https://bugs.webkit.org/show_bug.cgi?id=222668
<rdar://problem/
74993152>
Reviewed by Jonathan Bedard.
* TestExpectations:
* http/tests/blink/sendbeacon/connect-src-beacon-allowed.html:
* http/tests/cache/resources/iframe304.py:
* http/tests/contentextensions/block-cookies-in-csp-report.py:
* http/tests/css/resources/webfont-request.py:
(get_request_count): Deleted.
(set_request_count): Deleted.
* http/tests/local/script-crossorigin-loads-file-scheme.html:
* http/tests/media/resources/serve_video.py: Added.
(answering):
* http/tests/resources/portabilityLayer.py:
(get_cookies): Add trailing newline.
(get_request): PHP equivalent of $_REQUEST which is used by numerous scripts.
(get_count): Added trailing newline.
(get_state): Added trailing newline.
(set_state): Changed open file's name to prevent confusion with parameter.
(step_state): Added trailing newline.
* http/tests/security/401-logout/401-logout-expected.txt:
* http/tests/security/401-logout/401-logout.php: Removed.
* http/tests/security/401-logout/401-logout.py: Added.
* http/tests/security/canvas-remote-read-remote-video-allowed-anonymous.html:
* http/tests/security/canvas-remote-read-remote-video-allowed-with-credentials.html:
* http/tests/security/canvas-remote-read-remote-video-blocked-no-crossorigin.html:
* http/tests/security/contentSecurityPolicy/1.1/frame-ancestors/frame-ancestors-in-report-only-ignored.html:
* http/tests/security/contentSecurityPolicy/1.1/frame-ancestors/report-frame-ancestors-cross-origin-expected.txt:
* http/tests/security/contentSecurityPolicy/1.1/frame-ancestors/report-frame-ancestors-cross-origin-https-expected.txt:
* http/tests/security/contentSecurityPolicy/1.1/frame-ancestors/report-frame-ancestors-cross-origin-https.html:
* http/tests/security/contentSecurityPolicy/1.1/frame-ancestors/report-frame-ancestors-cross-origin.html:
* http/tests/security/contentSecurityPolicy/1.1/frame-ancestors/report-frame-ancestors-same-origin-expected.txt:
* http/tests/security/contentSecurityPolicy/1.1/frame-ancestors/report-frame-ancestors-same-origin-https-expected.txt:
* http/tests/security/contentSecurityPolicy/1.1/frame-ancestors/report-frame-ancestors-same-origin-https.html:
* http/tests/security/contentSecurityPolicy/1.1/frame-ancestors/report-frame-ancestors-same-origin.html:
* http/tests/security/contentSecurityPolicy/1.1/report-uri-effective-directive-expected.txt:
* http/tests/security/contentSecurityPolicy/1.1/report-uri-effective-directive.py:
* http/tests/security/contentSecurityPolicy/1.1/resources/testScriptHash.php: Removed.
* http/tests/security/contentSecurityPolicy/1.1/resources/testScriptHash.py: Added.
* http/tests/security/contentSecurityPolicy/1.1/script-blocked-sends-multiple-reports-expected.txt:
* http/tests/security/contentSecurityPolicy/1.1/script-blocked-sends-multiple-reports.py:
* http/tests/security/contentSecurityPolicy/1.1/scripthash-allowed-by-enforced-policy-and-blocked-by-report-policy-expected.txt:
* http/tests/security/contentSecurityPolicy/1.1/scripthash-allowed-by-enforced-policy-and-blocked-by-report-policy.py:
* http/tests/security/contentSecurityPolicy/1.1/scripthash-allowed-by-enforced-policy-and-blocked-by-report-policy2-expected.txt:
* http/tests/security/contentSecurityPolicy/1.1/scripthash-allowed-by-enforced-policy-and-blocked-by-report-policy2.py:
* http/tests/security/contentSecurityPolicy/1.1/scripthash-allowed-by-legacy-enforced-policy-and-blocked-by-report-policy-expected.txt:
* http/tests/security/contentSecurityPolicy/1.1/scripthash-allowed-by-legacy-enforced-policy-and-blocked-by-report-policy.py:
* http/tests/security/contentSecurityPolicy/1.1/scripthash-allowed-by-legacy-enforced-policy-and-blocked-by-report-policy2-expected.txt:
* http/tests/security/contentSecurityPolicy/1.1/scripthash-allowed-by-legacy-enforced-policy-and-blocked-by-report-policy2.py:
* http/tests/security/contentSecurityPolicy/1.1/scripthash-blocked-by-enforced-policy-and-allowed-by-report-policy-expected.txt:
* http/tests/security/contentSecurityPolicy/1.1/scripthash-blocked-by-enforced-policy-and-allowed-by-report-policy.py:
* http/tests/security/contentSecurityPolicy/1.1/scripthash-blocked-by-legacy-enforced-policy-and-allowed-by-report-policy.py:
* http/tests/security/contentSecurityPolicy/1.1/scripthash-blocked-by-legacy-enforced-policy-and-blocked-by-report-policy-expected.txt:
* http/tests/security/contentSecurityPolicy/1.1/scripthash-blocked-by-legacy-enforced-policy-and-blocked-by-report-policy.py:
* http/tests/security/contentSecurityPolicy/1.1/scripthash-blocked-by-legacy-enforced-policy-and-blocked-by-report-policy2-expected.txt:
* http/tests/security/contentSecurityPolicy/1.1/scripthash-blocked-by-legacy-enforced-policy-and-blocked-by-report-policy2.py:
* http/tests/security/contentSecurityPolicy/1.1/scripthash-tests.html:
* http/tests/security/contentSecurityPolicy/1.1/scriptnonce-allowed-by-enforced-policy-and-blocked-by-report-policy.py:
* http/tests/security/contentSecurityPolicy/1.1/scriptnonce-allowed-by-enforced-policy-and-blocked-by-report-policy2.py:
* http/tests/security/contentSecurityPolicy/1.1/scriptnonce-allowed-by-legacy-enforced-policy-and-blocked-by-report-policy.py:
* http/tests/security/contentSecurityPolicy/1.1/scriptnonce-allowed-by-legacy-enforced-policy-and-blocked-by-report-policy2.py:
* http/tests/security/contentSecurityPolicy/1.1/scriptnonce-blocked-by-enforced-policy-and-allowed-by-report-policy-expected.txt:
* http/tests/security/contentSecurityPolicy/1.1/scriptnonce-blocked-by-enforced-policy-and-allowed-by-report-policy.py:
* http/tests/security/contentSecurityPolicy/1.1/scriptnonce-blocked-by-legacy-enforced-policy-and-allowed-by-report-policy.py:
* http/tests/security/contentSecurityPolicy/1.1/scriptnonce-blocked-by-legacy-enforced-policy-and-blocked-by-report-policy.py:
* http/tests/security/contentSecurityPolicy/1.1/scriptnonce-blocked-by-legacy-enforced-policy-and-blocked-by-report-policy2.py:
* http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-css-in-iframe-report-only-expected.txt:
* http/tests/security/contentSecurityPolicy/block-all-mixed-content/resources/frame-with-insecure-css-report-only.py:
* http/tests/security/contentSecurityPolicy/connect-src-beacon-allowed.html:
* http/tests/security/contentSecurityPolicy/connect-src-beacon-blocked-expected.txt:
* http/tests/security/contentSecurityPolicy/connect-src-beacon-blocked.html:
* http/tests/security/contentSecurityPolicy/eval-allowed-in-report-only-mode-and-sends-report-expected.txt:
* http/tests/security/contentSecurityPolicy/eval-allowed-in-report-only-mode-and-sends-report.py:
* http/tests/security/contentSecurityPolicy/eval-blocked-and-sends-report-expected.txt:
* http/tests/security/contentSecurityPolicy/eval-blocked-and-sends-report.html:
* http/tests/security/contentSecurityPolicy/report-and-enforce-expected.txt:
* http/tests/security/contentSecurityPolicy/report-and-enforce.py:
* http/tests/security/contentSecurityPolicy/report-blocked-data-uri-expected.txt:
* http/tests/security/contentSecurityPolicy/report-blocked-data-uri.py:
* http/tests/security/contentSecurityPolicy/report-blocked-file-uri-expected.txt:
* http/tests/security/contentSecurityPolicy/report-blocked-file-uri.py:
* http/tests/security/contentSecurityPolicy/report-blocked-uri-and-do-not-follow-redirect-when-sending-report-expected.txt:
* http/tests/security/contentSecurityPolicy/report-blocked-uri-and-do-not-follow-redirect-when-sending-report.py:
* http/tests/security/contentSecurityPolicy/report-blocked-uri-cross-origin-expected.txt:
* http/tests/security/contentSecurityPolicy/report-blocked-uri-cross-origin.py:
* http/tests/security/contentSecurityPolicy/report-blocked-uri-expected.txt:
* http/tests/security/contentSecurityPolicy/report-blocked-uri.py:
* http/tests/security/contentSecurityPolicy/report-cross-origin-no-cookies-expected.txt:
* http/tests/security/contentSecurityPolicy/report-cross-origin-no-cookies-when-private-browsing-enabled-expected.txt:
* http/tests/security/contentSecurityPolicy/report-cross-origin-no-cookies-when-private-browsing-enabled.py:
* http/tests/security/contentSecurityPolicy/report-cross-origin-no-cookies-when-private-browsing-toggled-expected.txt:
* http/tests/security/contentSecurityPolicy/report-cross-origin-no-cookies-when-private-browsing-toggled.php: Removed.
* http/tests/security/contentSecurityPolicy/report-cross-origin-no-cookies-when-private-browsing-toggled.py: Added.
* http/tests/security/contentSecurityPolicy/report-cross-origin-no-cookies.py:
* http/tests/security/contentSecurityPolicy/report-document-uri-after-blocked-redirect.html:
* http/tests/security/contentSecurityPolicy/report-multiple-violations-01.php: Removed.
* http/tests/security/contentSecurityPolicy/report-multiple-violations-01.py: Added.
* http/tests/security/contentSecurityPolicy/report-multiple-violations-02.php: Removed.
* http/tests/security/contentSecurityPolicy/report-multiple-violations-02.py: Added.
* http/tests/security/contentSecurityPolicy/report-only-connect-src-beacon-redirect-blocked-expected.txt:
* http/tests/security/contentSecurityPolicy/report-only-connect-src-beacon-redirect-blocked.php: Removed.
* http/tests/security/contentSecurityPolicy/report-only-connect-src-beacon-redirect-blocked.py: Added.
* http/tests/security/contentSecurityPolicy/report-only-connect-src-xmlhttprequest-redirect-to-blocked.php: Removed.
* http/tests/security/contentSecurityPolicy/report-only-connect-src-xmlhttprequest-redirect-to-blocked.py: Added.
* http/tests/security/contentSecurityPolicy/report-only-expected.txt:
* http/tests/security/contentSecurityPolicy/report-only-from-header-expected.txt:
* http/tests/security/contentSecurityPolicy/report-only-from-header.py:
* http/tests/security/contentSecurityPolicy/report-only-upgrade-insecure-expected.txt:
* http/tests/security/contentSecurityPolicy/report-only-upgrade-insecure.py:
* http/tests/security/contentSecurityPolicy/report-only.py:
* http/tests/security/contentSecurityPolicy/report-same-origin-no-cookies-when-private-browsing-toggled-expected.txt:
* http/tests/security/contentSecurityPolicy/report-same-origin-no-cookies-when-private-browsing-toggled.py:
* http/tests/security/contentSecurityPolicy/report-same-origin-with-cookies-expected.txt:
* http/tests/security/contentSecurityPolicy/report-same-origin-with-cookies-when-private-browsing-enabled-expected.txt:
* http/tests/security/contentSecurityPolicy/report-same-origin-with-cookies-when-private-browsing-enabled.py:
* http/tests/security/contentSecurityPolicy/report-same-origin-with-cookies.py:
* http/tests/security/contentSecurityPolicy/report-status-code-zero-when-using-https-expected.txt:
* http/tests/security/contentSecurityPolicy/report-status-code-zero-when-using-https.html:
* http/tests/security/contentSecurityPolicy/report-uri-expected.txt:
* http/tests/security/contentSecurityPolicy/report-uri-from-child-frame-expected.txt:
* http/tests/security/contentSecurityPolicy/report-uri-from-child-frame.html:
* http/tests/security/contentSecurityPolicy/report-uri-from-inline-javascript-expected.txt:
* http/tests/security/contentSecurityPolicy/report-uri-from-inline-javascript.py:
* http/tests/security/contentSecurityPolicy/report-uri-from-javascript-expected.txt:
* http/tests/security/contentSecurityPolicy/report-uri-from-javascript.py:
* http/tests/security/contentSecurityPolicy/report-uri-in-meta-tag-ignored.html:
* http/tests/security/contentSecurityPolicy/report-uri-scheme-relative-expected.txt:
* http/tests/security/contentSecurityPolicy/report-uri-scheme-relative.py:
* http/tests/security/contentSecurityPolicy/report-uri.py:
* http/tests/security/contentSecurityPolicy/resources/echo-report.php: Removed.
* http/tests/security/contentSecurityPolicy/resources/echo-report.py: Added.
* http/tests/security/contentSecurityPolicy/resources/generate-csp-report.php: Removed.
* http/tests/security/contentSecurityPolicy/resources/generate-csp-report.py: Added.
* http/tests/security/contentSecurityPolicy/resources/go-to-echo-report.js:
(window.onload):
* http/tests/security/contentSecurityPolicy/resources/go-to-echo-report.py:
* http/tests/security/contentSecurityPolicy/resources/image-document-default-src-none-iframe.py:
* http/tests/security/contentSecurityPolicy/resources/redir.php: Removed.
* http/tests/security/contentSecurityPolicy/resources/report-file-path.php: Removed.
* http/tests/security/contentSecurityPolicy/resources/report_file_path.py: Added.
* http/tests/security/contentSecurityPolicy/resources/save-report-and-redirect-to-save-report.php: Removed.
* http/tests/security/contentSecurityPolicy/resources/save-report-and-redirect-to-save-report.py: Added.
* http/tests/security/contentSecurityPolicy/resources/save-report.php: Removed.
* http/tests/security/contentSecurityPolicy/resources/save-report.py: Added.
* http/tests/security/contentSecurityPolicy/resources/save_report.py: Added.
(not_being_called):
(save_report):
* http/tests/security/contentSecurityPolicy/resources/worker.php: Removed.
* http/tests/security/contentSecurityPolicy/resources/worker.py: Added.
* http/tests/security/contentSecurityPolicy/resources/xhr-redirect-not-allowed.py:
* http/tests/security/contentSecurityPolicy/same-origin-plugin-document-blocked-in-child-window-report-expected.txt:
* http/tests/security/contentSecurityPolicy/same-origin-plugin-document-blocked-in-child-window-report.py:
* http/tests/security/contentSecurityPolicy/worker-connect-src-allowed.html:
* http/tests/security/contentSecurityPolicy/worker-connect-src-blocked.html:
* http/tests/security/contentSecurityPolicy/worker-eval-blocked.html:
* http/tests/security/contentSecurityPolicy/worker-function-function-blocked.html:
* http/tests/security/contentSecurityPolicy/worker-importscripts-blocked.html:
* http/tests/security/contentSecurityPolicy/worker-multiple-csp-headers.html:
* http/tests/security/contentSecurityPolicy/worker-script-src.html:
* http/tests/security/contentSecurityPolicy/worker-set-timeout-blocked.html:
* http/tests/security/contentSecurityPolicy/worker-without-own-csp.html:
* http/tests/security/contentSecurityPolicy/xmlhttprequest-protected-resource-does-not-crash.html:
* http/tests/security/cookies/cookies-wrong-domain-rejected-result.php: Removed.
* http/tests/security/cookies/cookies-wrong-domain-rejected-result.py: Added.
* http/tests/security/cookies/cookies-wrong-domain-rejected.py:
* http/tests/security/cookies/resources/first-party-cookie-allow.xsl:
* http/tests/security/cookies/resources/set-a-cookie.php: Removed.
* http/tests/security/cookies/resources/set-a-cookie.py: Added.
* http/tests/security/cookies/resources/third-party-cookie-blocking.xsl:
* http/tests/security/cookies/third-party-cookie-blocking-main-frame.html:
* http/tests/security/cookies/third-party-cookie-blocking-user-action.html:
* http/tests/security/cookies/third-party-cookie-blocking.html:
* http/tests/security/credentials-from-different-domains.html:
* http/tests/security/credentials-iframes-allowCrossOriginSubresourcesToAskForCredentials-expected.txt:
* http/tests/security/credentials-iframes-expected.txt:
* http/tests/security/import-module-crossorigin-loads.html:
* http/tests/security/import-script-crossorigin-loads-omit.html:
* http/tests/security/isolatedWorld/bypass-main-world-csp-worker.html:
* http/tests/security/module-crossorigin-error-event-information-expected.txt:
* http/tests/security/module-crossorigin-error-event-information.html:
* http/tests/security/module-crossorigin-loads-correctly-credentials.html:
* http/tests/security/module-crossorigin-loads-omit.html:
* http/tests/security/module-crossorigin-onerror-information-expected.txt:
* http/tests/security/module-crossorigin-onerror-information.html:
* http/tests/security/private-browsing-http-auth-expected.txt:
* http/tests/security/private-browsing-http-auth.html:
* http/tests/security/referrer-policy-header-expected.txt:
* http/tests/security/referrer-policy-header.html:
* http/tests/security/resources/basic-auth.php: Removed.
* http/tests/security/resources/basic-auth.py: Added.
* http/tests/security/resources/cors-basic-auth.php: Removed.
* http/tests/security/resources/cors-basic-auth.py: Added.
* http/tests/security/resources/cors-script.php: Removed.
* http/tests/security/resources/cors-script.py: Added.
* http/tests/security/resources/credentials-from-different-domains-continued-1.html:
* http/tests/security/resources/credentials-from-different-domains-continued-2.html:
* http/tests/security/resources/credentials-iframes-different-domain.html:
* http/tests/security/resources/credentials-iframes-same-domain.html:
* http/tests/security/resources/credentials-main-resource.py:
* http/tests/security/resources/import-module-crossorigin-loads-src.js:
* http/tests/security/resources/reference-movie-cross-origin-allow.php: Removed.
* http/tests/security/resources/reference-movie-cross-origin-allow.py: Added.
* http/tests/security/resources/serve-referrer-policy-and-test.php: Removed.
* http/tests/security/resources/serve-referrer-policy-and-test.py: Added.
* http/tests/security/resources/video-cross-origin-allow-credentials.php: Removed.
* http/tests/security/resources/video-cross-origin-allow-credentials.py: Added.
* http/tests/security/resources/video-cross-origin-allow.php: Removed.
* http/tests/security/resources/video-cross-origin-allow.py: Added.
* http/tests/security/script-crossorigin-error-event-information-expected.txt:
* http/tests/security/script-crossorigin-error-event-information.html:
* http/tests/security/script-crossorigin-loads-correctly-credentials.html:
* http/tests/security/script-crossorigin-loads-correctly.html:
* http/tests/security/script-crossorigin-onerror-information-expected.txt:
* http/tests/security/script-crossorigin-onerror-information.html:
* http/tests/security/script-no-crossorigin-error-event-should-be-sanitized.html:
* http/tests/security/script-no-crossorigin-onerror-should-be-sanitized.html:
* http/tests/security/sync-xhr-partition.html:
* http/tests/security/video-cross-origin-caching.html:
* http/tests/security/video-cross-origin-readback.html:
* http/tests/security/webaudio-render-remote-audio-allowed-crossorigin-redirect.html:
* http/tests/security/webaudio-render-remote-audio-allowed-crossorigin.html:
* http/tests/security/webaudio-render-remote-audio-blocked-no-crossorigin-redirect.html:
* http/tests/security/webaudio-render-remote-audio-blocked-no-crossorigin.html:
* http/tests/security/xssAuditor/report-script-tag-and-do-not-follow-redirect-when-sending-report-expected.txt:
* http/tests/security/xssAuditor/report-script-tag-and-do-not-follow-redirect-when-sending-report.html:
* http/tests/security/xssAuditor/report-script-tag-expected.txt:
* http/tests/security/xssAuditor/report-script-tag-full-block-and-do-not-follow-redirect-when-sending-report-expected.txt:
* http/tests/security/xssAuditor/report-script-tag-full-block-and-do-not-follow-redirect-when-sending-report.html:
* http/tests/security/xssAuditor/report-script-tag-full-block-expected.txt:
* http/tests/security/xssAuditor/report-script-tag-replace-state-expected.txt:
* http/tests/security/xssAuditor/resources/echo-intertag.pl:
* http/tests/security/xssAuditor/resources/tag-with-pause.py:
* http/tests/ssl/curl/certificate-and-authentication.html:
* http/tests/xmlhttprequest/resources/noContentLength.cgi:
* platform/mac-wk1/TestExpectations:
* platform/mac-wk1/http/tests/security/contentSecurityPolicy/report-document-uri-after-blocked-redirect-expected.txt:
* platform/win/TestExpectations:
* platform/win/http/tests/security/contentSecurityPolicy/report-document-uri-after-blocked-redirect-expected.txt:
* platform/wk2/TestExpectations:
* platform/wk2/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-css-in-iframe-report-only-expected.txt:
git-svn-id: https://svn.webkit.org/repository/webkit/trunk@275917
268f45cc-cd09-0410-ab3c-
d52691b4dbfc
+2021-04-13 Chris Gambrell <cgambrell@apple.com>
+
+ [LayoutTests] Convert http/tests/security convert PHP to Python
+ https://bugs.webkit.org/show_bug.cgi?id=222668
+ <rdar://problem/74993152>
+
+ Reviewed by Jonathan Bedard.
+
+ * TestExpectations:
+ * http/tests/blink/sendbeacon/connect-src-beacon-allowed.html:
+ * http/tests/cache/resources/iframe304.py:
+ * http/tests/contentextensions/block-cookies-in-csp-report.py:
+ * http/tests/css/resources/webfont-request.py:
+ (get_request_count): Deleted.
+ (set_request_count): Deleted.
+ * http/tests/local/script-crossorigin-loads-file-scheme.html:
+ * http/tests/media/resources/serve_video.py: Added.
+ (answering):
+ * http/tests/resources/portabilityLayer.py:
+ (get_cookies): Add trailing newline.
+ (get_request): PHP equivalent of $_REQUEST which is used by numerous scripts.
+ (get_count): Added trailing newline.
+ (get_state): Added trailing newline.
+ (set_state): Changed open file's name to prevent confusion with parameter.
+ (step_state): Added trailing newline.
+ * http/tests/security/401-logout/401-logout-expected.txt:
+ * http/tests/security/401-logout/401-logout.php: Removed.
+ * http/tests/security/401-logout/401-logout.py: Added.
+ * http/tests/security/canvas-remote-read-remote-video-allowed-anonymous.html:
+ * http/tests/security/canvas-remote-read-remote-video-allowed-with-credentials.html:
+ * http/tests/security/canvas-remote-read-remote-video-blocked-no-crossorigin.html:
+ * http/tests/security/contentSecurityPolicy/1.1/frame-ancestors/frame-ancestors-in-report-only-ignored.html:
+ * http/tests/security/contentSecurityPolicy/1.1/frame-ancestors/report-frame-ancestors-cross-origin-expected.txt:
+ * http/tests/security/contentSecurityPolicy/1.1/frame-ancestors/report-frame-ancestors-cross-origin-https-expected.txt:
+ * http/tests/security/contentSecurityPolicy/1.1/frame-ancestors/report-frame-ancestors-cross-origin-https.html:
+ * http/tests/security/contentSecurityPolicy/1.1/frame-ancestors/report-frame-ancestors-cross-origin.html:
+ * http/tests/security/contentSecurityPolicy/1.1/frame-ancestors/report-frame-ancestors-same-origin-expected.txt:
+ * http/tests/security/contentSecurityPolicy/1.1/frame-ancestors/report-frame-ancestors-same-origin-https-expected.txt:
+ * http/tests/security/contentSecurityPolicy/1.1/frame-ancestors/report-frame-ancestors-same-origin-https.html:
+ * http/tests/security/contentSecurityPolicy/1.1/frame-ancestors/report-frame-ancestors-same-origin.html:
+ * http/tests/security/contentSecurityPolicy/1.1/report-uri-effective-directive-expected.txt:
+ * http/tests/security/contentSecurityPolicy/1.1/report-uri-effective-directive.py:
+ * http/tests/security/contentSecurityPolicy/1.1/resources/testScriptHash.php: Removed.
+ * http/tests/security/contentSecurityPolicy/1.1/resources/testScriptHash.py: Added.
+ * http/tests/security/contentSecurityPolicy/1.1/script-blocked-sends-multiple-reports-expected.txt:
+ * http/tests/security/contentSecurityPolicy/1.1/script-blocked-sends-multiple-reports.py:
+ * http/tests/security/contentSecurityPolicy/1.1/scripthash-allowed-by-enforced-policy-and-blocked-by-report-policy-expected.txt:
+ * http/tests/security/contentSecurityPolicy/1.1/scripthash-allowed-by-enforced-policy-and-blocked-by-report-policy.py:
+ * http/tests/security/contentSecurityPolicy/1.1/scripthash-allowed-by-enforced-policy-and-blocked-by-report-policy2-expected.txt:
+ * http/tests/security/contentSecurityPolicy/1.1/scripthash-allowed-by-enforced-policy-and-blocked-by-report-policy2.py:
+ * http/tests/security/contentSecurityPolicy/1.1/scripthash-allowed-by-legacy-enforced-policy-and-blocked-by-report-policy-expected.txt:
+ * http/tests/security/contentSecurityPolicy/1.1/scripthash-allowed-by-legacy-enforced-policy-and-blocked-by-report-policy.py:
+ * http/tests/security/contentSecurityPolicy/1.1/scripthash-allowed-by-legacy-enforced-policy-and-blocked-by-report-policy2-expected.txt:
+ * http/tests/security/contentSecurityPolicy/1.1/scripthash-allowed-by-legacy-enforced-policy-and-blocked-by-report-policy2.py:
+ * http/tests/security/contentSecurityPolicy/1.1/scripthash-blocked-by-enforced-policy-and-allowed-by-report-policy-expected.txt:
+ * http/tests/security/contentSecurityPolicy/1.1/scripthash-blocked-by-enforced-policy-and-allowed-by-report-policy.py:
+ * http/tests/security/contentSecurityPolicy/1.1/scripthash-blocked-by-legacy-enforced-policy-and-allowed-by-report-policy.py:
+ * http/tests/security/contentSecurityPolicy/1.1/scripthash-blocked-by-legacy-enforced-policy-and-blocked-by-report-policy-expected.txt:
+ * http/tests/security/contentSecurityPolicy/1.1/scripthash-blocked-by-legacy-enforced-policy-and-blocked-by-report-policy.py:
+ * http/tests/security/contentSecurityPolicy/1.1/scripthash-blocked-by-legacy-enforced-policy-and-blocked-by-report-policy2-expected.txt:
+ * http/tests/security/contentSecurityPolicy/1.1/scripthash-blocked-by-legacy-enforced-policy-and-blocked-by-report-policy2.py:
+ * http/tests/security/contentSecurityPolicy/1.1/scripthash-tests.html:
+ * http/tests/security/contentSecurityPolicy/1.1/scriptnonce-allowed-by-enforced-policy-and-blocked-by-report-policy.py:
+ * http/tests/security/contentSecurityPolicy/1.1/scriptnonce-allowed-by-enforced-policy-and-blocked-by-report-policy2.py:
+ * http/tests/security/contentSecurityPolicy/1.1/scriptnonce-allowed-by-legacy-enforced-policy-and-blocked-by-report-policy.py:
+ * http/tests/security/contentSecurityPolicy/1.1/scriptnonce-allowed-by-legacy-enforced-policy-and-blocked-by-report-policy2.py:
+ * http/tests/security/contentSecurityPolicy/1.1/scriptnonce-blocked-by-enforced-policy-and-allowed-by-report-policy-expected.txt:
+ * http/tests/security/contentSecurityPolicy/1.1/scriptnonce-blocked-by-enforced-policy-and-allowed-by-report-policy.py:
+ * http/tests/security/contentSecurityPolicy/1.1/scriptnonce-blocked-by-legacy-enforced-policy-and-allowed-by-report-policy.py:
+ * http/tests/security/contentSecurityPolicy/1.1/scriptnonce-blocked-by-legacy-enforced-policy-and-blocked-by-report-policy.py:
+ * http/tests/security/contentSecurityPolicy/1.1/scriptnonce-blocked-by-legacy-enforced-policy-and-blocked-by-report-policy2.py:
+ * http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-css-in-iframe-report-only-expected.txt:
+ * http/tests/security/contentSecurityPolicy/block-all-mixed-content/resources/frame-with-insecure-css-report-only.py:
+ * http/tests/security/contentSecurityPolicy/connect-src-beacon-allowed.html:
+ * http/tests/security/contentSecurityPolicy/connect-src-beacon-blocked-expected.txt:
+ * http/tests/security/contentSecurityPolicy/connect-src-beacon-blocked.html:
+ * http/tests/security/contentSecurityPolicy/eval-allowed-in-report-only-mode-and-sends-report-expected.txt:
+ * http/tests/security/contentSecurityPolicy/eval-allowed-in-report-only-mode-and-sends-report.py:
+ * http/tests/security/contentSecurityPolicy/eval-blocked-and-sends-report-expected.txt:
+ * http/tests/security/contentSecurityPolicy/eval-blocked-and-sends-report.html:
+ * http/tests/security/contentSecurityPolicy/report-and-enforce-expected.txt:
+ * http/tests/security/contentSecurityPolicy/report-and-enforce.py:
+ * http/tests/security/contentSecurityPolicy/report-blocked-data-uri-expected.txt:
+ * http/tests/security/contentSecurityPolicy/report-blocked-data-uri.py:
+ * http/tests/security/contentSecurityPolicy/report-blocked-file-uri-expected.txt:
+ * http/tests/security/contentSecurityPolicy/report-blocked-file-uri.py:
+ * http/tests/security/contentSecurityPolicy/report-blocked-uri-and-do-not-follow-redirect-when-sending-report-expected.txt:
+ * http/tests/security/contentSecurityPolicy/report-blocked-uri-and-do-not-follow-redirect-when-sending-report.py:
+ * http/tests/security/contentSecurityPolicy/report-blocked-uri-cross-origin-expected.txt:
+ * http/tests/security/contentSecurityPolicy/report-blocked-uri-cross-origin.py:
+ * http/tests/security/contentSecurityPolicy/report-blocked-uri-expected.txt:
+ * http/tests/security/contentSecurityPolicy/report-blocked-uri.py:
+ * http/tests/security/contentSecurityPolicy/report-cross-origin-no-cookies-expected.txt:
+ * http/tests/security/contentSecurityPolicy/report-cross-origin-no-cookies-when-private-browsing-enabled-expected.txt:
+ * http/tests/security/contentSecurityPolicy/report-cross-origin-no-cookies-when-private-browsing-enabled.py:
+ * http/tests/security/contentSecurityPolicy/report-cross-origin-no-cookies-when-private-browsing-toggled-expected.txt:
+ * http/tests/security/contentSecurityPolicy/report-cross-origin-no-cookies-when-private-browsing-toggled.php: Removed.
+ * http/tests/security/contentSecurityPolicy/report-cross-origin-no-cookies-when-private-browsing-toggled.py: Added.
+ * http/tests/security/contentSecurityPolicy/report-cross-origin-no-cookies.py:
+ * http/tests/security/contentSecurityPolicy/report-document-uri-after-blocked-redirect.html:
+ * http/tests/security/contentSecurityPolicy/report-multiple-violations-01.php: Removed.
+ * http/tests/security/contentSecurityPolicy/report-multiple-violations-01.py: Added.
+ * http/tests/security/contentSecurityPolicy/report-multiple-violations-02.php: Removed.
+ * http/tests/security/contentSecurityPolicy/report-multiple-violations-02.py: Added.
+ * http/tests/security/contentSecurityPolicy/report-only-connect-src-beacon-redirect-blocked-expected.txt:
+ * http/tests/security/contentSecurityPolicy/report-only-connect-src-beacon-redirect-blocked.php: Removed.
+ * http/tests/security/contentSecurityPolicy/report-only-connect-src-beacon-redirect-blocked.py: Added.
+ * http/tests/security/contentSecurityPolicy/report-only-connect-src-xmlhttprequest-redirect-to-blocked.php: Removed.
+ * http/tests/security/contentSecurityPolicy/report-only-connect-src-xmlhttprequest-redirect-to-blocked.py: Added.
+ * http/tests/security/contentSecurityPolicy/report-only-expected.txt:
+ * http/tests/security/contentSecurityPolicy/report-only-from-header-expected.txt:
+ * http/tests/security/contentSecurityPolicy/report-only-from-header.py:
+ * http/tests/security/contentSecurityPolicy/report-only-upgrade-insecure-expected.txt:
+ * http/tests/security/contentSecurityPolicy/report-only-upgrade-insecure.py:
+ * http/tests/security/contentSecurityPolicy/report-only.py:
+ * http/tests/security/contentSecurityPolicy/report-same-origin-no-cookies-when-private-browsing-toggled-expected.txt:
+ * http/tests/security/contentSecurityPolicy/report-same-origin-no-cookies-when-private-browsing-toggled.py:
+ * http/tests/security/contentSecurityPolicy/report-same-origin-with-cookies-expected.txt:
+ * http/tests/security/contentSecurityPolicy/report-same-origin-with-cookies-when-private-browsing-enabled-expected.txt:
+ * http/tests/security/contentSecurityPolicy/report-same-origin-with-cookies-when-private-browsing-enabled.py:
+ * http/tests/security/contentSecurityPolicy/report-same-origin-with-cookies.py:
+ * http/tests/security/contentSecurityPolicy/report-status-code-zero-when-using-https-expected.txt:
+ * http/tests/security/contentSecurityPolicy/report-status-code-zero-when-using-https.html:
+ * http/tests/security/contentSecurityPolicy/report-uri-expected.txt:
+ * http/tests/security/contentSecurityPolicy/report-uri-from-child-frame-expected.txt:
+ * http/tests/security/contentSecurityPolicy/report-uri-from-child-frame.html:
+ * http/tests/security/contentSecurityPolicy/report-uri-from-inline-javascript-expected.txt:
+ * http/tests/security/contentSecurityPolicy/report-uri-from-inline-javascript.py:
+ * http/tests/security/contentSecurityPolicy/report-uri-from-javascript-expected.txt:
+ * http/tests/security/contentSecurityPolicy/report-uri-from-javascript.py:
+ * http/tests/security/contentSecurityPolicy/report-uri-in-meta-tag-ignored.html:
+ * http/tests/security/contentSecurityPolicy/report-uri-scheme-relative-expected.txt:
+ * http/tests/security/contentSecurityPolicy/report-uri-scheme-relative.py:
+ * http/tests/security/contentSecurityPolicy/report-uri.py:
+ * http/tests/security/contentSecurityPolicy/resources/echo-report.php: Removed.
+ * http/tests/security/contentSecurityPolicy/resources/echo-report.py: Added.
+ * http/tests/security/contentSecurityPolicy/resources/generate-csp-report.php: Removed.
+ * http/tests/security/contentSecurityPolicy/resources/generate-csp-report.py: Added.
+ * http/tests/security/contentSecurityPolicy/resources/go-to-echo-report.js:
+ (window.onload):
+ * http/tests/security/contentSecurityPolicy/resources/go-to-echo-report.py:
+ * http/tests/security/contentSecurityPolicy/resources/image-document-default-src-none-iframe.py:
+ * http/tests/security/contentSecurityPolicy/resources/redir.php: Removed.
+ * http/tests/security/contentSecurityPolicy/resources/report-file-path.php: Removed.
+ * http/tests/security/contentSecurityPolicy/resources/report_file_path.py: Added.
+ * http/tests/security/contentSecurityPolicy/resources/save-report-and-redirect-to-save-report.php: Removed.
+ * http/tests/security/contentSecurityPolicy/resources/save-report-and-redirect-to-save-report.py: Added.
+ * http/tests/security/contentSecurityPolicy/resources/save-report.php: Removed.
+ * http/tests/security/contentSecurityPolicy/resources/save-report.py: Added.
+ * http/tests/security/contentSecurityPolicy/resources/save_report.py: Added.
+ (not_being_called):
+ (save_report):
+ * http/tests/security/contentSecurityPolicy/resources/worker.php: Removed.
+ * http/tests/security/contentSecurityPolicy/resources/worker.py: Added.
+ * http/tests/security/contentSecurityPolicy/resources/xhr-redirect-not-allowed.py:
+ * http/tests/security/contentSecurityPolicy/same-origin-plugin-document-blocked-in-child-window-report-expected.txt:
+ * http/tests/security/contentSecurityPolicy/same-origin-plugin-document-blocked-in-child-window-report.py:
+ * http/tests/security/contentSecurityPolicy/worker-connect-src-allowed.html:
+ * http/tests/security/contentSecurityPolicy/worker-connect-src-blocked.html:
+ * http/tests/security/contentSecurityPolicy/worker-eval-blocked.html:
+ * http/tests/security/contentSecurityPolicy/worker-function-function-blocked.html:
+ * http/tests/security/contentSecurityPolicy/worker-importscripts-blocked.html:
+ * http/tests/security/contentSecurityPolicy/worker-multiple-csp-headers.html:
+ * http/tests/security/contentSecurityPolicy/worker-script-src.html:
+ * http/tests/security/contentSecurityPolicy/worker-set-timeout-blocked.html:
+ * http/tests/security/contentSecurityPolicy/worker-without-own-csp.html:
+ * http/tests/security/contentSecurityPolicy/xmlhttprequest-protected-resource-does-not-crash.html:
+ * http/tests/security/cookies/cookies-wrong-domain-rejected-result.php: Removed.
+ * http/tests/security/cookies/cookies-wrong-domain-rejected-result.py: Added.
+ * http/tests/security/cookies/cookies-wrong-domain-rejected.py:
+ * http/tests/security/cookies/resources/first-party-cookie-allow.xsl:
+ * http/tests/security/cookies/resources/set-a-cookie.php: Removed.
+ * http/tests/security/cookies/resources/set-a-cookie.py: Added.
+ * http/tests/security/cookies/resources/third-party-cookie-blocking.xsl:
+ * http/tests/security/cookies/third-party-cookie-blocking-main-frame.html:
+ * http/tests/security/cookies/third-party-cookie-blocking-user-action.html:
+ * http/tests/security/cookies/third-party-cookie-blocking.html:
+ * http/tests/security/credentials-from-different-domains.html:
+ * http/tests/security/credentials-iframes-allowCrossOriginSubresourcesToAskForCredentials-expected.txt:
+ * http/tests/security/credentials-iframes-expected.txt:
+ * http/tests/security/import-module-crossorigin-loads.html:
+ * http/tests/security/import-script-crossorigin-loads-omit.html:
+ * http/tests/security/isolatedWorld/bypass-main-world-csp-worker.html:
+ * http/tests/security/module-crossorigin-error-event-information-expected.txt:
+ * http/tests/security/module-crossorigin-error-event-information.html:
+ * http/tests/security/module-crossorigin-loads-correctly-credentials.html:
+ * http/tests/security/module-crossorigin-loads-omit.html:
+ * http/tests/security/module-crossorigin-onerror-information-expected.txt:
+ * http/tests/security/module-crossorigin-onerror-information.html:
+ * http/tests/security/private-browsing-http-auth-expected.txt:
+ * http/tests/security/private-browsing-http-auth.html:
+ * http/tests/security/referrer-policy-header-expected.txt:
+ * http/tests/security/referrer-policy-header.html:
+ * http/tests/security/resources/basic-auth.php: Removed.
+ * http/tests/security/resources/basic-auth.py: Added.
+ * http/tests/security/resources/cors-basic-auth.php: Removed.
+ * http/tests/security/resources/cors-basic-auth.py: Added.
+ * http/tests/security/resources/cors-script.php: Removed.
+ * http/tests/security/resources/cors-script.py: Added.
+ * http/tests/security/resources/credentials-from-different-domains-continued-1.html:
+ * http/tests/security/resources/credentials-from-different-domains-continued-2.html:
+ * http/tests/security/resources/credentials-iframes-different-domain.html:
+ * http/tests/security/resources/credentials-iframes-same-domain.html:
+ * http/tests/security/resources/credentials-main-resource.py:
+ * http/tests/security/resources/import-module-crossorigin-loads-src.js:
+ * http/tests/security/resources/reference-movie-cross-origin-allow.php: Removed.
+ * http/tests/security/resources/reference-movie-cross-origin-allow.py: Added.
+ * http/tests/security/resources/serve-referrer-policy-and-test.php: Removed.
+ * http/tests/security/resources/serve-referrer-policy-and-test.py: Added.
+ * http/tests/security/resources/video-cross-origin-allow-credentials.php: Removed.
+ * http/tests/security/resources/video-cross-origin-allow-credentials.py: Added.
+ * http/tests/security/resources/video-cross-origin-allow.php: Removed.
+ * http/tests/security/resources/video-cross-origin-allow.py: Added.
+ * http/tests/security/script-crossorigin-error-event-information-expected.txt:
+ * http/tests/security/script-crossorigin-error-event-information.html:
+ * http/tests/security/script-crossorigin-loads-correctly-credentials.html:
+ * http/tests/security/script-crossorigin-loads-correctly.html:
+ * http/tests/security/script-crossorigin-onerror-information-expected.txt:
+ * http/tests/security/script-crossorigin-onerror-information.html:
+ * http/tests/security/script-no-crossorigin-error-event-should-be-sanitized.html:
+ * http/tests/security/script-no-crossorigin-onerror-should-be-sanitized.html:
+ * http/tests/security/sync-xhr-partition.html:
+ * http/tests/security/video-cross-origin-caching.html:
+ * http/tests/security/video-cross-origin-readback.html:
+ * http/tests/security/webaudio-render-remote-audio-allowed-crossorigin-redirect.html:
+ * http/tests/security/webaudio-render-remote-audio-allowed-crossorigin.html:
+ * http/tests/security/webaudio-render-remote-audio-blocked-no-crossorigin-redirect.html:
+ * http/tests/security/webaudio-render-remote-audio-blocked-no-crossorigin.html:
+ * http/tests/security/xssAuditor/report-script-tag-and-do-not-follow-redirect-when-sending-report-expected.txt:
+ * http/tests/security/xssAuditor/report-script-tag-and-do-not-follow-redirect-when-sending-report.html:
+ * http/tests/security/xssAuditor/report-script-tag-expected.txt:
+ * http/tests/security/xssAuditor/report-script-tag-full-block-and-do-not-follow-redirect-when-sending-report-expected.txt:
+ * http/tests/security/xssAuditor/report-script-tag-full-block-and-do-not-follow-redirect-when-sending-report.html:
+ * http/tests/security/xssAuditor/report-script-tag-full-block-expected.txt:
+ * http/tests/security/xssAuditor/report-script-tag-replace-state-expected.txt:
+ * http/tests/security/xssAuditor/resources/echo-intertag.pl:
+ * http/tests/security/xssAuditor/resources/tag-with-pause.py:
+ * http/tests/ssl/curl/certificate-and-authentication.html:
+ * http/tests/xmlhttprequest/resources/noContentLength.cgi:
+ * platform/mac-wk1/TestExpectations:
+ * platform/mac-wk1/http/tests/security/contentSecurityPolicy/report-document-uri-after-blocked-redirect-expected.txt:
+ * platform/win/TestExpectations:
+ * platform/win/http/tests/security/contentSecurityPolicy/report-document-uri-after-blocked-redirect-expected.txt:
+ * platform/wk2/TestExpectations:
+ * platform/wk2/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-css-in-iframe-report-only-expected.txt:
+
2021-04-13 Ziran Sun <zsun@igalia.com>
[css-grid] Incorrect track sizing when using relative sized items in 'auto' column tracks
webkit.org/b/153160 http/tests/security/contentSecurityPolicy/object-src-does-not-affect-child.html [ Failure ]
webkit.org/b/153160 http/tests/security/contentSecurityPolicy/plugin-in-iframe-with-csp.html [ Failure ]
webkit.org/b/153161 http/tests/security/contentSecurityPolicy/register-bypassing-scheme-partial.html [ Failure ]
-webkit.org/b/153162 http/tests/security/contentSecurityPolicy/report-multiple-violations-01.php [ Failure ]
-webkit.org/b/153162 http/tests/security/contentSecurityPolicy/report-multiple-violations-02.php [ Failure ]
+webkit.org/b/153162 http/tests/security/contentSecurityPolicy/report-multiple-violations-01.py [ Failure ]
+webkit.org/b/153162 http/tests/security/contentSecurityPolicy/report-multiple-violations-02.py [ Failure ]
webkit.org/b/154203 http/tests/security/contentSecurityPolicy/1.1/frame-ancestors/frame-ancestors-overrides-xfo.html
webkit.org/b/154522 http/tests/security/contentSecurityPolicy/1.1/securitypolicyviolation-base-uri-deny.html
webkit.org/b/158480 http/tests/websocket/tests/hybi/upgrade-simple-ws.html [ Skip ]
}
try {
- var es = navigator.sendBeacon("http://127.0.0.1:8000/security/contentSecurityPolicy/resources/echo-report.php");
+ var es = navigator.sendBeacon("http://127.0.0.1:8000/security/contentSecurityPolicy/resources/echo-report.py");
log("Pass");
} catch(e) {
log("Fail");
'Content-Type: text/html\r\n'
'Content-Length: 0\r\n'
'Etag: 123456789\r\n'
- f'Last-Modified: {last_modified}\r\n'
+ f'Last-Modified: {last_modified}\r\n\r\n'
)
sys.exit(0)
\ No newline at end of file
<body>
This test creates a CSP violation report, but the report URL matches a 'block-cookie' rule.
-<img src="/cookies/resources/cookie-utility.php?queryfunction=setFooCookie"
+<img src="/cookies/resources/cookie-utility.py?queryfunction=setFooCookie"
onerror="deletePing();">
<div id="delete_ping_container"></div>
<iframe id="result_frame" name="result_frame"><!-- Will contain ping data received by server --></iframe>
import tempfile
from urllib.parse import parse_qs
-def get_request_count(file):
- if not os.path.isfile(file):
- return 0
+file = __file__.split(':/cygwin')[-1]
+http_root = os.path.dirname(os.path.dirname(os.path.abspath(os.path.dirname(file))))
+sys.path.insert(0, http_root)
- with open(file, 'r') as file:
- return int(file.read())
-
-def set_request_count(file, count):
- with open(file, 'r') as file:
- file.write(count)
+from resources.portabilityLayer import get_state, set_state
query = parse_qs(os.environ.get('QUERY_STRING', ''), keep_blank_values=True)
-filename = query.get('filename', [''])[0]
+filename = query.get('filename', ['404.txt'])[0]
mode = query.get('mode', [''])[0]
tmp_file = os.path.join(tempfile.gettempdir(), filename)
-current_count = get_request_count(tmp_file)
+current_count = int(get_state(tmp_file, 0))
if mode == 'getFont':
- set_request_count(tmp_file, current_count + 1)
+ set_state(tmp_file, str(current_count + 1))
sys.stdout.write(
'Access-control-max-age: 0\r\n'
'Access-control-allow-origin: *\r\n'
script.crossOrigin = "use-credentials";
// We are serving the test from the filesystem and file URLs are granted universal access.
// This bypasses CORS checks and will allow access to 127.0.0.1:8000.
-script.src = "http://localhost:8000/security/resources/cors-script.php?credentials=true";
+script.src = "http://localhost:8000/security/resources/cors-script.py?credentials=true";
script.onload = function() { done("PASS"); }
script.onerror = function() { done("FAIL");}
document.body.appendChild(script);
--- /dev/null
+#!/usr/bin/env python3
+
+# This script is based on the work done by gadgetguru
+# <david@vuistbijl.nl> at
+# https://github.com/gadgetguru/PHP-Streaming-Audio and released
+# under the Public Domain.
+
+import json
+import math
+import os
+import sys
+import time
+from datetime import datetime
+from urllib.parse import parse_qs
+
+https = os.environ.get('HTTPS', None)
+
+radio_url = ''
+if https is None:
+ radio_url += 'https://'
+else:
+ radio_url += 'http://'
+radio_url += '{}{}'.format(os.environ.get('HTTP_HOST', ''), os.environ.get('REQUEST_URI', ''))
+
+query = parse_qs(os.environ.get('QUERY_STRING', ''), keep_blank_values=True)
+
+name = query.get('name', [''])[0]
+media_directory = ''
+if name != '':
+ media_directory = os.path.abspath(os.path.dirname(name))
+file_name = name
+
+# Set Variables
+settings = {
+ 'chunkSize': int(query.get('chunkSize', [1024 * 256])[0]),
+ 'databaseFile': 'metadata.db',
+ 'httpStatus': '500 Internal Server Error',
+ 'mediaDirectory': media_directory,
+ 'mimeType': query.get('type', [''])[0],
+ 'radioGenre': 'Rock',
+ 'radioName': 'WebKit Test Radio',
+ 'radioUrl': radio_url,
+ 'setContentLength': query.get('content-length', ['yes'])[0],
+ 'setIcyData': query.get('icy-data', ['no'])[0],
+ 'supportRanges': query.get('ranges', ['yes'])[0],
+ 'stallOffset': int(query.get('stallOffset', [0])[0]),
+ 'stallDuration': int(query.get('stallDuration', [2])[0]),
+}
+
+
+def answering():
+ sys.stdout.write(
+ 'status: {}\r\n'
+ 'Connection: close\r\n'.format(settings['httpStatus'][0:3])
+ )
+
+ if settings['httpStatus'].startswith('500'):
+ sys.stdout.write(
+ 'Content-Type: text/html\r\n\r\n'
+ '<html><body><h1>{}</h1><p/></body></html>'.format(settings['httpStatus'])
+ )
+ sys.stdout.flush()
+ sys.exit(0)
+
+ file_size = os.path.getsize(file_name)
+ last_modified = datetime.utcnow()
+ sys.stdout.write(
+ 'Last-Modified: {} GMT\r\n'
+ 'Cache-Control: no-cache\r\n'
+ 'Etag: "{}-{}"\r\n'.format(last_modified.strftime('%a, %d %b %Y %H:%M:%S'), file_size, str(os.stat(file_name).st_mtime).split('.')[0])
+ )
+
+ if settings['setIcyData'] == 'yes':
+ bit_rate = math.ceil(play_files[len(play_files) - 1]['mimeType'] / 1000)
+ if settings['mimeType'] == '':
+ settings['mimeType'] = play_files[len(play_files) - 1]['mimeType']
+
+ sys.stdout.write(
+ 'icy-notice1: <BR>This stream requires a shoutcast/icecast compatible player.<BR>\r\n'
+ 'icy-notice2: WebKit Stream Test<BR>\r\n'
+ 'icy-name: {name}\r\n'
+ 'icy-genre: {genre}\r\n'
+ 'icy-url: {url}\r\n'
+ 'icy-pub: 1\r\n'
+ 'icy-br: {rate}\r\n'.format(name=settings['radioName'], genre=settings['radioGenre'], url=settings['radioUrl'], rate=bit_rate)
+ )
+
+ sys.stdout.write('Content-Type: {}\r\n'.format(settings['mimeType']))
+
+ if settings['supportRanges'] != 'no':
+ sys.stdout.write('Accept-Ranges: bytes\r\n')
+ if settings['setContentLength'] != 'no':
+ sys.stdout.write('Content-Length: {}\r\n'.format(end - start + 1))
+ if content_range is not None:
+ sys.stdout.write('Content-Range: bytes {}-{}/{}\r\n'.format(start, end, file_size))
+ sys.stdout.write('\r\n')
+
+ offset = start
+ open_file = open(file_name, 'rb')
+ content = open_file.read()
+
+ stalled_once = False
+ while offset <= end:
+ read_size = min(settings['chunkSize'], (end - offset) + 1)
+ stall_now = False
+ if not stalled_once and settings['stallOffset'] >= offset and settings['stallOffset'] < offset + read_size:
+ read_size = min(settings['chunkSize'], settings['stallOffset'] - offset)
+ stall_now = True
+
+ buff = content[offset:read_size]
+ read_length = len(buff)
+
+ sys.stdout.buffer.write(buff)
+ sys.stdout.flush()
+ offset += read_length
+
+ if stall_now:
+ time.sleep(settings['stallDuration'])
+ stalled_once = True
+
+ open_file.close()
+ sys.exit(0)
+
+
+if query.get('name', [None])[0] is None:
+ sys.stderr.write('You have not specified a \'name\' parameter.\n')
+ answering()
+
+if not os.path.isfile(file_name):
+ sys.stderr.write('The file \'{}\' doesn\'t exist.\n'.format(file_name))
+ answering()
+settings['databaseFile'] = settings['mediaDirectory'] + '/' + settings['databaseFile']
+
+if settings['setIcyData'] != 'yes' and settings['mimeType'] == '':
+ sys.stderr.write('You have not specified a \'type\' parameter.\n')
+ answering()
+
+if settings['setIcyData'] == 'yes':
+ if not os.path.isfile(settings['databaseFile']):
+ # If the metadata database file doesn't exist it has to
+ # be create previously.
+ #
+ # Check the instructions about how to create it from the
+ # create-id3-db.php script file in this same directory.
+
+ sys.stderr.write('The metadata database doesn\'t exist. To create one, check the script \'create-id3-db.php\'.\n')
+ answering()
+
+ play_files = {}
+ with open(settings['databaseFile'], 'r') as file:
+ play_files = json.loads(file.read())
+ sys.stderr.write('\n{}\n'.format(play_files))
+
+ file_in_db = False
+ for play_file in play_files:
+ if file_name.split('/')[-1] == play_file['fileName']:
+ file_in_db = True
+ break
+
+ if not file_in_db:
+ sys.stderr.write('The requested file is not in the database.\n')
+ answering()
+
+# We have everything that's needed to send the media file
+file_size = os.path.getsize(file_name)
+if settings['stallOffset'] > file_size:
+ sys.stderr.write('The \'stallOffset\' offset parameter is greater than file size ({}).\n'.format(file_size))
+ answering()
+
+start = 0
+end = file_size - 1
+content_range = None
+if settings['supportRanges'] != 'no' and os.environ.get('HTTP_RANGE', None) is not None:
+ content_range = os.environ.get('HTTP_RANGE')
+if content_range is not None:
+ rng = content_range[len('bytes='):].split('-')
+ start = int(rng[0])
+ if len(rng) > 1 and rng[1] != '':
+ end = int(rng[1])
+ settings['httpStatus'] = '206 Partial Content'
+else:
+ settings['httpStatus'] = '200 OK'
+
+answering()
# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+import cgi
import os
+from urllib.parse import parse_qs
+
def get_cookies():
cookies = {}
return cookies
+
+def get_request():
+ request = {}
+ request_method = os.environ.get('REQUEST_METHOD', '')
+ if request_method == 'POST':
+ form = cgi.FieldStorage()
+ for key in form.keys():
+ request.update({key: form.getvalue(key)})
+ else:
+ query = parse_qs(os.environ.get('QUERY_STRING', ''), keep_blank_values=True)
+ for key in query.keys():
+ request.update({key: query[key][0]})
+
+ request.update(get_cookies())
+
+ return request
+
+
def get_count(file):
if not os.path.isfile(file):
with open(file, 'w') as open_file:
with open(file, 'r') as open_file:
return open_file.read()
+
def get_state(file, default='Uninitialized'):
if not os.path.isfile(file):
return default
with open(file, 'r') as file:
return file.read()
+
def set_state(state, file):
- with open(file, 'w') as file:
- file.write(state)
+ with open(file, 'w') as open_file:
+ open_file.write(state)
return state
+
def step_state(file):
state = get_count(file)
with open(file, 'w') as open_file:
open_file.write(f'{int(state) + 1}')
- return state
\ No newline at end of file
+ return state
-http://127.0.0.1:8000/security/401-logout/401-logout.php?uid=username - didReceiveAuthenticationChallenge - Responding with username:password
-http://127.0.0.1:8000/security/401-logout/401-logout.php?uid=username&logout=1 - didReceiveAuthenticationChallenge - Simulating cancelled authentication sheet
+http://127.0.0.1:8000/security/401-logout/401-logout.py?uid=username - didReceiveAuthenticationChallenge - Responding with username:password
+http://127.0.0.1:8000/security/401-logout/401-logout.py?uid=username&logout=1 - didReceiveAuthenticationChallenge - Simulating cancelled authentication sheet
PASS
+++ /dev/null
-<?php
- if (!isset($_REQUEST['uid'])) {
- // Step 1 - navigate to a page that will make us remember credentials.
- echo "<script>\n";
- echo "if (!window.testRunner) {\n";
- echo " document.write('This test only works as an automated one');\n";
- echo " throw 0;\n";
- echo "}\n";
- echo "testRunner.waitUntilDone();\n";
- echo "testRunner.dumpAsText();\n";
- echo "testRunner.setHandlesAuthenticationChallenges(true)\n";
- echo "testRunner.setAuthenticationUsername('username')\n";
- echo "testRunner.setAuthenticationPassword('password')\n";
- echo "location = 'http://127.0.0.1:8000/security/401-logout/401-logout.php?uid=username';\n";
- echo "</script>\n";
- } else if (!isset($_SERVER['PHP_AUTH_USER']) || ($_REQUEST['uid'] != $_SERVER['PHP_AUTH_USER'])) {
- if (isset($_REQUEST['laststep'])) {
- // Step 4 - Credentials are no longer being sent
- echo "PASS";
- echo "<script>\n";
- echo "if (window.testRunner) {\n";
- echo " testRunner.notifyDone();\n";
- echo "}\n";
- echo "</script>\n";
- } else {
- // Ask for credentials if there are none
- header('WWW-Authenticate: Basic realm="401-logout"');
- header('HTTP/1.0 401 Unauthorized');
- }
- } else {
- if (!isset($_REQUEST['logout'])) {
- // Step 2 - navigate to a page that will make us forget the credentials
- echo "<script>\n";
- echo "testRunner.setHandlesAuthenticationChallenges(false)\n";
- echo "location = 'http://127.0.0.1:8000/security/401-logout/401-logout.php?uid=username&logout=1';\n";
- echo "</script>\n";
- } else {
- // Step 3 - logout
- header('WWW-Authenticate: Basic realm="401-logout"');
- header('HTTP/1.0 401 Unauthorized');
- echo "<script>\n";
- echo "location = 'http://127.0.0.1:8000/security/401-logout/401-logout.php?uid=username&laststep=1';\n";
- echo "</script>\n";
- }
- }
-?>
--- /dev/null
+#!/usr/bin/env python3
+
+import base64
+import os
+import sys
+
+file = __file__.split(':/cygwin')[-1]
+http_root = os.path.dirname(os.path.dirname(os.path.abspath(os.path.dirname(file))))
+sys.path.insert(0, http_root)
+
+from resources.portabilityLayer import get_request
+
+username = base64.b64decode(os.environ.get('HTTP_AUTHORIZATION', ' Og==').split(' ')[1]).decode().split(':')[0]
+request = get_request()
+
+sys.stdout.write('Content-Type: text/html\r\n')
+
+if request.get('uid', None) is None:
+ # Step 1 - navigate to a page that will make us remember credentials.
+ sys.stdout.write(
+ '\r\n<script>\n'
+ 'if (!window.testRunner) {\n'
+ ' document.write(\'This test only works as an automated one\');\n'
+ ' throw 0;\n'
+ '}\n'
+ 'testRunner.waitUntilDone();\n'
+ 'testRunner.dumpAsText();\n'
+ 'testRunner.setHandlesAuthenticationChallenges(true)\n'
+ 'testRunner.setAuthenticationUsername(\'username\')\n'
+ 'testRunner.setAuthenticationPassword(\'password\')\n'
+ 'location = \'http://127.0.0.1:8000/security/401-logout/401-logout.py?uid=username\';\n'
+ '</script>\n'
+ )
+
+elif not username or request.get('uid', '') != username:
+ if request.get('laststep', None) is not None:
+ # Step 4 - Credentials are no longer being sent
+ sys.stdout.write(
+ '\r\nPASS<script>\n'
+ 'if (window.testRunner) {\n'
+ ' testRunner.notifyDone();\n'
+ '}\n'
+ '</script>\n'
+ )
+ else:
+ # Ask for credentials is there are none
+ sys.stdout.write(
+ 'WWW-Authenticate: Basic realm="401-logout"\r\n'
+ 'status: 401\r\n\r\n'
+ )
+else:
+ if request.get('logout', None) is None:
+ # Step 2 - navigate to a page that will make us forget the credentials
+ sys.stdout.write(
+ '\r\n<script>\n'
+ 'testRunner.setHandlesAuthenticationChallenges(false)\n'
+ 'location = \'http://127.0.0.1:8000/security/401-logout/401-logout.py?uid=username&logout=1\';\n'
+ '</script>\n'
+ )
+ else:
+ # Step 3 - logout
+ sys.stdout.write(
+ 'WWW-Authenticate: Basic realm="401-logout"\r\n'
+ 'status: 401\r\n\r\n'
+ '<script>\n'
+ 'location = \'http://127.0.0.1:8000/security/401-logout/401-logout.py?uid=username&laststep=1\';\n'
+ '</script>\n'
+ )
video.crossOrigin = "anonymous";
var mediaFile = findMediaFile("video", "../../media/resources/test");
var type = mimeTypeForExtension(mediaFile.split('.').pop());
- video.src = "http://localhost:8080/security/resources/video-cross-origin-allow.php?name=" + mediaFile + "&type=" + type;
+ video.src = "http://localhost:8080/security/resources/video-cross-origin-allow.py?name=" + mediaFile + "&type=" + type;
window.jsTestIsAsync = true;
</script>
video.crossOrigin = "use-credentials";
var mediaFile = findMediaFile("video", "../../media/resources/test");
var type = mimeTypeForExtension(mediaFile.split('.').pop());
- video.src = "http://localhost:8080/security/resources/video-cross-origin-allow-credentials.php?name=" + mediaFile + "&type=" + type;
+ video.src = "http://localhost:8080/security/resources/video-cross-origin-allow-credentials.py?name=" + mediaFile + "&type=" + type;
window.jsTestIsAsync = true;
</script>
var mediaFile = findMediaFile("video", "../../media/resources/test");
var type = mimeTypeForExtension(mediaFile.split('.').pop());
- video.src = "http://localhost:8080/security/resources/video-cross-origin-allow.php?name=" + mediaFile + "&type=" + type;
+ video.src = "http://localhost:8080/security/resources/video-cross-origin-allow.py?name=" + mediaFile + "&type=" + type;
window.jsTestIsAsync = true;
</script>
</script>
</head>
<p>Tests that loading a page in an <iframe> with a report-only Content Security Policy "frame-ancestors 'none'" is allowed. This test PASSED if you see the word PASS below. Otherwise, it FAILED.</p>
-<iframe src="http://127.0.0.1:8000/security/contentSecurityPolicy/resources/echo-intertag.pl?header=Content-Security-Policy-Report-Only%3A+frame-ancestors+%27none%27%3B+report-uri+../../resources/save-report.php&q=PASS"></iframe>
+<iframe src="http://127.0.0.1:8000/security/contentSecurityPolicy/resources/echo-intertag.pl?header=Content-Security-Policy-Report-Only%3A+frame-ancestors+%27none%27%3B+report-uri+../../resources/save-report.py&q=PASS"></iframe>
</html>
-CONSOLE MESSAGE: Refused to load http://localhost:8000/security/contentSecurityPolicy/resources/echo-intertag.pl?header=Content-Security-Policy%3A+frame-ancestors+%27none%27%3B+report-uri+save-report.php%3Ftest%3D/security/contentSecurityPolicy/1.1/report-frame-ancestors-cross-origin.html&q=FAIL because it does not appear in the frame-ancestors directive of the Content Security Policy.
+CONSOLE MESSAGE: Refused to load http://localhost:8000/security/contentSecurityPolicy/resources/echo-intertag.pl?header=Content-Security-Policy%3A+frame-ancestors+%27none%27%3B+report-uri+save-report.py%3Ftest%3D/security/contentSecurityPolicy/1.1/report-frame-ancestors-cross-origin.html&q=FAIL because it does not appear in the frame-ancestors directive of the Content Security Policy.
CSP report received:
CONTENT_TYPE: application/csp-report
HTTP_HOST: localhost:8000
REQUEST_METHOD: POST
-REQUEST_URI: /security/contentSecurityPolicy/resources/save-report.php?test=/security/contentSecurityPolicy/1.1/report-frame-ancestors-cross-origin.html
+REQUEST_URI: /security/contentSecurityPolicy/resources/save-report.py?test=/security/contentSecurityPolicy/1.1/report-frame-ancestors-cross-origin.html
=== POST DATA ===
-{"csp-report":{"document-uri":"http://localhost:8000/security/contentSecurityPolicy/resources/echo-intertag.pl?header=Content-Security-Policy%3A+frame-ancestors+%27none%27%3B+report-uri+save-report.php%3Ftest%3D/security/contentSecurityPolicy/1.1/report-frame-ancestors-cross-origin.html&q=FAIL","referrer":"http://127.0.0.1:8000/security/contentSecurityPolicy/1.1/frame-ancestors/report-frame-ancestors-cross-origin.html","violated-directive":"frame-ancestors 'none'","effective-directive":"frame-ancestors","original-policy":"frame-ancestors 'none'; report-uri save-report.php?test=/security/contentSecurityPolicy/1.1/report-frame-ancestors-cross-origin.html","blocked-uri":"http://localhost:8000/security/contentSecurityPolicy/resources/echo-intertag.pl?header=Content-Security-Policy%3A+frame-ancestors+%27none%27%3B+report-uri+save-report.php%3Ftest%3D/security/contentSecurityPolicy/1.1/report-frame-ancestors-cross-origin.html&q=FAIL","status-code":200}}
+{"csp-report":{"document-uri":"http://localhost:8000/security/contentSecurityPolicy/resources/echo-intertag.pl?header=Content-Security-Policy%3A+frame-ancestors+%27none%27%3B+report-uri+save-report.py%3Ftest%3D/security/contentSecurityPolicy/1.1/report-frame-ancestors-cross-origin.html&q=FAIL","referrer":"http://127.0.0.1:8000/security/contentSecurityPolicy/1.1/frame-ancestors/report-frame-ancestors-cross-origin.html","violated-directive":"frame-ancestors 'none'","effective-directive":"frame-ancestors","original-policy":"frame-ancestors 'none'; report-uri save-report.py?test=/security/contentSecurityPolicy/1.1/report-frame-ancestors-cross-origin.html","blocked-uri":"http://localhost:8000/security/contentSecurityPolicy/resources/echo-intertag.pl?header=Content-Security-Policy%3A+frame-ancestors+%27none%27%3B+report-uri+save-report.py%3Ftest%3D/security/contentSecurityPolicy/1.1/report-frame-ancestors-cross-origin.html&q=FAIL","status-code":200}}
-CONSOLE MESSAGE: Refused to load https://localhost:8443/security/contentSecurityPolicy/resources/echo-intertag.pl?header=Content-Security-Policy%3A+frame-ancestors+%27none%27%3B+report-uri+save-report.php%3Ftest%3D/security/contentSecurityPolicy/1.1/report-frame-ancestors-cross-origin.html&q=FAIL because it does not appear in the frame-ancestors directive of the Content Security Policy.
+CONSOLE MESSAGE: Refused to load https://localhost:8443/security/contentSecurityPolicy/resources/echo-intertag.pl?header=Content-Security-Policy%3A+frame-ancestors+%27none%27%3B+report-uri+save-report.py%3Ftest%3D/security/contentSecurityPolicy/1.1/report-frame-ancestors-cross-origin.html&q=FAIL because it does not appear in the frame-ancestors directive of the Content Security Policy.
CSP report received:
CONTENT_TYPE: application/csp-report
HTTP_HOST: localhost:8443
REQUEST_METHOD: POST
-REQUEST_URI: /security/contentSecurityPolicy/resources/save-report.php?test=/security/contentSecurityPolicy/1.1/report-frame-ancestors-cross-origin.html
+REQUEST_URI: /security/contentSecurityPolicy/resources/save-report.py?test=/security/contentSecurityPolicy/1.1/report-frame-ancestors-cross-origin.html
=== POST DATA ===
-{"csp-report":{"document-uri":"https://localhost:8443/security/contentSecurityPolicy/resources/echo-intertag.pl?header=Content-Security-Policy%3A+frame-ancestors+%27none%27%3B+report-uri+save-report.php%3Ftest%3D/security/contentSecurityPolicy/1.1/report-frame-ancestors-cross-origin.html&q=FAIL","referrer":"http://127.0.0.1:8000/security/contentSecurityPolicy/1.1/frame-ancestors/report-frame-ancestors-cross-origin-https.html","violated-directive":"frame-ancestors 'none'","effective-directive":"frame-ancestors","original-policy":"frame-ancestors 'none'; report-uri save-report.php?test=/security/contentSecurityPolicy/1.1/report-frame-ancestors-cross-origin.html","blocked-uri":"https://localhost:8443/security/contentSecurityPolicy/resources/echo-intertag.pl?header=Content-Security-Policy%3A+frame-ancestors+%27none%27%3B+report-uri+save-report.php%3Ftest%3D/security/contentSecurityPolicy/1.1/report-frame-ancestors-cross-origin.html&q=FAIL","status-code":0}}
+{"csp-report":{"document-uri":"https://localhost:8443/security/contentSecurityPolicy/resources/echo-intertag.pl?header=Content-Security-Policy%3A+frame-ancestors+%27none%27%3B+report-uri+save-report.py%3Ftest%3D/security/contentSecurityPolicy/1.1/report-frame-ancestors-cross-origin.html&q=FAIL","referrer":"http://127.0.0.1:8000/security/contentSecurityPolicy/1.1/frame-ancestors/report-frame-ancestors-cross-origin-https.html","violated-directive":"frame-ancestors 'none'","effective-directive":"frame-ancestors","original-policy":"frame-ancestors 'none'; report-uri save-report.py?test=/security/contentSecurityPolicy/1.1/report-frame-ancestors-cross-origin.html","blocked-uri":"https://localhost:8443/security/contentSecurityPolicy/resources/echo-intertag.pl?header=Content-Security-Policy%3A+frame-ancestors+%27none%27%3B+report-uri+save-report.py%3Ftest%3D/security/contentSecurityPolicy/1.1/report-frame-ancestors-cross-origin.html&q=FAIL","status-code":0}}
function navigateToReport()
{
- window.location = "http://localhost:8000/security/contentSecurityPolicy/resources/echo-report.php?test=/security/contentSecurityPolicy/1.1/report-frame-ancestors-cross-origin.html";
+ window.location = "http://localhost:8000/security/contentSecurityPolicy/resources/echo-report.py?test=/security/contentSecurityPolicy/1.1/report-frame-ancestors-cross-origin.html";
}
</script>
</head>
-<iframe src="https://localhost:8443/security/contentSecurityPolicy/resources/echo-intertag.pl?header=Content-Security-Policy%3A+frame-ancestors+%27none%27%3B+report-uri+save-report.php%3Ftest%3D/security/contentSecurityPolicy/1.1/report-frame-ancestors-cross-origin.html&q=FAIL" onload="navigateToReport()"></iframe>
+<iframe src="https://localhost:8443/security/contentSecurityPolicy/resources/echo-intertag.pl?header=Content-Security-Policy%3A+frame-ancestors+%27none%27%3B+report-uri+save-report.py%3Ftest%3D/security/contentSecurityPolicy/1.1/report-frame-ancestors-cross-origin.html&q=FAIL" onload="navigateToReport()"></iframe>
</body>
</html>
function navigateToReport()
{
- window.location = "http://localhost:8000/security/contentSecurityPolicy/resources/echo-report.php?test=/security/contentSecurityPolicy/1.1/report-frame-ancestors-cross-origin.html";
+ window.location = "http://localhost:8000/security/contentSecurityPolicy/resources/echo-report.py?test=/security/contentSecurityPolicy/1.1/report-frame-ancestors-cross-origin.html";
}
</script>
</head>
-<iframe src="http://localhost:8000/security/contentSecurityPolicy/resources/echo-intertag.pl?header=Content-Security-Policy%3A+frame-ancestors+%27none%27%3B+report-uri+save-report.php%3Ftest%3D/security/contentSecurityPolicy/1.1/report-frame-ancestors-cross-origin.html&q=FAIL" onload="navigateToReport()"></iframe>
+<iframe src="http://localhost:8000/security/contentSecurityPolicy/resources/echo-intertag.pl?header=Content-Security-Policy%3A+frame-ancestors+%27none%27%3B+report-uri+save-report.py%3Ftest%3D/security/contentSecurityPolicy/1.1/report-frame-ancestors-cross-origin.html&q=FAIL" onload="navigateToReport()"></iframe>
</body>
</html>
-CONSOLE MESSAGE: Refused to load http://127.0.0.1:8000/security/contentSecurityPolicy/resources/echo-intertag.pl?header=Content-Security-Policy%3A+frame-ancestors+%27none%27%3B+report-uri+save-report.php%3Ftest%3D/security/contentSecurityPolicy/1.1/report-frame-ancestors-same-origin.html&q=FAIL because it does not appear in the frame-ancestors directive of the Content Security Policy.
+CONSOLE MESSAGE: Refused to load http://127.0.0.1:8000/security/contentSecurityPolicy/resources/echo-intertag.pl?header=Content-Security-Policy%3A+frame-ancestors+%27none%27%3B+report-uri+save-report.py%3Ftest%3D/security/contentSecurityPolicy/1.1/report-frame-ancestors-same-origin.html&q=FAIL because it does not appear in the frame-ancestors directive of the Content Security Policy.
CSP report received:
CONTENT_TYPE: application/csp-report
HTTP_HOST: 127.0.0.1:8000
REQUEST_METHOD: POST
-REQUEST_URI: /security/contentSecurityPolicy/resources/save-report.php?test=/security/contentSecurityPolicy/1.1/report-frame-ancestors-same-origin.html
+REQUEST_URI: /security/contentSecurityPolicy/resources/save-report.py?test=/security/contentSecurityPolicy/1.1/report-frame-ancestors-same-origin.html
=== POST DATA ===
-{"csp-report":{"document-uri":"http://127.0.0.1:8000/security/contentSecurityPolicy/resources/echo-intertag.pl?header=Content-Security-Policy%3A+frame-ancestors+%27none%27%3B+report-uri+save-report.php%3Ftest%3D/security/contentSecurityPolicy/1.1/report-frame-ancestors-same-origin.html&q=FAIL","referrer":"http://127.0.0.1:8000/security/contentSecurityPolicy/1.1/frame-ancestors/report-frame-ancestors-same-origin.html","violated-directive":"frame-ancestors 'none'","effective-directive":"frame-ancestors","original-policy":"frame-ancestors 'none'; report-uri save-report.php?test=/security/contentSecurityPolicy/1.1/report-frame-ancestors-same-origin.html","blocked-uri":"http://127.0.0.1:8000/security/contentSecurityPolicy/resources/echo-intertag.pl?header=Content-Security-Policy%3A+frame-ancestors+%27none%27%3B+report-uri+save-report.php%3Ftest%3D/security/contentSecurityPolicy/1.1/report-frame-ancestors-same-origin.html&q=FAIL","status-code":200}}
+{"csp-report":{"document-uri":"http://127.0.0.1:8000/security/contentSecurityPolicy/resources/echo-intertag.pl?header=Content-Security-Policy%3A+frame-ancestors+%27none%27%3B+report-uri+save-report.py%3Ftest%3D/security/contentSecurityPolicy/1.1/report-frame-ancestors-same-origin.html&q=FAIL","referrer":"http://127.0.0.1:8000/security/contentSecurityPolicy/1.1/frame-ancestors/report-frame-ancestors-same-origin.html","violated-directive":"frame-ancestors 'none'","effective-directive":"frame-ancestors","original-policy":"frame-ancestors 'none'; report-uri save-report.py?test=/security/contentSecurityPolicy/1.1/report-frame-ancestors-same-origin.html","blocked-uri":"http://127.0.0.1:8000/security/contentSecurityPolicy/resources/echo-intertag.pl?header=Content-Security-Policy%3A+frame-ancestors+%27none%27%3B+report-uri+save-report.py%3Ftest%3D/security/contentSecurityPolicy/1.1/report-frame-ancestors-same-origin.html&q=FAIL","status-code":200}}
-CONSOLE MESSAGE: Refused to load https://127.0.0.1:8443/security/contentSecurityPolicy/resources/echo-intertag.pl?header=Content-Security-Policy%3A+frame-ancestors+%27none%27%3B+report-uri+save-report.php%3Ftest%3D/security/contentSecurityPolicy/1.1/report-frame-ancestors-same-origin.html&q=FAIL because it does not appear in the frame-ancestors directive of the Content Security Policy.
+CONSOLE MESSAGE: Refused to load https://127.0.0.1:8443/security/contentSecurityPolicy/resources/echo-intertag.pl?header=Content-Security-Policy%3A+frame-ancestors+%27none%27%3B+report-uri+save-report.py%3Ftest%3D/security/contentSecurityPolicy/1.1/report-frame-ancestors-same-origin.html&q=FAIL because it does not appear in the frame-ancestors directive of the Content Security Policy.
CSP report received:
CONTENT_TYPE: application/csp-report
HTTP_HOST: 127.0.0.1:8443
REQUEST_METHOD: POST
-REQUEST_URI: /security/contentSecurityPolicy/resources/save-report.php?test=/security/contentSecurityPolicy/1.1/report-frame-ancestors-same-origin.html
+REQUEST_URI: /security/contentSecurityPolicy/resources/save-report.py?test=/security/contentSecurityPolicy/1.1/report-frame-ancestors-same-origin.html
=== POST DATA ===
-{"csp-report":{"document-uri":"https://127.0.0.1:8443/security/contentSecurityPolicy/resources/echo-intertag.pl?header=Content-Security-Policy%3A+frame-ancestors+%27none%27%3B+report-uri+save-report.php%3Ftest%3D/security/contentSecurityPolicy/1.1/report-frame-ancestors-same-origin.html&q=FAIL","referrer":"http://127.0.0.1:8000/security/contentSecurityPolicy/1.1/frame-ancestors/report-frame-ancestors-same-origin-https.html","violated-directive":"frame-ancestors 'none'","effective-directive":"frame-ancestors","original-policy":"frame-ancestors 'none'; report-uri save-report.php?test=/security/contentSecurityPolicy/1.1/report-frame-ancestors-same-origin.html","blocked-uri":"https://127.0.0.1:8443/security/contentSecurityPolicy/resources/echo-intertag.pl?header=Content-Security-Policy%3A+frame-ancestors+%27none%27%3B+report-uri+save-report.php%3Ftest%3D/security/contentSecurityPolicy/1.1/report-frame-ancestors-same-origin.html&q=FAIL","status-code":0}}
+{"csp-report":{"document-uri":"https://127.0.0.1:8443/security/contentSecurityPolicy/resources/echo-intertag.pl?header=Content-Security-Policy%3A+frame-ancestors+%27none%27%3B+report-uri+save-report.py%3Ftest%3D/security/contentSecurityPolicy/1.1/report-frame-ancestors-same-origin.html&q=FAIL","referrer":"http://127.0.0.1:8000/security/contentSecurityPolicy/1.1/frame-ancestors/report-frame-ancestors-same-origin-https.html","violated-directive":"frame-ancestors 'none'","effective-directive":"frame-ancestors","original-policy":"frame-ancestors 'none'; report-uri save-report.py?test=/security/contentSecurityPolicy/1.1/report-frame-ancestors-same-origin.html","blocked-uri":"https://127.0.0.1:8443/security/contentSecurityPolicy/resources/echo-intertag.pl?header=Content-Security-Policy%3A+frame-ancestors+%27none%27%3B+report-uri+save-report.py%3Ftest%3D/security/contentSecurityPolicy/1.1/report-frame-ancestors-same-origin.html&q=FAIL","status-code":0}}
function navigateToReport()
{
- window.location = "http://127.0.0.1:8000/security/contentSecurityPolicy/resources/echo-report.php?test=/security/contentSecurityPolicy/1.1/report-frame-ancestors-same-origin.html";
+ window.location = "http://127.0.0.1:8000/security/contentSecurityPolicy/resources/echo-report.py?test=/security/contentSecurityPolicy/1.1/report-frame-ancestors-same-origin.html";
}
</script>
</head>
-<iframe src="https://127.0.0.1:8443/security/contentSecurityPolicy/resources/echo-intertag.pl?header=Content-Security-Policy%3A+frame-ancestors+%27none%27%3B+report-uri+save-report.php%3Ftest%3D/security/contentSecurityPolicy/1.1/report-frame-ancestors-same-origin.html&q=FAIL" onload="navigateToReport()"></iframe>
+<iframe src="https://127.0.0.1:8443/security/contentSecurityPolicy/resources/echo-intertag.pl?header=Content-Security-Policy%3A+frame-ancestors+%27none%27%3B+report-uri+save-report.py%3Ftest%3D/security/contentSecurityPolicy/1.1/report-frame-ancestors-same-origin.html&q=FAIL" onload="navigateToReport()"></iframe>
</body>
</html>
function navigateToReport()
{
- window.location = "http://127.0.0.1:8000/security/contentSecurityPolicy/resources/echo-report.php?test=/security/contentSecurityPolicy/1.1/report-frame-ancestors-same-origin.html";
+ window.location = "http://127.0.0.1:8000/security/contentSecurityPolicy/resources/echo-report.py?test=/security/contentSecurityPolicy/1.1/report-frame-ancestors-same-origin.html";
}
</script>
</head>
-<iframe src="http://127.0.0.1:8000/security/contentSecurityPolicy/resources/echo-intertag.pl?header=Content-Security-Policy%3A+frame-ancestors+%27none%27%3B+report-uri+save-report.php%3Ftest%3D/security/contentSecurityPolicy/1.1/report-frame-ancestors-same-origin.html&q=FAIL" onload="navigateToReport()"></iframe>
+<iframe src="http://127.0.0.1:8000/security/contentSecurityPolicy/resources/echo-intertag.pl?header=Content-Security-Policy%3A+frame-ancestors+%27none%27%3B+report-uri+save-report.py%3Ftest%3D/security/contentSecurityPolicy/1.1/report-frame-ancestors-same-origin.html&q=FAIL" onload="navigateToReport()"></iframe>
</body>
</html>
HTTP_HOST: 127.0.0.1:8000
HTTP_REFERER: http://127.0.0.1:8000/security/contentSecurityPolicy/1.1/report-uri-effective-directive.py
REQUEST_METHOD: POST
-REQUEST_URI: /security/contentSecurityPolicy/resources/save-report.php
+REQUEST_URI: /security/contentSecurityPolicy/resources/save-report.py
=== POST DATA ===
-{"csp-report":{"document-uri":"http://127.0.0.1:8000/security/contentSecurityPolicy/1.1/report-uri-effective-directive.py","referrer":"","violated-directive":"default-src 'self'","effective-directive":"script-src","original-policy":"default-src 'self'; report-uri ../resources/save-report.php","blocked-uri":"","status-code":200}}
+{"csp-report":{"document-uri":"http://127.0.0.1:8000/security/contentSecurityPolicy/1.1/report-uri-effective-directive.py","referrer":"","violated-directive":"default-src 'self'","effective-directive":"script-src","original-policy":"default-src 'self'; report-uri ../resources/save-report.py","blocked-uri":"","status-code":200}}
import sys
sys.stdout.write(
- 'Content-Security-Policy: default-src \'self\'; report-uri ../resources/save-report.php\r\n'
+ 'Content-Security-Policy: default-src \'self\'; report-uri ../resources/save-report.py\r\n'
'Content-Type: text/html\r\n\r\n'
'<!DOCTYPE html>\n'
'<html>\n'
+++ /dev/null
-<?php
- header("Expires: Thu, 01 Dec 2003 16:00:00 GMT");
- header("Cache-Control: no-cache, must-revalidate");
- header("Pragma: no-cache");
- header("Content-Type: text/html; charset=" . (empty($_GET["charset"]) ? "UTF8" : $_GET["charset"]));
- header("Content-Security-Policy: script-src 'self' " . $_GET["hashSource"]);
-?>
-<!DOCTYPE html>
-<html>
-<head>
-<script src="didRunInlineScriptPrologue.js"></script>
-<script><?php echo $_GET["script"]; ?></script> <!-- Will only execute if $_GET["hashSource"] represents a valid hash of this script. -->
-<script src="didRunInlineScriptEpilogue.js"></script>
-</head>
-</html>
--- /dev/null
+#!/usr/bin/env python3
+
+from ast import literal_eval
+import os
+import sys
+from urllib.parse import parse_qs, unquote_plus
+
+query = parse_qs(os.environ.get('QUERY_STRING', ''), keep_blank_values=True)
+charset = query.get('charset', ['UTF8'])[0]
+hash_source = query.get('hashSource', [''])[0]
+script = query.get('script', [''])[0]
+
+sys.stdout.write(
+ 'Expires: Thu, 01 Dec 2003 16:00:00 GMT\r\n'
+ 'Cache-Control: no-cache, must-revalidate\r\n'
+ 'Pragma: no-cache\r\n'
+ 'Content-Type: text/html; charset={}\r\n'
+ 'Content-Security-Policy: script-src \'self\' {}\r\n\r\n'.format(charset, hash_source)
+)
+
+print('''<!DOCTYPE html>
+<html>
+<head>
+<script src="didRunInlineScriptPrologue.js"></script>
+<script>{}</script> <!-- Will only execute if hash_source represents a valid hash of this script. -->
+<script src="didRunInlineScriptEpilogue.js"></script>
+</head>
+</html>'''.format(script))
HTTP_HOST: 127.0.0.1:8000
HTTP_REFERER: http://127.0.0.1:8000/security/contentSecurityPolicy/1.1/script-blocked-sends-multiple-reports.py
REQUEST_METHOD: POST
-REQUEST_URI: /security/contentSecurityPolicy/resources/save-report.php?test=script-blocked-sends-multiple-reports-report-only
+REQUEST_URI: /security/contentSecurityPolicy/resources/save-report.py?test=script-blocked-sends-multiple-reports-report-only
=== POST DATA ===
-{"csp-report":{"document-uri":"http://127.0.0.1:8000/security/contentSecurityPolicy/1.1/script-blocked-sends-multiple-reports.py","referrer":"","violated-directive":"script-src http://example.com 'unsafe-inline'","effective-directive":"script-src","original-policy":"script-src http://example.com 'unsafe-inline'; report-uri ../resources/save-report.php?test=script-blocked-sends-multiple-reports-report-only","blocked-uri":"http://localhost:8000","status-code":200}}
+{"csp-report":{"document-uri":"http://127.0.0.1:8000/security/contentSecurityPolicy/1.1/script-blocked-sends-multiple-reports.py","referrer":"","violated-directive":"script-src http://example.com 'unsafe-inline'","effective-directive":"script-src","original-policy":"script-src http://example.com 'unsafe-inline'; report-uri ../resources/save-report.py?test=script-blocked-sends-multiple-reports-report-only","blocked-uri":"http://localhost:8000","status-code":200}}
--------
Frame: 'enforced-1'
HTTP_HOST: 127.0.0.1:8000
HTTP_REFERER: http://127.0.0.1:8000/security/contentSecurityPolicy/1.1/script-blocked-sends-multiple-reports.py
REQUEST_METHOD: POST
-REQUEST_URI: /security/contentSecurityPolicy/resources/save-report.php?test=script-blocked-sends-multiple-reports-enforced-1
+REQUEST_URI: /security/contentSecurityPolicy/resources/save-report.py?test=script-blocked-sends-multiple-reports-enforced-1
=== POST DATA ===
-{"csp-report":{"document-uri":"http://127.0.0.1:8000/security/contentSecurityPolicy/1.1/script-blocked-sends-multiple-reports.py","referrer":"","violated-directive":"script-src http://127.0.0.1:8000 'unsafe-inline'","effective-directive":"script-src","original-policy":"script-src http://127.0.0.1:8000 'unsafe-inline'; report-uri ../resources/save-report.php?test=script-blocked-sends-multiple-reports-enforced-1","blocked-uri":"http://localhost:8000","status-code":200}}
+{"csp-report":{"document-uri":"http://127.0.0.1:8000/security/contentSecurityPolicy/1.1/script-blocked-sends-multiple-reports.py","referrer":"","violated-directive":"script-src http://127.0.0.1:8000 'unsafe-inline'","effective-directive":"script-src","original-policy":"script-src http://127.0.0.1:8000 'unsafe-inline'; report-uri ../resources/save-report.py?test=script-blocked-sends-multiple-reports-enforced-1","blocked-uri":"http://localhost:8000","status-code":200}}
--------
Frame: 'enforced-2'
HTTP_HOST: 127.0.0.1:8000
HTTP_REFERER: http://127.0.0.1:8000/security/contentSecurityPolicy/1.1/script-blocked-sends-multiple-reports.py
REQUEST_METHOD: POST
-REQUEST_URI: /security/contentSecurityPolicy/resources/save-report.php?test=script-blocked-sends-multiple-reports-enforced-2
+REQUEST_URI: /security/contentSecurityPolicy/resources/save-report.py?test=script-blocked-sends-multiple-reports-enforced-2
=== POST DATA ===
-{"csp-report":{"document-uri":"http://127.0.0.1:8000/security/contentSecurityPolicy/1.1/script-blocked-sends-multiple-reports.py","referrer":"","violated-directive":"script-src http://127.0.0.1:8000 https://127.0.0.1:8443 'unsafe-inline'","effective-directive":"script-src","original-policy":" script-src http://127.0.0.1:8000 https://127.0.0.1:8443 'unsafe-inline'; report-uri ../resources/save-report.php?test=script-blocked-sends-multiple-reports-enforced-2","blocked-uri":"http://localhost:8000","status-code":200}}
+{"csp-report":{"document-uri":"http://127.0.0.1:8000/security/contentSecurityPolicy/1.1/script-blocked-sends-multiple-reports.py","referrer":"","violated-directive":"script-src http://127.0.0.1:8000 https://127.0.0.1:8443 'unsafe-inline'","effective-directive":"script-src","original-policy":" script-src http://127.0.0.1:8000 https://127.0.0.1:8443 'unsafe-inline'; report-uri ../resources/save-report.py?test=script-blocked-sends-multiple-reports-enforced-2","blocked-uri":"http://localhost:8000","status-code":200}}
import sys
sys.stdout.write(
- 'Content-Security-Policy-Report-Only: script-src http://example.com \'unsafe-inline\'; report-uri ../resources/save-report.php?test=script-blocked-sends-multiple-reports-report-only\r\n'
- 'Content-Security-Policy: script-src http://127.0.0.1:8000 \'unsafe-inline\'; report-uri ../resources/save-report.php?test=script-blocked-sends-multiple-reports-enforced-1, script-src http://127.0.0.1:8000 https://127.0.0.1:8443 \'unsafe-inline\'; report-uri ../resources/save-report.php?test=script-blocked-sends-multiple-reports-enforced-2\r\n'
+ 'Content-Security-Policy-Report-Only: script-src http://example.com \'unsafe-inline\'; report-uri ../resources/save-report.py?test=script-blocked-sends-multiple-reports-report-only\r\n'
+ 'Content-Security-Policy: script-src http://127.0.0.1:8000 \'unsafe-inline\'; report-uri ../resources/save-report.py?test=script-blocked-sends-multiple-reports-enforced-1, script-src http://127.0.0.1:8000 https://127.0.0.1:8443 \'unsafe-inline\'; report-uri ../resources/save-report.py?test=script-blocked-sends-multiple-reports-enforced-2\r\n'
'Content-Type: text/html\r\n\r\n'
'<!DOCTYPE html>\n'
'<html>\n'
'<!-- Trigger CSP violation -->\n'
'<script src="http://localhost:8000/security/contentSecurityPolicy/resources/alert-fail.js"></script>\n'
'<!-- Reports -->\n'
- '<iframe name="report-only" src="../resources/echo-report.php?test=script-blocked-sends-multiple-reports-report-only"></iframe>\n'
- '<iframe name="enforced-1" src="../resources/echo-report.php?test=script-blocked-sends-multiple-reports-enforced-1"></iframe>\n'
- '<iframe name="enforced-2" src="../resources/echo-report.php?test=script-blocked-sends-multiple-reports-enforced-2"></iframe>\n'
+ '<iframe name="report-only" src="../resources/echo-report.py?test=script-blocked-sends-multiple-reports-report-only"></iframe>\n'
+ '<iframe name="enforced-1" src="../resources/echo-report.py?test=script-blocked-sends-multiple-reports-enforced-1"></iframe>\n'
+ '<iframe name="enforced-2" src="../resources/echo-report.py?test=script-blocked-sends-multiple-reports-enforced-2"></iframe>\n'
'</body>\n'
'</html>\n'
)
\ No newline at end of file
HTTP_HOST: 127.0.0.1:8000
HTTP_REFERER: http://127.0.0.1:8000/security/contentSecurityPolicy/1.1/scripthash-allowed-by-enforced-policy-and-blocked-by-report-policy.py
REQUEST_METHOD: POST
-REQUEST_URI: /security/contentSecurityPolicy/resources/save-report.php?test=/security/contentSecurityPolicy/1.1/scripthash-allowed-by-enforced-policy-and-blocked-by-report-policy.py
+REQUEST_URI: /security/contentSecurityPolicy/resources/save-report.py?test=/security/contentSecurityPolicy/1.1/scripthash-allowed-by-enforced-policy-and-blocked-by-report-policy.py
=== POST DATA ===
-{"csp-report":{"document-uri":"http://127.0.0.1:8000/security/contentSecurityPolicy/1.1/scripthash-allowed-by-enforced-policy-and-blocked-by-report-policy.py","referrer":"","violated-directive":"script-src 'sha256-33badf00d3badf00d3badf00d3badf00d3badf00d33=' 'nonce-dump-as-text'","effective-directive":"script-src","original-policy":"script-src 'sha256-33badf00d3badf00d3badf00d3badf00d3badf00d33=' 'nonce-dump-as-text'; report-uri ../resources/save-report.php?test=/security/contentSecurityPolicy/1.1/scripthash-allowed-by-enforced-policy-and-blocked-by-report-policy.py","blocked-uri":"","status-code":200}}
+{"csp-report":{"document-uri":"http://127.0.0.1:8000/security/contentSecurityPolicy/1.1/scripthash-allowed-by-enforced-policy-and-blocked-by-report-policy.py","referrer":"","violated-directive":"script-src 'sha256-33badf00d3badf00d3badf00d3badf00d3badf00d33=' 'nonce-dump-as-text'","effective-directive":"script-src","original-policy":"script-src 'sha256-33badf00d3badf00d3badf00d3badf00d3badf00d33=' 'nonce-dump-as-text'; report-uri ../resources/save-report.py?test=/security/contentSecurityPolicy/1.1/scripthash-allowed-by-enforced-policy-and-blocked-by-report-policy.py","blocked-uri":"","status-code":200}}
import sys
sys.stdout.write(
- 'Content-Security-Policy-Report-Only: script-src \'sha256-33badf00d3badf00d3badf00d3badf00d3badf00d33=\' \'nonce-dump-as-text\'; report-uri ../resources/save-report.php?test=/security/contentSecurityPolicy/1.1/scripthash-allowed-by-enforced-policy-and-blocked-by-report-policy.py\r\n'
+ 'Content-Security-Policy-Report-Only: script-src \'sha256-33badf00d3badf00d3badf00d3badf00d3badf00d33=\' \'nonce-dump-as-text\'; report-uri ../resources/save-report.py?test=/security/contentSecurityPolicy/1.1/scripthash-allowed-by-enforced-policy-and-blocked-by-report-policy.py\r\n'
'Content-Security-Policy: script-src \'sha256-n7CDY/1Rg9w5XVqu2QuiqpjBw0MVHvwDmHpkLXsuu2g=\' \'nonce-dump-as-text\'\r\n'
'Content-Type: text/html\r\n\r\n'
'<!DOCTYPE html>\n'
'<script>\n'
'document.getElementById("result").textContent = "PASS did execute script.";\n'
'</script>\n'
- '<iframe src="../resources/echo-report.php?test=/security/contentSecurityPolicy/1.1/scripthash-allowed-by-enforced-policy-and-blocked-by-report-policy.py"></iframe>\n'
+ '<iframe src="../resources/echo-report.py?test=/security/contentSecurityPolicy/1.1/scripthash-allowed-by-enforced-policy-and-blocked-by-report-policy.py"></iframe>\n'
'</body>\n'
'</html>\n'
)
\ No newline at end of file
HTTP_HOST: 127.0.0.1:8000
HTTP_REFERER: http://127.0.0.1:8000/security/contentSecurityPolicy/1.1/scripthash-allowed-by-enforced-policy-and-blocked-by-report-policy2.py
REQUEST_METHOD: POST
-REQUEST_URI: /security/contentSecurityPolicy/resources/save-report.php?test=/security/contentSecurityPolicy/1.1/scripthash-allowed-by-enforced-policy-and-blocked-by-report-policy2.py
+REQUEST_URI: /security/contentSecurityPolicy/resources/save-report.py?test=/security/contentSecurityPolicy/1.1/scripthash-allowed-by-enforced-policy-and-blocked-by-report-policy2.py
=== POST DATA ===
-{"csp-report":{"document-uri":"http://127.0.0.1:8000/security/contentSecurityPolicy/1.1/scripthash-allowed-by-enforced-policy-and-blocked-by-report-policy2.py","referrer":"","violated-directive":"script-src 'sha256-33badf00d3badf00d3badf00d3badf00d3badf00d33=' 'nonce-dump-as-text'","effective-directive":"script-src","original-policy":"script-src 'sha256-33badf00d3badf00d3badf00d3badf00d3badf00d33=' 'nonce-dump-as-text'; report-uri ../resources/save-report.php?test=/security/contentSecurityPolicy/1.1/scripthash-allowed-by-enforced-policy-and-blocked-by-report-policy2.py","blocked-uri":"","status-code":200}}
+{"csp-report":{"document-uri":"http://127.0.0.1:8000/security/contentSecurityPolicy/1.1/scripthash-allowed-by-enforced-policy-and-blocked-by-report-policy2.py","referrer":"","violated-directive":"script-src 'sha256-33badf00d3badf00d3badf00d3badf00d3badf00d33=' 'nonce-dump-as-text'","effective-directive":"script-src","original-policy":"script-src 'sha256-33badf00d3badf00d3badf00d3badf00d3badf00d33=' 'nonce-dump-as-text'; report-uri ../resources/save-report.py?test=/security/contentSecurityPolicy/1.1/scripthash-allowed-by-enforced-policy-and-blocked-by-report-policy2.py","blocked-uri":"","status-code":200}}
import sys
sys.stdout.write(
- 'Content-Security-Policy-Report-Only: script-src \'sha256-33badf00d3badf00d3badf00d3badf00d3badf00d33=\' \'nonce-dump-as-text\'; report-uri ../resources/save-report.php?test=/security/contentSecurityPolicy/1.1/scripthash-allowed-by-enforced-policy-and-blocked-by-report-policy2.py\r\n'
+ 'Content-Security-Policy-Report-Only: script-src \'sha256-33badf00d3badf00d3badf00d3badf00d3badf00d33=\' \'nonce-dump-as-text\'; report-uri ../resources/save-report.py?test=/security/contentSecurityPolicy/1.1/scripthash-allowed-by-enforced-policy-and-blocked-by-report-policy2.py\r\n'
'Content-Type: text/html\r\n\r\n'
'<!DOCTYPE html>\n'
'<html>\n'
'<script>\n'
'document.getElementById("result").textContent = "PASS did execute script.";\n'
'</script>\n'
- '<iframe src="../resources/echo-report.php?test=/security/contentSecurityPolicy/1.1/scripthash-allowed-by-enforced-policy-and-blocked-by-report-policy2.py"></iframe>\n'
+ '<iframe src="../resources/echo-report.py?test=/security/contentSecurityPolicy/1.1/scripthash-allowed-by-enforced-policy-and-blocked-by-report-policy2.py"></iframe>\n'
'</body>\n'
'</html>\n'
)
\ No newline at end of file
HTTP_HOST: 127.0.0.1:8000
HTTP_REFERER: http://127.0.0.1:8000/security/contentSecurityPolicy/1.1/scripthash-allowed-by-legacy-enforced-policy-and-blocked-by-report-policy.py
REQUEST_METHOD: POST
-REQUEST_URI: /security/contentSecurityPolicy/resources/save-report.php?test=/security/contentSecurityPolicy/1.1/scripthash-allowed-by-legacy-enforced-policy-and-blocked-by-report-policy.py
+REQUEST_URI: /security/contentSecurityPolicy/resources/save-report.py?test=/security/contentSecurityPolicy/1.1/scripthash-allowed-by-legacy-enforced-policy-and-blocked-by-report-policy.py
=== POST DATA ===
-{"csp-report":{"document-uri":"http://127.0.0.1:8000/security/contentSecurityPolicy/1.1/scripthash-allowed-by-legacy-enforced-policy-and-blocked-by-report-policy.py","referrer":"","violated-directive":"script-src 'sha256-33badf00d3badf00d3badf00d3badf00d3badf00d33=' 'nonce-dump-as-text'","effective-directive":"script-src","original-policy":"script-src 'sha256-33badf00d3badf00d3badf00d3badf00d3badf00d33=' 'nonce-dump-as-text'; report-uri ../resources/save-report.php?test=/security/contentSecurityPolicy/1.1/scripthash-allowed-by-legacy-enforced-policy-and-blocked-by-report-policy.py","blocked-uri":"","status-code":200}}
+{"csp-report":{"document-uri":"http://127.0.0.1:8000/security/contentSecurityPolicy/1.1/scripthash-allowed-by-legacy-enforced-policy-and-blocked-by-report-policy.py","referrer":"","violated-directive":"script-src 'sha256-33badf00d3badf00d3badf00d3badf00d3badf00d33=' 'nonce-dump-as-text'","effective-directive":"script-src","original-policy":"script-src 'sha256-33badf00d3badf00d3badf00d3badf00d3badf00d33=' 'nonce-dump-as-text'; report-uri ../resources/save-report.py?test=/security/contentSecurityPolicy/1.1/scripthash-allowed-by-legacy-enforced-policy-and-blocked-by-report-policy.py","blocked-uri":"","status-code":200}}
import sys
sys.stdout.write(
- 'Content-Security-Policy-Report-Only: script-src \'sha256-33badf00d3badf00d3badf00d3badf00d3badf00d33=\' \'nonce-dump-as-text\'; report-uri ../resources/save-report.php?test=/security/contentSecurityPolicy/1.1/scripthash-allowed-by-legacy-enforced-policy-and-blocked-by-report-policy.py\r\n'
+ 'Content-Security-Policy-Report-Only: script-src \'sha256-33badf00d3badf00d3badf00d3badf00d3badf00d33=\' \'nonce-dump-as-text\'; report-uri ../resources/save-report.py?test=/security/contentSecurityPolicy/1.1/scripthash-allowed-by-legacy-enforced-policy-and-blocked-by-report-policy.py\r\n'
'X-WebKit-CSP: script-src \'sha256-n7CDY/1Rg9w5XVqu2QuiqpjBw0MVHvwDmHpkLXsuu2g=\' \'nonce-dump-as-text\'\r\n'
'Content-Type: text/html\r\n\r\n'
'<!DOCTYPE html>\n'
'<script>\n'
'document.getElementById("result").textContent = "PASS did execute script.";\n'
'</script>\n'
- '<iframe src="../resources/echo-report.php?test=/security/contentSecurityPolicy/1.1/scripthash-allowed-by-legacy-enforced-policy-and-blocked-by-report-policy.py"></iframe>\n'
+ '<iframe src="../resources/echo-report.py?test=/security/contentSecurityPolicy/1.1/scripthash-allowed-by-legacy-enforced-policy-and-blocked-by-report-policy.py"></iframe>\n'
'</body>\n'
'</html>\n'
'\r\n'
HTTP_HOST: 127.0.0.1:8000
HTTP_REFERER: http://127.0.0.1:8000/security/contentSecurityPolicy/1.1/scripthash-allowed-by-legacy-enforced-policy-and-blocked-by-report-policy2.py
REQUEST_METHOD: POST
-REQUEST_URI: /security/contentSecurityPolicy/resources/save-report.php?test=/security/contentSecurityPolicy/1.1/scripthash-allowed-by-legacy-enforced-policy-and-blocked-by-report-policy2.py
+REQUEST_URI: /security/contentSecurityPolicy/resources/save-report.py?test=/security/contentSecurityPolicy/1.1/scripthash-allowed-by-legacy-enforced-policy-and-blocked-by-report-policy2.py
=== POST DATA ===
-{"csp-report":{"document-uri":"http://127.0.0.1:8000/security/contentSecurityPolicy/1.1/scripthash-allowed-by-legacy-enforced-policy-and-blocked-by-report-policy2.py","referrer":"","violated-directive":"script-src 'sha256-33badf00d3badf00d3badf00d3badf00d3badf00d33=' 'nonce-dump-as-text'","effective-directive":"script-src","original-policy":"script-src 'sha256-33badf00d3badf00d3badf00d3badf00d3badf00d33=' 'nonce-dump-as-text'; report-uri ../resources/save-report.php?test=/security/contentSecurityPolicy/1.1/scripthash-allowed-by-legacy-enforced-policy-and-blocked-by-report-policy2.py","blocked-uri":"","status-code":200}}
+{"csp-report":{"document-uri":"http://127.0.0.1:8000/security/contentSecurityPolicy/1.1/scripthash-allowed-by-legacy-enforced-policy-and-blocked-by-report-policy2.py","referrer":"","violated-directive":"script-src 'sha256-33badf00d3badf00d3badf00d3badf00d3badf00d33=' 'nonce-dump-as-text'","effective-directive":"script-src","original-policy":"script-src 'sha256-33badf00d3badf00d3badf00d3badf00d3badf00d33=' 'nonce-dump-as-text'; report-uri ../resources/save-report.py?test=/security/contentSecurityPolicy/1.1/scripthash-allowed-by-legacy-enforced-policy-and-blocked-by-report-policy2.py","blocked-uri":"","status-code":200}}
import sys
sys.stdout.write(
- 'Content-Security-Policy-Report-Only: script-src \'sha256-33badf00d3badf00d3badf00d3badf00d3badf00d33=\' \'nonce-dump-as-text\'; report-uri ../resources/save-report.php?test=/security/contentSecurityPolicy/1.1/scripthash-allowed-by-legacy-enforced-policy-and-blocked-by-report-policy2.py\r\n'
+ 'Content-Security-Policy-Report-Only: script-src \'sha256-33badf00d3badf00d3badf00d3badf00d3badf00d33=\' \'nonce-dump-as-text\'; report-uri ../resources/save-report.py?test=/security/contentSecurityPolicy/1.1/scripthash-allowed-by-legacy-enforced-policy-and-blocked-by-report-policy2.py\r\n'
'Content-Type: text/html\r\n\r\n'
'<!DOCTYPE html>\n'
'<html>\n'
'<script>\n'
'document.getElementById("result").textContent = "PASS did execute script.";\n'
'</script>\n'
- '<iframe src="../resources/echo-report.php?test=/security/contentSecurityPolicy/1.1/scripthash-allowed-by-legacy-enforced-policy-and-blocked-by-report-policy2.py"></iframe>\n'
+ '<iframe src="../resources/echo-report.py?test=/security/contentSecurityPolicy/1.1/scripthash-allowed-by-legacy-enforced-policy-and-blocked-by-report-policy2.py"></iframe>\n'
'</body>\n'
'</html>\n'
)
\ No newline at end of file
HTTP_HOST: 127.0.0.1:8000
HTTP_REFERER: http://127.0.0.1:8000/security/contentSecurityPolicy/1.1/scripthash-blocked-by-enforced-policy-and-allowed-by-report-policy.py
REQUEST_METHOD: POST
-REQUEST_URI: /security/contentSecurityPolicy/resources/save-report.php?test=/security/contentSecurityPolicy/1.1/scripthash-blocked-by-enforced-policy-and-allowed-by-report-policy.py
+REQUEST_URI: /security/contentSecurityPolicy/resources/save-report.py?test=/security/contentSecurityPolicy/1.1/scripthash-blocked-by-enforced-policy-and-allowed-by-report-policy.py
=== POST DATA ===
-{"csp-report":{"document-uri":"http://127.0.0.1:8000/security/contentSecurityPolicy/1.1/scripthash-blocked-by-enforced-policy-and-allowed-by-report-policy.py","referrer":"","violated-directive":"script-src 'sha256-33badf00d3badf00d3badf00d3badf00d3badf00d33=' 'nonce-dump-as-text'","effective-directive":"script-src","original-policy":"script-src 'sha256-33badf00d3badf00d3badf00d3badf00d3badf00d33=' 'nonce-dump-as-text'; report-uri ../resources/save-report.php?test=/security/contentSecurityPolicy/1.1/scripthash-blocked-by-enforced-policy-and-allowed-by-report-policy.py","blocked-uri":"","status-code":200}}
+{"csp-report":{"document-uri":"http://127.0.0.1:8000/security/contentSecurityPolicy/1.1/scripthash-blocked-by-enforced-policy-and-allowed-by-report-policy.py","referrer":"","violated-directive":"script-src 'sha256-33badf00d3badf00d3badf00d3badf00d3badf00d33=' 'nonce-dump-as-text'","effective-directive":"script-src","original-policy":"script-src 'sha256-33badf00d3badf00d3badf00d3badf00d3badf00d33=' 'nonce-dump-as-text'; report-uri ../resources/save-report.py?test=/security/contentSecurityPolicy/1.1/scripthash-blocked-by-enforced-policy-and-allowed-by-report-policy.py","blocked-uri":"","status-code":200}}
sys.stdout.write(
'Content-Security-Policy-Report-Only: script-src \'sha256-AJqUvsXuHfMNXALcBPVqeiKkFk8OLvn3U7ksHP/QQ90=\' \'nonce-dump-as-text\'\r\n'
- 'Content-Security-Policy: script-src \'sha256-33badf00d3badf00d3badf00d3badf00d3badf00d33=\' \'nonce-dump-as-text\'; report-uri ../resources/save-report.php?test=/security/contentSecurityPolicy/1.1/scripthash-blocked-by-enforced-policy-and-allowed-by-report-policy.py\r\n'
+ 'Content-Security-Policy: script-src \'sha256-33badf00d3badf00d3badf00d3badf00d3badf00d33=\' \'nonce-dump-as-text\'; report-uri ../resources/save-report.py?test=/security/contentSecurityPolicy/1.1/scripthash-blocked-by-enforced-policy-and-allowed-by-report-policy.py\r\n'
'Content-Type: text/html\r\n\r\n'
'<!DOCTYPE html>\n'
'<html>\n'
'<script>\n'
'document.getElementById("result").textContent = "FAIL did execute script.";\n'
'</script>\n'
- '<iframe src="../resources/echo-report.php?test=/security/contentSecurityPolicy/1.1/scripthash-blocked-by-enforced-policy-and-allowed-by-report-policy.py"></iframe>\n'
+ '<iframe src="../resources/echo-report.py?test=/security/contentSecurityPolicy/1.1/scripthash-blocked-by-enforced-policy-and-allowed-by-report-policy.py"></iframe>\n'
'</body>\n'
'</html>\n'
)
\ No newline at end of file
sys.stdout.write(
'Content-Security-Policy-Report-Only: script-src \'sha256-AJqUvsXuHfMNXALcBPVqeiKkFk8OLvn3U7ksHP/QQ90=\' \'nonce-dump-as-text\'\r\n'
- 'X-WebKit-CSP: script-src \'nonce-dump-as-text\'; report-uri ../resources/save-report.php?test=/security/contentSecurityPolicy/1.1/scripthash-blocked-by-legacy-enforced-policy-and-allowed-by-report-policy.py\r\n'
+ 'X-WebKit-CSP: script-src \'nonce-dump-as-text\'; report-uri ../resources/save-report.py?test=/security/contentSecurityPolicy/1.1/scripthash-blocked-by-legacy-enforced-policy-and-allowed-by-report-policy.py\r\n'
'Content-Type: text/html\r\n\r\n'
'<!DOCTYPE html>\n'
'<html>\n'
'document.getElementById("result").textContent = "PASS did execute script.";\n'
'</script>\n'
'<!-- Call testRunner.dumpChildFramesAsText() and load\n'
- '<iframe src="../resources/echo-report.php?test=/security/contentSecurityPolicy/1.1/scripthash-blocked-by-legacy-enforced-policy-and-allowed-by-report-policy.py"></iframe>\n'
+ '<iframe src="../resources/echo-report.py?test=/security/contentSecurityPolicy/1.1/scripthash-blocked-by-legacy-enforced-policy-and-allowed-by-report-policy.py"></iframe>\n'
'once we fix reporting of nonce violations for report-only policies. See <https://bugs.webkit.org/show_bug.cgi?id=159830>. -->\n'
'</body>\n'
'</html>\n'
HTTP_HOST: 127.0.0.1:8000
HTTP_REFERER: http://127.0.0.1:8000/security/contentSecurityPolicy/1.1/scripthash-blocked-by-legacy-enforced-policy-and-blocked-by-report-policy.py
REQUEST_METHOD: POST
-REQUEST_URI: /security/contentSecurityPolicy/resources/save-report.php?test=/security/contentSecurityPolicy/1.1/scripthash-blocked-by-legacy-enforced-policy-and-blocked-by-report-policy.py
+REQUEST_URI: /security/contentSecurityPolicy/resources/save-report.py?test=/security/contentSecurityPolicy/1.1/scripthash-blocked-by-legacy-enforced-policy-and-blocked-by-report-policy.py
=== POST DATA ===
-{"csp-report":{"document-uri":"http://127.0.0.1:8000/security/contentSecurityPolicy/1.1/scripthash-blocked-by-legacy-enforced-policy-and-blocked-by-report-policy.py","referrer":"","violated-directive":"script-src 'sha256-33badf00d3badf00d3badf00d3badf00d3badf00d33=' 'nonce-dump-as-text'","effective-directive":"script-src","original-policy":"script-src 'sha256-33badf00d3badf00d3badf00d3badf00d3badf00d33=' 'nonce-dump-as-text'; report-uri ../resources/save-report.php?test=/security/contentSecurityPolicy/1.1/scripthash-blocked-by-legacy-enforced-policy-and-blocked-by-report-policy.py","blocked-uri":"","status-code":200}}
+{"csp-report":{"document-uri":"http://127.0.0.1:8000/security/contentSecurityPolicy/1.1/scripthash-blocked-by-legacy-enforced-policy-and-blocked-by-report-policy.py","referrer":"","violated-directive":"script-src 'sha256-33badf00d3badf00d3badf00d3badf00d3badf00d33=' 'nonce-dump-as-text'","effective-directive":"script-src","original-policy":"script-src 'sha256-33badf00d3badf00d3badf00d3badf00d3badf00d33=' 'nonce-dump-as-text'; report-uri ../resources/save-report.py?test=/security/contentSecurityPolicy/1.1/scripthash-blocked-by-legacy-enforced-policy-and-blocked-by-report-policy.py","blocked-uri":"","status-code":200}}
import sys
sys.stdout.write(
- 'Content-Security-Policy-Report-Only: script-src \'sha256-33badf00d3badf00d3badf00d3badf00d3badf00d33=\' \'nonce-dump-as-text\'; report-uri ../resources/save-report.php?test=/security/contentSecurityPolicy/1.1/scripthash-blocked-by-legacy-enforced-policy-and-blocked-by-report-policy.py\r\n'
+ 'Content-Security-Policy-Report-Only: script-src \'sha256-33badf00d3badf00d3badf00d3badf00d3badf00d33=\' \'nonce-dump-as-text\'; report-uri ../resources/save-report.py?test=/security/contentSecurityPolicy/1.1/scripthash-blocked-by-legacy-enforced-policy-and-blocked-by-report-policy.py\r\n'
'X-WebKit-CSP: script-src \'nonce-dump-as-text\'\r\n'
'Content-Type: text/html\r\n\r\n'
'<!DOCTYPE html>\n'
'<script>\n'
'document.getElementById("result").textContent = "PASS did execute script.";\n'
'</script>\n'
- '<iframe src="../resources/echo-report.php?test=/security/contentSecurityPolicy/1.1/scripthash-blocked-by-legacy-enforced-policy-and-blocked-by-report-policy.py"></iframe>\n'
+ '<iframe src="../resources/echo-report.py?test=/security/contentSecurityPolicy/1.1/scripthash-blocked-by-legacy-enforced-policy-and-blocked-by-report-policy.py"></iframe>\n'
'</body>\n'
'</html>\n'
'\r\n'
HTTP_HOST: 127.0.0.1:8000
HTTP_REFERER: http://127.0.0.1:8000/security/contentSecurityPolicy/1.1/scripthash-blocked-by-legacy-enforced-policy-and-blocked-by-report-policy2.py
REQUEST_METHOD: POST
-REQUEST_URI: /security/contentSecurityPolicy/resources/save-report.php?test=/security/contentSecurityPolicy/1.1/scripthash-blocked-by-legacy-enforced-policy-and-blocked-by-report-policy2.py
+REQUEST_URI: /security/contentSecurityPolicy/resources/save-report.py?test=/security/contentSecurityPolicy/1.1/scripthash-blocked-by-legacy-enforced-policy-and-blocked-by-report-policy2.py
=== POST DATA ===
-{"csp-report":{"document-uri":"http://127.0.0.1:8000/security/contentSecurityPolicy/1.1/scripthash-blocked-by-legacy-enforced-policy-and-blocked-by-report-policy2.py","referrer":"","violated-directive":"script-src 'sha256-33badf00d3badf00d3badf00d3badf00d3badf00d33=' 'nonce-dump-as-text'","effective-directive":"script-src","original-policy":"script-src 'sha256-33badf00d3badf00d3badf00d3badf00d3badf00d33=' 'nonce-dump-as-text'; report-uri ../resources/save-report.php?test=/security/contentSecurityPolicy/1.1/scripthash-blocked-by-legacy-enforced-policy-and-blocked-by-report-policy2.py","blocked-uri":"","status-code":200}}
+{"csp-report":{"document-uri":"http://127.0.0.1:8000/security/contentSecurityPolicy/1.1/scripthash-blocked-by-legacy-enforced-policy-and-blocked-by-report-policy2.py","referrer":"","violated-directive":"script-src 'sha256-33badf00d3badf00d3badf00d3badf00d3badf00d33=' 'nonce-dump-as-text'","effective-directive":"script-src","original-policy":"script-src 'sha256-33badf00d3badf00d3badf00d3badf00d3badf00d33=' 'nonce-dump-as-text'; report-uri ../resources/save-report.py?test=/security/contentSecurityPolicy/1.1/scripthash-blocked-by-legacy-enforced-policy-and-blocked-by-report-policy2.py","blocked-uri":"","status-code":200}}
import sys
sys.stdout.write(
- 'Content-Security-Policy-Report-Only: script-src \'sha256-33badf00d3badf00d3badf00d3badf00d3badf00d33=\' \'nonce-dump-as-text\'; report-uri ../resources/save-report.php?test=/security/contentSecurityPolicy/1.1/scripthash-blocked-by-legacy-enforced-policy-and-blocked-by-report-policy2.py\r\n'
+ 'Content-Security-Policy-Report-Only: script-src \'sha256-33badf00d3badf00d3badf00d3badf00d3badf00d33=\' \'nonce-dump-as-text\'; report-uri ../resources/save-report.py?test=/security/contentSecurityPolicy/1.1/scripthash-blocked-by-legacy-enforced-policy-and-blocked-by-report-policy2.py\r\n'
'Content-Type: text/html\r\n\r\n'
'<!DOCTYPE html>\n'
'<html>\n'
'<script>\n'
'document.getElementById("result").textContent = "PASS did execute script.";\n'
'</script>\n'
- '<iframe src="../resources/echo-report.php?test=/security/contentSecurityPolicy/1.1/scripthash-blocked-by-legacy-enforced-policy-and-blocked-by-report-policy2.py"></iframe>\n'
+ '<iframe src="../resources/echo-report.py?test=/security/contentSecurityPolicy/1.1/scripthash-blocked-by-legacy-enforced-policy-and-blocked-by-report-policy2.py"></iframe>\n'
'</body>\n'
'</html>\n'
)
\ No newline at end of file
name: "Big-5 page with Big-5 hash",
charset: "Big5",
script: "didRunInlineScript+%3D+true%3B+//+%A4%F4",
- hashSource: "'sha256-J08nmORtZZyj86mnbklnHBObVEnsakqZcYsabqsSJmc='",
+ hashSource: "'sha256-CAEkHFV/oUoz+L2Oa6gIFelb73og89vCbxrz4u/jAY4='",
expectedResult: RunInlineScript,
},
{
hashSource: encodeURIComponent(test.hashSource),
};
var queryString = Object.keys(queryStringArguments).map(function (key) { return key + "=" + queryStringArguments[key]; }).join("&");
- frame.src = "http://127.0.0.1:8000/security/contentSecurityPolicy/1.1/resources/testScriptHash.php?" + queryString;
+ frame.src = "http://127.0.0.1:8000/security/contentSecurityPolicy/1.1/resources/testScriptHash.py?" + queryString;
}
window.onload = function ()
import sys
sys.stdout.write(
- 'Content-Security-Policy-Report-Only: script-src \'nonce-that-is-not-equal-to-dummy\' \'nonce-dump-as-text\'; report-uri ../resources/save-report.php?test=/security/contentSecurityPolicy/1.1/scriptnonce-allowed-by-enforced-policy-and-blocked-by-report-policy.py\r\n'
+ 'Content-Security-Policy-Report-Only: script-src \'nonce-that-is-not-equal-to-dummy\' \'nonce-dump-as-text\'; report-uri ../resources/save-report.py?test=/security/contentSecurityPolicy/1.1/scriptnonce-allowed-by-enforced-policy-and-blocked-by-report-policy.py\r\n'
'Content-Security-Policy: script-src \'nonce-dummy\' \'nonce-dump-as-text\'\r\n'
'Content-Type: text/html\r\n\r\n'
'<!DOCTYPE html>\n'
'document.getElementById("result").textContent = "PASS did execute script.";\n'
'</script>\n'
'<!-- FIXME: Call testRunner.dumpChildFramesAsText() and load\n'
- '../resources/echo-report.php?test=/security/contentSecurityPolicy/1.1/scriptnonce-allowed-by-enforced-policy-and-blocked-by-report-policy.py\n'
+ '../resources/echo-report.py?test=/security/contentSecurityPolicy/1.1/scriptnonce-allowed-by-enforced-policy-and-blocked-by-report-policy.py\n'
'in an <iframe> once we fix reporting of nonce violations for report-only policies. See <https://bugs.webkit.org/show_bug.cgi?id=159830>. -->\n'
'</body>\n'
'</html>\n'
import sys
sys.stdout.write(
- 'Content-Security-Policy-Report-Only: script-src \'nonce-that-is-not-equal-to-dummy\' \'nonce-dump-as-text\'; report-uri ../resources/save-report.php?test=/security/contentSecurityPolicy/1.1/scriptnonce-allowed-by-enforced-policy-and-blocked-by-report-policy2.py\r\n'
+ 'Content-Security-Policy-Report-Only: script-src \'nonce-that-is-not-equal-to-dummy\' \'nonce-dump-as-text\'; report-uri ../resources/save-report.py?test=/security/contentSecurityPolicy/1.1/scriptnonce-allowed-by-enforced-policy-and-blocked-by-report-policy2.py\r\n'
'Content-Type: text/html\r\n\r\n'
'<!DOCTYPE html>\n'
'<html>\n'
'document.getElementById("result").textContent = "PASS did execute script.";\n'
'</script>\n'
'<!-- FIXME: Call testRunner.dumpChildFramesAsText() and load\n'
- '../resources/echo-report.php?test=/security/contentSecurityPolicy/1.1/scriptnonce-allowed-by-enforced-policy-and-blocked-by-report-policy2.py\n'
+ '../resources/echo-report.py?test=/security/contentSecurityPolicy/1.1/scriptnonce-allowed-by-enforced-policy-and-blocked-by-report-policy2.py\n'
'in an <iframe> once we fix reporting of nonce violations for report-only policies. See <https://bugs.webkit.org/show_bug.cgi?id=159830>. -->\n'
'</body>\n'
'</html>\n'
import sys
sys.stdout.write(
- 'Content-Security-Policy-Report-Only: script-src \'nonce-that-is-not-equal-to-dummy\' \'nonce-dump-as-text\'; report-uri ../resources/save-report.php?test=/security/contentSecurityPolicy/1.1/scriptnonce-allowed-by-legacy-enforced-policy-and-blocked-by-report-policy.py\r\n'
+ 'Content-Security-Policy-Report-Only: script-src \'nonce-that-is-not-equal-to-dummy\' \'nonce-dump-as-text\'; report-uri ../resources/save-report.py?test=/security/contentSecurityPolicy/1.1/scriptnonce-allowed-by-legacy-enforced-policy-and-blocked-by-report-policy.py\r\n'
'X-WebKit-CSP: script-src \'nonce-dummy\' \'nonce-dump-as-text\'\r\n'
'Content-Type: text/html\r\n\r\n'
'<!DOCTYPE html>\n'
'document.getElementById("result").textContent = "PASS did execute script.";\n'
'</script>\n'
'<!-- FIXME: Call testRunner.dumpChildFramesAsText() and load\n'
- '../resources/echo-report.php?test=/security/contentSecurityPolicy/1.1/scriptnonce-allowed-by-legacy-enforced-policy-and-blocked-by-report-policy.py\n'
+ '../resources/echo-report.py?test=/security/contentSecurityPolicy/1.1/scriptnonce-allowed-by-legacy-enforced-policy-and-blocked-by-report-policy.py\n'
'in an <iframe> once we fix reporting of nonce violations for report-only policies. See <https://bugs.webkit.org/show_bug.cgi?id=159830>. -->\n'
'</body>\n'
'</html>\n'
import sys
sys.stdout.write(
- 'Content-Security-Policy-Report-Only: script-src \'nonce-that-is-not-equal-to-dummy\' \'nonce-dump-as-text\'; report-uri ../resources/save-report.php?test=/security/contentSecurityPolicy/1.1/scriptnonce-allowed-by-legacy-enforced-policy-and-blocked-by-report-policy2.py\r\n'
+ 'Content-Security-Policy-Report-Only: script-src \'nonce-that-is-not-equal-to-dummy\' \'nonce-dump-as-text\'; report-uri ../resources/save-report.py?test=/security/contentSecurityPolicy/1.1/scriptnonce-allowed-by-legacy-enforced-policy-and-blocked-by-report-policy2.py\r\n'
'Content-Type: text/html\r\n\r\n'
'<!DOCTYPE html>\n'
'<html>\n'
'document.getElementById("result").textContent = "PASS did execute script.";\n'
'</script>\n'
'<!-- FIXME: Call testRunner.dumpChildFramesAsText() and load\n'
- '../resources/echo-report.php?test=/security/contentSecurityPolicy/1.1/scriptnonce-allowed-by-legacy-enforced-policy-and-blocked-by-report-policy2.py\n'
+ '../resources/echo-report.py?test=/security/contentSecurityPolicy/1.1/scriptnonce-allowed-by-legacy-enforced-policy-and-blocked-by-report-policy2.py\n'
'in an <iframe> once we fix reporting of nonce violations for report-only policies. See <https://bugs.webkit.org/show_bug.cgi?id=159830>. -->\n'
'</body>\n'
'</html>\n'
HTTP_HOST: 127.0.0.1:8000
HTTP_REFERER: http://127.0.0.1:8000/security/contentSecurityPolicy/1.1/scriptnonce-blocked-by-enforced-policy-and-allowed-by-report-policy.py
REQUEST_METHOD: POST
-REQUEST_URI: /security/contentSecurityPolicy/resources/save-report.php?test=/security/contentSecurityPolicy/1.1/scriptnonce-blocked-by-enforced-policy-and-allowed-by-report-policy.py
+REQUEST_URI: /security/contentSecurityPolicy/resources/save-report.py?test=/security/contentSecurityPolicy/1.1/scriptnonce-blocked-by-enforced-policy-and-allowed-by-report-policy.py
=== POST DATA ===
-{"csp-report":{"document-uri":"http://127.0.0.1:8000/security/contentSecurityPolicy/1.1/scriptnonce-blocked-by-enforced-policy-and-allowed-by-report-policy.py","referrer":"","violated-directive":"script-src 'nonce-that-is-not-equal-to-dummy' 'nonce-dump-as-text'","effective-directive":"script-src","original-policy":"script-src 'nonce-that-is-not-equal-to-dummy' 'nonce-dump-as-text'; report-uri ../resources/save-report.php?test=/security/contentSecurityPolicy/1.1/scriptnonce-blocked-by-enforced-policy-and-allowed-by-report-policy.py","blocked-uri":"","status-code":200}}
+{"csp-report":{"document-uri":"http://127.0.0.1:8000/security/contentSecurityPolicy/1.1/scriptnonce-blocked-by-enforced-policy-and-allowed-by-report-policy.py","referrer":"","violated-directive":"script-src 'nonce-that-is-not-equal-to-dummy' 'nonce-dump-as-text'","effective-directive":"script-src","original-policy":"script-src 'nonce-that-is-not-equal-to-dummy' 'nonce-dump-as-text'; report-uri ../resources/save-report.py?test=/security/contentSecurityPolicy/1.1/scriptnonce-blocked-by-enforced-policy-and-allowed-by-report-policy.py","blocked-uri":"","status-code":200}}
sys.stdout.write(
'Content-Security-Policy-Report-Only: script-src \'nonce-dummy\' \'nonce-dump-as-text\'\r\n'
- 'Content-Security-Policy: script-src \'nonce-that-is-not-equal-to-dummy\' \'nonce-dump-as-text\'; report-uri ../resources/save-report.php?test=/security/contentSecurityPolicy/1.1/scriptnonce-blocked-by-enforced-policy-and-allowed-by-report-policy.py\r\n'
+ 'Content-Security-Policy: script-src \'nonce-that-is-not-equal-to-dummy\' \'nonce-dump-as-text\'; report-uri ../resources/save-report.py?test=/security/contentSecurityPolicy/1.1/scriptnonce-blocked-by-enforced-policy-and-allowed-by-report-policy.py\r\n'
'Content-Type: text/html\r\n\r\n'
'<!DOCTYPE html>\n'
'<html>\n'
'<script nonce="dummy">\n'
'document.getElementById("result").textContent = "FAIL did execute script.";\n'
'</script>\n'
- '<iframe src="../resources/echo-report.php?test=/security/contentSecurityPolicy/1.1/scriptnonce-blocked-by-enforced-policy-and-allowed-by-report-policy.py"></iframe>\n'
+ '<iframe src="../resources/echo-report.py?test=/security/contentSecurityPolicy/1.1/scriptnonce-blocked-by-enforced-policy-and-allowed-by-report-policy.py"></iframe>\n'
'</body>\n'
'</html>\n'
)
\ No newline at end of file
sys.stdout.write(
'Content-Security-Policy-Report-Only: script-src \'nonce-dummy\' \'nonce-dump-as-text\'\r\n'
- 'X-WebKit-CSP: script-src \'nonce-dump-as-text\'; report-uri ../resources/save-report.php?test=/security/contentSecurityPolicy/1.1/scriptnonce-blocked-by-legacy-enforced-policy-and-allowed-by-report-policy.py\r\n'
+ 'X-WebKit-CSP: script-src \'nonce-dump-as-text\'; report-uri ../resources/save-report.py?test=/security/contentSecurityPolicy/1.1/scriptnonce-blocked-by-legacy-enforced-policy-and-allowed-by-report-policy.py\r\n'
'Content-Type: text/html\r\n\r\n'
'<!DOCTYPE html>\n'
'<html>\n'
'document.getElementById("result").textContent = "PASS did execute script.";\n'
'</script>\n'
'<!-- Call testRunner.dumpChildFramesAsText() and load\n'
- '<iframe src="../resources/echo-report.php?test=/security/contentSecurityPolicy/1.1/scriptnonce-blocked-by-legacy-enforced-policy-and-allowed-by-report-policy.py"></iframe>\n'
+ '<iframe src="../resources/echo-report.py?test=/security/contentSecurityPolicy/1.1/scriptnonce-blocked-by-legacy-enforced-policy-and-allowed-by-report-policy.py"></iframe>\n'
'once we fix reporting of nonce violations for report-only policies. See <https://bugs.webkit.org/show_bug.cgi?id=159830>. -->\n'
'</body>\n'
'</html>\n'
import sys
sys.stdout.write(
- 'Content-Security-Policy-Report-Only: script-src \'nonce-that-is-not-equal-to-dummy\' \'nonce-dump-as-text\'; report-uri ../resources/save-report.php?test=/security/contentSecurityPolicy/1.1/scriptnonce-blocked-by-legacy-enforced-policy-and-blocked-by-report-policy.py\r\n'
+ 'Content-Security-Policy-Report-Only: script-src \'nonce-that-is-not-equal-to-dummy\' \'nonce-dump-as-text\'; report-uri ../resources/save-report.py?test=/security/contentSecurityPolicy/1.1/scriptnonce-blocked-by-legacy-enforced-policy-and-blocked-by-report-policy.py\r\n'
'X-WebKit-CSP: script-src \'nonce-dump-as-text\'\r\n'
'Content-Type: text/html\r\n\r\n'
'<!DOCTYPE html>\n'
'document.getElementById("result").textContent = "PASS did execute script.";\n'
'</script>\n'
'<!-- Call testRunner.dumpChildFramesAsText() and load\n'
- '<iframe src="../resources/echo-report.php?test=/security/contentSecurityPolicy/1.1/scriptnonce-blocked-by-legacy-enforced-policy-and-blocked-by-report-policy.py"></iframe>\n'
+ '<iframe src="../resources/echo-report.py?test=/security/contentSecurityPolicy/1.1/scriptnonce-blocked-by-legacy-enforced-policy-and-blocked-by-report-policy.py"></iframe>\n'
'once we fix reporting of nonce violations for report-only policies. See <https://bugs.webkit.org/show_bug.cgi?id=159830>. -->\n'
'</body>\n'
'</html>\n'
import sys
sys.stdout.write(
- 'Content-Security-Policy-Report-Only: script-src \'nonce-that-is-not-equal-to-dummy\' \'nonce-dump-as-text\'; report-uri ../resources/save-report.php?test=/security/contentSecurityPolicy/1.1/scriptnonce-blocked-by-legacy-enforced-policy-and-blocked-by-report-policy.py\r\n'
+ 'Content-Security-Policy-Report-Only: script-src \'nonce-that-is-not-equal-to-dummy\' \'nonce-dump-as-text\'; report-uri ../resources/save-report.py?test=/security/contentSecurityPolicy/1.1/scriptnonce-blocked-by-legacy-enforced-policy-and-blocked-by-report-policy.py\r\n'
'Content-Type: text/html\r\n\r\n'
'<!DOCTYPE html>\n'
'<html>\n'
'document.getElementById("result").textContent = "PASS did execute script.";\n'
'</script>\n'
'<!-- Call testRunner.dumpChildFramesAsText() and load\n'
- '<iframe src="../resources/echo-report.php?test=/security/contentSecurityPolicy/1.1/scriptnonce-blocked-by-legacy-enforced-policy-and-blocked-by-report-policy.py"></iframe>\n'
+ '<iframe src="../resources/echo-report.py?test=/security/contentSecurityPolicy/1.1/scriptnonce-blocked-by-legacy-enforced-policy-and-blocked-by-report-policy.py"></iframe>\n'
'once we fix reporting of nonce violations for report-only policies. See <https://bugs.webkit.org/show_bug.cgi?id=159830>. -->\n'
'</body>\n'
'</html>\n'
CONSOLE MESSAGE: [Report Only] Blocked mixed content http://127.0.0.1:8000/security/mixedContent/resources/style.css because 'block-all-mixed-content' appears in the Content Security Policy.
CONSOLE MESSAGE: [blocked] The page at https://127.0.0.1:8443/security/contentSecurityPolicy/block-all-mixed-content/resources/frame-with-insecure-css-report-only.py was not allowed to run insecure content from http://127.0.0.1:8000/security/mixedContent/resources/style.css.
-frame "<!--frame1-->" - willPerformClientRedirectToURL: https://127.0.0.1:8443/security/contentSecurityPolicy/resources/echo-report.php?test=/security/contentSecurityPolicy/block-all-mixed-content/resources/frame-with-insecure-css-report-only.py
+frame "<!--frame1-->" - willPerformClientRedirectToURL: https://127.0.0.1:8443/security/contentSecurityPolicy/resources/echo-report.py?test=/security/contentSecurityPolicy/block-all-mixed-content/resources/frame-with-insecure-css-report-only.py
frame "<!--frame1-->" - didFinishDocumentLoadForFrame
main frame - didHandleOnloadEventsForFrame
frame "<!--frame1-->" - didFinishLoadForFrame
HTTP_HOST: 127.0.0.1:8443
HTTP_REFERER: https://127.0.0.1:8443/security/contentSecurityPolicy/block-all-mixed-content/resources/frame-with-insecure-css-report-only.py
REQUEST_METHOD: POST
-REQUEST_URI: /security/contentSecurityPolicy/resources/save-report.php?test=/security/contentSecurityPolicy/block-all-mixed-content/resources/frame-with-insecure-css-report-only.py
+REQUEST_URI: /security/contentSecurityPolicy/resources/save-report.py?test=/security/contentSecurityPolicy/block-all-mixed-content/resources/frame-with-insecure-css-report-only.py
=== POST DATA ===
-{"csp-report":{"document-uri":"https://127.0.0.1:8443/security/contentSecurityPolicy/block-all-mixed-content/resources/frame-with-insecure-css-report-only.py","referrer":"http://127.0.0.1:8000/security/contentSecurityPolicy/block-all-mixed-content/insecure-css-in-iframe-report-only.html","violated-directive":"block-all-mixed-content","effective-directive":"block-all-mixed-content","original-policy":"block-all-mixed-content; report-uri ../../resources/save-report.php?test=/security/contentSecurityPolicy/block-all-mixed-content/resources/frame-with-insecure-css-report-only.py","blocked-uri":"http://127.0.0.1:8000","status-code":0}}
+{"csp-report":{"document-uri":"https://127.0.0.1:8443/security/contentSecurityPolicy/block-all-mixed-content/resources/frame-with-insecure-css-report-only.py","referrer":"http://127.0.0.1:8000/security/contentSecurityPolicy/block-all-mixed-content/insecure-css-in-iframe-report-only.html","violated-directive":"block-all-mixed-content","effective-directive":"block-all-mixed-content","original-policy":"block-all-mixed-content; report-uri ../../resources/save-report.py?test=/security/contentSecurityPolicy/block-all-mixed-content/resources/frame-with-insecure-css-report-only.py","blocked-uri":"http://127.0.0.1:8000","status-code":0}}
import sys
sys.stdout.write(
- 'Content-Security-Policy-Report-Only: block-all-mixed-content; report-uri ../../resources/save-report.php?test=/security/contentSecurityPolicy/block-all-mixed-content/resources/frame-with-insecure-css-report-only.py\r\n'
+ 'Content-Security-Policy-Report-Only: block-all-mixed-content; report-uri ../../resources/save-report.py?test=/security/contentSecurityPolicy/block-all-mixed-content/resources/frame-with-insecure-css-report-only.py\r\n'
'Content-Type: text/html\r\n\r\n'
'<!DOCTYPE html>\n'
'<html>\n'
'<body>\n'
'This background color should be white.\n'
'<script>\n'
- ' window.location.href = "/security/contentSecurityPolicy/resources/echo-report.php?test=/security/contentSecurityPolicy/block-all-mixed-content/resources/frame-with-insecure-css-report-only.py";\n'
+ ' window.location.href = "/security/contentSecurityPolicy/resources/echo-report.py?test=/security/contentSecurityPolicy/block-all-mixed-content/resources/frame-with-insecure-css-report-only.py";\n'
'</script>\n'
'</body>\n'
'</html>\n'
}
try {
- navigator.sendBeacon("http://127.0.0.1:8000/security/contentSecurityPolicy/resources/echo-report.php");
+ navigator.sendBeacon("http://127.0.0.1:8000/security/contentSecurityPolicy/resources/echo-report.py");
log("Pass");
} catch(e) {
log("Fail");
-CONSOLE MESSAGE: Refused to connect to http://localhost:8000/security/contentSecurityPolicy/resources/echo-report.php because it does not appear in the connect-src directive of the Content Security Policy.
+CONSOLE MESSAGE: Refused to connect to http://localhost:8000/security/contentSecurityPolicy/resources/echo-report.py because it does not appear in the connect-src directive of the Content Security Policy.
Pass
}
try {
- navigator.sendBeacon("http://localhost:8000/security/contentSecurityPolicy/resources/echo-report.php");
+ navigator.sendBeacon("http://localhost:8000/security/contentSecurityPolicy/resources/echo-report.py");
log("Pass");
} catch(e) {
log("Fail");
HTTP_REFERER: http://127.0.0.1:8000/security/contentSecurityPolicy/eval-allowed-in-report-only-mode-and-sends-report.html
REQUEST_METHOD: POST
=== POST DATA ===
-{"csp-report":{"document-uri":"http://127.0.0.1:8000/security/contentSecurityPolicy/eval-allowed-in-report-only-mode-and-sends-report.html","referrer":"","violated-directive":"script-src 'self' 'unsafe-inline'","effective-directive":"script-src","original-policy":"script-src 'self' 'unsafe-inline'; report-uri resources/save-report.php","blocked-uri":"","source-file":"http://127.0.0.1:8000/security/contentSecurityPolicy/eval-allowed-in-report-only-mode-and-sends-report.html","line-number":13,"column-number":13,"status-code":200}}
+{"csp-report":{"document-uri":"http://127.0.0.1:8000/security/contentSecurityPolicy/eval-allowed-in-report-only-mode-and-sends-report.html","referrer":"","violated-directive":"script-src 'self' 'unsafe-inline'","effective-directive":"script-src","original-policy":"script-src 'self' 'unsafe-inline'; report-uri resources/save-report.py","blocked-uri":"","source-file":"http://127.0.0.1:8000/security/contentSecurityPolicy/eval-allowed-in-report-only-mode-and-sends-report.html","line-number":13,"column-number":13,"status-code":200}}
import sys
sys.stdout.write(
- 'Content-Security-Policy-Report-Only: script-src \'self\' \'unsafe-inline\'; report-uri resources/save-report.php\r\n'
+ 'Content-Security-Policy-Report-Only: script-src \'self\' \'unsafe-inline\'; report-uri resources/save-report.py\r\n'
'Content-Type: text/html\r\n\r\n'
'<!DOCTYPE html>\n'
'<html>\n'
HTTP_REFERER: http://127.0.0.1:8000/security/contentSecurityPolicy/eval-blocked-and-sends-report.html
REQUEST_METHOD: POST
=== POST DATA ===
-{"csp-report":{"document-uri":"http://127.0.0.1:8000/security/contentSecurityPolicy/eval-blocked-and-sends-report.html","referrer":"","violated-directive":"script-src 'self' 'unsafe-inline'","effective-directive":"script-src","original-policy":"script-src 'self' 'unsafe-inline'; report-uri resources/save-report.php","blocked-uri":"","source-file":"http://127.0.0.1:8000/security/contentSecurityPolicy/eval-blocked-and-sends-report.html","line-number":9,"column-number":13,"status-code":200}}
+{"csp-report":{"document-uri":"http://127.0.0.1:8000/security/contentSecurityPolicy/eval-blocked-and-sends-report.html","referrer":"","violated-directive":"script-src 'self' 'unsafe-inline'","effective-directive":"script-src","original-policy":"script-src 'self' 'unsafe-inline'; report-uri resources/save-report.py","blocked-uri":"","source-file":"http://127.0.0.1:8000/security/contentSecurityPolicy/eval-blocked-and-sends-report.html","line-number":9,"column-number":13,"status-code":200}}
<!DOCTYPE html>
<html>
<head>
- <meta http-equiv="Content-Security-Policy" content="script-src 'self' 'unsafe-inline'; report-uri resources/save-report.php">
+ <meta http-equiv="Content-Security-Policy" content="script-src 'self' 'unsafe-inline'; report-uri resources/save-report.py">
</head>
<body>
<script>
HTTP_HOST: 127.0.0.1:8000
HTTP_REFERER: http://127.0.0.1:8000/security/contentSecurityPolicy/report-and-enforce.py
REQUEST_METHOD: POST
-REQUEST_URI: /security/contentSecurityPolicy/resources/save-report.php
+REQUEST_URI: /security/contentSecurityPolicy/resources/save-report.py
=== POST DATA ===
-{"csp-report":{"document-uri":"http://127.0.0.1:8000/security/contentSecurityPolicy/report-and-enforce.py","referrer":"","violated-directive":"script-src 'self'","effective-directive":"script-src","original-policy":"script-src 'self'; report-uri resources/save-report.php","blocked-uri":"","status-code":200}}
+{"csp-report":{"document-uri":"http://127.0.0.1:8000/security/contentSecurityPolicy/report-and-enforce.py","referrer":"","violated-directive":"script-src 'self'","effective-directive":"script-src","original-policy":"script-src 'self'; report-uri resources/save-report.py","blocked-uri":"","status-code":200}}
import sys
sys.stdout.write(
- 'Content-Security-Policy-Report-Only: script-src \'self\'; report-uri resources/save-report.php\r\n'
+ 'Content-Security-Policy-Report-Only: script-src \'self\'; report-uri resources/save-report.py\r\n'
'Content-Type: text/html\r\n\r\n'
'<!DOCTYPE html>\n'
'<html>\n'
HTTP_HOST: 127.0.0.1:8000
HTTP_REFERER: http://127.0.0.1:8000/security/contentSecurityPolicy/report-blocked-data-uri.py
REQUEST_METHOD: POST
-REQUEST_URI: /security/contentSecurityPolicy/resources/save-report.php
+REQUEST_URI: /security/contentSecurityPolicy/resources/save-report.py
=== POST DATA ===
-{"csp-report":{"document-uri":"http://127.0.0.1:8000/security/contentSecurityPolicy/report-blocked-data-uri.py","referrer":"","violated-directive":"img-src 'none'","effective-directive":"img-src","original-policy":"img-src 'none'; report-uri resources/save-report.php","blocked-uri":"data","status-code":200}}
+{"csp-report":{"document-uri":"http://127.0.0.1:8000/security/contentSecurityPolicy/report-blocked-data-uri.py","referrer":"","violated-directive":"img-src 'none'","effective-directive":"img-src","original-policy":"img-src 'none'; report-uri resources/save-report.py","blocked-uri":"data","status-code":200}}
import sys
sys.stdout.write(
- 'Content-Security-Policy: img-src \'none\'; report-uri resources/save-report.php\r\n'
+ 'Content-Security-Policy: img-src \'none\'; report-uri resources/save-report.py\r\n'
'Content-Type: text/html\r\n\r\n'
'<!DOCTYPE html>\n'
'<html>\n'
HTTP_HOST: 127.0.0.1:8000
HTTP_REFERER: http://127.0.0.1:8000/security/contentSecurityPolicy/report-blocked-file-uri.py
REQUEST_METHOD: POST
-REQUEST_URI: /security/contentSecurityPolicy/resources/save-report.php
+REQUEST_URI: /security/contentSecurityPolicy/resources/save-report.py
=== POST DATA ===
-{"csp-report":{"document-uri":"http://127.0.0.1:8000/security/contentSecurityPolicy/report-blocked-file-uri.py","referrer":"","violated-directive":"img-src 'none'","effective-directive":"img-src","original-policy":"img-src 'none'; report-uri resources/save-report.php","blocked-uri":"file","status-code":200,"source-file":"http://127.0.0.1:8000/security/contentSecurityPolicy/report-blocked-file-uri.py","line-number":9,"column-number":26}}
+{"csp-report":{"document-uri":"http://127.0.0.1:8000/security/contentSecurityPolicy/report-blocked-file-uri.py","referrer":"","violated-directive":"img-src 'none'","effective-directive":"img-src","original-policy":"img-src 'none'; report-uri resources/save-report.py","blocked-uri":"file","status-code":200,"source-file":"http://127.0.0.1:8000/security/contentSecurityPolicy/report-blocked-file-uri.py","line-number":9,"column-number":26}}
import sys
sys.stdout.write(
- 'Content-Security-Policy: img-src \'none\'; report-uri resources/save-report.php\r\n'
+ 'Content-Security-Policy: img-src \'none\'; report-uri resources/save-report.py\r\n'
'Content-Type: text/html\r\n\r\n'
'<!DOCTYPE html>\n'
'<html>\n'
HTTP_HOST: 127.0.0.1:8000
HTTP_REFERER: http://127.0.0.1:8000/security/contentSecurityPolicy/report-blocked-uri-and-do-not-follow-redirect-when-sending-report.py
REQUEST_METHOD: POST
-REQUEST_URI: /security/contentSecurityPolicy/resources/save-report-and-redirect-to-save-report.php
+REQUEST_URI: /security/contentSecurityPolicy/resources/save-report-and-redirect-to-save-report.py
=== POST DATA ===
-{"csp-report":{"document-uri":"http://127.0.0.1:8000/security/contentSecurityPolicy/report-blocked-uri-and-do-not-follow-redirect-when-sending-report.py","referrer":"","violated-directive":"img-src 'none'","effective-directive":"img-src","original-policy":"img-src 'none'; report-uri resources/save-report-and-redirect-to-save-report.php","blocked-uri":"http://127.0.0.1:8000/security/resources/abe.png","status-code":200}}
+{"csp-report":{"document-uri":"http://127.0.0.1:8000/security/contentSecurityPolicy/report-blocked-uri-and-do-not-follow-redirect-when-sending-report.py","referrer":"","violated-directive":"img-src 'none'","effective-directive":"img-src","original-policy":"img-src 'none'; report-uri resources/save-report-and-redirect-to-save-report.py","blocked-uri":"http://127.0.0.1:8000/security/resources/abe.png","status-code":200}}
import sys
sys.stdout.write(
- 'Content-Security-Policy-Report-Only: img-src \'none\'; report-uri resources/save-report-and-redirect-to-save-report.php\r\n'
+ 'Content-Security-Policy-Report-Only: img-src \'none\'; report-uri resources/save-report-and-redirect-to-save-report.py\r\n'
'Content-Type: text/html\r\n\r\n'
'<!DOCTYPE html>\n'
'<html>\n'
'<body>\n'
- '<p>This test PASSED if the filename of the REQUEST_URI in the dumped report is save-report-and-redirect-to-save-report.php. Otherwise, it FAILED.</p>\n'
+ '<p>This test PASSED if the filename of the REQUEST_URI in the dumped report is save-report-and-redirect-to-save-report.py. Otherwise, it FAILED.</p>\n'
'<img src="../resources/abe.png"> <!-- Trigger CSP violation -->\n'
'<script>\n'
'if (window.testRunner) {\n'
'\n'
'function navigateToReport()\n'
'{\n'
- ' window.location = "/security/contentSecurityPolicy/resources/echo-report.php";\n'
+ ' window.location = "/security/contentSecurityPolicy/resources/echo-report.py";\n'
'}\n'
'\n'
'// We assume that if redirects were followed when saving the report that they will complete within one second.\n'
HTTP_HOST: 127.0.0.1:8000
HTTP_REFERER: http://127.0.0.1:8000/security/contentSecurityPolicy/report-blocked-uri-cross-origin.py
REQUEST_METHOD: POST
-REQUEST_URI: /security/contentSecurityPolicy/resources/save-report.php
+REQUEST_URI: /security/contentSecurityPolicy/resources/save-report.py
=== POST DATA ===
-{"csp-report":{"document-uri":"http://127.0.0.1:8000/security/contentSecurityPolicy/report-blocked-uri-cross-origin.py","referrer":"","violated-directive":"img-src 'none'","effective-directive":"img-src","original-policy":"img-src 'none'; report-uri resources/save-report.php","blocked-uri":"http://localhost:8080","status-code":200}}
+{"csp-report":{"document-uri":"http://127.0.0.1:8000/security/contentSecurityPolicy/report-blocked-uri-cross-origin.py","referrer":"","violated-directive":"img-src 'none'","effective-directive":"img-src","original-policy":"img-src 'none'; report-uri resources/save-report.py","blocked-uri":"http://localhost:8080","status-code":200}}
import sys
sys.stdout.write(
- 'Content-Security-Policy-Report-Only: img-src \'none\'; report-uri resources/save-report.php\r\n'
+ 'Content-Security-Policy-Report-Only: img-src \'none\'; report-uri resources/save-report.py\r\n'
'Content-Type: text/html\r\n\r\n'
'The origin of this image should show up in the violation report.\n'
'<img src="http://localhost:8080/security/resources/abe.png">\n'
HTTP_HOST: 127.0.0.1:8000
HTTP_REFERER: http://127.0.0.1:8000/security/contentSecurityPolicy/report-blocked-uri.py
REQUEST_METHOD: POST
-REQUEST_URI: /security/contentSecurityPolicy/resources/save-report.php
+REQUEST_URI: /security/contentSecurityPolicy/resources/save-report.py
=== POST DATA ===
-{"csp-report":{"document-uri":"http://127.0.0.1:8000/security/contentSecurityPolicy/report-blocked-uri.py","referrer":"","violated-directive":"img-src 'none'","effective-directive":"img-src","original-policy":"img-src 'none'; report-uri resources/save-report.php","blocked-uri":"http://127.0.0.1:8000/security/resources/abe.png","status-code":200}}
+{"csp-report":{"document-uri":"http://127.0.0.1:8000/security/contentSecurityPolicy/report-blocked-uri.py","referrer":"","violated-directive":"img-src 'none'","effective-directive":"img-src","original-policy":"img-src 'none'; report-uri resources/save-report.py","blocked-uri":"http://127.0.0.1:8000/security/resources/abe.png","status-code":200}}
import sys
sys.stdout.write(
- 'Content-Security-Policy-Report-Only: img-src \'none\'; report-uri resources/save-report.php\r\n'
+ 'Content-Security-Policy-Report-Only: img-src \'none\'; report-uri resources/save-report.py\r\n'
'Content-Type: text/html\r\n\r\n'
'The URI of this image should show up in the violation report.\n'
'<img src="../resources/abe.png#the-fragment-should-not-be-in-report">\n'
HTTP_HOST: localhost:8080
HTTP_REFERER: http://127.0.0.1:8000/security/contentSecurityPolicy/report-cross-origin-no-cookies.py
REQUEST_METHOD: POST
-REQUEST_URI: /security/contentSecurityPolicy/resources/save-report.php
+REQUEST_URI: /security/contentSecurityPolicy/resources/save-report.py
=== POST DATA ===
-{"csp-report":{"document-uri":"http://127.0.0.1:8000/security/contentSecurityPolicy/report-cross-origin-no-cookies.py","referrer":"","violated-directive":"img-src 'none'","effective-directive":"img-src","original-policy":"img-src 'none'; report-uri http://localhost:8080/security/contentSecurityPolicy/resources/save-report.php","blocked-uri":"http://127.0.0.1:8000/security/resources/abe.png","status-code":200}}
+{"csp-report":{"document-uri":"http://127.0.0.1:8000/security/contentSecurityPolicy/report-cross-origin-no-cookies.py","referrer":"","violated-directive":"img-src 'none'","effective-directive":"img-src","original-policy":"img-src 'none'; report-uri http://localhost:8080/security/contentSecurityPolicy/resources/save-report.py","blocked-uri":"http://127.0.0.1:8000/security/resources/abe.png","status-code":200}}
HTTP_HOST: localhost:8080
HTTP_REFERER: http://127.0.0.1:8000/security/contentSecurityPolicy/report-cross-origin-no-cookies-when-private-browsing-enabled.py
REQUEST_METHOD: POST
-REQUEST_URI: /security/contentSecurityPolicy/resources/save-report.php
+REQUEST_URI: /security/contentSecurityPolicy/resources/save-report.py
=== POST DATA ===
-{"csp-report":{"document-uri":"http://127.0.0.1:8000/security/contentSecurityPolicy/report-cross-origin-no-cookies-when-private-browsing-enabled.py","referrer":"","violated-directive":"img-src 'none'","effective-directive":"img-src","original-policy":"img-src 'none'; report-uri http://localhost:8080/security/contentSecurityPolicy/resources/save-report.php","blocked-uri":"http://127.0.0.1:8000/security/resources/abe.png","status-code":200}}
+{"csp-report":{"document-uri":"http://127.0.0.1:8000/security/contentSecurityPolicy/report-cross-origin-no-cookies-when-private-browsing-enabled.py","referrer":"","violated-directive":"img-src 'none'","effective-directive":"img-src","original-policy":"img-src 'none'; report-uri http://localhost:8080/security/contentSecurityPolicy/resources/save-report.py","blocked-uri":"http://127.0.0.1:8000/security/resources/abe.png","status-code":200}}
import sys
sys.stdout.write(
- 'Content-Security-Policy: img-src \'none\'; report-uri http://localhost:8080/security/contentSecurityPolicy/resources/save-report.php\r\n'
+ 'Content-Security-Policy: img-src \'none\'; report-uri http://localhost:8080/security/contentSecurityPolicy/resources/save-report.py\r\n'
'Content-Type: text/html\r\n\r\n'
'<!-- webkit-test-runner [ useEphemeralSession=true ] -->\n'
'<!DOCTYPE html>\n'
' // This image will generate a CSP violation report.\n'
' let imgElement = document.createElement("img");\n'
' imgElement.onload = imgElement.onerror = function () {\n'
- ' window.location = "/security/contentSecurityPolicy/resources/echo-report.php";\n'
+ ' window.location = "/security/contentSecurityPolicy/resources/echo-report.py";\n'
' };\n'
' imgElement.src = "/security/resources/abe.png";\n'
' document.body.appendChild(imgElement);\n'
CSP report received:
CONTENT_TYPE: application/csp-report
HTTP_HOST: localhost:8080
-HTTP_REFERER: http://127.0.0.1:8000/security/contentSecurityPolicy/report-cross-origin-no-cookies-when-private-browsing-toggled.php
+HTTP_REFERER: http://127.0.0.1:8000/security/contentSecurityPolicy/report-cross-origin-no-cookies-when-private-browsing-toggled.py
REQUEST_METHOD: POST
-REQUEST_URI: /security/contentSecurityPolicy/resources/save-report.php
+REQUEST_URI: /security/contentSecurityPolicy/resources/save-report.py
=== POST DATA ===
-{"csp-report":{"document-uri":"http://127.0.0.1:8000/security/contentSecurityPolicy/report-cross-origin-no-cookies-when-private-browsing-toggled.php","referrer":"","violated-directive":"img-src 'none'","effective-directive":"img-src","original-policy":"img-src 'none'; report-uri http://localhost:8080/security/contentSecurityPolicy/resources/save-report.php","blocked-uri":"http://127.0.0.1:8000/security/resources/abe.png","status-code":200}}
+{"csp-report":{"document-uri":"http://127.0.0.1:8000/security/contentSecurityPolicy/report-cross-origin-no-cookies-when-private-browsing-toggled.py","referrer":"","violated-directive":"img-src 'none'","effective-directive":"img-src","original-policy":"img-src 'none'; report-uri http://localhost:8080/security/contentSecurityPolicy/resources/save-report.py","blocked-uri":"http://127.0.0.1:8000/security/resources/abe.png","status-code":200}}
-<?php
- header("Content-Security-Policy: img-src 'none'; report-uri http://localhost:8080/security/contentSecurityPolicy/resources/save-report.php");
-?>
-<!DOCTYPE html>
+#!/usr/bin/env python3
+
+import sys
+
+sys.stdout.write(
+ 'Content-Security-Policy: img-src \'none\'; report-uri http://localhost:8080/security/contentSecurityPolicy/resources/save-report.py\r\n'
+ 'Content-Type: text/html\r\n\r\n'
+)
+
+print('''<!DOCTYPE html>
<html>
<body>
<script>
<script src="resources/go-to-echo-report.js"></script>
</body>
-</html>
+</html>''')
import sys
sys.stdout.write(
- 'Content-Security-Policy: img-src \'none\'; report-uri http://localhost:8080/security/contentSecurityPolicy/resources/save-report.php\r\n'
+ 'Content-Security-Policy: img-src \'none\'; report-uri http://localhost:8080/security/contentSecurityPolicy/resources/save-report.py\r\n'
'Content-Type: text/html\r\n\r\n'
'<!DOCTYPE html>\n'
'<html>\n'
' // This image will generate a CSP violation report.\n'
' let imgElement = document.createElement("img");\n'
' imgElement.onload = imgElement.onerror = function () {\n'
- ' window.location = "/security/contentSecurityPolicy/resources/echo-report.php";\n'
+ ' window.location = "/security/contentSecurityPolicy/resources/echo-report.py";\n'
' };\n'
' imgElement.src = "/security/resources/abe.png";\n'
' document.body.appendChild(imgElement);\n'
<!DOCTYPE html>
<html>
<head>
- <meta http-equiv="Content-Security-Policy" content="connect-src http://127.0.0.1:8000/security/contentSecurityPolicy/resources/redir.php">
+ <meta http-equiv="Content-Security-Policy" content="connect-src http://127.0.0.1:8000/security/contentSecurityPolicy/resources/redir.py">
<script src="/js-test-resources/js-test-pre.js"></script>
</head>
<body>
try {
// Redirect to a different host, because as of CSP2 paths
// are ignored when matching after a redirect.
- xhr.open("GET", "resources/redir.php?url=http://localhost:8000/security/contentSecurityPolicy/resources/xhr-redirect-not-allowed.py", true);
+ xhr.open("GET", "resources/redir.py?url=http://localhost:8000/security/contentSecurityPolicy/resources/xhr-redirect-not-allowed.py", true);
} catch(e) {
testFailed("XMLHttpRequest.open() should not throw an exception.");
}
-<?php
-header("Content-Security-Policy-Report-Only: img-src 'none'; report-uri resources/does-not-exist");
-?>
-<!DOCTYPE html>
+#!/usr/bin/env python3
+
+import sys
+
+sys.stdout.write(
+ 'Content-Security-Policy-Report-Only: img-src \'none\'; report-uri resources/does-not-exist\r\n'
+ 'Content-Type: text/html\r\n\r\n'
+)
+
+print('''<!DOCTYPE html>
<html>
<body>
<p>This tests that multiple violations on a page trigger multiple reports.
<img src="../resources/abe.png">
<img src="../resources/eba.png">
</body>
-</html>
+</html>''')
-<?php
-header("Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'self'; report-uri resources/does-not-exist");
-?>
-<!DOCTYPE html>
+#!/usr/bin/env python3
+
+import sys
+
+sys.stdout.write(
+ 'Content-Security-Policy-Report-Only: script-src \'unsafe-inline\' \'self\'; report-uri resources/does-not-exist\r\n'
+ 'Content-Type: text/html\r\n\r\n'
+)
+
+print('''<!DOCTYPE html>
<html>
<body>
<p>This tests that multiple violations on a page trigger multiple reports
setTimeout("alert('PASS: setTimeout #" + i + " executed.');", 0);
</script>
</body>
-</html>
+</html>''')
-CONSOLE MESSAGE: The Content Security Policy 'connect-src http://127.0.0.1:8000/security/contentSecurityPolicy/resources/redir.php' was delivered in report-only mode, but does not specify a 'report-uri'; the policy will have no effect. Please either add a 'report-uri' directive, or deliver the policy via the 'Content-Security-Policy' header.
+CONSOLE MESSAGE: The Content Security Policy 'connect-src http://127.0.0.1:8000/security/contentSecurityPolicy/resources/redir.py' was delivered in report-only mode, but does not specify a 'report-uri'; the policy will have no effect. Please either add a 'report-uri' directive, or deliver the policy via the 'Content-Security-Policy' header.
Pass
+++ /dev/null
-<?php
- header("Content-Security-Policy-Report-Only: connect-src http://127.0.0.1:8000/security/contentSecurityPolicy/resources/redir.php");
-?>
-<!DOCTYPE html>
-<html>
-<head>
-<script>
-if (window.testRunner)
- testRunner.dumpAsText();
-</script>
-</head>
-<body>
-<pre id="console"></pre>
-<script>
-function log(msg)
-{
- document.getElementById("console").appendChild(document.createTextNode(msg + "\n"));
-}
-
-try {
- navigator.sendBeacon("http://127.0.0.1:8000/security/contentSecurityPolicy/resources/redir.php?url=http://localhost:8000/security/contentSecurityPolicy/resources/echo-report.php");
- log("Pass");
-} catch(e) {
- log("Fail");
-}
-</script>
-</body>
-</html>
--- /dev/null
+#!/usr/bin/env python3
+
+import sys
+
+sys.stdout.write(
+ 'Content-Security-Policy-Report-Only: connect-src http://127.0.0.1:8000/security/contentSecurityPolicy/resources/redir.py\r\n'
+ 'Content-Type: text/html\r\n\r\n'
+)
+
+print('''<!DOCTYPE html>
+<html>
+<head>
+<script>
+if (window.testRunner)
+ testRunner.dumpAsText();
+</script>
+</head>
+<body>
+<pre id="console"></pre>
+<script>
+function log(msg)
+{
+ document.getElementById("console").appendChild(document.createTextNode(msg + "\\n"));
+}
+
+try {
+ navigator.sendBeacon("http://127.0.0.1:8000/security/contentSecurityPolicy/resources/redir.py?url=http://localhost:8000/security/contentSecurityPolicy/resources/echo-report.py");
+ log("Pass");
+} catch(e) {
+ log("Fail");
+}
+</script>
+</body>
+</html>''')
-<?php
- header("Content-Security-Policy-Report-Only: connect-src http://127.0.0.1:8000/security/contentSecurityPolicy/resources/redir.py");
-?>
-<!DOCTYPE html>
+#!/usr/bin/env python3
+
+import sys
+
+sys.stdout.write(
+ 'Content-Security-Policy-Report-Only: connect-src http://127.0.0.1:8000/security/contentSecurityPolicy/resources/redir.py\r\n'
+ 'Content-Type: text/html\r\n\r\n'
+)
+
+print('''<!DOCTYPE html>
<html>
<head>
<script src="/js-test-resources/js-test-pre.js"></script>
<script>
window.jsTestIsAsync = true;
function log(msg) {
- document.getElementById("console").appendChild(document.createTextNode(msg + "\n"));
+ document.getElementById("console").appendChild(document.createTextNode(msg + "\\n"));
}
var xhr = new XMLHttpRequest;
</script>
<script src="/js-test-resources/js-test-post.js"></script>
</body>
-</html>
+</html>''')
HTTP_HOST: 127.0.0.1:8000
HTTP_REFERER: http://127.0.0.1:8000/security/contentSecurityPolicy/report-only.py
REQUEST_METHOD: POST
-REQUEST_URI: /security/contentSecurityPolicy/resources/save-report.php
+REQUEST_URI: /security/contentSecurityPolicy/resources/save-report.py
=== POST DATA ===
-{"csp-report":{"document-uri":"http://127.0.0.1:8000/security/contentSecurityPolicy/report-only.py","referrer":"","violated-directive":"script-src 'self'","effective-directive":"script-src","original-policy":"script-src 'self'; report-uri resources/save-report.php","blocked-uri":"","status-code":200}}
+{"csp-report":{"document-uri":"http://127.0.0.1:8000/security/contentSecurityPolicy/report-only.py","referrer":"","violated-directive":"script-src 'self'","effective-directive":"script-src","original-policy":"script-src 'self'; report-uri resources/save-report.py","blocked-uri":"","status-code":200}}
HTTP_HOST: 127.0.0.1:8000
HTTP_REFERER: http://127.0.0.1:8000/security/contentSecurityPolicy/report-only-from-header.py
REQUEST_METHOD: POST
-REQUEST_URI: /security/contentSecurityPolicy/resources/save-report.php
+REQUEST_URI: /security/contentSecurityPolicy/resources/save-report.py
=== POST DATA ===
-{"csp-report":{"document-uri":"http://127.0.0.1:8000/security/contentSecurityPolicy/report-only-from-header.py","referrer":"","violated-directive":"script-src 'self'","effective-directive":"script-src","original-policy":"script-src 'self'; report-uri resources/save-report.php","blocked-uri":"","status-code":200}}
+{"csp-report":{"document-uri":"http://127.0.0.1:8000/security/contentSecurityPolicy/report-only-from-header.py","referrer":"","violated-directive":"script-src 'self'","effective-directive":"script-src","original-policy":"script-src 'self'; report-uri resources/save-report.py","blocked-uri":"","status-code":200}}
import sys
sys.stdout.write(
- 'Content-Security-Policy-Report-Only: script-src \'self\'; report-uri resources/save-report.php\r\n'
+ 'Content-Security-Policy-Report-Only: script-src \'self\'; report-uri resources/save-report.py\r\n'
'Content-Type: text/html\r\n\r\n'
'<script>\n'
'// This script block will trigger a violation report but shouldn\'t be blocked.\n'
HTTP_HOST: 127.0.0.1:8000
HTTP_REFERER: http://127.0.0.1:8000/security/contentSecurityPolicy/report-only-upgrade-insecure.py
REQUEST_METHOD: POST
-REQUEST_URI: /security/contentSecurityPolicy/resources/save-report.php
+REQUEST_URI: /security/contentSecurityPolicy/resources/save-report.py
=== POST DATA ===
-{"csp-report":{"document-uri":"http://127.0.0.1:8000/security/contentSecurityPolicy/report-only-upgrade-insecure.py","referrer":"","violated-directive":"script-src 'self'","effective-directive":"script-src","original-policy":"script-src 'self'; upgrade-insecure-requests; report-uri resources/save-report.php","blocked-uri":"","status-code":200}}
+{"csp-report":{"document-uri":"http://127.0.0.1:8000/security/contentSecurityPolicy/report-only-upgrade-insecure.py","referrer":"","violated-directive":"script-src 'self'","effective-directive":"script-src","original-policy":"script-src 'self'; upgrade-insecure-requests; report-uri resources/save-report.py","blocked-uri":"","status-code":200}}
import sys
sys.stdout.write(
- 'Content-Security-Policy-Report-Only: script-src \'self\'; upgrade-insecure-requests; report-uri resources/save-report.php\r\n'
+ 'Content-Security-Policy-Report-Only: script-src \'self\'; upgrade-insecure-requests; report-uri resources/save-report.py\r\n'
'Content-Type: text/html\r\n\r\n'
'<script>\n'
'// This script block will trigger a violation report but shouldn\'t be blocked.\n'
import sys
sys.stdout.write(
- 'Content-Security-Policy-Report-Only: script-src \'self\'; report-uri resources/save-report.php\r\n'
+ 'Content-Security-Policy-Report-Only: script-src \'self\'; report-uri resources/save-report.py\r\n'
'Content-Type: text/html\r\n\r\n'
'<script>\n'
'// This script block will trigger a violation report but shouldn\'t be blocked.\n'
HTTP_HOST: 127.0.0.1:8000
HTTP_REFERER: http://127.0.0.1:8000/security/contentSecurityPolicy/report-same-origin-no-cookies-when-private-browsing-toggled.py
REQUEST_METHOD: POST
-REQUEST_URI: /security/contentSecurityPolicy/resources/save-report.php
+REQUEST_URI: /security/contentSecurityPolicy/resources/save-report.py
=== POST DATA ===
-{"csp-report":{"document-uri":"http://127.0.0.1:8000/security/contentSecurityPolicy/report-same-origin-no-cookies-when-private-browsing-toggled.py","referrer":"","violated-directive":"img-src 'none'","effective-directive":"img-src","original-policy":"img-src 'none'; report-uri /security/contentSecurityPolicy/resources/save-report.php","blocked-uri":"http://127.0.0.1:8000/security/resources/abe.png","status-code":200}}
+{"csp-report":{"document-uri":"http://127.0.0.1:8000/security/contentSecurityPolicy/report-same-origin-no-cookies-when-private-browsing-toggled.py","referrer":"","violated-directive":"img-src 'none'","effective-directive":"img-src","original-policy":"img-src 'none'; report-uri /security/contentSecurityPolicy/resources/save-report.py","blocked-uri":"http://127.0.0.1:8000/security/resources/abe.png","status-code":200}}
import sys
sys.stdout.write(
- 'Content-Security-Policy: img-src \'none\'; report-uri /security/contentSecurityPolicy/resources/save-report.php\r\n'
+ 'Content-Security-Policy: img-src \'none\'; report-uri /security/contentSecurityPolicy/resources/save-report.py\r\n'
'Content-Type: text/html\r\n\r\n'
'<!DOCTYPE html>\n'
'<html>\n'
HTTP_HOST: 127.0.0.1:8000
HTTP_REFERER: http://127.0.0.1:8000/security/contentSecurityPolicy/report-same-origin-with-cookies.py
REQUEST_METHOD: POST
-REQUEST_URI: /security/contentSecurityPolicy/resources/save-report.php
+REQUEST_URI: /security/contentSecurityPolicy/resources/save-report.py
=== POST DATA ===
-{"csp-report":{"document-uri":"http://127.0.0.1:8000/security/contentSecurityPolicy/report-same-origin-with-cookies.py","referrer":"","violated-directive":"img-src 'none'","effective-directive":"img-src","original-policy":"img-src 'none'; report-uri /security/contentSecurityPolicy/resources/save-report.php","blocked-uri":"http://127.0.0.1:8000/security/resources/abe.png","status-code":200}}
+{"csp-report":{"document-uri":"http://127.0.0.1:8000/security/contentSecurityPolicy/report-same-origin-with-cookies.py","referrer":"","violated-directive":"img-src 'none'","effective-directive":"img-src","original-policy":"img-src 'none'; report-uri /security/contentSecurityPolicy/resources/save-report.py","blocked-uri":"http://127.0.0.1:8000/security/resources/abe.png","status-code":200}}
HTTP_HOST: 127.0.0.1:8000
HTTP_REFERER: http://127.0.0.1:8000/security/contentSecurityPolicy/report-same-origin-with-cookies-when-private-browsing-enabled.py
REQUEST_METHOD: POST
-REQUEST_URI: /security/contentSecurityPolicy/resources/save-report.php
+REQUEST_URI: /security/contentSecurityPolicy/resources/save-report.py
=== POST DATA ===
-{"csp-report":{"document-uri":"http://127.0.0.1:8000/security/contentSecurityPolicy/report-same-origin-with-cookies-when-private-browsing-enabled.py","referrer":"","violated-directive":"img-src 'none'","effective-directive":"img-src","original-policy":"img-src 'none'; report-uri /security/contentSecurityPolicy/resources/save-report.php","blocked-uri":"http://127.0.0.1:8000/security/resources/abe.png","status-code":200}}
+{"csp-report":{"document-uri":"http://127.0.0.1:8000/security/contentSecurityPolicy/report-same-origin-with-cookies-when-private-browsing-enabled.py","referrer":"","violated-directive":"img-src 'none'","effective-directive":"img-src","original-policy":"img-src 'none'; report-uri /security/contentSecurityPolicy/resources/save-report.py","blocked-uri":"http://127.0.0.1:8000/security/resources/abe.png","status-code":200}}
import sys
sys.stdout.write(
- 'Content-Security-Policy: img-src \'none\'; report-uri /security/contentSecurityPolicy/resources/save-report.php\r\n'
+ 'Content-Security-Policy: img-src \'none\'; report-uri /security/contentSecurityPolicy/resources/save-report.py\r\n'
'Content-Type: text/html\r\n\r\n'
'<!-- webkit-test-runner [ useEphemeralSession=true ] -->\n'
'<!DOCTYPE html>\n'
import sys
sys.stdout.write(
- 'Content-Security-Policy: img-src \'none\'; report-uri /security/contentSecurityPolicy/resources/save-report.php\r\n'
+ 'Content-Security-Policy: img-src \'none\'; report-uri /security/contentSecurityPolicy/resources/save-report.py\r\n'
'Content-Type: text/html\r\n\r\n'
'<!DOCTYPE html>\n'
'<html>\n'
CSP report received:
CONTENT_TYPE: application/csp-report
HTTP_HOST: 127.0.0.1:8443
-HTTP_REFERER: https://127.0.0.1:8443/security/contentSecurityPolicy/resources/generate-csp-report.php?test=/security/contentSecurityPolicy/report-status-code-zero-when-using-https.html
+HTTP_REFERER: https://127.0.0.1:8443/security/contentSecurityPolicy/resources/generate-csp-report.py?test=/security/contentSecurityPolicy/report-status-code-zero-when-using-https.html
REQUEST_METHOD: POST
-REQUEST_URI: /security/contentSecurityPolicy/resources/save-report.php?test=/security/contentSecurityPolicy/report-status-code-zero-when-using-https.html
+REQUEST_URI: /security/contentSecurityPolicy/resources/save-report.py?test=/security/contentSecurityPolicy/report-status-code-zero-when-using-https.html
=== POST DATA ===
-{"csp-report":{"document-uri":"https://127.0.0.1:8443/security/contentSecurityPolicy/resources/generate-csp-report.php?test=/security/contentSecurityPolicy/report-status-code-zero-when-using-https.html","referrer":"http://127.0.0.1:8000/security/contentSecurityPolicy/report-status-code-zero-when-using-https.html","violated-directive":"script-src 'self'","effective-directive":"script-src","original-policy":"script-src 'self'; report-uri save-report.php?test=/security/contentSecurityPolicy/report-status-code-zero-when-using-https.html","blocked-uri":"","status-code":0}}
+{"csp-report":{"document-uri":"https://127.0.0.1:8443/security/contentSecurityPolicy/resources/generate-csp-report.py?test=/security/contentSecurityPolicy/report-status-code-zero-when-using-https.html","referrer":"http://127.0.0.1:8000/security/contentSecurityPolicy/report-status-code-zero-when-using-https.html","violated-directive":"script-src 'self'","effective-directive":"script-src","original-policy":"script-src 'self'; report-uri save-report.py?test=/security/contentSecurityPolicy/report-status-code-zero-when-using-https.html","blocked-uri":"","status-code":0}}
</head>
<body>
<p>This tests that the status-code is 0 in the Content Security Policy violation report for a protected resource delivered over HTTPS.</p>
-<!-- window.testRunner.notifyDone() will be ultimately called by generate-csp-report.php. -->
-<iframe src="https://127.0.0.1:8443/security/contentSecurityPolicy/resources/generate-csp-report.php?test=/security/contentSecurityPolicy/report-status-code-zero-when-using-https.html"></iframe>
+<!-- window.testRunner.notifyDone() will be ultimately called by generate-csp-report.py. -->
+<iframe src="https://127.0.0.1:8443/security/contentSecurityPolicy/resources/generate-csp-report.py?test=/security/contentSecurityPolicy/report-status-code-zero-when-using-https.html"></iframe>
</body>
</html>
HTTP_HOST: 127.0.0.1:8000
HTTP_REFERER: http://127.0.0.1:8000/security/contentSecurityPolicy/report-uri.py
REQUEST_METHOD: POST
-REQUEST_URI: /security/contentSecurityPolicy/resources/save-report.php
+REQUEST_URI: /security/contentSecurityPolicy/resources/save-report.py
=== POST DATA ===
-{"csp-report":{"document-uri":"http://127.0.0.1:8000/security/contentSecurityPolicy/report-uri.py","referrer":"","violated-directive":"script-src 'self'","effective-directive":"script-src","original-policy":"script-src 'self'; report-uri resources/save-report.php","blocked-uri":"","status-code":200}}
+{"csp-report":{"document-uri":"http://127.0.0.1:8000/security/contentSecurityPolicy/report-uri.py","referrer":"","violated-directive":"script-src 'self'","effective-directive":"script-src","original-policy":"script-src 'self'; report-uri resources/save-report.py","blocked-uri":"","status-code":200}}
CSP report received:
CONTENT_TYPE: application/csp-report
HTTP_HOST: 127.0.0.1:8000
-HTTP_REFERER: http://127.0.0.1:8000/security/contentSecurityPolicy/resources/generate-csp-report.php?test=/security/contentSecurityPolicy/report-uri-from-child-frame.html
+HTTP_REFERER: http://127.0.0.1:8000/security/contentSecurityPolicy/resources/generate-csp-report.py?test=/security/contentSecurityPolicy/report-uri-from-child-frame.html
REQUEST_METHOD: POST
-REQUEST_URI: /security/contentSecurityPolicy/resources/save-report.php?test=/security/contentSecurityPolicy/report-uri-from-child-frame.html
+REQUEST_URI: /security/contentSecurityPolicy/resources/save-report.py?test=/security/contentSecurityPolicy/report-uri-from-child-frame.html
=== POST DATA ===
-{"csp-report":{"document-uri":"http://127.0.0.1:8000/security/contentSecurityPolicy/resources/generate-csp-report.php?test=/security/contentSecurityPolicy/report-uri-from-child-frame.html","referrer":"http://127.0.0.1:8000/security/contentSecurityPolicy/report-uri-from-child-frame.html","violated-directive":"script-src 'self'","effective-directive":"script-src","original-policy":"script-src 'self'; report-uri save-report.php?test=/security/contentSecurityPolicy/report-uri-from-child-frame.html","blocked-uri":"","status-code":200}}
+{"csp-report":{"document-uri":"http://127.0.0.1:8000/security/contentSecurityPolicy/resources/generate-csp-report.py?test=/security/contentSecurityPolicy/report-uri-from-child-frame.html","referrer":"http://127.0.0.1:8000/security/contentSecurityPolicy/report-uri-from-child-frame.html","violated-directive":"script-src 'self'","effective-directive":"script-src","original-policy":"script-src 'self'; report-uri save-report.py?test=/security/contentSecurityPolicy/report-uri-from-child-frame.html","blocked-uri":"","status-code":200}}
if (window.testRunner)
testRunner.dumpChildFramesAsText();
</script>
-<iframe src="resources/generate-csp-report.php?test=/security/contentSecurityPolicy/report-uri-from-child-frame.html"></iframe>
+<iframe src="resources/generate-csp-report.py?test=/security/contentSecurityPolicy/report-uri-from-child-frame.html"></iframe>
HTTP_HOST: 127.0.0.1:8000
HTTP_REFERER: http://127.0.0.1:8000/security/contentSecurityPolicy/report-uri-from-inline-javascript.py
REQUEST_METHOD: POST
-REQUEST_URI: /security/contentSecurityPolicy/resources/save-report.php
+REQUEST_URI: /security/contentSecurityPolicy/resources/save-report.py
=== POST DATA ===
-{"csp-report":{"document-uri":"http://127.0.0.1:8000/security/contentSecurityPolicy/report-uri-from-inline-javascript.py","referrer":"","violated-directive":"img-src 'none'","effective-directive":"img-src","original-policy":"img-src 'none'; report-uri resources/save-report.php","blocked-uri":"http://127.0.0.1:8000/security/resources/abe.png","status-code":200,"source-file":"http://127.0.0.1:8000/security/contentSecurityPolicy/report-uri-from-inline-javascript.py","line-number":7,"column-number":10}}
+{"csp-report":{"document-uri":"http://127.0.0.1:8000/security/contentSecurityPolicy/report-uri-from-inline-javascript.py","referrer":"","violated-directive":"img-src 'none'","effective-directive":"img-src","original-policy":"img-src 'none'; report-uri resources/save-report.py","blocked-uri":"http://127.0.0.1:8000/security/resources/abe.png","status-code":200,"source-file":"http://127.0.0.1:8000/security/contentSecurityPolicy/report-uri-from-inline-javascript.py","line-number":7,"column-number":10}}
import sys
sys.stdout.write(
- 'Content-Security-Policy: img-src \'none\'; report-uri resources/save-report.php\r\n'
+ 'Content-Security-Policy: img-src \'none\'; report-uri resources/save-report.py\r\n'
'Content-Type: text/html\r\n\r\n'
'<!DOCTYPE html>\n'
'<html>\n'
HTTP_HOST: 127.0.0.1:8000
HTTP_REFERER: http://127.0.0.1:8000/security/contentSecurityPolicy/report-uri-from-javascript.py
REQUEST_METHOD: POST
-REQUEST_URI: /security/contentSecurityPolicy/resources/save-report.php
+REQUEST_URI: /security/contentSecurityPolicy/resources/save-report.py
=== POST DATA ===
-{"csp-report":{"document-uri":"http://127.0.0.1:8000/security/contentSecurityPolicy/report-uri-from-javascript.py","referrer":"","violated-directive":"img-src 'none'","effective-directive":"img-src","original-policy":"img-src 'none'; report-uri resources/save-report.php","blocked-uri":"http://127.0.0.1:8000/security/resources/abe.png","status-code":200,"source-file":"http://127.0.0.1:8000/security/contentSecurityPolicy/resources/inject-image.js","line-number":3,"column-number":2}}
+{"csp-report":{"document-uri":"http://127.0.0.1:8000/security/contentSecurityPolicy/report-uri-from-javascript.py","referrer":"","violated-directive":"img-src 'none'","effective-directive":"img-src","original-policy":"img-src 'none'; report-uri resources/save-report.py","blocked-uri":"http://127.0.0.1:8000/security/resources/abe.png","status-code":200,"source-file":"http://127.0.0.1:8000/security/contentSecurityPolicy/resources/inject-image.js","line-number":3,"column-number":2}}
import sys
sys.stdout.write(
- 'Content-Security-Policy: img-src \'none\'; report-uri resources/save-report.php\r\n'
+ 'Content-Security-Policy: img-src \'none\'; report-uri resources/save-report.py\r\n'
'Content-Type: text/html\r\n\r\n'
'<!DOCTYPE html>\n'
'<html>\n'
<!DOCTYPE html>
<html>
<head>
-<meta http-equiv="Content-Security-Policy" content="report-uri /security/contentSecurityPolicy/resources/save-report.php">
+<meta http-equiv="Content-Security-Policy" content="report-uri /security/contentSecurityPolicy/resources/save-report.py">
<script>
if (window.testRunner)
testRunner.dumpAsText();
HTTP_HOST: 127.0.0.1:8080
HTTP_REFERER: http://127.0.0.1:8000/security/contentSecurityPolicy/report-uri-scheme-relative.py
REQUEST_METHOD: POST
-REQUEST_URI: /security/contentSecurityPolicy/resources/save-report.php
+REQUEST_URI: /security/contentSecurityPolicy/resources/save-report.py
=== POST DATA ===
-{"csp-report":{"document-uri":"http://127.0.0.1:8000/security/contentSecurityPolicy/report-uri-scheme-relative.py","referrer":"","violated-directive":"script-src 'self'","effective-directive":"script-src","original-policy":"script-src 'self'; report-uri //127.0.0.1:8080/security/contentSecurityPolicy/resources/save-report.php","blocked-uri":"","status-code":200}}
+{"csp-report":{"document-uri":"http://127.0.0.1:8000/security/contentSecurityPolicy/report-uri-scheme-relative.py","referrer":"","violated-directive":"script-src 'self'","effective-directive":"script-src","original-policy":"script-src 'self'; report-uri //127.0.0.1:8080/security/contentSecurityPolicy/resources/save-report.py","blocked-uri":"","status-code":200}}
import sys
sys.stdout.write(
- 'Content-Security-Policy: script-src \'self\'; report-uri //127.0.0.1:8080/security/contentSecurityPolicy/resources/save-report.php\r\n'
+ 'Content-Security-Policy: script-src \'self\'; report-uri //127.0.0.1:8080/security/contentSecurityPolicy/resources/save-report.py\r\n'
'Content-Type: text/html\r\n\r\n'
'<script>\n'
'// This script block will trigger a violation report.\n'
import sys
sys.stdout.write(
- 'Content-Security-Policy: script-src \'self\'; report-uri resources/save-report.php\r\n'
+ 'Content-Security-Policy: script-src \'self\'; report-uri resources/save-report.py\r\n'
'Content-Type: text/html\r\n\r\n'
'<script>\n'
'// This script block will trigger a violation report.\n'
+++ /dev/null
-<?php
-require_once "report-file-path.php";
-
-while (!file_exists($reportFilePath)) {
- usleep(10000);
- // file_exists() caches results, we want to invalidate the cache.
- clearstatcache();
-}
-
-echo "<html><body>\n";
-echo "CSP report received:";
-$reportFile = fopen($reportFilePath, 'r');
-while ($line = fgets($reportFile)) {
- echo "<br>";
- echo trim($line);
-}
-fclose($reportFile);
-unlink($reportFilePath);
-echo "<script>";
-echo "if (window.testRunner)";
-echo " testRunner.notifyDone();";
-echo "</script>";
-echo "</body></html>";
-?>
--- /dev/null
+#!/usr/bin/env python3
+
+import os
+import sys
+import time
+from report_file_path import report_filepath
+
+while not os.path.isfile(report_filepath):
+ time.sleep(0.01)
+
+sys.stdout.write(
+ 'Content-Type: text/html\r\n\r\n'
+ '<html><body>\n'
+ 'CSP report received:'
+)
+
+report_file = open(report_filepath, 'r')
+for line in report_file.readlines():
+ sys.stdout.write('<br>{}'.format(line.strip()))
+
+report_file.close()
+if os.path.isfile(report_filepath):
+ os.remove(report_filepath)
+
+sys.stdout.write(
+ '<script>'
+ 'if (window.testRunner)'
+ ' testRunner.notifyDone();'
+ '</script>'
+ '</body></html>'
+)
+++ /dev/null
-<?php
- header("Content-Security-Policy: script-src 'self'; report-uri save-report.php?test=" . $_GET['test']);
-?>
-<script>
-// This script block will trigger a violation report.
-alert('FAIL');
-</script>
-<script src="go-to-echo-report.py?test=<?php echo $_GET['test']; ?>"></script>
--- /dev/null
+#!/usr/bin/env python3
+
+import os
+import sys
+from urllib.parse import parse_qs
+
+test = parse_qs(os.environ.get('QUERY_STRING', ''), keep_blank_values=True).get('test', [''])[0]
+
+sys.stdout.write(
+ 'Content-Security-Policy: script-src \'self\'; report-uri save-report.py?test={}\r\n'
+ 'Content-Type: text/html\r\n\r\n'.format(test)
+)
+
+print('''<script>
+// This script block will trigger a violation report.
+alert('FAIL');
+</script>
+<script src="go-to-echo-report.py?test={}"></script>'''.format(test))
}
window.onload = function () {
- window.location = "/security/contentSecurityPolicy/resources/echo-report.php";
+ window.location = "/security/contentSecurityPolicy/resources/echo-report.py";
}
'}}\n'
'\n'
'window.onload = function () {{\n'
- ' window.location = "/security/contentSecurityPolicy/resources/echo-report.php?test={}";\n'
+ ' window.location = "/security/contentSecurityPolicy/resources/echo-report.py?test={}";\n'
'}}\n'.format(test)
)
\ No newline at end of file
import os
import sys
-filename = '../../../resources/square.png'
+filename = os.path.join('/'.join(__file__.split('/')[0:-4]), 'resources', 'square.png')
+
+if not os.path.isfile(filename):
+ sys.stderr.write('File {} does not exist\n'.format(filename))
+ sys.stdout.write('Content-Type: text/html\r\n\r\n')
+ sys.exit(0)
+
filesize = os.path.getsize(filename)
handle = open(filename, 'rb')
contents = handle.read()
+++ /dev/null
-<?php
-header("location: ".$_GET["url"]);
-header('HTTP/1.1 307 Temporary Redirect');
-?>
+++ /dev/null
-<?php
-require_once '../../../resources/portabilityLayer.php';
-
-if (isset($_GET['test'])) {
- $reportFilePath = sys_get_temp_dir() . "/" . str_replace("/", "-", $_GET['test']) . ".csp-report.txt";
-} elseif (isset($_SERVER["HTTP_REFERER"]) and strpos($_SERVER["HTTP_REFERER"], '/resources/') === false) {
- $reportFilePath = sys_get_temp_dir() . "/" . str_replace("/", "-", parse_url($_SERVER["HTTP_REFERER"], PHP_URL_PATH)) . ".csp-report.txt";
-} else {
- header("HTTP/1.1 500 Internal Server Error");
- echo "This script needs to know the name of the test to form a unique temporary file path. It can get one either from HTTP referrer, or from a 'test' parameter.\n";
- exit();
-}
-
-?>
--- /dev/null
+#!/usr/bin/env python3
+
+import os
+import sys
+import tempfile
+from urllib.parse import parse_qs, urlparse
+
+referer = os.environ.get('HTTP_REFERER', None)
+test = parse_qs(os.environ.get('QUERY_STRING', ''), keep_blank_values=True).get('test', [None])[0]
+
+if test is not None:
+ report_filepath = os.path.join(tempfile.gettempdir(), '{}.csp-report.txt'.format(test.replace('/', '-')))
+elif referer is not None and '/resources/' not in referer:
+ report_filepath = os.path.join(tempfile.gettempdir(), '{}.csp-report.txt'.format(urlparse(referer).path.replace('/', '-')))
+else:
+ sys.stdout.write(
+ 'status: 500\r\n'
+ 'Content-Type: text/html\r\n\r\n'
+ 'This script needs to know the name of the test to form a unique temporary file path. It can get one either from HTTP referrer, or from a \'test\' parameter.\n'
+ )
+ sys.exit(0)
+++ /dev/null
-<?php
-require_once "report-file-path.php";
-
-$DO_NOT_CLEAR_COOKIES = true; // Used by save-report.php
-require_once "save-report.php";
-
-header("HTTP/1.1 307");
-header("Location: save-report.php" . (isset($_SERVER["QUERY_STRING"]) ? "?" . $_SERVER["QUERY_STRING"] : ""));
-?>
--- /dev/null
+#!/usr/bin/env python3
+
+import os
+import sys
+from save_report import save_report
+
+query_string = os.environ.get('QUERY_STRING', '')
+if query_string != '':
+ query_string = '?{}'.format(query_string)
+
+sys.stdout.write(
+ 'status: 307\r\n'
+ 'Location: save-report.py{}\r\n'.format(query_string)
+)
+
+save_report(True)
+++ /dev/null
-<?php
-require_once "report-file-path.php";
-
-function undoMagicQuotes($value) {
- if (get_magic_quotes_gpc())
- return stripslashes($value);
- return $value;
-}
-
-$reportFile = fopen($reportFilePath . ".tmp", 'w');
-$httpHeaders = $_SERVER;
-ksort($httpHeaders, SORT_STRING);
-foreach ($httpHeaders as $name => $value) {
- if ($name === "CONTENT_TYPE" || $name === "HTTP_REFERER" || $name === "REQUEST_METHOD" || $name === "HTTP_COOKIE"
- || $name === "HTTP_HOST" || $name === "REQUEST_URI") {
- $value = undoMagicQuotes($value);
- fwrite($reportFile, "$name: $value\n");
- }
-}
-
-fwrite($reportFile, "=== POST DATA ===\n");
-fwrite($reportFile, file_get_contents("php://input"));
-fclose($reportFile);
-
-// On Windows, rename will sometimes fail because one of the files is used by another process.
-while (!rename($reportFilePath . ".tmp", $reportFilePath))
- sleep(1);
-
-if (!isset($DO_NOT_CLEAR_COOKIES) || !$DO_NOT_CLEAR_COOKIES) {
- foreach ($_COOKIE as $name => $value)
- setcookie($name, "deleted", time() - 60, "/");
-}
-?>
--- /dev/null
+#!/usr/bin/env python3
+
+from save_report import save_report
+save_report(False)
--- /dev/null
+#!/usr/bin/env python3
+
+import os
+import sys
+from datetime import datetime, timedelta
+from report_file_path import report_filepath
+
+file = __file__.split(':/cygwin')[-1]
+http_root = os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(os.path.dirname(file)))))
+sys.path.insert(0, http_root)
+
+from resources.portabilityLayer import get_cookies
+
+
+def not_being_called():
+ cookies = get_cookies()
+ expires = datetime.utcnow() - timedelta(seconds=60)
+ for cookie in cookies.keys():
+ sys.stdout.write('Set-Cookie: {}=deleted; expires={} GMT; Max-Age=0; path=/\r\n'.format(cookie, expires.strftime('%a, %d-%b-%Y %H:%M:%S')))
+
+
+def save_report(is_being_called):
+ data = ''.join(sys.stdin.readlines())
+
+ report_file = open('{}.tmp'.format(report_filepath), 'w')
+
+ for name in sorted(os.environ.keys()):
+ if name in ['CONTENT_TYPE', 'HTTP_REFERER', 'REQUEST_METHOD', 'HTTP_COOKIE', 'HTTP_HOST', 'REQUEST_URI']:
+ report_file.write('{}: {}\n'.format(name, os.environ.get(name)))
+
+ report_file.write('=== POST DATA ===\n{}'.format(data))
+ report_file.close()
+
+ os.rename('{}.tmp'.format(report_filepath), report_filepath)
+
+ if not is_being_called:
+ not_being_called()
+
+ sys.stdout.write('Content-Type: text/html\r\n\r\n')
+++ /dev/null
-<?php
- header("Expires: Thu, 01 Dec 2003 16:00:00 GMT");
- header("Cache-Control: no-cache, must-revalidate");
- header("Pragma: no-cache");
- if ($_GET["csp"]) {
- $csp = $_GET["csp"];
- // If the magic quotes option is enabled, the CSP could be escaped and
- // the test would fail.
- if (get_magic_quotes_gpc()) {
- $csp = stripslashes($csp);
- }
- header("Content-Security-Policy: " . $csp);
- } else if ($_GET["type"] == "multiple-headers") {
- header("Content-Security-Policy: connect-src 'none'");
- header("Content-Security-Policy: script-src 'self'", false);
- }
-?>
-
-<?php
-if ($_GET["type"] == "eval") {
-?>
-
-var id = 0;
-try {
- id = eval("1 + 2 + 3");
-}
-catch (e) {
-}
-
-postMessage(id === 0 ? "eval blocked" : "eval allowed");
-
-<?php
-} else if ($_GET["type"] == "function-function") {
-?>
-
-var fn = function() {
- postMessage('Function() function blocked');
-}
-try {
- fn = new Function("", "postMessage('Function() function allowed');");
-}
-catch(e) {
-}
-fn();
-
-<?php
-} else if ($_GET["type"] == "importscripts") {
-?>
-
-try {
- importScripts("http://localhost:8000/security/contentSecurityPolicy/resources/post-message.js");
- postMessage("importScripts allowed");
-} catch(e) {
- postMessage("importScripts blocked: " + e);
-}
-
-<?php
-} else if ($_GET["type"] == "make-xhr") {
-?>
-
-var xhr = new XMLHttpRequest;
-xhr.addEventListener("load", function () {
- postMessage("xhr allowed");
-});
-xhr.addEventListener("error", function () {
- postMessage("xhr blocked");
-});
-xhr.open("GET", "http://127.0.0.1:8000/xmlhttprequest/resources/get.txt", true);
-xhr.send();
-
-<?php
-} else if ($_GET["type"] == "set-timeout") {
-?>
-
-var id = 0;
-try {
- id = setTimeout("postMessage('handler invoked')", 100);
-} catch(e) {
-}
-postMessage(id === 0 ? "setTimeout blocked" : "setTimeout allowed");
-
-<?php
-} else if ($_GET["type"] == "post-message-pass") {
-?>
-
-postMessage("PASS");
-
-<?php
-} else if ($_GET["type"] == "report-referrer") {
-?>
-
-var xhr = new XMLHttpRequest;
-xhr.open("GET", "http://127.0.0.1:8000/security/resources/echo-referrer-header.php", true);
-xhr.onload = function () {
- postMessage(this.responseText);
-};
-xhr.send();
-
-<?php
-} else if ($_GET["type"] == "shared-report-referrer") {
-?>
-
-onconnect = function (e) {
- var port = e.ports[0];
- var xhr = new XMLHttpRequest;
- xhr.open(
- "GET",
- "http://127.0.0.1:8000/security/resources/echo-referrer-header.php",
- true);
- xhr.onload = function () {
- port.postMessage(this.responseText);
- };
- xhr.send();
-};
-
-<?php
-} else if ($_GET["type"] == "multiple-headers") {
-?>
-
-var xhr = new XMLHttpRequest;
-xhr.addEventListener("load", function () {
- postMessage("xhr allowed");
-});
-xhr.addEventListener("error", function () {
- postMessage("xhr blocked");
-});
-xhr.open("GET", "http://127.0.0.1:8000/xmlhttprequest/resources/get.txt", true);
-xhr.send();
-
-var id = 0;
-try {
- id = eval("1 + 2 + 3");
-}
-catch (e) {
-}
-
-postMessage(id === 0 ? "eval blocked" : "eval allowed");
-
-<?php
-}
-?>
--- /dev/null
+#!/usr/bin/env python3
+
+import os
+import sys
+from urllib.parse import parse_qs
+
+query = parse_qs(os.environ.get('QUERY_STRING', ''), keep_blank_values=True)
+csp = query.get('csp', [None])[0]
+typ = query.get('type', [''])[0]
+
+sys.stdout.write(
+ 'Expires: Thu, 01 Dec 2003 16:00:00 GMT\r\n'
+ 'Cache-Control: no-cache, must-revalidate\r\n'
+ 'Pragma: no-cache\r\n'
+ 'Content-Type: text/html\r\n'
+)
+
+if csp is not None:
+ sys.stdout.write('Content-Security-Policy: {}\r\n'.format(csp))
+elif typ == 'multiple-headers':
+ sys.stdout.write(
+ 'Content-Security-Policy: connect-src \'none\'\r\n'
+ 'Content-Security-Policy: script-src \'self\'\r\n'
+ )
+
+sys.stdout.write('\r\n')
+
+if typ == 'eval':
+ sys.stdout.write(
+ 'var id = 0;\n'
+ 'try {\n'
+ ' id = eval("1 + 2 + 3");\n'
+ '}\n'
+ ' catch (e) {\n'
+ '}\n'
+ '\n'
+ 'postMessage(id === 0 ? "eval blocked" : "eval allowed");\n'
+ )
+
+elif typ == 'function-function':
+ sys.stdout.write(
+ 'var fn = function() {\n'
+ ' postMessage(\'Function() function blocked\');\n'
+ '}\n'
+ 'try {\n'
+ ' fn = new Function("", "postMessage(\'Function() function allowed\');");\n'
+ '}\n'
+ 'catch(e) {\n'
+ '}\n'
+ 'fn();\n'
+ )
+
+elif typ == 'importscripts':
+ sys.stdout.write(
+ 'try {\n'
+ ' importScripts("http://localhost:8000/security/contentSecurityPolicy/resources/post-message.js");\n'
+ ' postMessage("importScripts allowed");\n'
+ '} catch(e) {\n'
+ ' postMessage("importScripts blocked: " + e);\n'
+ '}\n'
+ )
+
+elif typ == 'make-xhr':
+ sys.stdout.write(
+ 'var xhr = new XMLHttpRequest;\n'
+ 'xhr.addEventListener("load", function () {\n'
+ ' postMessage("xhr allowed");\n'
+ '});\n'
+ 'xhr.addEventListener("error", function () {\n'
+ ' postMessage("xhr blocked");\n'
+ '});\n'
+ 'xhr.open("GET", "http://127.0.0.1:8000/xmlhttprequest/resources/get.txt", true);\n'
+ 'xhr.send();\n'
+ )
+
+elif typ == 'set-timeout':
+ sys.stdout.write(
+ 'var id = 0;\n'
+ 'try {\n'
+ ' id = setTimeout("postMessage(\'handler invoked\')", 100);\n'
+ '} catch(e) {\n'
+ '}\n'
+ 'postMessage(id === 0 ? "setTimeout blocked" : "setTimeout allowed");\n'
+ )
+
+elif typ == 'post-message-pass':
+ sys.stdout.write('postMessage("PASS");')
+
+elif typ == 'report-referrer':
+ sys.stdout.write(
+ 'var xhr = new XMLHttpRequest;\n'
+ 'xhr.open("GET", "http://127.0.0.1:8000/security/resources/echo-referrer-header.php", true);\n'
+ 'xhr.onload = function () {\n'
+ ' postMessage(this.responseText);\n'
+ '};\n'
+ 'xhr.send();\n'
+ )
+
+elif typ == 'shared-report-referrer':
+ sys.stdout.write(
+ 'onconnect = function (e) {\n'
+ ' var port = e.ports[0];\n'
+ ' var xhr = new XMLHttpRequest;\n'
+ ' xhr.open(\n'
+ ' "GET",\n'
+ ' "http://127.0.0.1:8000/security/resources/echo-referrer-header.php",\n'
+ ' true);\n'
+ ' xhr.onload = function () {\n'
+ ' port.postMessage(this.responseText);\n'
+ ' };\n'
+ ' xhr.send();\n'
+ '};\n'
+ )
+
+elif typ == 'multiple-headers':
+ sys.stdout.write(
+ 'var xhr = new XMLHttpRequest;\n'
+ 'xhr.addEventListener("load", function () {\n'
+ ' postMessage("xhr allowed");\n'
+ '});\n'
+ 'xhr.addEventListener("error", function () {\n'
+ ' postMessage("xhr blocked");\n'
+ '});\n'
+ 'xhr.open("GET", "http://127.0.0.1:8000/xmlhttprequest/resources/get.txt", true);\n'
+ 'xhr.send();\n'
+ '\n'
+ 'var id = 0;\n'
+ 'try {\n'
+ ' id = eval("1 + 2 + 3");\n'
+ '}\n'
+ 'catch (e) {\n'
+ '}\n'
+ '\n'
+ 'postMessage(id === 0 ? "eval blocked" : "eval allowed");\n'
+ )
'Content-Type: text/plain\r\n'
'Access-Control-Allow-Origin: *\r\n\r\n'
'hello\n'
-)
\ No newline at end of file
+)
HTTP_HOST: 127.0.0.1:8000
HTTP_REFERER: http://127.0.0.1:8000/plugins/resources/mock-plugin.pl
REQUEST_METHOD: POST
-REQUEST_URI: /security/contentSecurityPolicy/resources/save-report.php?test=/security/contentSecurityPolicy/same-origin-plugin-document-blocked-in-child-window-report.py
+REQUEST_URI: /security/contentSecurityPolicy/resources/save-report.py?test=/security/contentSecurityPolicy/same-origin-plugin-document-blocked-in-child-window-report.py
=== POST DATA ===
-{"csp-report":{"document-uri":"http://127.0.0.1:8000/plugins/resources/mock-plugin.pl","referrer":"http://127.0.0.1:8000/security/contentSecurityPolicy/same-origin-plugin-document-blocked-in-child-window-report.py","violated-directive":"plugin-types application/x-webkit-dummy-plugin","effective-directive":"plugin-types","original-policy":"script-src 'self' 'unsafe-inline'; plugin-types application/x-webkit-dummy-plugin; report-uri /security/contentSecurityPolicy/resources/save-report.php?test=/security/contentSecurityPolicy/same-origin-plugin-document-blocked-in-child-window-report.py","blocked-uri":"http://127.0.0.1:8000/plugins/resources/mock-plugin.pl","status-code":200}}
+{"csp-report":{"document-uri":"http://127.0.0.1:8000/plugins/resources/mock-plugin.pl","referrer":"http://127.0.0.1:8000/security/contentSecurityPolicy/same-origin-plugin-document-blocked-in-child-window-report.py","violated-directive":"plugin-types application/x-webkit-dummy-plugin","effective-directive":"plugin-types","original-policy":"script-src 'self' 'unsafe-inline'; plugin-types application/x-webkit-dummy-plugin; report-uri /security/contentSecurityPolicy/resources/save-report.py?test=/security/contentSecurityPolicy/same-origin-plugin-document-blocked-in-child-window-report.py","blocked-uri":"http://127.0.0.1:8000/plugins/resources/mock-plugin.pl","status-code":200}}
import sys
sys.stdout.write(
- 'Content-Security-Policy: script-src \'self\' \'unsafe-inline\'; plugin-types application/x-webkit-dummy-plugin; report-uri /security/contentSecurityPolicy/resources/save-report.php?test=/security/contentSecurityPolicy/same-origin-plugin-document-blocked-in-child-window-report.py\r\n'
+ 'Content-Security-Policy: script-src \'self\' \'unsafe-inline\'; plugin-types application/x-webkit-dummy-plugin; report-uri /security/contentSecurityPolicy/resources/save-report.py?test=/security/contentSecurityPolicy/same-origin-plugin-document-blocked-in-child-window-report.py\r\n'
'Content-Type: text/html\r\n\r\n'
'<!DOCTYPE html>\n'
'<html>\n'
'<script>\n'
'function navigateToCSPReport()\n'
'{\n'
- ' window.location.href = "/security/contentSecurityPolicy/resources/echo-report.php?test=/security/contentSecurityPolicy/same-origin-plugin-document-blocked-in-child-window-report.py";\n'
+ ' window.location.href = "/security/contentSecurityPolicy/resources/echo-report.py?test=/security/contentSecurityPolicy/same-origin-plugin-document-blocked-in-child-window-report.py";\n'
'}\n'
'\n'
'checkDidSameOriginChildWindowLoad(window.open("http://127.0.0.1:8000/plugins/resources/mock-plugin.pl"), navigateToCSPReport);\n'
<body>
<script>
try {
- var worker = new Worker('http://127.0.0.1:8000/security/contentSecurityPolicy/resources/worker.php?type=make-xhr&csp=' +
+ var worker = new Worker('http://127.0.0.1:8000/security/contentSecurityPolicy/resources/worker.py?type=make-xhr&csp=' +
encodeURIComponent("connect-src http://127.0.0.1:8000"));
worker.onmessage = function (event) {
alert(event.data);
<body>
<script>
try {
- var worker = new Worker('http://127.0.0.1:8000/security/contentSecurityPolicy/resources/worker.php?type=make-xhr&csp=' +
+ var worker = new Worker('http://127.0.0.1:8000/security/contentSecurityPolicy/resources/worker.py?type=make-xhr&csp=' +
encodeURIComponent("connect-src 'none'"));
worker.onmessage = function (event) {
alert(event.data);
<body>
<script>
try {
- var worker = new Worker('http://127.0.0.1:8000/security/contentSecurityPolicy/resources/worker.php?type=eval&csp=' +
+ var worker = new Worker('http://127.0.0.1:8000/security/contentSecurityPolicy/resources/worker.py?type=eval&csp=' +
encodeURIComponent("script-src 'self' 'unsafe-inline'"));
worker.onmessage = function (event) {
alert(event.data);
<body>
<script>
try {
- var worker = new Worker('http://127.0.0.1:8000/security/contentSecurityPolicy/resources/worker.php?type=function-function&csp=' +
+ var worker = new Worker('http://127.0.0.1:8000/security/contentSecurityPolicy/resources/worker.py?type=function-function&csp=' +
encodeURIComponent("script-src 'self' 'unsafe-inline'"));
worker.onmessage = function (event) {
alert(event.data);
var result = '';
try {
- var worker = new Worker('http://127.0.0.1:8000/security/contentSecurityPolicy/resources/worker.php?type=importscripts&csp=' +
+ var worker = new Worker('http://127.0.0.1:8000/security/contentSecurityPolicy/resources/worker.py?type=importscripts&csp=' +
encodeURIComponent("script-src 'unsafe-eval' 'unsafe-inline' 127.0.0.1:8000"));
worker.onmessage = function (event) {
result = event.data;
<body>
<script>
async_test(function () {
- var worker = new Worker('http://127.0.0.1:8000/security/contentSecurityPolicy/resources/worker.php?type=multiple-headers');
+ var worker = new Worker('http://127.0.0.1:8000/security/contentSecurityPolicy/resources/worker.py?type=multiple-headers');
var evalBlocked = false;
var xhrBlocked = false;
var numMessages = 0;
<script>
try {
// We ignore the message posted by the worker (by not registering an onmessage handler) as we are only interested in knowing whether an exception occurred.
- var worker = new Worker('http://127.0.0.1:8000/security/contentSecurityPolicy/resources/worker.php?type=post-message-pass&csp=' +
+ var worker = new Worker('http://127.0.0.1:8000/security/contentSecurityPolicy/resources/worker.py?type=post-message-pass&csp=' +
encodeURIComponent("script-src 'self' 'unsafe-inline'"));
alert("PASS");
} catch (e) {
<body>
<script>
try {
- var worker = new Worker('http://127.0.0.1:8000/security/contentSecurityPolicy/resources/worker.php?type=set-timeout&csp=' +
+ var worker = new Worker('http://127.0.0.1:8000/security/contentSecurityPolicy/resources/worker.py?type=set-timeout&csp=' +
encodeURIComponent("script-src 'self' 'unsafe-inline'"));
worker.onmessage = function (event) {
alert(event.data);
// have no CSP, not the CSP of the responsible document.
async_test(function () {
- var worker = new Worker('http://127.0.0.1:8000/security/contentSecurityPolicy/resources/worker.php?type=make-xhr');
+ var worker = new Worker('http://127.0.0.1:8000/security/contentSecurityPolicy/resources/worker.py?type=make-xhr');
worker.onmessage = this.step_func(function (event) {
assert_equals(event.data, "xhr allowed");
this.done();
document.getElementById("console").appendChild(document.createTextNode(msg + "\n"));
}
- var protectedResource = "http://127.0.0.1:8000/security/contentSecurityPolicy/resources/generate-csp-report.php?test=/security/contentSecurityPolicy/xmlhttprequest-protected-resource-does-not-crash.html";
+ var protectedResource = "http://127.0.0.1:8000/security/contentSecurityPolicy/resources/generate-csp-report.py?test=/security/contentSecurityPolicy/xmlhttprequest-protected-resource-does-not-crash.html";
var xhr = new XMLHttpRequest();
xhr.responseType = "document";
xhr.onreadystatechange = function () {
+++ /dev/null
-<html>
-<head>
-<script>
-function runTest() {
-
- if (window.testRunner)
- testRunner.dumpAsText();
-
- <?php if (isset($_COOKIE['one_cookie']))
- echo 'document.write("FAIL: Cookies with a wrong domain should be rejected in user agent.");';
- else
- echo 'document.write("PASS: User agent rejected the cookie with a wrong domain.")';
- ?>;
-
-}
-</script>
-</head>
-<body onload="runTest()">
-</body>
-</html>
-
--- /dev/null
+#!/usr/bin/env python3
+
+import os
+import sys
+
+file = __file__.split(':/cygwin')[-1]
+http_root = os.path.dirname(os.path.dirname(os.path.abspath(os.path.dirname(file))))
+sys.path.insert(0, http_root)
+
+from resources.portabilityLayer import get_cookies
+
+cookies = get_cookies()
+
+sys.stdout.write('Content-Type: text/html\r\n\r\n')
+
+print('''<html>
+<head>
+<script>
+function runTest() {
+
+ if (window.testRunner)
+ testRunner.dumpAsText();''')
+
+if cookies.get('one_cookie', None) is not None:
+ sys.stdout.write(' document.write("FAIL: Cookies with a wrong domain should be rejected in user agent.");')
+else:
+ sys.stdout.write(' document.write("PASS: User agent rejected the cookie with a wrong domain.")')
+
+print('''}
+</script>
+</head>
+<body onload="runTest()">
+</body>
+</html>''')
sys.stdout.write(
'Set-Cookie: one_cookie=shouldBeRejeced; domain=WrongDomain\r\n'
- 'Location: cookies-wrong-domain-rejected-result.php\r\n'
+ 'Location: cookies-wrong-domain-rejected-result.py\r\n'
'Content-Type: text/html\r\n\r\n'
)
\ No newline at end of file
}
</script>
<body>
- <iframe src="http://127.0.0.1:8000/security/cookies/resources/set-a-cookie.php"></iframe>
+ <iframe src="http://127.0.0.1:8000/security/cookies/resources/set-a-cookie.py"></iframe>
</body>
</html>
</xsl:template>
-<?php
- setcookie("test_cookie", "1", 0, "/");
-?>
-<!DOCTYPE html>
+#!/usr/bin/env python3
+
+import sys
+
+sys.stdout.write(
+ 'Set-Cookie: test_cookie=1; path=/\r\n'
+ 'Content-Type: text/html\r\n\r\n'
+)
+
+print('''<!DOCTYPE html>
<html>
<script>
function checkCookie()
<body onload="checkCookie()">
<div id="log"></div>
</body>
-</html>
+</html>''')
}
</script>
<body>
- <iframe src="http://localhost:8000/security/cookies/resources/set-a-cookie.php"></iframe>
+ <iframe src="http://localhost:8000/security/cookies/resources/set-a-cookie.py"></iframe>
</body>
</html>
</xsl:template>
</script>
<body onload="runTest()">
<div>
- <form id="form" action="http://localhost:8000/security/cookies/resources/set-a-cookie.php" method="POST">
+ <form id="form" action="http://localhost:8000/security/cookies/resources/set-a-cookie.py" method="POST">
<input type="submit" />
</form>
<iframe src="javascript:false" name="iframe"></iframe>
</script>
<body onload="runTest()">
<div>
- <form id="form" action="http://localhost:8000/security/cookies/resources/set-a-cookie.php" method="POST" target="iframe">
+ <form id="form" action="http://localhost:8000/security/cookies/resources/set-a-cookie.py" method="POST" target="iframe">
<input type="submit" />
</form>
<iframe src="javascript:false" name="iframe"></iframe>
</script>
<body onload="runTest()">
<div>
- <form id="form" action="http://localhost:8000/security/cookies/resources/set-a-cookie.php" method="POST" target="iframe">
+ <form id="form" action="http://localhost:8000/security/cookies/resources/set-a-cookie.py" method="POST" target="iframe">
<input type="submit" />
</form>
<iframe src="javascript:false" name="iframe"></iframe>
window.open('http://127.0.0.1:8000/security/resources/credentials-from-different-domains-continued-1.html');
}
}
- request2.open('GET', 'http://127.0.0.1:8000/security/resources/cors-basic-auth.php');
+ request2.open('GET', 'http://127.0.0.1:8000/security/resources/cors-basic-auth.py');
request2.send();
}
};
-request1.open('GET', 'http://127.0.0.1:8000/security/resources/cors-basic-auth.php', true, "user", "pass");
+request1.open('GET', 'http://127.0.0.1:8000/security/resources/cors-basic-auth.py', true, "user", "pass");
request1.send();
</script>
ALERT: parent host: 127.0.0.1 iframe host: 127.0.0.1 credentials:User: same-domain-user, password: same-domain-password.
-http://127.0.0.1:8000/security/resources/cors-basic-auth.php - didReceiveAuthenticationChallenge - Simulating cancelled authentication sheet
+http://127.0.0.1:8000/security/resources/cors-basic-auth.py - didReceiveAuthenticationChallenge - Simulating cancelled authentication sheet
ALERT: parent host: localhost iframe host: 127.0.0.1 credentials:Authentication canceled
ALERT: parent host: 127.0.0.1 iframe host: 127.0.0.1 credentials:User: same-domain-user, password: same-domain-password.
-CONSOLE MESSAGE: Blocked http://127.0.0.1:8000/security/resources/cors-basic-auth.php from asking for credentials because it is a cross-origin request.
+CONSOLE MESSAGE: Blocked http://127.0.0.1:8000/security/resources/cors-basic-auth.py from asking for credentials because it is a cross-origin request.
ALERT: parent host: localhost iframe host: 127.0.0.1 credentials:Authentication canceled
<script type="module">
// Executed with "omit".
// https://github.com/tc39/proposal-dynamic-import/blob/master/HTML%20Integration.md
-import("http://localhost:8000/security/resources/cors-script.php?credentials=false").then(
+import("http://localhost:8000/security/resources/cors-script.py?credentials=false").then(
function() { done("PASS");},
function() { done("FAIL"); });
</script>
// Executed with "omit".
// https://github.com/tc39/proposal-dynamic-import/blob/master/HTML%20Integration.md
-import("http://localhost:8000/security/resources/cors-script.php?credentials=false").then(
+import("http://localhost:8000/security/resources/cors-script.py?credentials=false").then(
function() { done("PASS");},
function() { done("FAIL"); });
</script>
var worker;
try {
// We ignore the message posted by the worker (by not registering an onmessage handler) as we are only interested in knowing whether an exception occurred.
- worker = new Worker("http://127.0.0.1:8000/security/contentSecurityPolicy/resources/worker.php?type=post-message-pass");
+ worker = new Worker("http://127.0.0.1:8000/security/contentSecurityPolicy/resources/worker.py?type=post-message-pass");
window.postMessage("PASS worker instantiated.", "*");
} catch (exception) {
window.postMessage("FAIL should not have thrown an exception when creating worker. Threw exception " + exception + ".", "*");
PASS event.message.match(/SomeError/)[0] is "SomeError"
-PASS event.filename is "http://localhost:8000/security/resources/cors-script.php?fail=true"
+PASS event.filename is "http://localhost:8000/security/resources/cors-script.py?fail=true"
PASS event.lineno is 1
PASS event.colno is 52
PASS event.error.toString() is "SomeError"
window.addEventListener('error', function() {
shouldBeEqualToString("event.message.match(/SomeError/)[0]", "SomeError");
- shouldBeEqualToString("event.filename", "http://localhost:8000/security/resources/cors-script.php?fail=true");
+ shouldBeEqualToString("event.filename", "http://localhost:8000/security/resources/cors-script.py?fail=true");
shouldBe("event.lineno", "1");
shouldBe("event.colno", "52");
shouldBeEqualToString("event.error.toString()", "SomeError");
successfullyParsed = true;
</script>
-<script type="module" crossorigin="anonymous" src="http://localhost:8000/security/resources/cors-script.php?fail=true"></script>
+<script type="module" crossorigin="anonymous" src="http://localhost:8000/security/resources/cors-script.py?fail=true"></script>
<script src="../../js-test-resources/js-test-post.js"></script>
var script = document.createElement("script");
script.type = "module";
script.crossOrigin = "use-credentials";
-script.src = "http://localhost:8000/security/resources/cors-script.php?credentials=true";
+script.src = "http://localhost:8000/security/resources/cors-script.py?credentials=true";
script.onload = function() { done("PASS"); }
script.onerror = function() { done("FAIL");}
document.body.appendChild(script);
var script = document.createElement("script");
script.type = "module";
-script.src = "http://localhost:8000/security/resources/cors-script.php?credentials=false";
+script.src = "http://localhost:8000/security/resources/cors-script.py?credentials=false";
script.onload = function() { done("PASS"); }
script.onerror = function() { done("FAIL");}
document.body.appendChild(script);
PASS msg.match(/SomeError/)[0] is "SomeError"
-PASS url is "http://localhost:8000/security/resources/cors-script.php?fail=true"
+PASS url is "http://localhost:8000/security/resources/cors-script.py?fail=true"
PASS line is 1
PASS column is 52
PASS error.toString() is "SomeError"
window.column = column;
window.error = error;
shouldBeEqualToString("msg.match(/SomeError/)[0]", "SomeError");
- shouldBeEqualToString("url", "http://localhost:8000/security/resources/cors-script.php?fail=true");
+ shouldBeEqualToString("url", "http://localhost:8000/security/resources/cors-script.py?fail=true");
shouldBe("line", "1");
shouldBe("column", "52");
shouldBeEqualToString("error.toString()", "SomeError");
finishJSTest();
}
</script>
-<script type="module" crossorigin=" anonymous " src="http://localhost:8000/security/resources/cors-script.php?fail=true"></script>
+<script type="module" crossorigin=" anonymous " src="http://localhost:8000/security/resources/cors-script.py?fail=true"></script>
<script src="../../js-test-resources/js-test-post.js"></script>
-http://127.0.0.1:8000/security/resources/basic-auth.php?username=webkit&password=rocks - didReceiveAuthenticationChallenge - Responding with webkit:rocks
+http://127.0.0.1:8000/security/resources/basic-auth.py?username=webkit&password=rocks - didReceiveAuthenticationChallenge - Responding with webkit:rocks
This test makes sure that auth credentials cached during a private browsing session do not leak out after private browsing is disabled.
--------
</script>
<body>
This test makes sure that auth credentials cached during a private browsing session do not leak out after private browsing is disabled.
-<iframe src="resources/basic-auth.php?username=webkit&password=rocks" onload="firstFrameLoaded();"></iframe>
+<iframe src="resources/basic-auth.py?username=webkit&password=rocks" onload="firstFrameLoaded();"></iframe>
</body>
PASS actualReferrer is "https://127.0.0.1:8443/"
Testing 'Referrer-Policy: unsafe-url' - referrer origin: https://127.0.0.1:8443/ - destination origin: https://localhost:8443/ - isMultipartResponse? false
-PASS actualReferrer is "https://127.0.0.1:8443/security/resources/serve-referrer-policy-and-test.php?value=unsafe-url&destinationOrigin=https://localhost:8443/&isTestingMultipart=0"
+PASS actualReferrer is "https://127.0.0.1:8443/security/resources/serve-referrer-policy-and-test.py?value=unsafe-url&destinationOrigin=https://localhost:8443/&isTestingMultipart=0"
Testing 'Referrer-Policy: unsafe-url' - referrer origin: https://127.0.0.1:8443/ - destination origin: https://127.0.0.1:8443/ - isMultipartResponse? false
-PASS actualReferrer is "https://127.0.0.1:8443/security/resources/serve-referrer-policy-and-test.php?value=unsafe-url&destinationOrigin=https://127.0.0.1:8443/&isTestingMultipart=0"
+PASS actualReferrer is "https://127.0.0.1:8443/security/resources/serve-referrer-policy-and-test.py?value=unsafe-url&destinationOrigin=https://127.0.0.1:8443/&isTestingMultipart=0"
Testing 'Referrer-Policy: unsafe-url' - referrer origin: https://127.0.0.1:8443/ - destination origin: http://127.0.0.1:8000/ - isMultipartResponse? false
-PASS actualReferrer is "https://127.0.0.1:8443/security/resources/serve-referrer-policy-and-test.php?value=unsafe-url&destinationOrigin=http://127.0.0.1:8000/&isTestingMultipart=0"
+PASS actualReferrer is "https://127.0.0.1:8443/security/resources/serve-referrer-policy-and-test.py?value=unsafe-url&destinationOrigin=http://127.0.0.1:8000/&isTestingMultipart=0"
Testing 'Referrer-Policy: no-referrer-when-downgrade' - referrer origin: https://127.0.0.1:8443/ - destination origin: https://localhost:8443/ - isMultipartResponse? false
-PASS actualReferrer is "https://127.0.0.1:8443/security/resources/serve-referrer-policy-and-test.php?value=no-referrer-when-downgrade&destinationOrigin=https://localhost:8443/&isTestingMultipart=0"
+PASS actualReferrer is "https://127.0.0.1:8443/security/resources/serve-referrer-policy-and-test.py?value=no-referrer-when-downgrade&destinationOrigin=https://localhost:8443/&isTestingMultipart=0"
Testing 'Referrer-Policy: no-referrer-when-downgrade' - referrer origin: https://127.0.0.1:8443/ - destination origin: https://127.0.0.1:8443/ - isMultipartResponse? false
-PASS actualReferrer is "https://127.0.0.1:8443/security/resources/serve-referrer-policy-and-test.php?value=no-referrer-when-downgrade&destinationOrigin=https://127.0.0.1:8443/&isTestingMultipart=0"
+PASS actualReferrer is "https://127.0.0.1:8443/security/resources/serve-referrer-policy-and-test.py?value=no-referrer-when-downgrade&destinationOrigin=https://127.0.0.1:8443/&isTestingMultipart=0"
Testing 'Referrer-Policy: no-referrer-when-downgrade' - referrer origin: https://127.0.0.1:8443/ - destination origin: http://127.0.0.1:8000/ - isMultipartResponse? false
PASS actualReferrer is ""
PASS actualReferrer is ""
Testing 'Referrer-Policy: same-origin' - referrer origin: https://127.0.0.1:8443/ - destination origin: https://127.0.0.1:8443/ - isMultipartResponse? false
-PASS actualReferrer is "https://127.0.0.1:8443/security/resources/serve-referrer-policy-and-test.php?value=same-origin&destinationOrigin=https://127.0.0.1:8443/&isTestingMultipart=0"
+PASS actualReferrer is "https://127.0.0.1:8443/security/resources/serve-referrer-policy-and-test.py?value=same-origin&destinationOrigin=https://127.0.0.1:8443/&isTestingMultipart=0"
Testing 'Referrer-Policy: same-origin' - referrer origin: https://127.0.0.1:8443/ - destination origin: http://127.0.0.1:8000/ - isMultipartResponse? false
PASS actualReferrer is ""
PASS actualReferrer is "https://127.0.0.1:8443/"
Testing 'Referrer-Policy: strict-origin-when-cross-origin' - referrer origin: https://127.0.0.1:8443/ - destination origin: https://127.0.0.1:8443/ - isMultipartResponse? false
-PASS actualReferrer is "https://127.0.0.1:8443/security/resources/serve-referrer-policy-and-test.php?value=strict-origin-when-cross-origin&destinationOrigin=https://127.0.0.1:8443/&isTestingMultipart=0"
+PASS actualReferrer is "https://127.0.0.1:8443/security/resources/serve-referrer-policy-and-test.py?value=strict-origin-when-cross-origin&destinationOrigin=https://127.0.0.1:8443/&isTestingMultipart=0"
Testing 'Referrer-Policy: strict-origin-when-cross-origin' - referrer origin: https://127.0.0.1:8443/ - destination origin: http://127.0.0.1:8000/ - isMultipartResponse? false
PASS actualReferrer is ""
PASS actualReferrer is "https://127.0.0.1:8443/"
Testing 'Referrer-Policy: origin-when-cross-origin' - referrer origin: https://127.0.0.1:8443/ - destination origin: https://127.0.0.1:8443/ - isMultipartResponse? false
-PASS actualReferrer is "https://127.0.0.1:8443/security/resources/serve-referrer-policy-and-test.php?value=origin-when-cross-origin&destinationOrigin=https://127.0.0.1:8443/&isTestingMultipart=0"
+PASS actualReferrer is "https://127.0.0.1:8443/security/resources/serve-referrer-policy-and-test.py?value=origin-when-cross-origin&destinationOrigin=https://127.0.0.1:8443/&isTestingMultipart=0"
Testing 'Referrer-Policy: origin-when-cross-origin' - referrer origin: https://127.0.0.1:8443/ - destination origin: http://127.0.0.1:8000/ - isMultipartResponse? false
PASS actualReferrer is "https://127.0.0.1:8443/"
Testing 'Referrer-Policy: invalid' - referrer origin: https://127.0.0.1:8443/ - destination origin: https://localhost:8443/ - isMultipartResponse? false
-PASS actualReferrer is "https://127.0.0.1:8443/security/resources/serve-referrer-policy-and-test.php?value=invalid&destinationOrigin=https://localhost:8443/&isTestingMultipart=0"
+PASS actualReferrer is "https://127.0.0.1:8443/security/resources/serve-referrer-policy-and-test.py?value=invalid&destinationOrigin=https://localhost:8443/&isTestingMultipart=0"
Testing 'Referrer-Policy: invalid' - referrer origin: https://127.0.0.1:8443/ - destination origin: https://127.0.0.1:8443/ - isMultipartResponse? false
-PASS actualReferrer is "https://127.0.0.1:8443/security/resources/serve-referrer-policy-and-test.php?value=invalid&destinationOrigin=https://127.0.0.1:8443/&isTestingMultipart=0"
+PASS actualReferrer is "https://127.0.0.1:8443/security/resources/serve-referrer-policy-and-test.py?value=invalid&destinationOrigin=https://127.0.0.1:8443/&isTestingMultipart=0"
Testing 'Referrer-Policy: invalid' - referrer origin: https://127.0.0.1:8443/ - destination origin: http://127.0.0.1:8000/ - isMultipartResponse? false
PASS actualReferrer is ""
Testing 'Referrer-Policy: ' - referrer origin: https://127.0.0.1:8443/ - destination origin: https://localhost:8443/ - isMultipartResponse? false
-PASS actualReferrer is "https://127.0.0.1:8443/security/resources/serve-referrer-policy-and-test.php?value=&destinationOrigin=https://localhost:8443/&isTestingMultipart=0"
+PASS actualReferrer is "https://127.0.0.1:8443/security/resources/serve-referrer-policy-and-test.py?value=&destinationOrigin=https://localhost:8443/&isTestingMultipart=0"
Testing 'Referrer-Policy: ' - referrer origin: https://127.0.0.1:8443/ - destination origin: https://127.0.0.1:8443/ - isMultipartResponse? false
-PASS actualReferrer is "https://127.0.0.1:8443/security/resources/serve-referrer-policy-and-test.php?value=&destinationOrigin=https://127.0.0.1:8443/&isTestingMultipart=0"
+PASS actualReferrer is "https://127.0.0.1:8443/security/resources/serve-referrer-policy-and-test.py?value=&destinationOrigin=https://127.0.0.1:8443/&isTestingMultipart=0"
Testing 'Referrer-Policy: ' - referrer origin: https://127.0.0.1:8443/ - destination origin: http://127.0.0.1:8000/ - isMultipartResponse? false
PASS actualReferrer is ""
PASS actualReferrer is "https://127.0.0.1:8443/"
Testing 'Referrer-Policy: unsafe-url' - referrer origin: https://127.0.0.1:8443/ - destination origin: https://localhost:8443/ - isMultipartResponse? true
-PASS actualReferrer is "https://127.0.0.1:8443/security/resources/serve-referrer-policy-and-test.php?value=unsafe-url&destinationOrigin=https://localhost:8443/&isTestingMultipart=1"
+PASS actualReferrer is "https://127.0.0.1:8443/security/resources/serve-referrer-policy-and-test.py?value=unsafe-url&destinationOrigin=https://localhost:8443/&isTestingMultipart=1"
Testing 'Referrer-Policy: unsafe-url' - referrer origin: https://127.0.0.1:8443/ - destination origin: https://127.0.0.1:8443/ - isMultipartResponse? true
-PASS actualReferrer is "https://127.0.0.1:8443/security/resources/serve-referrer-policy-and-test.php?value=unsafe-url&destinationOrigin=https://127.0.0.1:8443/&isTestingMultipart=1"
+PASS actualReferrer is "https://127.0.0.1:8443/security/resources/serve-referrer-policy-and-test.py?value=unsafe-url&destinationOrigin=https://127.0.0.1:8443/&isTestingMultipart=1"
Testing 'Referrer-Policy: unsafe-url' - referrer origin: https://127.0.0.1:8443/ - destination origin: http://127.0.0.1:8000/ - isMultipartResponse? true
-PASS actualReferrer is "https://127.0.0.1:8443/security/resources/serve-referrer-policy-and-test.php?value=unsafe-url&destinationOrigin=http://127.0.0.1:8000/&isTestingMultipart=1"
+PASS actualReferrer is "https://127.0.0.1:8443/security/resources/serve-referrer-policy-and-test.py?value=unsafe-url&destinationOrigin=http://127.0.0.1:8000/&isTestingMultipart=1"
Testing 'Referrer-Policy: no-referrer-when-downgrade' - referrer origin: https://127.0.0.1:8443/ - destination origin: https://localhost:8443/ - isMultipartResponse? true
-PASS actualReferrer is "https://127.0.0.1:8443/security/resources/serve-referrer-policy-and-test.php?value=no-referrer-when-downgrade&destinationOrigin=https://localhost:8443/&isTestingMultipart=1"
+PASS actualReferrer is "https://127.0.0.1:8443/security/resources/serve-referrer-policy-and-test.py?value=no-referrer-when-downgrade&destinationOrigin=https://localhost:8443/&isTestingMultipart=1"
Testing 'Referrer-Policy: no-referrer-when-downgrade' - referrer origin: https://127.0.0.1:8443/ - destination origin: https://127.0.0.1:8443/ - isMultipartResponse? true
-PASS actualReferrer is "https://127.0.0.1:8443/security/resources/serve-referrer-policy-and-test.php?value=no-referrer-when-downgrade&destinationOrigin=https://127.0.0.1:8443/&isTestingMultipart=1"
+PASS actualReferrer is "https://127.0.0.1:8443/security/resources/serve-referrer-policy-and-test.py?value=no-referrer-when-downgrade&destinationOrigin=https://127.0.0.1:8443/&isTestingMultipart=1"
Testing 'Referrer-Policy: no-referrer-when-downgrade' - referrer origin: https://127.0.0.1:8443/ - destination origin: http://127.0.0.1:8000/ - isMultipartResponse? true
PASS actualReferrer is ""
PASS actualReferrer is ""
Testing 'Referrer-Policy: same-origin' - referrer origin: https://127.0.0.1:8443/ - destination origin: https://127.0.0.1:8443/ - isMultipartResponse? true
-PASS actualReferrer is "https://127.0.0.1:8443/security/resources/serve-referrer-policy-and-test.php?value=same-origin&destinationOrigin=https://127.0.0.1:8443/&isTestingMultipart=1"
+PASS actualReferrer is "https://127.0.0.1:8443/security/resources/serve-referrer-policy-and-test.py?value=same-origin&destinationOrigin=https://127.0.0.1:8443/&isTestingMultipart=1"
Testing 'Referrer-Policy: same-origin' - referrer origin: https://127.0.0.1:8443/ - destination origin: http://127.0.0.1:8000/ - isMultipartResponse? true
PASS actualReferrer is ""
PASS actualReferrer is "https://127.0.0.1:8443/"
Testing 'Referrer-Policy: strict-origin-when-cross-origin' - referrer origin: https://127.0.0.1:8443/ - destination origin: https://127.0.0.1:8443/ - isMultipartResponse? true
-PASS actualReferrer is "https://127.0.0.1:8443/security/resources/serve-referrer-policy-and-test.php?value=strict-origin-when-cross-origin&destinationOrigin=https://127.0.0.1:8443/&isTestingMultipart=1"
+PASS actualReferrer is "https://127.0.0.1:8443/security/resources/serve-referrer-policy-and-test.py?value=strict-origin-when-cross-origin&destinationOrigin=https://127.0.0.1:8443/&isTestingMultipart=1"
Testing 'Referrer-Policy: strict-origin-when-cross-origin' - referrer origin: https://127.0.0.1:8443/ - destination origin: http://127.0.0.1:8000/ - isMultipartResponse? true
PASS actualReferrer is ""
PASS actualReferrer is "https://127.0.0.1:8443/"
Testing 'Referrer-Policy: origin-when-cross-origin' - referrer origin: https://127.0.0.1:8443/ - destination origin: https://127.0.0.1:8443/ - isMultipartResponse? true
-PASS actualReferrer is "https://127.0.0.1:8443/security/resources/serve-referrer-policy-and-test.php?value=origin-when-cross-origin&destinationOrigin=https://127.0.0.1:8443/&isTestingMultipart=1"
+PASS actualReferrer is "https://127.0.0.1:8443/security/resources/serve-referrer-policy-and-test.py?value=origin-when-cross-origin&destinationOrigin=https://127.0.0.1:8443/&isTestingMultipart=1"
Testing 'Referrer-Policy: origin-when-cross-origin' - referrer origin: https://127.0.0.1:8443/ - destination origin: http://127.0.0.1:8000/ - isMultipartResponse? true
PASS actualReferrer is "https://127.0.0.1:8443/"
Testing 'Referrer-Policy: invalid' - referrer origin: https://127.0.0.1:8443/ - destination origin: https://localhost:8443/ - isMultipartResponse? true
-PASS actualReferrer is "https://127.0.0.1:8443/security/resources/serve-referrer-policy-and-test.php?value=invalid&destinationOrigin=https://localhost:8443/&isTestingMultipart=1"
+PASS actualReferrer is "https://127.0.0.1:8443/security/resources/serve-referrer-policy-and-test.py?value=invalid&destinationOrigin=https://localhost:8443/&isTestingMultipart=1"
Testing 'Referrer-Policy: invalid' - referrer origin: https://127.0.0.1:8443/ - destination origin: https://127.0.0.1:8443/ - isMultipartResponse? true
-PASS actualReferrer is "https://127.0.0.1:8443/security/resources/serve-referrer-policy-and-test.php?value=invalid&destinationOrigin=https://127.0.0.1:8443/&isTestingMultipart=1"
+PASS actualReferrer is "https://127.0.0.1:8443/security/resources/serve-referrer-policy-and-test.py?value=invalid&destinationOrigin=https://127.0.0.1:8443/&isTestingMultipart=1"
Testing 'Referrer-Policy: invalid' - referrer origin: https://127.0.0.1:8443/ - destination origin: http://127.0.0.1:8000/ - isMultipartResponse? true
PASS actualReferrer is ""
Testing 'Referrer-Policy: ' - referrer origin: https://127.0.0.1:8443/ - destination origin: https://localhost:8443/ - isMultipartResponse? true
-PASS actualReferrer is "https://127.0.0.1:8443/security/resources/serve-referrer-policy-and-test.php?value=&destinationOrigin=https://localhost:8443/&isTestingMultipart=1"
+PASS actualReferrer is "https://127.0.0.1:8443/security/resources/serve-referrer-policy-and-test.py?value=&destinationOrigin=https://localhost:8443/&isTestingMultipart=1"
Testing 'Referrer-Policy: ' - referrer origin: https://127.0.0.1:8443/ - destination origin: https://127.0.0.1:8443/ - isMultipartResponse? true
-PASS actualReferrer is "https://127.0.0.1:8443/security/resources/serve-referrer-policy-and-test.php?value=&destinationOrigin=https://127.0.0.1:8443/&isTestingMultipart=1"
+PASS actualReferrer is "https://127.0.0.1:8443/security/resources/serve-referrer-policy-and-test.py?value=&destinationOrigin=https://127.0.0.1:8443/&isTestingMultipart=1"
Testing 'Referrer-Policy: ' - referrer origin: https://127.0.0.1:8443/ - destination origin: http://127.0.0.1:8000/ - isMultipartResponse? true
PASS actualReferrer is ""
onmessage = (msg) => {
actualReferrer = msg.data;
if (currentTest[1] === fullSourceURL)
- shouldBeEqualToString("actualReferrer", sourceOrigin + "security/resources/serve-referrer-policy-and-test.php?value=" + currentTest[0] + "&destinationOrigin=" + currentTest[2] + "&isTestingMultipart=" + (isTestingMultipart ? "1" : "0"));
+ shouldBeEqualToString("actualReferrer", sourceOrigin + "security/resources/serve-referrer-policy-and-test.py?value=" + currentTest[0] + "&destinationOrigin=" + currentTest[2] + "&isTestingMultipart=" + (isTestingMultipart ? "1" : "0"));
else
shouldBeEqualToString("actualReferrer", "" + currentTest[1]);
debug("");
currentTest = tests[currentTestIndex];
debug("Testing 'Referrer-Policy: " + currentTest[0] + "' - referrer origin: " + sourceOrigin + " - destination origin: " + currentTest[2] + " - isMultipartResponse? " + isTestingMultipart);
frame = document.createElement("iframe");
- frame.src = sourceOrigin + "security/resources/serve-referrer-policy-and-test.php?value=" + currentTest[0] + "&destinationOrigin=" + currentTest[2] + "&isTestingMultipart=" + (isTestingMultipart ? "1" : "0");
+ frame.src = sourceOrigin + "security/resources/serve-referrer-policy-and-test.py?value=" + currentTest[0] + "&destinationOrigin=" + currentTest[2] + "&isTestingMultipart=" + (isTestingMultipart ? "1" : "0");
document.body.appendChild(frame);
}
+++ /dev/null
-<?php
-$expectedUsername = isset($_GET['username']) ? $_GET['username'] : 'username';
-$expectedPassword = isset($_GET['password']) ? $_GET['password'] : 'password';
-$realm = isset($_GET['realm']) ? $_GET['realm'] : $_SERVER['REQUEST_URI'];
-
-header("Cache-Control: no-store");
-header("Connection: close");
-if (!isset($_SERVER['PHP_AUTH_USER']) || $_SERVER['PHP_AUTH_USER'] != $expectedUsername ||
- !isset($_SERVER['PHP_AUTH_PW']) || $_SERVER['PHP_AUTH_PW'] != $expectedPassword) {
- header("WWW-Authenticate: Basic realm=\"" . $realm . "\"");
- header('HTTP/1.0 401 Unauthorized');
- print 'Sent username:password of (' . $_SERVER['PHP_AUTH_USER'] . ':' . $_SERVER['PHP_AUTH_PW'] . ') which is not what was expected';
- exit;
-}
-?>
-Authenticated as user: <?php print (string)$_SERVER['PHP_AUTH_USER']?> password: <?php print (string)$_SERVER['PHP_AUTH_PW']?>
--- /dev/null
+#!/usr/bin/env python3
+
+import base64
+import os
+import sys
+from urllib.parse import parse_qs
+
+credentials = base64.b64decode(os.environ.get('HTTP_AUTHORIZATION', ' Og==').split(' ')[1]).decode().split(':')
+username = credentials[0]
+password = ':'.join(credentials[1:])
+
+query = parse_qs(os.environ.get('QUERY_STRING', ''), keep_blank_values=True)
+expected_username = query.get('username', ['username'])[0]
+expected_password = query.get('password', ['password'])[0]
+realm = query.get('realm', [os.environ.get('REQUEST_URI', '')])[0]
+
+sys.stdout.write(
+ 'Cache-Control: no-store\r\n'
+ 'Connection: close\r\n'
+ 'Content-Type: text/html\r\n'
+)
+
+if username != expected_username or password != expected_password:
+ sys.stdout.write(
+ 'WWW-Authenticate: Basic realm="{}"\r\n'
+ 'status: 401\r\n\r\n'
+ 'Sent username:password of ({}:{}) which is not what was expected'.format(realm, username, password)
+ )
+ sys.exit(0)
+
+sys.stdout.write('\r\nAuthenticated as user: {} password: {}'.format(username, password))
+++ /dev/null
-<?php
- header('Access-Control-Allow-Origin: *');
- if (!isset($_SERVER['PHP_AUTH_USER']) || !isset($_SERVER['PHP_AUTH_PW'])) {
- header('WWW-Authenticate: Basic realm="WebKit Test Realm"');
- header('HTTP/1.0 401 Unauthorized');
- echo 'Authentication canceled';
- exit;
- } else {
- echo "User: {$_SERVER['PHP_AUTH_USER']}, password: {$_SERVER['PHP_AUTH_PW']}.";
- }
-?>
--- /dev/null
+#!/usr/bin/env python3
+
+import base64
+import os
+import sys
+
+credentials = base64.b64decode(os.environ.get('HTTP_AUTHORIZATION', ' Og==').split(' ')[1]).decode().split(':')
+username = credentials[0]
+password = ':'.join(credentials[1:])
+
+sys.stdout.write(
+ 'Access-Control-Allow-Origin: *\r\n'
+ 'Content-Type: text/html\r\n'
+)
+
+if not username or not password:
+ sys.stdout.write(
+ 'WWW-Authenticate: Basic realm="WebKit Test Realm"\r\n'
+ 'status: 401\r\n\r\n'
+ 'Authentication canceled'
+ )
+ sys.exit(0)
+
+sys.stdout.write('\r\nUser: {}, password: {}.'.format(username, password))
+++ /dev/null
-<?php
-header("Access-Control-Allow-Origin: http://127.0.0.1:8000");
-header("Content-Type: application/javascript");
-
-if (isset($_GET["credentials"])) {
- if (strtolower($_GET["credentials"]) == "true") {
- header("Access-Control-Allow-Credentials: true");
- } else {
- header("Access-Control-Allow-Credentials: false");
- }
-}
-
-if (strtolower($_GET["fail"]) == "true")
- echo "throw({toString: function(){ return 'SomeError' }});";
-else
- echo "alert('script ran.');";
-?>
--- /dev/null
+#!/usr/bin/env python3
+
+import os
+import sys
+from urllib.parse import parse_qs
+
+query = parse_qs(os.environ.get('QUERY_STRING', ''), keep_blank_values=True)
+credentials = query.get('credentials', [None])[0]
+fail = query.get('fail', [None])[0]
+
+sys.stdout.write(
+ 'Access-Control-Allow-Origin: http://127.0.0.1:8000\r\n'
+ 'Content-Type: application/javascript\r\n'
+)
+
+if credentials is not None:
+ if credentials.lower() == 'true':
+ sys.stdout.write('Access-Control-Allow-Credentials: true\r\n')
+ else:
+ sys.stdout.write('Access-Control-Allow-Credentials: false\r\n')
+
+sys.stdout.write('\r\n')
+
+if fail is not None and fail.lower() == 'true':
+ sys.stdout.write('throw({toString: function(){ return \'SomeError\' }});')
+else:
+ sys.stdout.write('alert(\'script ran.\');')
window.open('http://localhost:8000/security/resources/credentials-from-different-domains-continued-2.html');
}
};
-request.open('GET', 'http://127.0.0.1:8000/security/resources/cors-basic-auth.php', true);
+request.open('GET', 'http://127.0.0.1:8000/security/resources/cors-basic-auth.py', true);
request.send();
</script>
testRunner.notifyDone();
}
};
-request.open('GET', 'http://127.0.0.1:8000/security/resources/cors-basic-auth.php', true);
+request.open('GET', 'http://127.0.0.1:8000/security/resources/cors-basic-auth.py', true);
request.send();
</script>