From b4dac5093a75a024643b93aef88758770df73c55 Mon Sep 17 00:00:00 2001 From: janekptacijarabaci Date: Fri, 25 Aug 2017 09:36:20 +0200 Subject: CSP: Ignore nonces on per spec --- dom/security/test/csp/file_image_nonce.html | 39 ++++++++++++++ .../test/csp/file_image_nonce.html^headers^ | 2 + dom/security/test/csp/mochitest.ini | 3 ++ dom/security/test/csp/test_image_nonce.html | 60 ++++++++++++++++++++++ 4 files changed, 104 insertions(+) create mode 100644 dom/security/test/csp/file_image_nonce.html create mode 100644 dom/security/test/csp/file_image_nonce.html^headers^ create mode 100644 dom/security/test/csp/test_image_nonce.html (limited to 'dom/security/test') diff --git a/dom/security/test/csp/file_image_nonce.html b/dom/security/test/csp/file_image_nonce.html new file mode 100644 index 000000000..5d57bb837 --- /dev/null +++ b/dom/security/test/csp/file_image_nonce.html @@ -0,0 +1,39 @@ + + + + + Bug 1355801: Nonce should not apply to images + + + + + + + + + + diff --git a/dom/security/test/csp/file_image_nonce.html^headers^ b/dom/security/test/csp/file_image_nonce.html^headers^ new file mode 100644 index 000000000..0d63558c4 --- /dev/null +++ b/dom/security/test/csp/file_image_nonce.html^headers^ @@ -0,0 +1,2 @@ +Content-Security-Policy: img-src 'nonce-abc'; +Cache-Control: no-cache diff --git a/dom/security/test/csp/mochitest.ini b/dom/security/test/csp/mochitest.ini index 04401b063..d3cabc16d 100644 --- a/dom/security/test/csp/mochitest.ini +++ b/dom/security/test/csp/mochitest.ini @@ -211,6 +211,8 @@ support-files = file_ro_ignore_xfo.html file_ro_ignore_xfo.html^headers^ file_upgrade_insecure_navigation.sjs + file_image_nonce.html + file_image_nonce.html^headers^ [test_base-uri.html] [test_blob_data_schemes.html] @@ -305,3 +307,4 @@ support-files = file_sandbox_allow_scripts.html file_sandbox_allow_scripts.html^headers^ [test_ignore_xfo.html] +[test_image_nonce.html] diff --git a/dom/security/test/csp/test_image_nonce.html b/dom/security/test/csp/test_image_nonce.html new file mode 100644 index 000000000..ff6d636b6 --- /dev/null +++ b/dom/security/test/csp/test_image_nonce.html @@ -0,0 +1,60 @@ + + + + + Bug 1139297 - Implement CSP upgrade-insecure-requests directive + + + + + + + + + + -- cgit v1.2.3