| OLD | NEW |
|---|
| 1 var CROSS_ORIGIN_URL = "http://localhost:8000/security/contentSecurityPolicy/res
ources/respond-with-allow-csp-from-header.php"; | 1 var CROSS_ORIGIN_URL_ACF_HEADERS = "http://localhost:8000/security/contentSecuri
tyPolicy/resources/respond-with-allow-csp-from-header.php"; |
| 2 var SAME_ORIGIN_URL = "http://127.0.0.1:8000/security/contentSecurityPolicy/reso
urces/respond-with-allow-csp-from-header.php"; | 2 var SAME_ORIGIN_URL_ACF_HEADERS = "http://127.0.0.1:8000/security/contentSecuri
tyPolicy/resources/respond-with-allow-csp-from-header.php"; |
| 3 | 3 |
| 4 var CROSS_ORIGIN_URL_CSP_HEADERS = "http://localhost:8000/security/contentSecuri
tyPolicy/resources/respond-with-multiple-csp-headers.php"; |
| 5 var SAME_ORIGIN_URL_CSP_HEADERS = "http://127.0.0.1:8000/security/contentSecuri
tyPolicy/resources/respond-with-multiple-csp-headers.php"; |
| 6 |
| 4 var EXPECT_BLOCK = true; | 7 var EXPECT_BLOCK = true; |
| 5 var EXPECT_LOAD = false; | 8 var EXPECT_LOAD = false; |
| 6 | 9 |
| 7 var CROSS_ORIGIN = true; | 10 var CROSS_ORIGIN = true; |
| 8 var SAME_ORIGIN = false; | 11 var SAME_ORIGIN = false; |
| 9 | 12 |
| 10 function injectIframeWithCSP(url, shouldBlock, csp, t, urlId) { | 13 function injectIframeWithCSP(url, shouldBlock, csp, t, urlId) { |
| 11 var i = document.createElement('iframe'); | 14 var i = document.createElement('iframe'); |
| 12 i.src = url + "&id=" + urlId; | 15 i.src = url + "&id=" + urlId; |
| 13 i.csp = csp; | 16 i.csp = csp; |
| (...skipping 23 matching lines...) Expand all Loading... |
| 37 t.unreached_func("There should not be any violations.")); | 40 t.unreached_func("There should not be any violations.")); |
| 38 i.onload = t.step_func(function () { | 41 i.onload = t.step_func(function () { |
| 39 // Delay the check until after the postMessage has a chance to execu
te. | 42 // Delay the check until after the postMessage has a chance to execu
te. |
| 40 setTimeout(t.step_func_done(function () { | 43 setTimeout(t.step_func_done(function () { |
| 41 assert_true(loaded[urlId]); | 44 assert_true(loaded[urlId]); |
| 42 }), 1); | 45 }), 1); |
| 43 }); | 46 }); |
| 44 } | 47 } |
| 45 document.body.appendChild(i); | 48 document.body.appendChild(i); |
| 46 } | 49 } |
| 50 |
| 47 function generateUrlWithAllowCSPFrom(useCrossOrigin, allowCspFrom) { | 51 function generateUrlWithAllowCSPFrom(useCrossOrigin, allowCspFrom) { |
| 48 var url = useCrossOrigin ? CROSS_ORIGIN_URL : SAME_ORIGIN_URL; | 52 var url = useCrossOrigin ? CROSS_ORIGIN_URL_ACF_HEADERS : SAME_ORIGIN_URL_AC
F_HEADERS; |
| 49 return url + "?allow_csp_from=" + allowCspFrom; | 53 return url + "?allow_csp_from=" + allowCspFrom; |
| 50 } | 54 } |
| 55 |
| 56 function generateUrlWithCSP(useCrossOrigin, csp) { |
| 57 var url = useCrossOrigin ? CROSS_ORIGIN_URL_CSP_HEADERS : SAME_ORIGIN_URL_CS
P_HEADERS; |
| 58 return url + "?csp=" + csp; |
| 59 } |
| 60 |
| 61 function generateUrlWithCSPMultiple(useCrossOrigin, csp, csp2, cspReportOnly) { |
| 62 var url = useCrossOrigin ? CROSS_ORIGIN_URL_CSP_HEADERS : SAME_ORIGIN_URL_CS
P_HEADERS; |
| 63 return url + "?csp=" + csp + "?csp2=" + csp2 + "?csp_report_only=" + cspRepo
rtOnly; |
| 64 } |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2526473005:
Part 4.1: Is policy list subsumed under subsuming policy? (Closed)
