CSP Suborigins

LayoutTests/http/tests/security/contentSecurityPolicy/resources/suborigin.php

Index: LayoutTests/http/tests/security/contentSecurityPolicy/resources/suborigin.php
diff --git a/LayoutTests/http/tests/security/contentSecurityPolicy/resources/suborigin.php b/LayoutTests/http/tests/security/contentSecurityPolicy/resources/suborigin.php
new file mode 100644
index 0000000000000000000000000000000000000000..022d0d63ee8c1809e1bc368d71d0f7ab20d0207e
--- /dev/null
+++ b/LayoutTests/http/tests/security/contentSecurityPolicy/resources/suborigin.php
@@ -0,0 +1,12 @@
+<?php

[Mike West, 2014/10/23 12:59:18]

Nit: I'd suggest moving the tests into http/tests/security/suborigins/ rather
than lumping them in with CSP. CSP is just the delivery mechanism.

[jww, 2015/03/20 22:50:02]

Done.

+if ($_GET["report-only"]) {
+    header("Content-Security-Policy-Report-Only: suborigin " . $_GET["suborigin"]);
+} else {
+    header("Content-Security-Policy: suborigin " . $_GET["suborigin"]);
+}
+?>
+<!DOCTYPE html>
+<p>Ready</p>
+<script>
+window.secret = "I am a secret";
+</script>