Update web-platform-tests to revision d8b8e0b8efe993a37404d6c6fc75e16fdc16b7d8

2025-08-20 21:05:34 +01:00 · 2018-10-25 21:32:39 -04:00 · 2018-10-25 21:32:39 -04:00 · e07315e6af
commit e07315e6af
parent abc0f50d20
221 changed files with 7334 additions and 774 deletions
--- a/tests/wpt/web-platform-tests/content-security-policy/generic/304-response-should-update-csp.sub.html
+++ b/tests/wpt/web-platform-tests/content-security-policy/generic/304-response-should-update-csp.sub.html
@ -0,0 +1,52 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+    <script src='/resources/testharness.js'></script>
+    <script src='/resources/testharnessreport.js'></script>
+    <title>Test that a 304 response will update the CSP header</title>
+</head>
+<body>
+  <script>
+    var t1 = async_test("Test that the first frame uses nonce abc");
+    var t2 = async_test("Test that the first frame does not use nonce def");
+
+    var t3 = async_test("Test that the second frame uses nonce def");
+    var t4 = async_test("Test that the second frame does not use nonce abc");
+
+    var i1 = document.createElement('iframe');
+    // We add a random parameter to avoid previous tests cached requests.
+    // We want to make sure i1 gets a 200 code and i2 gets a 304 code.
+    i1.src = "support/304-response.py?{{$id:uuid()}}";
+
+    var i2 = document.createElement('iframe');
+    i2.src = "support/304-response.py?{{$id}}";
+
+    var load_second_frame = function() {
+      document.body.appendChild(i2);
+    }
+
+    window.onmessage = function(e) {
+      if (e.source == i1.contentWindow) {
+        if (e.data == "abc_executed") { t1.done(); return; }
+        if (e.data == "script-src 'nonce-abc' 'sha256-IIB78ZS1RMMrAWpsLg/RrDbVPhI14rKm3sFOeKPYulw=';") { t2.done(); return; }
+
+        t1.step(function() { assert_unreached("Unexpected message received"); });
+        t2.step(function() { assert_unreached("Unexpected message received"); });
+      }
+
+      if (e.source == i2.contentWindow) {
+        if (e.data == "def_executed") { t3.done(); return; }
+        if (e.data == "script-src 'nonce-def' 'sha256-IIB78ZS1RMMrAWpsLg/RrDbVPhI14rKm3sFOeKPYulw=';") { t4.done(); return; }
+
+        t3.step(function() { assert_unreached("Unexpected message received"); });
+        t4.step(function() { assert_unreached("Unexpected message received"); });
+      }
+
+    };
+
+    i1.onload = load_second_frame;
+    document.body.appendChild(i1);
+  </script>
+</body>
+
+</html>
--- a/tests/wpt/web-platform-tests/content-security-policy/generic/support/304-response.py
+++ b/tests/wpt/web-platform-tests/content-security-policy/generic/support/304-response.py
@ -0,0 +1,33 @@
+def main(request, response):
+    if request.headers.get("If-None-Match"):
+        # we are now receing the second request, we will send back a different CSP
+        # with the 304 response
+        response.status = 304
+        headers = [("Content-Type", "text/html"),
+                   ("Content-Security-Policy", "script-src 'nonce-def' 'sha256-IIB78ZS1RMMrAWpsLg/RrDbVPhI14rKm3sFOeKPYulw=';"),
+                   ("Cache-Control", "private, max-age=0, must-revalidate"),
+                   ("ETag", "123456")]
+        return headers, ""
+    else:
+        headers = [("Content-Type", "text/html"),
+                   ("Content-Security-Policy", "script-src 'nonce-abc' 'sha256-IIB78ZS1RMMrAWpsLg/RrDbVPhI14rKm3sFOeKPYulw=';"),
+                   ("Cache-Control", "private, max-age=0, must-revalidate"),
+                   ("Etag", "123456")]
+        return headers, '''
+<!DOCTYPE html>
+<html>
+<head>
+    <script>
+        window.addEventListener("securitypolicyviolation", function(e) {
+            top.postMessage(e.originalPolicy, '*');
+        });
+    </script>
+    <script nonce="abc">
+        top.postMessage('abc_executed', '*');
+    </script>
+    <script nonce="def">
+        top.postMessage('def_executed', '*');
+    </script>
+</head>
+</html>
+'''