generic-0_2_3.html (1178B)
1 <!DOCTYPE HTML> 2 <html> 3 <head> 4 <title>'self' fails with a different host (including sub-host e.g. foo.com as self with content from bar.foo.com)</title> 5 <meta http-equiv="Content-Security-Policy" content="script-src 'self' 'unsafe-inline';"> 6 <script src='/resources/testharness.js'></script> 7 <script src='/resources/testharnessreport.js'></script> 8 <script src='negativeTests.js'></script> 9 <script> 10 var t_spv = async_test("Should fire violation events for every failed violation"); 11 window.addEventListener("securitypolicyviolation", t_spv.step_func_done(function(e) { 12 assert_equals(e.violatedDirective, "script-src-elem"); 13 })); 14 15 var head = document.getElementsByTagName('head')[0]; 16 var script = document.createElement('script'); 17 script.type = 'text/javascript'; 18 script.src = "http://www." + location.hostname + ":" + location.port + "/content-security-policy/generic/unreached.js"; 19 head.appendChild(script); 20 </script> 21 </head> 22 <body> 23 <h1>'self' fails with a different host (including sub-host e.g. foo.com as self with content from bar.foo.com)</h1> 24 <div id='log'></div> 25 </body> 26 </html>