Index: third_party/WebKit/LayoutTests/external/wpt/content-security-policy/embedded-enforcement/support/echo-allow-csp-from.py |
diff --git a/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/embedded-enforcement/support/echo-allow-csp-from.py b/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/embedded-enforcement/support/echo-allow-csp-from.py |
new file mode 100644 |
index 0000000000000000000000000000000000000000..fa1064adc84a21029fa2cc8c1afa887018da44ad |
--- /dev/null |
+++ b/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/embedded-enforcement/support/echo-allow-csp-from.py |
@@ -0,0 +1,37 @@ |
+import json |
+def main(request, response): |
+ headers = [("Content-Type", "text/html")] |
+ if "allow_csp_from" in request.GET: |
+ headers.append(("Allow-CSP-From", request.GET["allow_csp_from"])) |
+ message = request.GET["id"] |
+ return headers, ''' |
+<!DOCTYPE html> |
+<html> |
+<head> |
+ <title>This page enforces embedder's policies</title> |
+ <script nonce="123"> |
+ document.addEventListener("securitypolicyviolation", function(e) { |
+ var response = {}; |
+ response["id"] = "%s"; |
+ response["securitypolicyviolation"] = true; |
+ response["blockedURI"] = e.blockedURI; |
+ response["lineNumber"] = e.lineNumber; |
+ window.top.postMessage(response, '*'); |
+ }); |
+ </script> |
+</head> |
+<body> |
+ <style> |
+ body { |
+ background-color: maroon; |
+ } |
+ </style> |
+ <script nonce="abc"> |
+ var response = {}; |
+ response["id"] = "%s"; |
+ response["loaded"] = true; |
+ window.top.postMessage(response, '*'); |
+ </script> |
+</body> |
+</html> |
+''' % (message, message) |