blob: ff4b8db8a780ff5d7cf5198b38b17501bef517ba (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
|
<!DOCTYPE HTML>
<html>
<head>
<title>'self' fails with a different host (including sub-host e.g. foo.com as self with content from bar.foo.com)</title>
<script src='/resources/testharness.js'></script>
<script src='/resources/testharnessreport.js'></script>
<script src='negativeTests.js'></script>
<script>
var head = document.getElementsByTagName('head')[0];
var script = document.createElement('script');
script.type = 'text/javascript';
script.src = "http://www." + location.hostname + ":" + location.port + "/content-security-policy/generic/unreached.js";
head.appendChild(script);
</script>
</head>
<body>
<h1>'self' fails with a different host (including sub-host e.g. foo.com as self with content from bar.foo.com)</h1>
<div id='log'></div>
<script async defer src='../support/checkReport.sub.js?reportField=violated-directive&reportValue=script-src%20%27self%27%20%27unsafe-inline%27'></script>
</body>
</html>
|
