<!doctype html>
<script nonce="specified" src="/resources/testharness.js"></script>
<script nonce="specified" src="/resources/testharnessreport.js"></script>
<div id=log></div>
<script nonce="specified">
[
{
name: 'CSP with both source and nonce should allow matching source',
src: "http://{{host}}:{{ports[http][0]}}/content-security-policy/support/alert-pass.js",
nonce: "notspecified"
},
{
name: 'CSP with both source and nonce should allow both matching nonce and source',
src: "http://{{host}}:{{ports[http][0]}}/content-security-policy/support/alert-pass.js",
nonce: "specified"
}
].forEach(elt => {
async_test((test) => {
const s = document.createElement('script');
s.src = elt.src;
s.nonce = elt.nonce;
s.onload = () => test.done();
s.onerror = test.unreached_func('Script should load correctly');
document.body.appendChild(s);
}, elt.name);
});
const t = async_test('No CSP violation should fire and all scripts should load');
let count = 0;
const expected = 2;
function alert_assert(msg) {
if (msg === "PASS") {
count++;
if (count == expected) {
t.done();
}
}
}
window.addEventListener('securitypolicyviolation',
t.unreached_func('No CSP violation should fire'));
</script>
Codebase Browser
chromium