OLD | NEW |
1 var CROSS_ORIGIN_URL = "http://localhost:8000/security/contentSecurityPolicy/res
ources/respond-with-allow-csp-from-header.php"; | 1 var CROSS_ORIGIN_URL_ACF_HEADERS = "http://localhost:8000/security/contentSecuri
tyPolicy/resources/respond-with-allow-csp-from-header.php"; |
2 var SAME_ORIGIN_URL = "http://127.0.0.1:8000/security/contentSecurityPolicy/reso
urces/respond-with-allow-csp-from-header.php"; | 2 var SAME_ORIGIN_URL_ACF_HEADERS = "http://127.0.0.1:8000/security/contentSecuri
tyPolicy/resources/respond-with-allow-csp-from-header.php"; |
3 | 3 |
| 4 var CROSS_ORIGIN_URL_CSP_HEADERS = "http://localhost:8000/security/contentSecuri
tyPolicy/resources/respond-with-multiple-csp-headers.php"; |
| 5 var SAME_ORIGIN_URL_CSP_HEADERS = "http://127.0.0.1:8000/security/contentSecuri
tyPolicy/resources/respond-with-multiple-csp-headers.php"; |
| 6 |
4 var EXPECT_BLOCK = true; | 7 var EXPECT_BLOCK = true; |
5 var EXPECT_LOAD = false; | 8 var EXPECT_LOAD = false; |
6 | 9 |
7 var CROSS_ORIGIN = true; | 10 var CROSS_ORIGIN = true; |
8 var SAME_ORIGIN = false; | 11 var SAME_ORIGIN = false; |
9 | 12 |
10 function injectIframeWithCSP(url, shouldBlock, csp, t, urlId) { | 13 function injectIframeWithCSP(url, shouldBlock, csp, t, urlId) { |
11 var i = document.createElement('iframe'); | 14 var i = document.createElement('iframe'); |
12 i.src = url + "&id=" + urlId; | 15 i.src = url + "&id=" + urlId; |
13 i.csp = csp; | 16 i.csp = csp; |
(...skipping 23 matching lines...) Expand all Loading... |
37 t.unreached_func("There should not be any violations.")); | 40 t.unreached_func("There should not be any violations.")); |
38 i.onload = t.step_func(function () { | 41 i.onload = t.step_func(function () { |
39 // Delay the check until after the postMessage has a chance to execu
te. | 42 // Delay the check until after the postMessage has a chance to execu
te. |
40 setTimeout(t.step_func_done(function () { | 43 setTimeout(t.step_func_done(function () { |
41 assert_true(loaded[urlId]); | 44 assert_true(loaded[urlId]); |
42 }), 1); | 45 }), 1); |
43 }); | 46 }); |
44 } | 47 } |
45 document.body.appendChild(i); | 48 document.body.appendChild(i); |
46 } | 49 } |
| 50 |
47 function generateUrlWithAllowCSPFrom(useCrossOrigin, allowCspFrom) { | 51 function generateUrlWithAllowCSPFrom(useCrossOrigin, allowCspFrom) { |
48 var url = useCrossOrigin ? CROSS_ORIGIN_URL : SAME_ORIGIN_URL; | 52 var url = useCrossOrigin ? CROSS_ORIGIN_URL_ACF_HEADERS : SAME_ORIGIN_URL_AC
F_HEADERS; |
49 return url + "?allow_csp_from=" + allowCspFrom; | 53 return url + "?allow_csp_from=" + allowCspFrom; |
50 } | 54 } |
| 55 |
| 56 function generateUrlWithCSP(useCrossOrigin, csp) { |
| 57 var url = useCrossOrigin ? CROSS_ORIGIN_URL_CSP_HEADERS : SAME_ORIGIN_URL_CS
P_HEADERS; |
| 58 return url + "?csp=" + csp; |
| 59 } |
| 60 |
| 61 function generateUrlWithCSPMultiple(useCrossOrigin, csp, csp2, cspReportOnly) { |
| 62 var url = useCrossOrigin ? CROSS_ORIGIN_URL_CSP_HEADERS : SAME_ORIGIN_URL_CS
P_HEADERS; |
| 63 return url + "?csp=" + csp + "?csp2=" + csp2 + "?csp_report_only=" + cspRepo
rtOnly; |
| 64 } |
OLD | NEW |