third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/nonces/style-multiple-blocked.php - Issue 2785463002: CSP: Don't override the location set in reportViolationWithLocation.

Side by Side Diff: third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/nonces/style-multiple-blocked.php

Issue 2785463002: CSP: Don't override the location set in reportViolationWithLocation. (Closed)

Patch Set: Do not use a default value because of forward declaration. Created 3 years, 8 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

« no previous file with comments | « third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/nonces/style-enforce-blocked.php ('k') | third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/nonces/style-reportonly-allowed.php » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

OLD	NEW
1 <?php	1 <?php

2 header("Content-Security-Policy: style-src 'nonce-abc'");	2 header("Content-Security-Policy: style-src 'nonce-abc'");

3 header("Content-Security-Policy-Report-Only: style-src 'nonce-xyz'");	3 header("Content-Security-Policy-Report-Only: style-src 'nonce-xyz'");

4 ?>	4 ?>

5 <!doctype html>	5 <!doctype html>

6 <script src="/resources/testharness.js"></script>	6 <script src="/resources/testharness.js"></script>

7 <script src="/resources/testharnessreport.js"></script>	7 <script src="/resources/testharnessreport.js"></script>

8 <script>	8 <script>

9 async_test(t => {	9 async_test(t => {

10 var watcher = new EventWatcher(t, document, ['securitypolicyviolation',' securitypolicyviolation', 'securitypolicyviolation']);	10 var watcher = new EventWatcher(t, document, ['securitypolicyviolation',' securitypolicyviolation', 'securitypolicyviolation']);

11 watcher	11 watcher

12 .wait_for('securitypolicyviolation')	12 .wait_for('securitypolicyviolation')

13 .then(t.step_func(e => {	13 .then(t.step_func(e => {

14 assert_equals(e.blockedURI, "inline");	14 assert_equals(e.blockedURI, "inline");

15 assert_equals(e.lineNumber, 29);	15 assert_equals(e.lineNumber, 25);

16 return watcher.wait_for('securitypolicyviolation');	16 return watcher.wait_for('securitypolicyviolation');

17 }))	17 }))

18 .then(t.step_func(e => {	18 .then(t.step_func(e => {

19 assert_equals(e.blockedURI, "inline");	19 assert_equals(e.blockedURI, "inline");

20 assert_equals(e.lineNumber, 29);	20 assert_equals(e.lineNumber, 25);

21 return watcher.wait_for('securitypolicyviolation');	21 return watcher.wait_for('securitypolicyviolation');

22 }))	22 }))

23 .then(t.step_func_done(e => {	23 .then(t.step_func_done(e => {

24 assert_equals(e.blockedURI, "http://127.0.0.1:8000/security/cont entSecurityPolicy/style-set-red.css");	24 assert_equals(e.blockedURI, "http://127.0.0.1:8000/security/cont entSecurityPolicy/style-set-red.css");

25 assert_equals(e.lineNumber, 30);	25 assert_equals(e.lineNumber, 30);

26 }));	26 }));

27 }, "Incorrectly nonced style blocks generate reports.");	27 }, "Incorrectly nonced style blocks generate reports.");

28 </script>	28 </script>

29 <style>	29 <style>

30 #test1 {	30 #test1 {

31 color: rgba(1,1,1,1);	31 color: rgba(1,1,1,1);

32 }	32 }

33 </style>	33 </style>

34 <link rel="stylesheet" href="/security/contentSecurityPolicy/style-set-red.css" nonce="xyz">	34 <link rel="stylesheet" href="/security/contentSecurityPolicy/style-set-red.css" nonce="xyz">

35 <script>	35 <script>

36 async_test(t => {	36 async_test(t => {

37 window.onload = t.step_func_done(_ => {	37 window.onload = t.step_func_done(_ => {

38 assert_equals(document.styleSheets.length, 1);	38 assert_equals(document.styleSheets.length, 1);

39 assert_equals(document.styleSheets[0].rules.length, 0);	39 assert_equals(document.styleSheets[0].rules.length, 0);

40 });	40 });

41 }, "Incorrectly nonced stylesheets do not load.");	41 }, "Incorrectly nonced stylesheets do not load.");

42 </script>	42 </script>

OLD	NEW