Chromium Code Reviews Chromium Code Reviews
Issue 954233003:
Enable SRI only for same origin and CORS content. (Closed)
Base URL: https://chromium.googlesource.com/chromium/blink.git@master| Index: LayoutTests/http/tests/security/subresourceIntegrity/subresource-integrity-script-no-cors.html |
| diff --git a/LayoutTests/http/tests/security/subresourceIntegrity/subresource-integrity-script-no-cors.html b/LayoutTests/http/tests/security/subresourceIntegrity/subresource-integrity-script-no-cors.html |
| new file mode 100644 |
| index 0000000000000000000000000000000000000000..df2ee7bca828bed733c8684ebce5292ab88c6e3d |
| --- /dev/null |
| +++ b/LayoutTests/http/tests/security/subresourceIntegrity/subresource-integrity-script-no-cors.html |
| @@ -0,0 +1,21 @@ |
| +<!DOCTYPE html> |
| +<head> |
| +</head> |
| +<body> |
| + <script src="/js-test-resources/js-test.js"></script> |
| + <script> |
| + var result = false; |
| + var scriptLoaded = function() { |
| + if (result) |
| + testFailed('Script ran.'); |
| + else |
| + testPassed('Script did not run.'); |
| + finishJSTest(); |
| + }; |
| + |
| + window.jsTestIsAsync = true; |
| + description("The test passes if the script fails to run and there is also a console error saying that the specified integrity attribute cannot be enforced because the resource is not CORS enabled."); |
| + </script> |
| + <script integrity="ni:///sha256;deadbeef" src="http://localhost:8000/security/resources/cors-script.php?credentials=true&cors=false&value=true" onload="scriptLoaded();"></script> |
|
Mike West
2015/03/06 03:17:09
You're conflating a few things here:
1. You've d
jww
2015/03/06 08:24:21
Yup, I added a bunch of tests. This is probably as
|
| +</body> |
| +</html> |
