| .. | ||
| op1 cspfp-comma-in-policy.json | ||
| op2 cspfp-double-top-level.json | ||
| op3 cspfp-double-second-level.json | ||
| op4 csp-non-array.json | ||
| op5 cspfp-non-object.json | ||
| op6 cspfp-non-string.json | ||
| op7 csp-noimg-report-only.json | ||
| op8 csp-noimg.json | ||
| op9 csp-valid-with-multi-item-array.json | ||
| op10 cspfp-valid.json | ||
| op11 no-ids.json | ||
| op12 empty-ids.json | ||
| op13 empty-ids-after-nonempty.json | ||
| op14 non-array-id.json | ||
| op15 mix-of-ids.json | ||
| op16 two-ids.json | ||
| op97 utf-8-with-bom.json | ||
| op98 utf-16le.json | ||
| op99 csp-valid-manifest-with-404.json | ||
| op100 manifest-mimetype.json | ||
| README.md | ||
These policies are served via the Python script at /.well-known/origin-policy. Their filenames must be in the form subdomain human-facing-string-with-no-spaces.json. They will be served in response to requests to that subdomain.
The human-facing string has no impact on the tests, and just makes it easier to scroll through the list.
The list of potential hostnames is created by tools/serve/serve.py's _make_origin_policy_subdomains function, and can be expanded as necessary.
At the moment, the origin policies starting at 100 downward have special handling in the /.well-known/origin-policy handler, and might require consulting that file to get the full context. The ones starting at 1 upward are handled generically. If they ever start meeting in the middle we can reevaluate this scheme.