OLD | NEW |
(Empty) | |
| 1 import json |
| 2 def main(request, response): |
| 3 headers = [("Content-Type", "text/html")] |
| 4 if "allow_csp_from" in request.GET: |
| 5 headers.append(("Allow-CSP-From", request.GET["allow_csp_from"])) |
| 6 message = request.GET["id"] |
| 7 return headers, ''' |
| 8 <!DOCTYPE html> |
| 9 <html> |
| 10 <head> |
| 11 <title>This page enforces embedder's policies</title> |
| 12 <script nonce="123"> |
| 13 document.addEventListener("securitypolicyviolation", function(e) { |
| 14 var response = {}; |
| 15 response["id"] = "%s"; |
| 16 response["securitypolicyviolation"] = true; |
| 17 response["blockedURI"] = e.blockedURI; |
| 18 response["lineNumber"] = e.lineNumber; |
| 19 window.top.postMessage(response, '*'); |
| 20 }); |
| 21 </script> |
| 22 </head> |
| 23 <body> |
| 24 <style> |
| 25 body { |
| 26 background-color: maroon; |
| 27 } |
| 28 </style> |
| 29 <script nonce="abc"> |
| 30 var response = {}; |
| 31 response["id"] = "%s"; |
| 32 response["loaded"] = true; |
| 33 window.top.postMessage(response, '*'); |
| 34 </script> |
| 35 </body> |
| 36 </html> |
| 37 ''' % (message, message) |
OLD | NEW |