<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Security-Policy" content="default-src 'self' 'nonce-abc' 'sha256-sc3CeiHrlck5tH2tTC4MnBYFnI9D5zp8f9odqnmGQjE='; connect-src 'self';">
<title>script-hash allowed from default-src</title>
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
<script nonce='abc'>
setup({ single_test: true });
window.addEventListener('securitypolicyviolation', function(e) {
assert_unreached("Should not have fired event");
});
</script>
<script>done();</script>
</head>
<body>
<div id="log"></div>
</body>
</html>
Codebase Browser
chromium