CONSOLE ERROR: Refused to load the script 'http://127.0.0.1:8000/security/contentSecurityPolicy/resources/script.js' because it violates the following Content Security Policy directive: "script-src https: taco".
CONSOLE ERROR: The value for Content Security Policy directive 'script-src' contains an invalid character: 'https: '. In a source expression, non-whitespace characters outside ASCII 0x21-0x7E must be Punycode-encoded, as described in RFC 3492 (https://tools.ietf.org/html/rfc3492), if part of the hostname and percent-encoded, as described in RFC 3986, section 2.1 (http://tools.ietf.org/html/rfc3986#section-2.1), if part of the path.
CONSOLE ERROR: Refused to load the script 'http://127.0.0.1:8000/security/contentSecurityPolicy/resources/script.js' because it violates the following Content Security Policy directive: "script-src 'none'".
None of these scripts should execute even though there are parse errors in the policy.
--------
Frame: '<!--framePath //<!--frame0-->-->'
--------
PASS
--------
Frame: '<!--framePath //<!--frame1-->-->'
--------
PASS
--------
Frame: '<!--framePath //<!--frame2-->-->'
--------
PASS
--------
Frame: '<!--framePath //<!--frame3-->-->'
--------
PASS
Codebase Browser
chromium