Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(28)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/report-original-url.php

Issue 2551893002: Upgrade-Insecure-Requests: Split CSP checks into pre-upgrade and post-upgrade.
Patch Set: Created 4 years ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/report-multiple-violations-01-expected.txt ('k') | third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/report-uri-multiple-expected.txt » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/report-original-url.php
diff --git a/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/report-original-url.php b/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/report-original-url.php
index 321f56449ea0ea660ae4ed8b2e39547598a52f87..9bbd0df3bb86e3a8ac915897d3ece0a12c6b1bb5 100644
--- a/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/report-original-url.php
+++ b/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/report-original-url.php
@@ -1,5 +1,5 @@
<?php
- header("Content-Security-Policy-Report-Only: img-src http://allowed.test");
+ header("Content-Security-Policy-Report-Only: img-src http://allowed.test:8000");
?>
<!DOCTYPE html>
<script src="/resources/testharness.js"></script>
@@ -15,6 +15,26 @@ function createListener(expectedURL, test) {
document.addEventListener('securitypolicyviolation', listener);
}
+function createUncalledListener(expectedURL, test) {
+ var listener = test.step_func(e => {
+ if (e.blockedURI == expectedURL) {
+ document.removeEventListener('securitypolicyviolation', listener);
+ assert_unreached('Violation generated for ' + expectedURL);
+ }
+ });
+ document.addEventListener('securitypolicyviolation', listener);
+}
+
+/*
+async_test(t => {
+ var i = document.createElement('img');
+ // TODO(mkwst): This should be `http://allowed.test:8000/security/resources/redir.php?url=...`
+ // rather than the redirect target: https://crbug.com/613960
+ createUncalledListener("http://allowed.test:8000/security/resources/compass.jpg?t=0", t);
+ i.src = "http://allowed.test:8000/security/resources/compass.jpg?t=0";
+ i.onload = t.step_func_done();
+}, "allowed => allowed, no report");
+
async_test(t => {
var i = document.createElement('img');
createListener("http://127.0.0.1:8000/security/resources/compass.jpg?t=1", t);
@@ -26,20 +46,31 @@ async_test(t => {
createListener("http://blocked.test:8000/security/resources/compass.jpg?t=2", t);
i.src = "http://blocked.test:8000/security/resources/compass.jpg?t=2";
}, "Direct block, cross-origin = full URL in report");
+*/
async_test(t => {
var i = document.createElement('img');
// TODO(mkwst): This should be `http://allowed.test:8000/security/resources/redir.php?url=...`
// rather than the redirect target: https://crbug.com/613960
- createListener("http://127.0.0.1:8000/security/resources/compass.jpg?t=3", t);
+ createListener("http://allowed.test:8000/security/resources/redir.php?url=" + encodeURIComponent("http://127.0.0.1:8000/security/resources/compass.jpg?t=3"), t);
i.src = "http://allowed.test:8000/security/resources/redir.php?url=" + encodeURIComponent("http://127.0.0.1:8000/security/resources/compass.jpg?t=3");
}, "Block after redirect, same-origin = original URL in report");
+/*
async_test(t => {
var i = document.createElement('img');
// TODO(mkwst): This should be `http://allowed.test:8000/security/resources/redir.php?url=...`
// rather than the redirect target: https://crbug.com/613960
- createListener("http://blocked.test:8000", t);
+ createListener("http://allowed.test:8000/security/resources/redir.php?url=" + encodeURIComponent("http://blocked.test:8000/security/resources/compass.jpg?t=4"), t);
i.src = "http://allowed.test:8000/security/resources/redir.php?url=" + encodeURIComponent("http://blocked.test:8000/security/resources/compass.jpg?t=4");
}, "Block after redirect, cross-origin = original URL in report");
+
+async_test(t => {
+ var i = document.createElement('img');
+ // TODO(mkwst): This should be `http://allowed.test:8000/security/resources/redir.php?url=...`
+ // rather than the redirect target: https://crbug.com/613960
+ createUncalledListener("http://allowed.test:8000/security/resources/redir.php?url=" + encodeURIComponent("http://allowed.test:8000/security/resources/compass.jpg?t=5"), t);
+ i.src = "http://allowed.test:8000/security/resources/redir.php?url=" + encodeURIComponent("http://allowed.test:8000/security/resources/compass.jpg?t=5");
+}, "allowed => allowed, no report");
+*/
</script>
« no previous file with comments | « third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/report-multiple-violations-01-expected.txt ('k') | third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/report-uri-multiple-expected.txt » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698