OLD | NEW |
---|---|
(Empty) | |
1 <?php | |
2 header("Content-Security-Policy: require-sri-for script; script-src 'self' ' unsafe-inline'"); | |
3 ?> | |
4 <!doctype html> | |
5 <script crossorigin integrity="sha384-UJisrHOd28H+f7qUM4ht1sXeUXdQueftSMZzxqyAxS jCz3uRQKGYyihAu2NJZV/W" src="/resources/testharness.js"></script> | |
6 <script crossorigin integrity="sha384-n7qQ0cyZ8yW0wYyNNS+P26cklS47KYG3pDDR87Ya3Z +V0RsKbPi8W3R/8Io7jEeo" src="/resources/testharnessreport.js"></script> | |
7 <script> | |
8 async_test(t => { | |
9 var watcher = new EventWatcher(t, document, ['securitypolicyviolation',' securitypolicyviolation']); | |
Mike West
2016/06/21 07:29:36
Do you expect two securitypoicyviolation events?
| |
10 watcher | |
11 .wait_for('securitypolicyviolation') | |
12 .then(t.step_func_done(e => { | |
13 assert_equals(e.blockedURI, "http://127.0.0.1:8000/security/cont entSecurityPolicy/require-sri-for/not-ran.js"); | |
14 })); | |
15 }, "Script without integrity generates reports."); | |
16 | |
17 var executed_test = async_test("Script that requires integrity executes and does not generate a violation report."); | |
18 var unexecuted_test = async_test("Request to script without integrity is blo cked, and generates violation report"); | |
19 </script> | |
20 <script crossorigin integrity="sha384-SOGIJ0vOWzweNE6RLF/TOXGmPzCxF5+dNuBP4x1Ngn KsfC4yFCVIDJILalTMwUrp" src="ran.js"></script> | |
21 <script src="not-ran.js"></script> | |
22 <script> | |
23 executed_test.done(); | |
24 unexecuted_test.done(); | |
25 </script> | |
OLD | NEW |