generate reports."); |
| 18 </script> |
| 19 <link rel="stylesheet" href="/security/contentSecurityPolicy/blue.css"> |
| 20 <script> |
| 21 async_test(t => { |
| 22 window.onload = t.step_func_done(_ => { |
| 23 assert_equals(document.styleSheets.length, 2); |
| 24 assert_equals(document.styleSheets[0].href, "http://127.0.0.1:8000/s
ecurity/contentSecurityPolicy/resources/style-set-red.css"); |
| 25 assert_equals(document.styleSheets[1].href, "http://127.0.0.1:8000/s
ecurity/contentSecurityPolicy/blue.css"); |
| 26 }); |
| 27 }, "Stylesheet with integrity loads, and does not trigger reports."); |
| 28 </script> |
OLD | NEW |