| Index: third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/nonces/import-enforce-blocked.php
|
| diff --git a/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/nonces/import-enforce-blocked.php b/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/nonces/import-enforce-blocked.php
|
| new file mode 100644
|
| index 0000000000000000000000000000000000000000..2f134fc303d35e955dcfc4a0bea2642233bde055
|
| --- /dev/null
|
| +++ b/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/nonces/import-enforce-blocked.php
|
| @@ -0,0 +1,27 @@
|
| +<?php
|
| + header("Content-Security-Policy: script-src 'nonce-abc'");
|
| +?>
|
| +<!doctype html>
|
| +<script nonce="abc" src="/resources/testharness.js"></script>
|
| +<script nonce="abc" src="/resources/testharnessreport.js"></script>
|
| +<script nonce="abc">
|
| + async_test(t => {
|
| + window.onload = t.step_func(_ => {
|
| + var link = document.createElement('link');
|
| + link.setAttribute("rel", "import");
|
| + link.setAttribute("nonce", "zyx");
|
| + link.setAttribute("href", "/security/resources/blank.html");
|
| +
|
| + var watcher = new EventWatcher(t, document, ['securitypolicyviolation']);
|
| + watcher
|
| + .wait_for('securitypolicyviolation')
|
| + .then(t.step_func_done(e => {
|
| + assert_false(!!link.import, "The import was not loaded.");
|
| + assert_equals(e.blockedURI, "http://127.0.0.1:8000/security/resources/blank.html");
|
| + assert_equals(e.lineNumber, 21);
|
| + }));
|
| +
|
| + document.body.appendChild(link);
|
| + });
|
| + }, "Incorrectly nonced imports do not load, and trigger reports.");
|
| +</script>
|
|
|
Chromium Code Reviews
Issue 2147853003:
Teach 'LinkRequestBuilder' about the 'nonce' attribute. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@preload