Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(109)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/require-sri-for/require-sri-for-style-blocked.php

Issue 2056183002: Implement the `require-sri-for` CSP directive (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: addressed comments Created 4 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/require-sri-for/require-sri-for-script-blocked.php ('K') | « third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/require-sri-for/require-sri-for-style-allowed.php ('k') | third_party/WebKit/Source/core/fetch/FetchRequest.h » ('j') | third_party/WebKit/Source/core/frame/csp/CSPDirectiveList.cpp » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 <?php 1 <?php
2 header("Content-Security-Policy: style-src 'nonce-abc'"); 2 header("Content-Security-Policy: require-sri-for style;");
3 ?> 3 ?>
4 <!doctype html> 4 <!doctype html>
5 <script src="/resources/testharness.js"></script> 5 <script src="/resources/testharness.js"></script>
6 <script src="/resources/testharnessreport.js"></script> 6 <script src="/resources/testharnessreport.js"></script>
7 <script> 7 <script>
8 async_test(t => { 8 async_test(t => {
9 var watcher = new EventWatcher(t, document, ['securitypolicyviolation',' securitypolicyviolation']); 9 var watcher = new EventWatcher(t, document, ['securitypolicyviolation',' securitypolicyviolation']);
10 watcher 10 watcher
11 .wait_for('securitypolicyviolation') 11 .wait_for('securitypolicyviolation')
12 .then(t.step_func(e => {
13 assert_equals(e.blockedURI, "inline");
14 assert_equals(e.lineNumber, 24);
15 return watcher.wait_for('securitypolicyviolation');
16 }))
17 .then(t.step_func_done(e => { 12 .then(t.step_func_done(e => {
18 assert_equals(e.blockedURI, "http://127.0.0.1:8000/security/cont entSecurityPolicy/style-set-red.css"); 13 assert_equals(e.blockedURI, "http://127.0.0.1:8000/security/cont entSecurityPolicy/style-set-red.css");
19 assert_equals(e.lineNumber, 25); 14 assert_equals(e.lineNumber, 15);
20 })); 15 }));
21 }, "Incorrectly nonced style blocks generate reports."); 16 }, "Stylesheets without integrity generate reports.");
22 </script> 17 </script>
23 <style> 18 <link rel="stylesheet" href="/security/contentSecurityPolicy/style-set-red.css">
24 #test1 {
25 color: rgba(1,1,1,1);
26 }
27 </style>
28 <link rel="stylesheet" href="/security/contentSecurityPolicy/style-set-red.css" nonce="xyz">
29 <script> 19 <script>
30 async_test(t => { 20 async_test(t => {
31 window.onload = t.step_func_done(_ => { 21 window.onload = t.step_func_done(_ => {
32 assert_equals(document.styleSheets.length, 0); 22 assert_equals(document.styleSheets.length, 0);
33 }); 23 });
34 }, "Incorrectly nonced stylesheets do not load."); 24 }, "Stylesheets without integrity do not load.");
35 </script> 25 </script>
OLDNEW
« third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/require-sri-for/require-sri-for-script-blocked.php ('K') | « third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/require-sri-for/require-sri-for-style-allowed.php ('k') | third_party/WebKit/Source/core/fetch/FetchRequest.h » ('j') | third_party/WebKit/Source/core/frame/csp/CSPDirectiveList.cpp » ('J')

Powered by Google App Engine
This is Rietveld 408576698