304-response-should-update-csp.sub.html (1914B)
1 <!DOCTYPE HTML> 2 <html> 3 <head> 4 <script src='/resources/testharness.js'></script> 5 <script src='/resources/testharnessreport.js'></script> 6 <title>Test that a 304 response will update the CSP header</title> 7 </head> 8 <body> 9 <script> 10 var t1 = async_test("Test that the first frame uses nonce abc"); 11 var t2 = async_test("Test that the first frame does not use nonce def"); 12 13 var t3 = async_test("Test that the second frame uses nonce def"); 14 var t4 = async_test("Test that the second frame does not use nonce abc"); 15 16 var i1 = document.createElement('iframe'); 17 // We add a random parameter to avoid previous tests cached requests. 18 // We want to make sure i1 gets a 200 code and i2 gets a 304 code. 19 i1.src = "support/304-response.py?{{$id:uuid()}}"; 20 21 var i2 = document.createElement('iframe'); 22 i2.src = "support/304-response.py?{{$id}}"; 23 24 var load_second_frame = function() { 25 document.body.appendChild(i2); 26 } 27 28 window.onmessage = function(e) { 29 if (e.source == i1.contentWindow) { 30 if (e.data == "abc_executed") { t1.done(); return; } 31 if (e.data == "script-src 'nonce-abc' 'sha256-IIB78ZS1RMMrAWpsLg/RrDbVPhI14rKm3sFOeKPYulw='") { t2.done(); return; } 32 33 t1.step(function() { assert_unreached("Unexpected message received"); }); 34 t2.step(function() { assert_unreached("Unexpected message received"); }); 35 } 36 37 if (e.source == i2.contentWindow) { 38 if (e.data == "def_executed") { t3.done(); return; } 39 if (e.data == "script-src 'nonce-def' 'sha256-IIB78ZS1RMMrAWpsLg/RrDbVPhI14rKm3sFOeKPYulw='") { t4.done(); return; } 40 41 t3.step(function() { assert_unreached("Unexpected message received"); }); 42 t4.step(function() { assert_unreached("Unexpected message received"); }); 43 } 44 45 }; 46 47 i1.onload = load_second_frame; 48 document.body.appendChild(i1); 49 </script> 50 </body> 51 52 </html>