Bug 1935659 [wpt PR 49566] - CSP report-hash keyword for scripts, a=t…

…estonly Automatic update from web-platform-tests CSP report-hash keyword for scripts Implement hash reporting for scripts as part of CSP. PR: w3c/webappsec-csp#693 Change-Id: Ie8d97d6094ca7601d84258cc5e1bca540eb49b39 Bug: 377830102 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/6038298 Reviewed-by: Antonio Sartori <antoniosartorichromium.org> Commit-Queue: Yoav Weiss (Shopify) <yoavweisschromium.org> Cr-Commit-Position: refs/heads/main{#1392854} -- wpt-commits: 22b20cf0eb577a7df17f7105e47e2b1b818d07b3 wpt-pr: 49566 UltraBlame original commit: 10f6fe317a85bc855c0ebb34f34a75bee102ddf0
marco-c · Dec 13, 2024 · 15aa3ed · 15aa3ed
1 parent 10e877e
commit 15aa3ed
Show file tree

Hide file tree

Showing 22 changed files with 2,671 additions and 0 deletions.
diff --git a/testing/web-platform/tests/content-security-policy/report-hash/default-src.https.window.js b/testing/web-platform/tests/content-security-policy/report-hash/default-src.https.window.js
@@ -0,0 +1,39 @@
+/
+/
+META
+:
+script
+=
+/
+reporting
+/
+resources
+/
+report
+-
+helper
+.
+js
+/
+/
+META
+:
+script
+=
+resources
+/
+report
+-
+hash
+-
+test
+-
+runner
+.
+sub
+.
+js
+run_tests
+(
+)
+;
diff --git a/...latform/tests/content-security-policy/report-hash/default-src.https.window.js.sub.headers b/...latform/tests/content-security-policy/report-hash/default-src.https.window.js.sub.headers
@@ -0,0 +1,111 @@
+Reporting
+-
+Endpoints
+:
+csp
+-
+endpoint
+=
+"
+/
+reporting
+/
+resources
+/
+report
+.
+py
+?
+reportID
+=
+{
+{
+id
+:
+uuid
+(
+)
+}
+}
+"
+Content
+-
+Security
+-
+Policy
+:
+default
+-
+src
+'
+self
+'
+{
+{
+hosts
+[
+alt
+]
+[
+www
+]
+}
+}
+:
+{
+{
+ports
+[
+https
+]
+[
+0
+]
+}
+}
+'
+unsafe
+-
+inline
+'
+'
+report
+-
+sha256
+'
+;
+report
+-
+to
+csp
+-
+endpoint
+Server
+-
+Timing
+:
+uuid
+;
+desc
+=
+"
+{
+{
+id
+}
+}
+"
+hash
+;
+desc
+=
+"
+sha256
+-
+1XF
+/
+E08XndkoxwN6eIa5J89hYn3OVZ
+/
+UyB8BrU5jgzk
+=
+"
diff --git a/...g/web-platform/tests/content-security-policy/report-hash/multiple-policies.https.sub.html b/...g/web-platform/tests/content-security-policy/report-hash/multiple-policies.https.sub.html
@@ -0,0 +1,160 @@
+<
+!
+DOCTYPE
+HTML
+>
+<
+html
+>
+<
+head
+>
+<
+meta
+name
+=
+"
+timeout
+"
+content
+=
+"
+long
+"
+>
+<
+title
+>
+Test
+that
+reports
+for
+same
+-
+origin
+subresources
+are
+sent
+with
+hashes
+<
+/
+title
+>
+<
+script
+src
+=
+'
+/
+resources
+/
+testharness
+.
+js
+'
+>
+<
+/
+script
+>
+<
+script
+src
+=
+'
+/
+resources
+/
+testharnessreport
+.
+js
+'
+>
+<
+/
+script
+>
+<
+script
+src
+=
+'
+/
+reporting
+/
+resources
+/
+report
+-
+helper
+.
+js
+'
+>
+<
+/
+script
+>
+<
+/
+head
+>
+<
+body
+>
+<
+!
+-
+-
+Actually
+run
+the
+tests
+.
+-
+-
+>
+<
+script
+src
+=
+'
+resources
+/
+report
+-
+hash
+-
+test
+-
+runner
+.
+sub
+.
+js
+'
+>
+<
+/
+script
+>
+<
+script
+>
+run_tests
+(
+)
+;
+<
+/
+script
+>
+<
+/
+body
+>
+<
+/
+html
+>