[LayoutTests] Convert http/tests/security convert PHP to Python
authorcgambrell@apple.com <cgambrell@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Tue, 13 Apr 2021 23:22:18 +0000 (23:22 +0000)
committercgambrell@apple.com <cgambrell@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Tue, 13 Apr 2021 23:22:18 +0000 (23:22 +0000)
https://bugs.webkit.org/show_bug.cgi?id=222668
<rdar://problem/74993152>

Reviewed by Jonathan Bedard.

* TestExpectations:
* http/tests/blink/sendbeacon/connect-src-beacon-allowed.html:
* http/tests/cache/resources/iframe304.py:
* http/tests/contentextensions/block-cookies-in-csp-report.py:
* http/tests/css/resources/webfont-request.py:
(get_request_count): Deleted.
(set_request_count): Deleted.
* http/tests/local/script-crossorigin-loads-file-scheme.html:
* http/tests/media/resources/serve_video.py: Added.
(answering):
* http/tests/resources/portabilityLayer.py:
(get_cookies): Add trailing newline.
(get_request): PHP equivalent of $_REQUEST which is used by numerous scripts.
(get_count): Added trailing newline.
(get_state): Added trailing newline.
(set_state): Changed open file's name to prevent confusion with parameter.
(step_state): Added trailing newline.
* http/tests/security/401-logout/401-logout-expected.txt:
* http/tests/security/401-logout/401-logout.php: Removed.
* http/tests/security/401-logout/401-logout.py: Added.
* http/tests/security/canvas-remote-read-remote-video-allowed-anonymous.html:
* http/tests/security/canvas-remote-read-remote-video-allowed-with-credentials.html:
* http/tests/security/canvas-remote-read-remote-video-blocked-no-crossorigin.html:
* http/tests/security/contentSecurityPolicy/1.1/frame-ancestors/frame-ancestors-in-report-only-ignored.html:
* http/tests/security/contentSecurityPolicy/1.1/frame-ancestors/report-frame-ancestors-cross-origin-expected.txt:
* http/tests/security/contentSecurityPolicy/1.1/frame-ancestors/report-frame-ancestors-cross-origin-https-expected.txt:
* http/tests/security/contentSecurityPolicy/1.1/frame-ancestors/report-frame-ancestors-cross-origin-https.html:
* http/tests/security/contentSecurityPolicy/1.1/frame-ancestors/report-frame-ancestors-cross-origin.html:
* http/tests/security/contentSecurityPolicy/1.1/frame-ancestors/report-frame-ancestors-same-origin-expected.txt:
* http/tests/security/contentSecurityPolicy/1.1/frame-ancestors/report-frame-ancestors-same-origin-https-expected.txt:
* http/tests/security/contentSecurityPolicy/1.1/frame-ancestors/report-frame-ancestors-same-origin-https.html:
* http/tests/security/contentSecurityPolicy/1.1/frame-ancestors/report-frame-ancestors-same-origin.html:
* http/tests/security/contentSecurityPolicy/1.1/report-uri-effective-directive-expected.txt:
* http/tests/security/contentSecurityPolicy/1.1/report-uri-effective-directive.py:
* http/tests/security/contentSecurityPolicy/1.1/resources/testScriptHash.php: Removed.
* http/tests/security/contentSecurityPolicy/1.1/resources/testScriptHash.py: Added.
* http/tests/security/contentSecurityPolicy/1.1/script-blocked-sends-multiple-reports-expected.txt:
* http/tests/security/contentSecurityPolicy/1.1/script-blocked-sends-multiple-reports.py:
* http/tests/security/contentSecurityPolicy/1.1/scripthash-allowed-by-enforced-policy-and-blocked-by-report-policy-expected.txt:
* http/tests/security/contentSecurityPolicy/1.1/scripthash-allowed-by-enforced-policy-and-blocked-by-report-policy.py:
* http/tests/security/contentSecurityPolicy/1.1/scripthash-allowed-by-enforced-policy-and-blocked-by-report-policy2-expected.txt:
* http/tests/security/contentSecurityPolicy/1.1/scripthash-allowed-by-enforced-policy-and-blocked-by-report-policy2.py:
* http/tests/security/contentSecurityPolicy/1.1/scripthash-allowed-by-legacy-enforced-policy-and-blocked-by-report-policy-expected.txt:
* http/tests/security/contentSecurityPolicy/1.1/scripthash-allowed-by-legacy-enforced-policy-and-blocked-by-report-policy.py:
* http/tests/security/contentSecurityPolicy/1.1/scripthash-allowed-by-legacy-enforced-policy-and-blocked-by-report-policy2-expected.txt:
* http/tests/security/contentSecurityPolicy/1.1/scripthash-allowed-by-legacy-enforced-policy-and-blocked-by-report-policy2.py:
* http/tests/security/contentSecurityPolicy/1.1/scripthash-blocked-by-enforced-policy-and-allowed-by-report-policy-expected.txt:
* http/tests/security/contentSecurityPolicy/1.1/scripthash-blocked-by-enforced-policy-and-allowed-by-report-policy.py:
* http/tests/security/contentSecurityPolicy/1.1/scripthash-blocked-by-legacy-enforced-policy-and-allowed-by-report-policy.py:
* http/tests/security/contentSecurityPolicy/1.1/scripthash-blocked-by-legacy-enforced-policy-and-blocked-by-report-policy-expected.txt:
* http/tests/security/contentSecurityPolicy/1.1/scripthash-blocked-by-legacy-enforced-policy-and-blocked-by-report-policy.py:
* http/tests/security/contentSecurityPolicy/1.1/scripthash-blocked-by-legacy-enforced-policy-and-blocked-by-report-policy2-expected.txt:
* http/tests/security/contentSecurityPolicy/1.1/scripthash-blocked-by-legacy-enforced-policy-and-blocked-by-report-policy2.py:
* http/tests/security/contentSecurityPolicy/1.1/scripthash-tests.html:
* http/tests/security/contentSecurityPolicy/1.1/scriptnonce-allowed-by-enforced-policy-and-blocked-by-report-policy.py:
* http/tests/security/contentSecurityPolicy/1.1/scriptnonce-allowed-by-enforced-policy-and-blocked-by-report-policy2.py:
* http/tests/security/contentSecurityPolicy/1.1/scriptnonce-allowed-by-legacy-enforced-policy-and-blocked-by-report-policy.py:
* http/tests/security/contentSecurityPolicy/1.1/scriptnonce-allowed-by-legacy-enforced-policy-and-blocked-by-report-policy2.py:
* http/tests/security/contentSecurityPolicy/1.1/scriptnonce-blocked-by-enforced-policy-and-allowed-by-report-policy-expected.txt:
* http/tests/security/contentSecurityPolicy/1.1/scriptnonce-blocked-by-enforced-policy-and-allowed-by-report-policy.py:
* http/tests/security/contentSecurityPolicy/1.1/scriptnonce-blocked-by-legacy-enforced-policy-and-allowed-by-report-policy.py:
* http/tests/security/contentSecurityPolicy/1.1/scriptnonce-blocked-by-legacy-enforced-policy-and-blocked-by-report-policy.py:
* http/tests/security/contentSecurityPolicy/1.1/scriptnonce-blocked-by-legacy-enforced-policy-and-blocked-by-report-policy2.py:
* http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-css-in-iframe-report-only-expected.txt:
* http/tests/security/contentSecurityPolicy/block-all-mixed-content/resources/frame-with-insecure-css-report-only.py:
* http/tests/security/contentSecurityPolicy/connect-src-beacon-allowed.html:
* http/tests/security/contentSecurityPolicy/connect-src-beacon-blocked-expected.txt:
* http/tests/security/contentSecurityPolicy/connect-src-beacon-blocked.html:
* http/tests/security/contentSecurityPolicy/eval-allowed-in-report-only-mode-and-sends-report-expected.txt:
* http/tests/security/contentSecurityPolicy/eval-allowed-in-report-only-mode-and-sends-report.py:
* http/tests/security/contentSecurityPolicy/eval-blocked-and-sends-report-expected.txt:
* http/tests/security/contentSecurityPolicy/eval-blocked-and-sends-report.html:
* http/tests/security/contentSecurityPolicy/report-and-enforce-expected.txt:
* http/tests/security/contentSecurityPolicy/report-and-enforce.py:
* http/tests/security/contentSecurityPolicy/report-blocked-data-uri-expected.txt:
* http/tests/security/contentSecurityPolicy/report-blocked-data-uri.py:
* http/tests/security/contentSecurityPolicy/report-blocked-file-uri-expected.txt:
* http/tests/security/contentSecurityPolicy/report-blocked-file-uri.py:
* http/tests/security/contentSecurityPolicy/report-blocked-uri-and-do-not-follow-redirect-when-sending-report-expected.txt:
* http/tests/security/contentSecurityPolicy/report-blocked-uri-and-do-not-follow-redirect-when-sending-report.py:
* http/tests/security/contentSecurityPolicy/report-blocked-uri-cross-origin-expected.txt:
* http/tests/security/contentSecurityPolicy/report-blocked-uri-cross-origin.py:
* http/tests/security/contentSecurityPolicy/report-blocked-uri-expected.txt:
* http/tests/security/contentSecurityPolicy/report-blocked-uri.py:
* http/tests/security/contentSecurityPolicy/report-cross-origin-no-cookies-expected.txt:
* http/tests/security/contentSecurityPolicy/report-cross-origin-no-cookies-when-private-browsing-enabled-expected.txt:
* http/tests/security/contentSecurityPolicy/report-cross-origin-no-cookies-when-private-browsing-enabled.py:
* http/tests/security/contentSecurityPolicy/report-cross-origin-no-cookies-when-private-browsing-toggled-expected.txt:
* http/tests/security/contentSecurityPolicy/report-cross-origin-no-cookies-when-private-browsing-toggled.php: Removed.
* http/tests/security/contentSecurityPolicy/report-cross-origin-no-cookies-when-private-browsing-toggled.py: Added.
* http/tests/security/contentSecurityPolicy/report-cross-origin-no-cookies.py:
* http/tests/security/contentSecurityPolicy/report-document-uri-after-blocked-redirect.html:
* http/tests/security/contentSecurityPolicy/report-multiple-violations-01.php: Removed.
* http/tests/security/contentSecurityPolicy/report-multiple-violations-01.py: Added.
* http/tests/security/contentSecurityPolicy/report-multiple-violations-02.php: Removed.
* http/tests/security/contentSecurityPolicy/report-multiple-violations-02.py: Added.
* http/tests/security/contentSecurityPolicy/report-only-connect-src-beacon-redirect-blocked-expected.txt:
* http/tests/security/contentSecurityPolicy/report-only-connect-src-beacon-redirect-blocked.php: Removed.
* http/tests/security/contentSecurityPolicy/report-only-connect-src-beacon-redirect-blocked.py: Added.
* http/tests/security/contentSecurityPolicy/report-only-connect-src-xmlhttprequest-redirect-to-blocked.php: Removed.
* http/tests/security/contentSecurityPolicy/report-only-connect-src-xmlhttprequest-redirect-to-blocked.py: Added.
* http/tests/security/contentSecurityPolicy/report-only-expected.txt:
* http/tests/security/contentSecurityPolicy/report-only-from-header-expected.txt:
* http/tests/security/contentSecurityPolicy/report-only-from-header.py:
* http/tests/security/contentSecurityPolicy/report-only-upgrade-insecure-expected.txt:
* http/tests/security/contentSecurityPolicy/report-only-upgrade-insecure.py:
* http/tests/security/contentSecurityPolicy/report-only.py:
* http/tests/security/contentSecurityPolicy/report-same-origin-no-cookies-when-private-browsing-toggled-expected.txt:
* http/tests/security/contentSecurityPolicy/report-same-origin-no-cookies-when-private-browsing-toggled.py:
* http/tests/security/contentSecurityPolicy/report-same-origin-with-cookies-expected.txt:
* http/tests/security/contentSecurityPolicy/report-same-origin-with-cookies-when-private-browsing-enabled-expected.txt:
* http/tests/security/contentSecurityPolicy/report-same-origin-with-cookies-when-private-browsing-enabled.py:
* http/tests/security/contentSecurityPolicy/report-same-origin-with-cookies.py:
* http/tests/security/contentSecurityPolicy/report-status-code-zero-when-using-https-expected.txt:
* http/tests/security/contentSecurityPolicy/report-status-code-zero-when-using-https.html:
* http/tests/security/contentSecurityPolicy/report-uri-expected.txt:
* http/tests/security/contentSecurityPolicy/report-uri-from-child-frame-expected.txt:
* http/tests/security/contentSecurityPolicy/report-uri-from-child-frame.html:
* http/tests/security/contentSecurityPolicy/report-uri-from-inline-javascript-expected.txt:
* http/tests/security/contentSecurityPolicy/report-uri-from-inline-javascript.py:
* http/tests/security/contentSecurityPolicy/report-uri-from-javascript-expected.txt:
* http/tests/security/contentSecurityPolicy/report-uri-from-javascript.py:
* http/tests/security/contentSecurityPolicy/report-uri-in-meta-tag-ignored.html:
* http/tests/security/contentSecurityPolicy/report-uri-scheme-relative-expected.txt:
* http/tests/security/contentSecurityPolicy/report-uri-scheme-relative.py:
* http/tests/security/contentSecurityPolicy/report-uri.py:
* http/tests/security/contentSecurityPolicy/resources/echo-report.php: Removed.
* http/tests/security/contentSecurityPolicy/resources/echo-report.py: Added.
* http/tests/security/contentSecurityPolicy/resources/generate-csp-report.php: Removed.
* http/tests/security/contentSecurityPolicy/resources/generate-csp-report.py: Added.
* http/tests/security/contentSecurityPolicy/resources/go-to-echo-report.js:
(window.onload):
* http/tests/security/contentSecurityPolicy/resources/go-to-echo-report.py:
* http/tests/security/contentSecurityPolicy/resources/image-document-default-src-none-iframe.py:
* http/tests/security/contentSecurityPolicy/resources/redir.php: Removed.
* http/tests/security/contentSecurityPolicy/resources/report-file-path.php: Removed.
* http/tests/security/contentSecurityPolicy/resources/report_file_path.py: Added.
* http/tests/security/contentSecurityPolicy/resources/save-report-and-redirect-to-save-report.php: Removed.
* http/tests/security/contentSecurityPolicy/resources/save-report-and-redirect-to-save-report.py: Added.
* http/tests/security/contentSecurityPolicy/resources/save-report.php: Removed.
* http/tests/security/contentSecurityPolicy/resources/save-report.py: Added.
* http/tests/security/contentSecurityPolicy/resources/save_report.py: Added.
(not_being_called):
(save_report):
* http/tests/security/contentSecurityPolicy/resources/worker.php: Removed.
* http/tests/security/contentSecurityPolicy/resources/worker.py: Added.
* http/tests/security/contentSecurityPolicy/resources/xhr-redirect-not-allowed.py:
* http/tests/security/contentSecurityPolicy/same-origin-plugin-document-blocked-in-child-window-report-expected.txt:
* http/tests/security/contentSecurityPolicy/same-origin-plugin-document-blocked-in-child-window-report.py:
* http/tests/security/contentSecurityPolicy/worker-connect-src-allowed.html:
* http/tests/security/contentSecurityPolicy/worker-connect-src-blocked.html:
* http/tests/security/contentSecurityPolicy/worker-eval-blocked.html:
* http/tests/security/contentSecurityPolicy/worker-function-function-blocked.html:
* http/tests/security/contentSecurityPolicy/worker-importscripts-blocked.html:
* http/tests/security/contentSecurityPolicy/worker-multiple-csp-headers.html:
* http/tests/security/contentSecurityPolicy/worker-script-src.html:
* http/tests/security/contentSecurityPolicy/worker-set-timeout-blocked.html:
* http/tests/security/contentSecurityPolicy/worker-without-own-csp.html:
* http/tests/security/contentSecurityPolicy/xmlhttprequest-protected-resource-does-not-crash.html:
* http/tests/security/cookies/cookies-wrong-domain-rejected-result.php: Removed.
* http/tests/security/cookies/cookies-wrong-domain-rejected-result.py: Added.
* http/tests/security/cookies/cookies-wrong-domain-rejected.py:
* http/tests/security/cookies/resources/first-party-cookie-allow.xsl:
* http/tests/security/cookies/resources/set-a-cookie.php: Removed.
* http/tests/security/cookies/resources/set-a-cookie.py: Added.
* http/tests/security/cookies/resources/third-party-cookie-blocking.xsl:
* http/tests/security/cookies/third-party-cookie-blocking-main-frame.html:
* http/tests/security/cookies/third-party-cookie-blocking-user-action.html:
* http/tests/security/cookies/third-party-cookie-blocking.html:
* http/tests/security/credentials-from-different-domains.html:
* http/tests/security/credentials-iframes-allowCrossOriginSubresourcesToAskForCredentials-expected.txt:
* http/tests/security/credentials-iframes-expected.txt:
* http/tests/security/import-module-crossorigin-loads.html:
* http/tests/security/import-script-crossorigin-loads-omit.html:
* http/tests/security/isolatedWorld/bypass-main-world-csp-worker.html:
* http/tests/security/module-crossorigin-error-event-information-expected.txt:
* http/tests/security/module-crossorigin-error-event-information.html:
* http/tests/security/module-crossorigin-loads-correctly-credentials.html:
* http/tests/security/module-crossorigin-loads-omit.html:
* http/tests/security/module-crossorigin-onerror-information-expected.txt:
* http/tests/security/module-crossorigin-onerror-information.html:
* http/tests/security/private-browsing-http-auth-expected.txt:
* http/tests/security/private-browsing-http-auth.html:
* http/tests/security/referrer-policy-header-expected.txt:
* http/tests/security/referrer-policy-header.html:
* http/tests/security/resources/basic-auth.php: Removed.
* http/tests/security/resources/basic-auth.py: Added.
* http/tests/security/resources/cors-basic-auth.php: Removed.
* http/tests/security/resources/cors-basic-auth.py: Added.
* http/tests/security/resources/cors-script.php: Removed.
* http/tests/security/resources/cors-script.py: Added.
* http/tests/security/resources/credentials-from-different-domains-continued-1.html:
* http/tests/security/resources/credentials-from-different-domains-continued-2.html:
* http/tests/security/resources/credentials-iframes-different-domain.html:
* http/tests/security/resources/credentials-iframes-same-domain.html:
* http/tests/security/resources/credentials-main-resource.py:
* http/tests/security/resources/import-module-crossorigin-loads-src.js:
* http/tests/security/resources/reference-movie-cross-origin-allow.php: Removed.
* http/tests/security/resources/reference-movie-cross-origin-allow.py: Added.
* http/tests/security/resources/serve-referrer-policy-and-test.php: Removed.
* http/tests/security/resources/serve-referrer-policy-and-test.py: Added.
* http/tests/security/resources/video-cross-origin-allow-credentials.php: Removed.
* http/tests/security/resources/video-cross-origin-allow-credentials.py: Added.
* http/tests/security/resources/video-cross-origin-allow.php: Removed.
* http/tests/security/resources/video-cross-origin-allow.py: Added.
* http/tests/security/script-crossorigin-error-event-information-expected.txt:
* http/tests/security/script-crossorigin-error-event-information.html:
* http/tests/security/script-crossorigin-loads-correctly-credentials.html:
* http/tests/security/script-crossorigin-loads-correctly.html:
* http/tests/security/script-crossorigin-onerror-information-expected.txt:
* http/tests/security/script-crossorigin-onerror-information.html:
* http/tests/security/script-no-crossorigin-error-event-should-be-sanitized.html:
* http/tests/security/script-no-crossorigin-onerror-should-be-sanitized.html:
* http/tests/security/sync-xhr-partition.html:
* http/tests/security/video-cross-origin-caching.html:
* http/tests/security/video-cross-origin-readback.html:
* http/tests/security/webaudio-render-remote-audio-allowed-crossorigin-redirect.html:
* http/tests/security/webaudio-render-remote-audio-allowed-crossorigin.html:
* http/tests/security/webaudio-render-remote-audio-blocked-no-crossorigin-redirect.html:
* http/tests/security/webaudio-render-remote-audio-blocked-no-crossorigin.html:
* http/tests/security/xssAuditor/report-script-tag-and-do-not-follow-redirect-when-sending-report-expected.txt:
* http/tests/security/xssAuditor/report-script-tag-and-do-not-follow-redirect-when-sending-report.html:
* http/tests/security/xssAuditor/report-script-tag-expected.txt:
* http/tests/security/xssAuditor/report-script-tag-full-block-and-do-not-follow-redirect-when-sending-report-expected.txt:
* http/tests/security/xssAuditor/report-script-tag-full-block-and-do-not-follow-redirect-when-sending-report.html:
* http/tests/security/xssAuditor/report-script-tag-full-block-expected.txt:
* http/tests/security/xssAuditor/report-script-tag-replace-state-expected.txt:
* http/tests/security/xssAuditor/resources/echo-intertag.pl:
* http/tests/security/xssAuditor/resources/tag-with-pause.py:
* http/tests/ssl/curl/certificate-and-authentication.html:
* http/tests/xmlhttprequest/resources/noContentLength.cgi:
* platform/mac-wk1/TestExpectations:
* platform/mac-wk1/http/tests/security/contentSecurityPolicy/report-document-uri-after-blocked-redirect-expected.txt:
* platform/win/TestExpectations:
* platform/win/http/tests/security/contentSecurityPolicy/report-document-uri-after-blocked-redirect-expected.txt:
* platform/wk2/TestExpectations:
* platform/wk2/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-css-in-iframe-report-only-expected.txt:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@275917 268f45cc-cd09-0410-ab3c-d52691b4dbfc

221 files changed:
LayoutTests/ChangeLog
LayoutTests/TestExpectations
LayoutTests/http/tests/blink/sendbeacon/connect-src-beacon-allowed.html
LayoutTests/http/tests/cache/resources/iframe304.py
LayoutTests/http/tests/contentextensions/block-cookies-in-csp-report.py
LayoutTests/http/tests/css/resources/webfont-request.py
LayoutTests/http/tests/local/script-crossorigin-loads-file-scheme.html
LayoutTests/http/tests/media/resources/serve_video.py [new file with mode: 0755]
LayoutTests/http/tests/resources/portabilityLayer.py
LayoutTests/http/tests/security/401-logout/401-logout-expected.txt
LayoutTests/http/tests/security/401-logout/401-logout.php [deleted file]
LayoutTests/http/tests/security/401-logout/401-logout.py [new file with mode: 0755]
LayoutTests/http/tests/security/canvas-remote-read-remote-video-allowed-anonymous.html
LayoutTests/http/tests/security/canvas-remote-read-remote-video-allowed-with-credentials.html
LayoutTests/http/tests/security/canvas-remote-read-remote-video-blocked-no-crossorigin.html
LayoutTests/http/tests/security/contentSecurityPolicy/1.1/frame-ancestors/frame-ancestors-in-report-only-ignored.html
LayoutTests/http/tests/security/contentSecurityPolicy/1.1/frame-ancestors/report-frame-ancestors-cross-origin-expected.txt
LayoutTests/http/tests/security/contentSecurityPolicy/1.1/frame-ancestors/report-frame-ancestors-cross-origin-https-expected.txt
LayoutTests/http/tests/security/contentSecurityPolicy/1.1/frame-ancestors/report-frame-ancestors-cross-origin-https.html
LayoutTests/http/tests/security/contentSecurityPolicy/1.1/frame-ancestors/report-frame-ancestors-cross-origin.html
LayoutTests/http/tests/security/contentSecurityPolicy/1.1/frame-ancestors/report-frame-ancestors-same-origin-expected.txt
LayoutTests/http/tests/security/contentSecurityPolicy/1.1/frame-ancestors/report-frame-ancestors-same-origin-https-expected.txt
LayoutTests/http/tests/security/contentSecurityPolicy/1.1/frame-ancestors/report-frame-ancestors-same-origin-https.html
LayoutTests/http/tests/security/contentSecurityPolicy/1.1/frame-ancestors/report-frame-ancestors-same-origin.html
LayoutTests/http/tests/security/contentSecurityPolicy/1.1/report-uri-effective-directive-expected.txt
LayoutTests/http/tests/security/contentSecurityPolicy/1.1/report-uri-effective-directive.py
LayoutTests/http/tests/security/contentSecurityPolicy/1.1/resources/testScriptHash.php [deleted file]
LayoutTests/http/tests/security/contentSecurityPolicy/1.1/resources/testScriptHash.py [new file with mode: 0755]
LayoutTests/http/tests/security/contentSecurityPolicy/1.1/script-blocked-sends-multiple-reports-expected.txt
LayoutTests/http/tests/security/contentSecurityPolicy/1.1/script-blocked-sends-multiple-reports.py
LayoutTests/http/tests/security/contentSecurityPolicy/1.1/scripthash-allowed-by-enforced-policy-and-blocked-by-report-policy-expected.txt
LayoutTests/http/tests/security/contentSecurityPolicy/1.1/scripthash-allowed-by-enforced-policy-and-blocked-by-report-policy.py
LayoutTests/http/tests/security/contentSecurityPolicy/1.1/scripthash-allowed-by-enforced-policy-and-blocked-by-report-policy2-expected.txt
LayoutTests/http/tests/security/contentSecurityPolicy/1.1/scripthash-allowed-by-enforced-policy-and-blocked-by-report-policy2.py
LayoutTests/http/tests/security/contentSecurityPolicy/1.1/scripthash-allowed-by-legacy-enforced-policy-and-blocked-by-report-policy-expected.txt
LayoutTests/http/tests/security/contentSecurityPolicy/1.1/scripthash-allowed-by-legacy-enforced-policy-and-blocked-by-report-policy.py
LayoutTests/http/tests/security/contentSecurityPolicy/1.1/scripthash-allowed-by-legacy-enforced-policy-and-blocked-by-report-policy2-expected.txt
LayoutTests/http/tests/security/contentSecurityPolicy/1.1/scripthash-allowed-by-legacy-enforced-policy-and-blocked-by-report-policy2.py
LayoutTests/http/tests/security/contentSecurityPolicy/1.1/scripthash-blocked-by-enforced-policy-and-allowed-by-report-policy-expected.txt
LayoutTests/http/tests/security/contentSecurityPolicy/1.1/scripthash-blocked-by-enforced-policy-and-allowed-by-report-policy.py
LayoutTests/http/tests/security/contentSecurityPolicy/1.1/scripthash-blocked-by-legacy-enforced-policy-and-allowed-by-report-policy.py
LayoutTests/http/tests/security/contentSecurityPolicy/1.1/scripthash-blocked-by-legacy-enforced-policy-and-blocked-by-report-policy-expected.txt
LayoutTests/http/tests/security/contentSecurityPolicy/1.1/scripthash-blocked-by-legacy-enforced-policy-and-blocked-by-report-policy.py
LayoutTests/http/tests/security/contentSecurityPolicy/1.1/scripthash-blocked-by-legacy-enforced-policy-and-blocked-by-report-policy2-expected.txt
LayoutTests/http/tests/security/contentSecurityPolicy/1.1/scripthash-blocked-by-legacy-enforced-policy-and-blocked-by-report-policy2.py
LayoutTests/http/tests/security/contentSecurityPolicy/1.1/scripthash-tests.html
LayoutTests/http/tests/security/contentSecurityPolicy/1.1/scriptnonce-allowed-by-enforced-policy-and-blocked-by-report-policy.py
LayoutTests/http/tests/security/contentSecurityPolicy/1.1/scriptnonce-allowed-by-enforced-policy-and-blocked-by-report-policy2.py
LayoutTests/http/tests/security/contentSecurityPolicy/1.1/scriptnonce-allowed-by-legacy-enforced-policy-and-blocked-by-report-policy.py
LayoutTests/http/tests/security/contentSecurityPolicy/1.1/scriptnonce-allowed-by-legacy-enforced-policy-and-blocked-by-report-policy2.py
LayoutTests/http/tests/security/contentSecurityPolicy/1.1/scriptnonce-blocked-by-enforced-policy-and-allowed-by-report-policy-expected.txt
LayoutTests/http/tests/security/contentSecurityPolicy/1.1/scriptnonce-blocked-by-enforced-policy-and-allowed-by-report-policy.py
LayoutTests/http/tests/security/contentSecurityPolicy/1.1/scriptnonce-blocked-by-legacy-enforced-policy-and-allowed-by-report-policy.py
LayoutTests/http/tests/security/contentSecurityPolicy/1.1/scriptnonce-blocked-by-legacy-enforced-policy-and-blocked-by-report-policy.py
LayoutTests/http/tests/security/contentSecurityPolicy/1.1/scriptnonce-blocked-by-legacy-enforced-policy-and-blocked-by-report-policy2.py
LayoutTests/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-css-in-iframe-report-only-expected.txt
LayoutTests/http/tests/security/contentSecurityPolicy/block-all-mixed-content/resources/frame-with-insecure-css-report-only.py
LayoutTests/http/tests/security/contentSecurityPolicy/connect-src-beacon-allowed.html
LayoutTests/http/tests/security/contentSecurityPolicy/connect-src-beacon-blocked-expected.txt
LayoutTests/http/tests/security/contentSecurityPolicy/connect-src-beacon-blocked.html
LayoutTests/http/tests/security/contentSecurityPolicy/eval-allowed-in-report-only-mode-and-sends-report-expected.txt
LayoutTests/http/tests/security/contentSecurityPolicy/eval-allowed-in-report-only-mode-and-sends-report.py
LayoutTests/http/tests/security/contentSecurityPolicy/eval-blocked-and-sends-report-expected.txt
LayoutTests/http/tests/security/contentSecurityPolicy/eval-blocked-and-sends-report.html
LayoutTests/http/tests/security/contentSecurityPolicy/report-and-enforce-expected.txt
LayoutTests/http/tests/security/contentSecurityPolicy/report-and-enforce.py
LayoutTests/http/tests/security/contentSecurityPolicy/report-blocked-data-uri-expected.txt
LayoutTests/http/tests/security/contentSecurityPolicy/report-blocked-data-uri.py
LayoutTests/http/tests/security/contentSecurityPolicy/report-blocked-file-uri-expected.txt
LayoutTests/http/tests/security/contentSecurityPolicy/report-blocked-file-uri.py
LayoutTests/http/tests/security/contentSecurityPolicy/report-blocked-uri-and-do-not-follow-redirect-when-sending-report-expected.txt
LayoutTests/http/tests/security/contentSecurityPolicy/report-blocked-uri-and-do-not-follow-redirect-when-sending-report.py
LayoutTests/http/tests/security/contentSecurityPolicy/report-blocked-uri-cross-origin-expected.txt
LayoutTests/http/tests/security/contentSecurityPolicy/report-blocked-uri-cross-origin.py
LayoutTests/http/tests/security/contentSecurityPolicy/report-blocked-uri-expected.txt
LayoutTests/http/tests/security/contentSecurityPolicy/report-blocked-uri.py
LayoutTests/http/tests/security/contentSecurityPolicy/report-cross-origin-no-cookies-expected.txt
LayoutTests/http/tests/security/contentSecurityPolicy/report-cross-origin-no-cookies-when-private-browsing-enabled-expected.txt
LayoutTests/http/tests/security/contentSecurityPolicy/report-cross-origin-no-cookies-when-private-browsing-enabled.py
LayoutTests/http/tests/security/contentSecurityPolicy/report-cross-origin-no-cookies-when-private-browsing-toggled-expected.txt
LayoutTests/http/tests/security/contentSecurityPolicy/report-cross-origin-no-cookies-when-private-browsing-toggled.py [moved from LayoutTests/http/tests/security/contentSecurityPolicy/report-cross-origin-no-cookies-when-private-browsing-toggled.php with 65% similarity, mode: 0755]
LayoutTests/http/tests/security/contentSecurityPolicy/report-cross-origin-no-cookies.py
LayoutTests/http/tests/security/contentSecurityPolicy/report-document-uri-after-blocked-redirect.html
LayoutTests/http/tests/security/contentSecurityPolicy/report-multiple-violations-01.py [moved from LayoutTests/http/tests/security/contentSecurityPolicy/report-multiple-violations-01.php with 50% similarity, mode: 0755]
LayoutTests/http/tests/security/contentSecurityPolicy/report-multiple-violations-02.py [moved from LayoutTests/http/tests/security/contentSecurityPolicy/report-multiple-violations-02.php with 56% similarity, mode: 0755]
LayoutTests/http/tests/security/contentSecurityPolicy/report-only-connect-src-beacon-redirect-blocked-expected.txt
LayoutTests/http/tests/security/contentSecurityPolicy/report-only-connect-src-beacon-redirect-blocked.php [deleted file]
LayoutTests/http/tests/security/contentSecurityPolicy/report-only-connect-src-beacon-redirect-blocked.py [new file with mode: 0755]
LayoutTests/http/tests/security/contentSecurityPolicy/report-only-connect-src-xmlhttprequest-redirect-to-blocked.py [moved from LayoutTests/http/tests/security/contentSecurityPolicy/report-only-connect-src-xmlhttprequest-redirect-to-blocked.php with 78% similarity, mode: 0755]
LayoutTests/http/tests/security/contentSecurityPolicy/report-only-expected.txt
LayoutTests/http/tests/security/contentSecurityPolicy/report-only-from-header-expected.txt
LayoutTests/http/tests/security/contentSecurityPolicy/report-only-from-header.py
LayoutTests/http/tests/security/contentSecurityPolicy/report-only-upgrade-insecure-expected.txt
LayoutTests/http/tests/security/contentSecurityPolicy/report-only-upgrade-insecure.py
LayoutTests/http/tests/security/contentSecurityPolicy/report-only.py
LayoutTests/http/tests/security/contentSecurityPolicy/report-same-origin-no-cookies-when-private-browsing-toggled-expected.txt
LayoutTests/http/tests/security/contentSecurityPolicy/report-same-origin-no-cookies-when-private-browsing-toggled.py
LayoutTests/http/tests/security/contentSecurityPolicy/report-same-origin-with-cookies-expected.txt
LayoutTests/http/tests/security/contentSecurityPolicy/report-same-origin-with-cookies-when-private-browsing-enabled-expected.txt
LayoutTests/http/tests/security/contentSecurityPolicy/report-same-origin-with-cookies-when-private-browsing-enabled.py
LayoutTests/http/tests/security/contentSecurityPolicy/report-same-origin-with-cookies.py
LayoutTests/http/tests/security/contentSecurityPolicy/report-status-code-zero-when-using-https-expected.txt
LayoutTests/http/tests/security/contentSecurityPolicy/report-status-code-zero-when-using-https.html
LayoutTests/http/tests/security/contentSecurityPolicy/report-uri-expected.txt
LayoutTests/http/tests/security/contentSecurityPolicy/report-uri-from-child-frame-expected.txt
LayoutTests/http/tests/security/contentSecurityPolicy/report-uri-from-child-frame.html
LayoutTests/http/tests/security/contentSecurityPolicy/report-uri-from-inline-javascript-expected.txt
LayoutTests/http/tests/security/contentSecurityPolicy/report-uri-from-inline-javascript.py
LayoutTests/http/tests/security/contentSecurityPolicy/report-uri-from-javascript-expected.txt
LayoutTests/http/tests/security/contentSecurityPolicy/report-uri-from-javascript.py
LayoutTests/http/tests/security/contentSecurityPolicy/report-uri-in-meta-tag-ignored.html
LayoutTests/http/tests/security/contentSecurityPolicy/report-uri-scheme-relative-expected.txt
LayoutTests/http/tests/security/contentSecurityPolicy/report-uri-scheme-relative.py
LayoutTests/http/tests/security/contentSecurityPolicy/report-uri.py
LayoutTests/http/tests/security/contentSecurityPolicy/resources/echo-report.php [deleted file]
LayoutTests/http/tests/security/contentSecurityPolicy/resources/echo-report.py [new file with mode: 0755]
LayoutTests/http/tests/security/contentSecurityPolicy/resources/generate-csp-report.php [deleted file]
LayoutTests/http/tests/security/contentSecurityPolicy/resources/generate-csp-report.py [new file with mode: 0755]
LayoutTests/http/tests/security/contentSecurityPolicy/resources/go-to-echo-report.js
LayoutTests/http/tests/security/contentSecurityPolicy/resources/go-to-echo-report.py
LayoutTests/http/tests/security/contentSecurityPolicy/resources/image-document-default-src-none-iframe.py
LayoutTests/http/tests/security/contentSecurityPolicy/resources/redir.php [deleted file]
LayoutTests/http/tests/security/contentSecurityPolicy/resources/report-file-path.php [deleted file]
LayoutTests/http/tests/security/contentSecurityPolicy/resources/report_file_path.py [new file with mode: 0755]
LayoutTests/http/tests/security/contentSecurityPolicy/resources/save-report-and-redirect-to-save-report.php [deleted file]
LayoutTests/http/tests/security/contentSecurityPolicy/resources/save-report-and-redirect-to-save-report.py [new file with mode: 0755]
LayoutTests/http/tests/security/contentSecurityPolicy/resources/save-report.php [deleted file]
LayoutTests/http/tests/security/contentSecurityPolicy/resources/save-report.py [new file with mode: 0755]
LayoutTests/http/tests/security/contentSecurityPolicy/resources/save_report.py [new file with mode: 0755]
LayoutTests/http/tests/security/contentSecurityPolicy/resources/worker.php [deleted file]
LayoutTests/http/tests/security/contentSecurityPolicy/resources/worker.py [new file with mode: 0755]
LayoutTests/http/tests/security/contentSecurityPolicy/resources/xhr-redirect-not-allowed.py
LayoutTests/http/tests/security/contentSecurityPolicy/same-origin-plugin-document-blocked-in-child-window-report-expected.txt
LayoutTests/http/tests/security/contentSecurityPolicy/same-origin-plugin-document-blocked-in-child-window-report.py
LayoutTests/http/tests/security/contentSecurityPolicy/worker-connect-src-allowed.html
LayoutTests/http/tests/security/contentSecurityPolicy/worker-connect-src-blocked.html
LayoutTests/http/tests/security/contentSecurityPolicy/worker-eval-blocked.html
LayoutTests/http/tests/security/contentSecurityPolicy/worker-function-function-blocked.html
LayoutTests/http/tests/security/contentSecurityPolicy/worker-importscripts-blocked.html
LayoutTests/http/tests/security/contentSecurityPolicy/worker-multiple-csp-headers.html
LayoutTests/http/tests/security/contentSecurityPolicy/worker-script-src.html
LayoutTests/http/tests/security/contentSecurityPolicy/worker-set-timeout-blocked.html
LayoutTests/http/tests/security/contentSecurityPolicy/worker-without-own-csp.html
LayoutTests/http/tests/security/contentSecurityPolicy/xmlhttprequest-protected-resource-does-not-crash.html
LayoutTests/http/tests/security/cookies/cookies-wrong-domain-rejected-result.php [deleted file]
LayoutTests/http/tests/security/cookies/cookies-wrong-domain-rejected-result.py [new file with mode: 0755]
LayoutTests/http/tests/security/cookies/cookies-wrong-domain-rejected.py
LayoutTests/http/tests/security/cookies/resources/first-party-cookie-allow.xsl
LayoutTests/http/tests/security/cookies/resources/set-a-cookie.py [moved from LayoutTests/http/tests/security/cookies/resources/set-a-cookie.php with 72% similarity, mode: 0755]
LayoutTests/http/tests/security/cookies/resources/third-party-cookie-blocking.xsl
LayoutTests/http/tests/security/cookies/third-party-cookie-blocking-main-frame.html
LayoutTests/http/tests/security/cookies/third-party-cookie-blocking-user-action.html
LayoutTests/http/tests/security/cookies/third-party-cookie-blocking.html
LayoutTests/http/tests/security/credentials-from-different-domains.html
LayoutTests/http/tests/security/credentials-iframes-allowCrossOriginSubresourcesToAskForCredentials-expected.txt
LayoutTests/http/tests/security/credentials-iframes-expected.txt
LayoutTests/http/tests/security/import-module-crossorigin-loads.html
LayoutTests/http/tests/security/import-script-crossorigin-loads-omit.html
LayoutTests/http/tests/security/isolatedWorld/bypass-main-world-csp-worker.html
LayoutTests/http/tests/security/module-crossorigin-error-event-information-expected.txt
LayoutTests/http/tests/security/module-crossorigin-error-event-information.html
LayoutTests/http/tests/security/module-crossorigin-loads-correctly-credentials.html
LayoutTests/http/tests/security/module-crossorigin-loads-omit.html
LayoutTests/http/tests/security/module-crossorigin-onerror-information-expected.txt
LayoutTests/http/tests/security/module-crossorigin-onerror-information.html
LayoutTests/http/tests/security/private-browsing-http-auth-expected.txt
LayoutTests/http/tests/security/private-browsing-http-auth.html
LayoutTests/http/tests/security/referrer-policy-header-expected.txt
LayoutTests/http/tests/security/referrer-policy-header.html
LayoutTests/http/tests/security/resources/basic-auth.php [deleted file]
LayoutTests/http/tests/security/resources/basic-auth.py [new file with mode: 0755]
LayoutTests/http/tests/security/resources/cors-basic-auth.php [deleted file]
LayoutTests/http/tests/security/resources/cors-basic-auth.py [new file with mode: 0755]
LayoutTests/http/tests/security/resources/cors-script.php [deleted file]
LayoutTests/http/tests/security/resources/cors-script.py [new file with mode: 0755]
LayoutTests/http/tests/security/resources/credentials-from-different-domains-continued-1.html
LayoutTests/http/tests/security/resources/credentials-from-different-domains-continued-2.html
LayoutTests/http/tests/security/resources/credentials-iframes-different-domain.html
LayoutTests/http/tests/security/resources/credentials-iframes-same-domain.html
LayoutTests/http/tests/security/resources/credentials-main-resource.py
LayoutTests/http/tests/security/resources/import-module-crossorigin-loads-src.js
LayoutTests/http/tests/security/resources/reference-movie-cross-origin-allow.php [deleted file]
LayoutTests/http/tests/security/resources/reference-movie-cross-origin-allow.py [new file with mode: 0755]
LayoutTests/http/tests/security/resources/serve-referrer-policy-and-test.php [deleted file]
LayoutTests/http/tests/security/resources/serve-referrer-policy-and-test.py [new file with mode: 0755]
LayoutTests/http/tests/security/resources/video-cross-origin-allow-credentials.php [deleted file]
LayoutTests/http/tests/security/resources/video-cross-origin-allow-credentials.py [new file with mode: 0755]
LayoutTests/http/tests/security/resources/video-cross-origin-allow.php [deleted file]
LayoutTests/http/tests/security/resources/video-cross-origin-allow.py [new file with mode: 0755]
LayoutTests/http/tests/security/script-crossorigin-error-event-information-expected.txt
LayoutTests/http/tests/security/script-crossorigin-error-event-information.html
LayoutTests/http/tests/security/script-crossorigin-loads-correctly-credentials.html
LayoutTests/http/tests/security/script-crossorigin-loads-correctly.html
LayoutTests/http/tests/security/script-crossorigin-onerror-information-expected.txt
LayoutTests/http/tests/security/script-crossorigin-onerror-information.html
LayoutTests/http/tests/security/script-no-crossorigin-error-event-should-be-sanitized.html
LayoutTests/http/tests/security/script-no-crossorigin-onerror-should-be-sanitized.html
LayoutTests/http/tests/security/sync-xhr-partition.html
LayoutTests/http/tests/security/video-cross-origin-caching.html
LayoutTests/http/tests/security/video-cross-origin-readback.html
LayoutTests/http/tests/security/webaudio-render-remote-audio-allowed-crossorigin-redirect.html
LayoutTests/http/tests/security/webaudio-render-remote-audio-allowed-crossorigin.html
LayoutTests/http/tests/security/webaudio-render-remote-audio-blocked-no-crossorigin-redirect.html
LayoutTests/http/tests/security/webaudio-render-remote-audio-blocked-no-crossorigin.html
LayoutTests/http/tests/security/xssAuditor/report-script-tag-and-do-not-follow-redirect-when-sending-report-expected.txt
LayoutTests/http/tests/security/xssAuditor/report-script-tag-and-do-not-follow-redirect-when-sending-report.html
LayoutTests/http/tests/security/xssAuditor/report-script-tag-expected.txt
LayoutTests/http/tests/security/xssAuditor/report-script-tag-full-block-and-do-not-follow-redirect-when-sending-report-expected.txt
LayoutTests/http/tests/security/xssAuditor/report-script-tag-full-block-and-do-not-follow-redirect-when-sending-report.html
LayoutTests/http/tests/security/xssAuditor/report-script-tag-full-block-expected.txt
LayoutTests/http/tests/security/xssAuditor/report-script-tag-replace-state-expected.txt
LayoutTests/http/tests/security/xssAuditor/resources/echo-intertag.pl
LayoutTests/http/tests/security/xssAuditor/resources/tag-with-pause.py
LayoutTests/http/tests/ssl/curl/certificate-and-authentication.html
LayoutTests/http/tests/xmlhttprequest/resources/noContentLength.cgi
LayoutTests/platform/mac-wk1/TestExpectations
LayoutTests/platform/mac-wk1/http/tests/security/contentSecurityPolicy/report-document-uri-after-blocked-redirect-expected.txt
LayoutTests/platform/win/TestExpectations
LayoutTests/platform/win/http/tests/security/contentSecurityPolicy/report-document-uri-after-blocked-redirect-expected.txt
LayoutTests/platform/wk2/TestExpectations
LayoutTests/platform/wk2/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-css-in-iframe-report-only-expected.txt

index fa1d16127c143a6e53c5b8d68ffe1a0838d74d1f..190e832f659b89a46973dfce1575e39529f099d3 100644 (file)
@@ -1,3 +1,249 @@
+2021-04-13  Chris Gambrell  <cgambrell@apple.com>
+
+        [LayoutTests] Convert http/tests/security convert PHP to Python
+        https://bugs.webkit.org/show_bug.cgi?id=222668
+        <rdar://problem/74993152>
+
+        Reviewed by Jonathan Bedard.
+
+        * TestExpectations:
+        * http/tests/blink/sendbeacon/connect-src-beacon-allowed.html:
+        * http/tests/cache/resources/iframe304.py:
+        * http/tests/contentextensions/block-cookies-in-csp-report.py:
+        * http/tests/css/resources/webfont-request.py:
+        (get_request_count): Deleted.
+        (set_request_count): Deleted.
+        * http/tests/local/script-crossorigin-loads-file-scheme.html:
+        * http/tests/media/resources/serve_video.py: Added.
+        (answering):
+        * http/tests/resources/portabilityLayer.py:
+        (get_cookies): Add trailing newline.
+        (get_request): PHP equivalent of $_REQUEST which is used by numerous scripts.
+        (get_count): Added trailing newline.
+        (get_state): Added trailing newline.
+        (set_state): Changed open file's name to prevent confusion with parameter.
+        (step_state): Added trailing newline.
+        * http/tests/security/401-logout/401-logout-expected.txt:
+        * http/tests/security/401-logout/401-logout.php: Removed.
+        * http/tests/security/401-logout/401-logout.py: Added.
+        * http/tests/security/canvas-remote-read-remote-video-allowed-anonymous.html:
+        * http/tests/security/canvas-remote-read-remote-video-allowed-with-credentials.html:
+        * http/tests/security/canvas-remote-read-remote-video-blocked-no-crossorigin.html:
+        * http/tests/security/contentSecurityPolicy/1.1/frame-ancestors/frame-ancestors-in-report-only-ignored.html:
+        * http/tests/security/contentSecurityPolicy/1.1/frame-ancestors/report-frame-ancestors-cross-origin-expected.txt:
+        * http/tests/security/contentSecurityPolicy/1.1/frame-ancestors/report-frame-ancestors-cross-origin-https-expected.txt:
+        * http/tests/security/contentSecurityPolicy/1.1/frame-ancestors/report-frame-ancestors-cross-origin-https.html:
+        * http/tests/security/contentSecurityPolicy/1.1/frame-ancestors/report-frame-ancestors-cross-origin.html:
+        * http/tests/security/contentSecurityPolicy/1.1/frame-ancestors/report-frame-ancestors-same-origin-expected.txt:
+        * http/tests/security/contentSecurityPolicy/1.1/frame-ancestors/report-frame-ancestors-same-origin-https-expected.txt:
+        * http/tests/security/contentSecurityPolicy/1.1/frame-ancestors/report-frame-ancestors-same-origin-https.html:
+        * http/tests/security/contentSecurityPolicy/1.1/frame-ancestors/report-frame-ancestors-same-origin.html:
+        * http/tests/security/contentSecurityPolicy/1.1/report-uri-effective-directive-expected.txt:
+        * http/tests/security/contentSecurityPolicy/1.1/report-uri-effective-directive.py:
+        * http/tests/security/contentSecurityPolicy/1.1/resources/testScriptHash.php: Removed.
+        * http/tests/security/contentSecurityPolicy/1.1/resources/testScriptHash.py: Added.
+        * http/tests/security/contentSecurityPolicy/1.1/script-blocked-sends-multiple-reports-expected.txt:
+        * http/tests/security/contentSecurityPolicy/1.1/script-blocked-sends-multiple-reports.py:
+        * http/tests/security/contentSecurityPolicy/1.1/scripthash-allowed-by-enforced-policy-and-blocked-by-report-policy-expected.txt:
+        * http/tests/security/contentSecurityPolicy/1.1/scripthash-allowed-by-enforced-policy-and-blocked-by-report-policy.py:
+        * http/tests/security/contentSecurityPolicy/1.1/scripthash-allowed-by-enforced-policy-and-blocked-by-report-policy2-expected.txt:
+        * http/tests/security/contentSecurityPolicy/1.1/scripthash-allowed-by-enforced-policy-and-blocked-by-report-policy2.py:
+        * http/tests/security/contentSecurityPolicy/1.1/scripthash-allowed-by-legacy-enforced-policy-and-blocked-by-report-policy-expected.txt:
+        * http/tests/security/contentSecurityPolicy/1.1/scripthash-allowed-by-legacy-enforced-policy-and-blocked-by-report-policy.py:
+        * http/tests/security/contentSecurityPolicy/1.1/scripthash-allowed-by-legacy-enforced-policy-and-blocked-by-report-policy2-expected.txt:
+        * http/tests/security/contentSecurityPolicy/1.1/scripthash-allowed-by-legacy-enforced-policy-and-blocked-by-report-policy2.py:
+        * http/tests/security/contentSecurityPolicy/1.1/scripthash-blocked-by-enforced-policy-and-allowed-by-report-policy-expected.txt:
+        * http/tests/security/contentSecurityPolicy/1.1/scripthash-blocked-by-enforced-policy-and-allowed-by-report-policy.py:
+        * http/tests/security/contentSecurityPolicy/1.1/scripthash-blocked-by-legacy-enforced-policy-and-allowed-by-report-policy.py:
+        * http/tests/security/contentSecurityPolicy/1.1/scripthash-blocked-by-legacy-enforced-policy-and-blocked-by-report-policy-expected.txt:
+        * http/tests/security/contentSecurityPolicy/1.1/scripthash-blocked-by-legacy-enforced-policy-and-blocked-by-report-policy.py:
+        * http/tests/security/contentSecurityPolicy/1.1/scripthash-blocked-by-legacy-enforced-policy-and-blocked-by-report-policy2-expected.txt:
+        * http/tests/security/contentSecurityPolicy/1.1/scripthash-blocked-by-legacy-enforced-policy-and-blocked-by-report-policy2.py:
+        * http/tests/security/contentSecurityPolicy/1.1/scripthash-tests.html:
+        * http/tests/security/contentSecurityPolicy/1.1/scriptnonce-allowed-by-enforced-policy-and-blocked-by-report-policy.py:
+        * http/tests/security/contentSecurityPolicy/1.1/scriptnonce-allowed-by-enforced-policy-and-blocked-by-report-policy2.py:
+        * http/tests/security/contentSecurityPolicy/1.1/scriptnonce-allowed-by-legacy-enforced-policy-and-blocked-by-report-policy.py:
+        * http/tests/security/contentSecurityPolicy/1.1/scriptnonce-allowed-by-legacy-enforced-policy-and-blocked-by-report-policy2.py:
+        * http/tests/security/contentSecurityPolicy/1.1/scriptnonce-blocked-by-enforced-policy-and-allowed-by-report-policy-expected.txt:
+        * http/tests/security/contentSecurityPolicy/1.1/scriptnonce-blocked-by-enforced-policy-and-allowed-by-report-policy.py:
+        * http/tests/security/contentSecurityPolicy/1.1/scriptnonce-blocked-by-legacy-enforced-policy-and-allowed-by-report-policy.py:
+        * http/tests/security/contentSecurityPolicy/1.1/scriptnonce-blocked-by-legacy-enforced-policy-and-blocked-by-report-policy.py:
+        * http/tests/security/contentSecurityPolicy/1.1/scriptnonce-blocked-by-legacy-enforced-policy-and-blocked-by-report-policy2.py:
+        * http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-css-in-iframe-report-only-expected.txt:
+        * http/tests/security/contentSecurityPolicy/block-all-mixed-content/resources/frame-with-insecure-css-report-only.py:
+        * http/tests/security/contentSecurityPolicy/connect-src-beacon-allowed.html:
+        * http/tests/security/contentSecurityPolicy/connect-src-beacon-blocked-expected.txt:
+        * http/tests/security/contentSecurityPolicy/connect-src-beacon-blocked.html:
+        * http/tests/security/contentSecurityPolicy/eval-allowed-in-report-only-mode-and-sends-report-expected.txt:
+        * http/tests/security/contentSecurityPolicy/eval-allowed-in-report-only-mode-and-sends-report.py:
+        * http/tests/security/contentSecurityPolicy/eval-blocked-and-sends-report-expected.txt:
+        * http/tests/security/contentSecurityPolicy/eval-blocked-and-sends-report.html:
+        * http/tests/security/contentSecurityPolicy/report-and-enforce-expected.txt:
+        * http/tests/security/contentSecurityPolicy/report-and-enforce.py:
+        * http/tests/security/contentSecurityPolicy/report-blocked-data-uri-expected.txt:
+        * http/tests/security/contentSecurityPolicy/report-blocked-data-uri.py:
+        * http/tests/security/contentSecurityPolicy/report-blocked-file-uri-expected.txt:
+        * http/tests/security/contentSecurityPolicy/report-blocked-file-uri.py:
+        * http/tests/security/contentSecurityPolicy/report-blocked-uri-and-do-not-follow-redirect-when-sending-report-expected.txt:
+        * http/tests/security/contentSecurityPolicy/report-blocked-uri-and-do-not-follow-redirect-when-sending-report.py:
+        * http/tests/security/contentSecurityPolicy/report-blocked-uri-cross-origin-expected.txt:
+        * http/tests/security/contentSecurityPolicy/report-blocked-uri-cross-origin.py:
+        * http/tests/security/contentSecurityPolicy/report-blocked-uri-expected.txt:
+        * http/tests/security/contentSecurityPolicy/report-blocked-uri.py:
+        * http/tests/security/contentSecurityPolicy/report-cross-origin-no-cookies-expected.txt:
+        * http/tests/security/contentSecurityPolicy/report-cross-origin-no-cookies-when-private-browsing-enabled-expected.txt:
+        * http/tests/security/contentSecurityPolicy/report-cross-origin-no-cookies-when-private-browsing-enabled.py:
+        * http/tests/security/contentSecurityPolicy/report-cross-origin-no-cookies-when-private-browsing-toggled-expected.txt:
+        * http/tests/security/contentSecurityPolicy/report-cross-origin-no-cookies-when-private-browsing-toggled.php: Removed.
+        * http/tests/security/contentSecurityPolicy/report-cross-origin-no-cookies-when-private-browsing-toggled.py: Added.
+        * http/tests/security/contentSecurityPolicy/report-cross-origin-no-cookies.py:
+        * http/tests/security/contentSecurityPolicy/report-document-uri-after-blocked-redirect.html:
+        * http/tests/security/contentSecurityPolicy/report-multiple-violations-01.php: Removed.
+        * http/tests/security/contentSecurityPolicy/report-multiple-violations-01.py: Added.
+        * http/tests/security/contentSecurityPolicy/report-multiple-violations-02.php: Removed.
+        * http/tests/security/contentSecurityPolicy/report-multiple-violations-02.py: Added.
+        * http/tests/security/contentSecurityPolicy/report-only-connect-src-beacon-redirect-blocked-expected.txt:
+        * http/tests/security/contentSecurityPolicy/report-only-connect-src-beacon-redirect-blocked.php: Removed.
+        * http/tests/security/contentSecurityPolicy/report-only-connect-src-beacon-redirect-blocked.py: Added.
+        * http/tests/security/contentSecurityPolicy/report-only-connect-src-xmlhttprequest-redirect-to-blocked.php: Removed.
+        * http/tests/security/contentSecurityPolicy/report-only-connect-src-xmlhttprequest-redirect-to-blocked.py: Added.
+        * http/tests/security/contentSecurityPolicy/report-only-expected.txt:
+        * http/tests/security/contentSecurityPolicy/report-only-from-header-expected.txt:
+        * http/tests/security/contentSecurityPolicy/report-only-from-header.py:
+        * http/tests/security/contentSecurityPolicy/report-only-upgrade-insecure-expected.txt:
+        * http/tests/security/contentSecurityPolicy/report-only-upgrade-insecure.py:
+        * http/tests/security/contentSecurityPolicy/report-only.py:
+        * http/tests/security/contentSecurityPolicy/report-same-origin-no-cookies-when-private-browsing-toggled-expected.txt:
+        * http/tests/security/contentSecurityPolicy/report-same-origin-no-cookies-when-private-browsing-toggled.py:
+        * http/tests/security/contentSecurityPolicy/report-same-origin-with-cookies-expected.txt:
+        * http/tests/security/contentSecurityPolicy/report-same-origin-with-cookies-when-private-browsing-enabled-expected.txt:
+        * http/tests/security/contentSecurityPolicy/report-same-origin-with-cookies-when-private-browsing-enabled.py:
+        * http/tests/security/contentSecurityPolicy/report-same-origin-with-cookies.py:
+        * http/tests/security/contentSecurityPolicy/report-status-code-zero-when-using-https-expected.txt:
+        * http/tests/security/contentSecurityPolicy/report-status-code-zero-when-using-https.html:
+        * http/tests/security/contentSecurityPolicy/report-uri-expected.txt:
+        * http/tests/security/contentSecurityPolicy/report-uri-from-child-frame-expected.txt:
+        * http/tests/security/contentSecurityPolicy/report-uri-from-child-frame.html:
+        * http/tests/security/contentSecurityPolicy/report-uri-from-inline-javascript-expected.txt:
+        * http/tests/security/contentSecurityPolicy/report-uri-from-inline-javascript.py:
+        * http/tests/security/contentSecurityPolicy/report-uri-from-javascript-expected.txt:
+        * http/tests/security/contentSecurityPolicy/report-uri-from-javascript.py:
+        * http/tests/security/contentSecurityPolicy/report-uri-in-meta-tag-ignored.html:
+        * http/tests/security/contentSecurityPolicy/report-uri-scheme-relative-expected.txt:
+        * http/tests/security/contentSecurityPolicy/report-uri-scheme-relative.py:
+        * http/tests/security/contentSecurityPolicy/report-uri.py:
+        * http/tests/security/contentSecurityPolicy/resources/echo-report.php: Removed.
+        * http/tests/security/contentSecurityPolicy/resources/echo-report.py: Added.
+        * http/tests/security/contentSecurityPolicy/resources/generate-csp-report.php: Removed.
+        * http/tests/security/contentSecurityPolicy/resources/generate-csp-report.py: Added.
+        * http/tests/security/contentSecurityPolicy/resources/go-to-echo-report.js:
+        (window.onload):
+        * http/tests/security/contentSecurityPolicy/resources/go-to-echo-report.py:
+        * http/tests/security/contentSecurityPolicy/resources/image-document-default-src-none-iframe.py:
+        * http/tests/security/contentSecurityPolicy/resources/redir.php: Removed.
+        * http/tests/security/contentSecurityPolicy/resources/report-file-path.php: Removed.
+        * http/tests/security/contentSecurityPolicy/resources/report_file_path.py: Added.
+        * http/tests/security/contentSecurityPolicy/resources/save-report-and-redirect-to-save-report.php: Removed.
+        * http/tests/security/contentSecurityPolicy/resources/save-report-and-redirect-to-save-report.py: Added.
+        * http/tests/security/contentSecurityPolicy/resources/save-report.php: Removed.
+        * http/tests/security/contentSecurityPolicy/resources/save-report.py: Added.
+        * http/tests/security/contentSecurityPolicy/resources/save_report.py: Added.
+        (not_being_called):
+        (save_report):
+        * http/tests/security/contentSecurityPolicy/resources/worker.php: Removed.
+        * http/tests/security/contentSecurityPolicy/resources/worker.py: Added.
+        * http/tests/security/contentSecurityPolicy/resources/xhr-redirect-not-allowed.py:
+        * http/tests/security/contentSecurityPolicy/same-origin-plugin-document-blocked-in-child-window-report-expected.txt:
+        * http/tests/security/contentSecurityPolicy/same-origin-plugin-document-blocked-in-child-window-report.py:
+        * http/tests/security/contentSecurityPolicy/worker-connect-src-allowed.html:
+        * http/tests/security/contentSecurityPolicy/worker-connect-src-blocked.html:
+        * http/tests/security/contentSecurityPolicy/worker-eval-blocked.html:
+        * http/tests/security/contentSecurityPolicy/worker-function-function-blocked.html:
+        * http/tests/security/contentSecurityPolicy/worker-importscripts-blocked.html:
+        * http/tests/security/contentSecurityPolicy/worker-multiple-csp-headers.html:
+        * http/tests/security/contentSecurityPolicy/worker-script-src.html:
+        * http/tests/security/contentSecurityPolicy/worker-set-timeout-blocked.html:
+        * http/tests/security/contentSecurityPolicy/worker-without-own-csp.html:
+        * http/tests/security/contentSecurityPolicy/xmlhttprequest-protected-resource-does-not-crash.html:
+        * http/tests/security/cookies/cookies-wrong-domain-rejected-result.php: Removed.
+        * http/tests/security/cookies/cookies-wrong-domain-rejected-result.py: Added.
+        * http/tests/security/cookies/cookies-wrong-domain-rejected.py:
+        * http/tests/security/cookies/resources/first-party-cookie-allow.xsl:
+        * http/tests/security/cookies/resources/set-a-cookie.php: Removed.
+        * http/tests/security/cookies/resources/set-a-cookie.py: Added.
+        * http/tests/security/cookies/resources/third-party-cookie-blocking.xsl:
+        * http/tests/security/cookies/third-party-cookie-blocking-main-frame.html:
+        * http/tests/security/cookies/third-party-cookie-blocking-user-action.html:
+        * http/tests/security/cookies/third-party-cookie-blocking.html:
+        * http/tests/security/credentials-from-different-domains.html:
+        * http/tests/security/credentials-iframes-allowCrossOriginSubresourcesToAskForCredentials-expected.txt:
+        * http/tests/security/credentials-iframes-expected.txt:
+        * http/tests/security/import-module-crossorigin-loads.html:
+        * http/tests/security/import-script-crossorigin-loads-omit.html:
+        * http/tests/security/isolatedWorld/bypass-main-world-csp-worker.html:
+        * http/tests/security/module-crossorigin-error-event-information-expected.txt:
+        * http/tests/security/module-crossorigin-error-event-information.html:
+        * http/tests/security/module-crossorigin-loads-correctly-credentials.html:
+        * http/tests/security/module-crossorigin-loads-omit.html:
+        * http/tests/security/module-crossorigin-onerror-information-expected.txt:
+        * http/tests/security/module-crossorigin-onerror-information.html:
+        * http/tests/security/private-browsing-http-auth-expected.txt:
+        * http/tests/security/private-browsing-http-auth.html:
+        * http/tests/security/referrer-policy-header-expected.txt:
+        * http/tests/security/referrer-policy-header.html:
+        * http/tests/security/resources/basic-auth.php: Removed.
+        * http/tests/security/resources/basic-auth.py: Added.
+        * http/tests/security/resources/cors-basic-auth.php: Removed.
+        * http/tests/security/resources/cors-basic-auth.py: Added.
+        * http/tests/security/resources/cors-script.php: Removed.
+        * http/tests/security/resources/cors-script.py: Added.
+        * http/tests/security/resources/credentials-from-different-domains-continued-1.html:
+        * http/tests/security/resources/credentials-from-different-domains-continued-2.html:
+        * http/tests/security/resources/credentials-iframes-different-domain.html:
+        * http/tests/security/resources/credentials-iframes-same-domain.html:
+        * http/tests/security/resources/credentials-main-resource.py:
+        * http/tests/security/resources/import-module-crossorigin-loads-src.js:
+        * http/tests/security/resources/reference-movie-cross-origin-allow.php: Removed.
+        * http/tests/security/resources/reference-movie-cross-origin-allow.py: Added.
+        * http/tests/security/resources/serve-referrer-policy-and-test.php: Removed.
+        * http/tests/security/resources/serve-referrer-policy-and-test.py: Added.
+        * http/tests/security/resources/video-cross-origin-allow-credentials.php: Removed.
+        * http/tests/security/resources/video-cross-origin-allow-credentials.py: Added.
+        * http/tests/security/resources/video-cross-origin-allow.php: Removed.
+        * http/tests/security/resources/video-cross-origin-allow.py: Added.
+        * http/tests/security/script-crossorigin-error-event-information-expected.txt:
+        * http/tests/security/script-crossorigin-error-event-information.html:
+        * http/tests/security/script-crossorigin-loads-correctly-credentials.html:
+        * http/tests/security/script-crossorigin-loads-correctly.html:
+        * http/tests/security/script-crossorigin-onerror-information-expected.txt:
+        * http/tests/security/script-crossorigin-onerror-information.html:
+        * http/tests/security/script-no-crossorigin-error-event-should-be-sanitized.html:
+        * http/tests/security/script-no-crossorigin-onerror-should-be-sanitized.html:
+        * http/tests/security/sync-xhr-partition.html:
+        * http/tests/security/video-cross-origin-caching.html:
+        * http/tests/security/video-cross-origin-readback.html:
+        * http/tests/security/webaudio-render-remote-audio-allowed-crossorigin-redirect.html:
+        * http/tests/security/webaudio-render-remote-audio-allowed-crossorigin.html:
+        * http/tests/security/webaudio-render-remote-audio-blocked-no-crossorigin-redirect.html:
+        * http/tests/security/webaudio-render-remote-audio-blocked-no-crossorigin.html:
+        * http/tests/security/xssAuditor/report-script-tag-and-do-not-follow-redirect-when-sending-report-expected.txt:
+        * http/tests/security/xssAuditor/report-script-tag-and-do-not-follow-redirect-when-sending-report.html:
+        * http/tests/security/xssAuditor/report-script-tag-expected.txt:
+        * http/tests/security/xssAuditor/report-script-tag-full-block-and-do-not-follow-redirect-when-sending-report-expected.txt:
+        * http/tests/security/xssAuditor/report-script-tag-full-block-and-do-not-follow-redirect-when-sending-report.html:
+        * http/tests/security/xssAuditor/report-script-tag-full-block-expected.txt:
+        * http/tests/security/xssAuditor/report-script-tag-replace-state-expected.txt:
+        * http/tests/security/xssAuditor/resources/echo-intertag.pl:
+        * http/tests/security/xssAuditor/resources/tag-with-pause.py:
+        * http/tests/ssl/curl/certificate-and-authentication.html:
+        * http/tests/xmlhttprequest/resources/noContentLength.cgi:
+        * platform/mac-wk1/TestExpectations:
+        * platform/mac-wk1/http/tests/security/contentSecurityPolicy/report-document-uri-after-blocked-redirect-expected.txt:
+        * platform/win/TestExpectations:
+        * platform/win/http/tests/security/contentSecurityPolicy/report-document-uri-after-blocked-redirect-expected.txt:
+        * platform/wk2/TestExpectations:
+        * platform/wk2/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-css-in-iframe-report-only-expected.txt:
+
 2021-04-13  Ziran Sun  <zsun@igalia.com>
 
         [css-grid] Incorrect track sizing when using relative sized items in 'auto' column tracks
index 6239125ab78c99c647dac9f8afe6bbb58412419f..168c967ec33f9306b5a7f15f015e356bd51857c6 100644 (file)
@@ -2161,8 +2161,8 @@ webkit.org/b/153159 http/tests/security/contentSecurityPolicy/image-document-def
 webkit.org/b/153160 http/tests/security/contentSecurityPolicy/object-src-does-not-affect-child.html [ Failure ]
 webkit.org/b/153160 http/tests/security/contentSecurityPolicy/plugin-in-iframe-with-csp.html [ Failure ]
 webkit.org/b/153161 http/tests/security/contentSecurityPolicy/register-bypassing-scheme-partial.html [ Failure ]
-webkit.org/b/153162 http/tests/security/contentSecurityPolicy/report-multiple-violations-01.php [ Failure ]
-webkit.org/b/153162 http/tests/security/contentSecurityPolicy/report-multiple-violations-02.php [ Failure ]
+webkit.org/b/153162 http/tests/security/contentSecurityPolicy/report-multiple-violations-01.py [ Failure ]
+webkit.org/b/153162 http/tests/security/contentSecurityPolicy/report-multiple-violations-02.py [ Failure ]
 webkit.org/b/154203 http/tests/security/contentSecurityPolicy/1.1/frame-ancestors/frame-ancestors-overrides-xfo.html
 webkit.org/b/154522 http/tests/security/contentSecurityPolicy/1.1/securitypolicyviolation-base-uri-deny.html
 webkit.org/b/158480 http/tests/websocket/tests/hybi/upgrade-simple-ws.html [ Skip ]
index 832f48bd7a171bc569a79075ea2368ddda79a8c1..766ab633e94cb33e84eecadb578f025f55bd06bd 100644 (file)
@@ -16,7 +16,7 @@ function log(msg)
 }
 
 try {
-    var es = navigator.sendBeacon("http://127.0.0.1:8000/security/contentSecurityPolicy/resources/echo-report.php");
+    var es = navigator.sendBeacon("http://127.0.0.1:8000/security/contentSecurityPolicy/resources/echo-report.py");
     log("Pass");
 } catch(e) {
     log("Fail");
index cd8807c607207809d6de1e105f53e75a763cab91..f0beeec9db112fe10861acc1566fe028eed7cc59 100755 (executable)
@@ -22,6 +22,6 @@ sys.stdout.write(
     'Content-Type: text/html\r\n'
     'Content-Length: 0\r\n'
     'Etag: 123456789\r\n'
-    f'Last-Modified: {last_modified}\r\n'
+    f'Last-Modified: {last_modified}\r\n\r\n'
 )
 sys.exit(0)
\ No newline at end of file
index cd2b0cea123d5264ef1e54443a0b67aad322cf2d..43287dcbea80c942c3c4a34528effcbc784038fd 100755 (executable)
@@ -40,7 +40,7 @@ function showPingResult() {
 
 <body>
 This test creates a CSP violation report, but the report URL matches a 'block-cookie' rule.
-<img src="/cookies/resources/cookie-utility.php?queryfunction=setFooCookie"
+<img src="/cookies/resources/cookie-utility.py?queryfunction=setFooCookie"
     onerror="deletePing();">
 <div id="delete_ping_container"></div>
 <iframe id="result_frame" name="result_frame"><!-- Will contain ping data received by server --></iframe>
index 92101c9845f666374072405bb65b600cea9ce2cb..b57c6e1b8cdae2c79f19371dd1dea9f35cfcb45a 100755 (executable)
@@ -5,26 +5,21 @@ import sys
 import tempfile
 from urllib.parse import parse_qs
 
-def get_request_count(file):
-    if not os.path.isfile(file):
-        return 0
+file = __file__.split(':/cygwin')[-1]
+http_root = os.path.dirname(os.path.dirname(os.path.abspath(os.path.dirname(file))))
+sys.path.insert(0, http_root)
 
-    with open(file, 'r') as file:
-        return int(file.read())
-
-def set_request_count(file, count):
-    with open(file, 'r') as file:
-        file.write(count)
+from resources.portabilityLayer import get_state, set_state
 
 query = parse_qs(os.environ.get('QUERY_STRING', ''), keep_blank_values=True)
-filename = query.get('filename', [''])[0]
+filename = query.get('filename', ['404.txt'])[0]
 mode = query.get('mode', [''])[0]
 
 tmp_file = os.path.join(tempfile.gettempdir(), filename)
-current_count = get_request_count(tmp_file)
+current_count = int(get_state(tmp_file, 0))
 
 if mode == 'getFont':
-    set_request_count(tmp_file, current_count + 1)
+    set_state(tmp_file, str(current_count + 1))
     sys.stdout.write(
         'Access-control-max-age: 0\r\n'
         'Access-control-allow-origin: *\r\n'
index 4e40dd0455ba2581f37aa3eefc863c0858eae901..ea85f73f90cf17fd1d5045edbb013aadac5090e8 100644 (file)
@@ -17,7 +17,7 @@ var script = document.createElement("script");
 script.crossOrigin = "use-credentials";
 // We are serving the test from the filesystem and file URLs are granted universal access.
 // This bypasses CORS checks and will allow access to 127.0.0.1:8000.
-script.src = "http://localhost:8000/security/resources/cors-script.php?credentials=true";
+script.src = "http://localhost:8000/security/resources/cors-script.py?credentials=true";
 script.onload = function() { done("PASS"); }
 script.onerror = function() { done("FAIL");}
 document.body.appendChild(script);
diff --git a/LayoutTests/http/tests/media/resources/serve_video.py b/LayoutTests/http/tests/media/resources/serve_video.py
new file mode 100755 (executable)
index 0000000..3edb9ab
--- /dev/null
@@ -0,0 +1,184 @@
+#!/usr/bin/env python3
+
+# This script is based on the work done by gadgetguru
+# <david@vuistbijl.nl> at
+# https://github.com/gadgetguru/PHP-Streaming-Audio and released
+# under the Public Domain.
+
+import json
+import math
+import os
+import sys
+import time
+from datetime import datetime
+from urllib.parse import parse_qs
+
+https = os.environ.get('HTTPS', None)
+
+radio_url = ''
+if https is None:
+    radio_url += 'https://'
+else:
+    radio_url += 'http://'
+radio_url += '{}{}'.format(os.environ.get('HTTP_HOST', ''), os.environ.get('REQUEST_URI', ''))
+
+query = parse_qs(os.environ.get('QUERY_STRING', ''), keep_blank_values=True)
+
+name = query.get('name', [''])[0]
+media_directory = ''
+if name != '':
+    media_directory = os.path.abspath(os.path.dirname(name))
+file_name = name
+
+# Set Variables
+settings = {
+    'chunkSize': int(query.get('chunkSize', [1024 * 256])[0]),
+    'databaseFile': 'metadata.db',
+    'httpStatus': '500 Internal Server Error',
+    'mediaDirectory': media_directory,
+    'mimeType': query.get('type', [''])[0],
+    'radioGenre': 'Rock',
+    'radioName': 'WebKit Test Radio',
+    'radioUrl': radio_url,
+    'setContentLength': query.get('content-length', ['yes'])[0],
+    'setIcyData': query.get('icy-data', ['no'])[0],
+    'supportRanges': query.get('ranges', ['yes'])[0],
+    'stallOffset': int(query.get('stallOffset', [0])[0]),
+    'stallDuration': int(query.get('stallDuration', [2])[0]),
+}
+
+
+def answering():
+    sys.stdout.write(
+        'status: {}\r\n'
+        'Connection: close\r\n'.format(settings['httpStatus'][0:3])
+    )
+
+    if settings['httpStatus'].startswith('500'):
+        sys.stdout.write(
+            'Content-Type: text/html\r\n\r\n'
+            '<html><body><h1>{}</h1><p/></body></html>'.format(settings['httpStatus'])
+        )
+        sys.stdout.flush()
+        sys.exit(0)
+
+    file_size = os.path.getsize(file_name)
+    last_modified = datetime.utcnow()
+    sys.stdout.write(
+        'Last-Modified: {} GMT\r\n'
+        'Cache-Control: no-cache\r\n'
+        'Etag: "{}-{}"\r\n'.format(last_modified.strftime('%a, %d %b %Y %H:%M:%S'), file_size, str(os.stat(file_name).st_mtime).split('.')[0])
+    )
+
+    if settings['setIcyData'] == 'yes':
+        bit_rate = math.ceil(play_files[len(play_files) - 1]['mimeType'] / 1000)
+        if settings['mimeType'] == '':
+            settings['mimeType'] = play_files[len(play_files) - 1]['mimeType']
+
+        sys.stdout.write(
+            'icy-notice1: <BR>This stream requires a shoutcast/icecast compatible player.<BR>\r\n'
+            'icy-notice2: WebKit Stream Test<BR>\r\n'
+            'icy-name: {name}\r\n'
+            'icy-genre: {genre}\r\n'
+            'icy-url: {url}\r\n'
+            'icy-pub: 1\r\n'
+            'icy-br: {rate}\r\n'.format(name=settings['radioName'], genre=settings['radioGenre'], url=settings['radioUrl'], rate=bit_rate)
+        )
+
+    sys.stdout.write('Content-Type: {}\r\n'.format(settings['mimeType']))
+
+    if settings['supportRanges'] != 'no':
+        sys.stdout.write('Accept-Ranges: bytes\r\n')
+    if settings['setContentLength'] != 'no':
+        sys.stdout.write('Content-Length: {}\r\n'.format(end - start + 1))
+    if content_range is not None:
+        sys.stdout.write('Content-Range: bytes {}-{}/{}\r\n'.format(start, end, file_size))
+    sys.stdout.write('\r\n')
+
+    offset = start
+    open_file = open(file_name, 'rb')
+    content = open_file.read()
+
+    stalled_once = False
+    while offset <= end:
+        read_size = min(settings['chunkSize'], (end - offset) + 1)
+        stall_now = False
+        if not stalled_once and settings['stallOffset'] >= offset and settings['stallOffset'] < offset + read_size:
+            read_size = min(settings['chunkSize'], settings['stallOffset'] - offset)
+            stall_now = True
+
+        buff = content[offset:read_size]
+        read_length = len(buff)
+
+        sys.stdout.buffer.write(buff)
+        sys.stdout.flush()
+        offset += read_length
+
+        if stall_now:
+            time.sleep(settings['stallDuration'])
+            stalled_once = True
+
+    open_file.close()
+    sys.exit(0)
+
+
+if query.get('name', [None])[0] is None:
+    sys.stderr.write('You have not specified a \'name\' parameter.\n')
+    answering()
+
+if not os.path.isfile(file_name):
+    sys.stderr.write('The file \'{}\' doesn\'t exist.\n'.format(file_name))
+    answering()
+settings['databaseFile'] = settings['mediaDirectory'] + '/' + settings['databaseFile']
+
+if settings['setIcyData'] != 'yes' and settings['mimeType'] == '':
+    sys.stderr.write('You have not specified a \'type\' parameter.\n')
+    answering()
+
+if settings['setIcyData'] == 'yes':
+    if not os.path.isfile(settings['databaseFile']):
+        # If the metadata database file doesn't exist it has to
+        # be create previously.
+        #
+        # Check the instructions about how to create it from the
+        # create-id3-db.php script file in this same directory.
+
+        sys.stderr.write('The metadata database doesn\'t exist. To create one, check the script \'create-id3-db.php\'.\n')
+        answering()
+
+    play_files = {}
+    with open(settings['databaseFile'], 'r') as file:
+        play_files = json.loads(file.read())
+    sys.stderr.write('\n{}\n'.format(play_files))
+
+    file_in_db = False
+    for play_file in play_files:
+        if file_name.split('/')[-1] == play_file['fileName']:
+            file_in_db = True
+            break
+
+    if not file_in_db:
+        sys.stderr.write('The requested file is not in the database.\n')
+        answering()
+
+# We have everything that's needed to send the media file
+file_size = os.path.getsize(file_name)
+if settings['stallOffset'] > file_size:
+    sys.stderr.write('The \'stallOffset\' offset parameter is greater than file size ({}).\n'.format(file_size))
+    answering()
+
+start = 0
+end = file_size - 1
+content_range = None
+if settings['supportRanges'] != 'no' and os.environ.get('HTTP_RANGE', None) is not None:
+    content_range = os.environ.get('HTTP_RANGE')
+if content_range is not None:
+    rng = content_range[len('bytes='):].split('-')
+    start = int(rng[0])
+    if len(rng) > 1 and rng[1] != '':
+        end = int(rng[1])
+    settings['httpStatus'] = '206 Partial Content'
+else:
+    settings['httpStatus'] = '200 OK'
+
+answering()
index 98f0773757675b0139bba4332a4ed4b633eec20e..27e68365fc79baaf012b8881617d9b2b8c48c2df 100755 (executable)
 # OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
 # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 
+import cgi
 import os
+from urllib.parse import parse_qs
+
 
 def get_cookies():
     cookies = {}
@@ -34,6 +37,24 @@ def get_cookies():
 
     return cookies
 
+
+def get_request():
+    request = {}
+    request_method = os.environ.get('REQUEST_METHOD', '')
+    if request_method == 'POST':
+        form = cgi.FieldStorage()
+        for key in form.keys():
+            request.update({key: form.getvalue(key)})
+    else:
+        query = parse_qs(os.environ.get('QUERY_STRING', ''), keep_blank_values=True)
+        for key in query.keys():
+            request.update({key: query[key][0]})
+
+    request.update(get_cookies())
+
+    return request
+
+
 def get_count(file):
     if not os.path.isfile(file):
         with open(file, 'w') as open_file:
@@ -43,19 +64,22 @@ def get_count(file):
     with open(file, 'r') as open_file:
         return open_file.read()
 
+
 def get_state(file, default='Uninitialized'):
     if not os.path.isfile(file):
         return default
     with open(file, 'r') as file:
         return file.read()
 
+
 def set_state(state, file):
-    with open(file, 'w') as file:
-        file.write(state)
+    with open(file, 'w') as open_file:
+        open_file.write(state)
     return state
 
+
 def step_state(file):
     state = get_count(file)
     with open(file, 'w') as open_file:
         open_file.write(f'{int(state) + 1}')
-    return state
\ No newline at end of file
+    return state
index 271e98e80472b362a6e76be3e3dcf807d0e9aa2e..2cfc5699312e0ca03308981790b398da8c723460 100644 (file)
@@ -1,3 +1,3 @@
-http://127.0.0.1:8000/security/401-logout/401-logout.php?uid=username - didReceiveAuthenticationChallenge - Responding with username:password
-http://127.0.0.1:8000/security/401-logout/401-logout.php?uid=username&logout=1 - didReceiveAuthenticationChallenge - Simulating cancelled authentication sheet
+http://127.0.0.1:8000/security/401-logout/401-logout.py?uid=username - didReceiveAuthenticationChallenge - Responding with username:password
+http://127.0.0.1:8000/security/401-logout/401-logout.py?uid=username&logout=1 - didReceiveAuthenticationChallenge - Simulating cancelled authentication sheet
 PASS
diff --git a/LayoutTests/http/tests/security/401-logout/401-logout.php b/LayoutTests/http/tests/security/401-logout/401-logout.php
deleted file mode 100644 (file)
index 45644b3..0000000
+++ /dev/null
@@ -1,46 +0,0 @@
-<?php
-  if (!isset($_REQUEST['uid'])) {
-    // Step 1 - navigate to a page that will make us remember credentials.
-    echo "<script>\n";
-    echo "if (!window.testRunner) {\n";
-    echo "    document.write('This test only works as an automated one');\n";
-    echo "    throw 0;\n";
-    echo "}\n";
-    echo "testRunner.waitUntilDone();\n";
-    echo "testRunner.dumpAsText();\n";
-    echo "testRunner.setHandlesAuthenticationChallenges(true)\n";
-    echo "testRunner.setAuthenticationUsername('username')\n";
-    echo "testRunner.setAuthenticationPassword('password')\n";
-    echo "location = 'http://127.0.0.1:8000/security/401-logout/401-logout.php?uid=username';\n";
-    echo "</script>\n";
-  } else if (!isset($_SERVER['PHP_AUTH_USER']) || ($_REQUEST['uid'] != $_SERVER['PHP_AUTH_USER'])) {
-    if (isset($_REQUEST['laststep'])) {
-      // Step 4 - Credentials are no longer being sent
-      echo "PASS";
-      echo "<script>\n";
-      echo "if (window.testRunner) {\n";
-      echo "    testRunner.notifyDone();\n";
-      echo "}\n";
-      echo "</script>\n";
-    } else {
-      // Ask for credentials if there are none
-      header('WWW-Authenticate: Basic realm="401-logout"');
-      header('HTTP/1.0 401 Unauthorized');
-    }
-  } else {
-    if (!isset($_REQUEST['logout'])) {
-      // Step 2 - navigate to a page that will make us forget the credentials
-      echo "<script>\n";
-      echo "testRunner.setHandlesAuthenticationChallenges(false)\n";
-      echo "location = 'http://127.0.0.1:8000/security/401-logout/401-logout.php?uid=username&logout=1';\n";
-      echo "</script>\n";
-    } else {
-      // Step 3 - logout
-      header('WWW-Authenticate: Basic realm="401-logout"');
-      header('HTTP/1.0 401 Unauthorized');
-      echo "<script>\n";
-      echo "location = 'http://127.0.0.1:8000/security/401-logout/401-logout.php?uid=username&laststep=1';\n";
-      echo "</script>\n";
-    }
-  }
-?>
diff --git a/LayoutTests/http/tests/security/401-logout/401-logout.py b/LayoutTests/http/tests/security/401-logout/401-logout.py
new file mode 100755 (executable)
index 0000000..b80fb47
--- /dev/null
@@ -0,0 +1,68 @@
+#!/usr/bin/env python3
+
+import base64
+import os
+import sys
+
+file = __file__.split(':/cygwin')[-1]
+http_root = os.path.dirname(os.path.dirname(os.path.abspath(os.path.dirname(file))))
+sys.path.insert(0, http_root)
+
+from resources.portabilityLayer import get_request
+
+username = base64.b64decode(os.environ.get('HTTP_AUTHORIZATION', ' Og==').split(' ')[1]).decode().split(':')[0]
+request = get_request()
+
+sys.stdout.write('Content-Type: text/html\r\n')
+
+if request.get('uid', None) is None:
+    # Step 1 - navigate to a page that will make us remember credentials.
+    sys.stdout.write(
+        '\r\n<script>\n'
+        'if (!window.testRunner) {\n'
+        '    document.write(\'This test only works as an automated one\');\n'
+        '    throw 0;\n'
+        '}\n'
+        'testRunner.waitUntilDone();\n'
+        'testRunner.dumpAsText();\n'
+        'testRunner.setHandlesAuthenticationChallenges(true)\n'
+        'testRunner.setAuthenticationUsername(\'username\')\n'
+        'testRunner.setAuthenticationPassword(\'password\')\n'
+        'location = \'http://127.0.0.1:8000/security/401-logout/401-logout.py?uid=username\';\n'
+        '</script>\n'
+    )
+
+elif not username or request.get('uid', '') != username:
+    if request.get('laststep', None) is not None:
+        # Step 4 - Credentials are no longer being sent
+        sys.stdout.write(
+            '\r\nPASS<script>\n'
+            'if (window.testRunner) {\n'
+            '    testRunner.notifyDone();\n'
+            '}\n'
+            '</script>\n'
+        )
+    else:
+        # Ask for credentials is there are none
+        sys.stdout.write(
+            'WWW-Authenticate: Basic realm="401-logout"\r\n'
+            'status: 401\r\n\r\n'
+        )
+else:
+    if request.get('logout', None) is None:
+        # Step 2 - navigate to a page that will make us forget the credentials
+        sys.stdout.write(
+            '\r\n<script>\n'
+            'testRunner.setHandlesAuthenticationChallenges(false)\n'
+            'location = \'http://127.0.0.1:8000/security/401-logout/401-logout.py?uid=username&logout=1\';\n'
+            '</script>\n'
+        )
+    else:
+        # Step 3 - logout
+        sys.stdout.write(
+            'WWW-Authenticate: Basic realm="401-logout"\r\n'
+            'status: 401\r\n\r\n'
+            '<script>\n'
+            'location = \'http://127.0.0.1:8000/security/401-logout/401-logout.py?uid=username&laststep=1\';\n'
+            '</script>\n'
+        )
index f3408410135b806fa2ff29259642f614ab3cdb42..0f0796e4dc07517ec02d7217ebf0ae4f5d2b2721 100644 (file)
@@ -22,7 +22,7 @@
     video.crossOrigin = "anonymous";
     var mediaFile = findMediaFile("video", "../../media/resources/test");
     var type = mimeTypeForExtension(mediaFile.split('.').pop());
-    video.src = "http://localhost:8080/security/resources/video-cross-origin-allow.php?name=" + mediaFile + "&type=" + type;
+    video.src = "http://localhost:8080/security/resources/video-cross-origin-allow.py?name=" + mediaFile + "&type=" + type;
 
     window.jsTestIsAsync = true;
 </script>
index 9df53bfd69cc1c920ab59b85322d8af76252cf3d..eb2be285ec48ec84cad0e3a6156d7fcf13e645b5 100644 (file)
@@ -22,7 +22,7 @@
     video.crossOrigin = "use-credentials";
     var mediaFile = findMediaFile("video", "../../media/resources/test");
     var type = mimeTypeForExtension(mediaFile.split('.').pop());
-    video.src = "http://localhost:8080/security/resources/video-cross-origin-allow-credentials.php?name=" + mediaFile + "&type=" + type;
+    video.src = "http://localhost:8080/security/resources/video-cross-origin-allow-credentials.py?name=" + mediaFile + "&type=" + type;
     
     window.jsTestIsAsync = true;
 </script>
index 8e20613baca23e28b9ccea1f011a99ce53e59f1b..aa4ad0a4315e48e5936cdf57f76f9bb2184ddf06 100644 (file)
@@ -21,7 +21,7 @@
 
     var mediaFile = findMediaFile("video", "../../media/resources/test");
     var type = mimeTypeForExtension(mediaFile.split('.').pop());
-    video.src = "http://localhost:8080/security/resources/video-cross-origin-allow.php?name=" + mediaFile + "&type=" + type;
+    video.src = "http://localhost:8080/security/resources/video-cross-origin-allow.py?name=" + mediaFile + "&type=" + type;
     
     window.jsTestIsAsync = true;
 </script>
index 9cdf5898cfa55e97bd8759306d1f6c145c284a54..e9a4d7d01b76962247c499d681503c8c3bd15530 100644 (file)
@@ -9,5 +9,5 @@ if (window.testRunner) {
 </script>
 </head>
 <p>Tests that loading a page in an &lt;iframe&gt; with a report-only Content Security Policy &quot;frame-ancestors 'none'&quot; is allowed. This test PASSED if you see the word PASS below. Otherwise, it FAILED.</p>
-<iframe src="http://127.0.0.1:8000/security/contentSecurityPolicy/resources/echo-intertag.pl?header=Content-Security-Policy-Report-Only%3A+frame-ancestors+%27none%27%3B+report-uri+../../resources/save-report.php&q=PASS"></iframe>
+<iframe src="http://127.0.0.1:8000/security/contentSecurityPolicy/resources/echo-intertag.pl?header=Content-Security-Policy-Report-Only%3A+frame-ancestors+%27none%27%3B+report-uri+../../resources/save-report.py&q=PASS"></iframe>
 </html>
index 12827e495c0f639778b8ccf80671e189fc69b335..a7d372aa8d5aa6601f222dd98efeb57478d1166c 100644 (file)
@@ -1,8 +1,8 @@
-CONSOLE MESSAGE: Refused to load http://localhost:8000/security/contentSecurityPolicy/resources/echo-intertag.pl?header=Content-Security-Policy%3A+frame-ancestors+%27none%27%3B+report-uri+save-report.php%3Ftest%3D/security/contentSecurityPolicy/1.1/report-frame-ancestors-cross-origin.html&q=FAIL because it does not appear in the frame-ancestors directive of the Content Security Policy.
+CONSOLE MESSAGE: Refused to load http://localhost:8000/security/contentSecurityPolicy/resources/echo-intertag.pl?header=Content-Security-Policy%3A+frame-ancestors+%27none%27%3B+report-uri+save-report.py%3Ftest%3D/security/contentSecurityPolicy/1.1/report-frame-ancestors-cross-origin.html&q=FAIL because it does not appear in the frame-ancestors directive of the Content Security Policy.
 CSP report received:
 CONTENT_TYPE: application/csp-report
 HTTP_HOST: localhost:8000
 REQUEST_METHOD: POST
-REQUEST_URI: /security/contentSecurityPolicy/resources/save-report.php?test=/security/contentSecurityPolicy/1.1/report-frame-ancestors-cross-origin.html
+REQUEST_URI: /security/contentSecurityPolicy/resources/save-report.py?test=/security/contentSecurityPolicy/1.1/report-frame-ancestors-cross-origin.html
 === POST DATA ===
-{"csp-report":{"document-uri":"http://localhost:8000/security/contentSecurityPolicy/resources/echo-intertag.pl?header=Content-Security-Policy%3A+frame-ancestors+%27none%27%3B+report-uri+save-report.php%3Ftest%3D/security/contentSecurityPolicy/1.1/report-frame-ancestors-cross-origin.html&q=FAIL","referrer":"http://127.0.0.1:8000/security/contentSecurityPolicy/1.1/frame-ancestors/report-frame-ancestors-cross-origin.html","violated-directive":"frame-ancestors 'none'","effective-directive":"frame-ancestors","original-policy":"frame-ancestors 'none'; report-uri save-report.php?test=/security/contentSecurityPolicy/1.1/report-frame-ancestors-cross-origin.html","blocked-uri":"http://localhost:8000/security/contentSecurityPolicy/resources/echo-intertag.pl?header=Content-Security-Policy%3A+frame-ancestors+%27none%27%3B+report-uri+save-report.php%3Ftest%3D/security/contentSecurityPolicy/1.1/report-frame-ancestors-cross-origin.html&q=FAIL","status-code":200}}
+{"csp-report":{"document-uri":"http://localhost:8000/security/contentSecurityPolicy/resources/echo-intertag.pl?header=Content-Security-Policy%3A+frame-ancestors+%27none%27%3B+report-uri+save-report.py%3Ftest%3D/security/contentSecurityPolicy/1.1/report-frame-ancestors-cross-origin.html&q=FAIL","referrer":"http://127.0.0.1:8000/security/contentSecurityPolicy/1.1/frame-ancestors/report-frame-ancestors-cross-origin.html","violated-directive":"frame-ancestors 'none'","effective-directive":"frame-ancestors","original-policy":"frame-ancestors 'none'; report-uri save-report.py?test=/security/contentSecurityPolicy/1.1/report-frame-ancestors-cross-origin.html","blocked-uri":"http://localhost:8000/security/contentSecurityPolicy/resources/echo-intertag.pl?header=Content-Security-Policy%3A+frame-ancestors+%27none%27%3B+report-uri+save-report.py%3Ftest%3D/security/contentSecurityPolicy/1.1/report-frame-ancestors-cross-origin.html&q=FAIL","status-code":200}}
index 73aa72c5d8068a9505759678d1228a16c3c708ce..94317125c909ee5d7de0c7c7aff312bf730e1e9e 100644 (file)
@@ -1,8 +1,8 @@
-CONSOLE MESSAGE: Refused to load https://localhost:8443/security/contentSecurityPolicy/resources/echo-intertag.pl?header=Content-Security-Policy%3A+frame-ancestors+%27none%27%3B+report-uri+save-report.php%3Ftest%3D/security/contentSecurityPolicy/1.1/report-frame-ancestors-cross-origin.html&q=FAIL because it does not appear in the frame-ancestors directive of the Content Security Policy.
+CONSOLE MESSAGE: Refused to load https://localhost:8443/security/contentSecurityPolicy/resources/echo-intertag.pl?header=Content-Security-Policy%3A+frame-ancestors+%27none%27%3B+report-uri+save-report.py%3Ftest%3D/security/contentSecurityPolicy/1.1/report-frame-ancestors-cross-origin.html&q=FAIL because it does not appear in the frame-ancestors directive of the Content Security Policy.
 CSP report received:
 CONTENT_TYPE: application/csp-report
 HTTP_HOST: localhost:8443
 REQUEST_METHOD: POST
-REQUEST_URI: /security/contentSecurityPolicy/resources/save-report.php?test=/security/contentSecurityPolicy/1.1/report-frame-ancestors-cross-origin.html
+REQUEST_URI: /security/contentSecurityPolicy/resources/save-report.py?test=/security/contentSecurityPolicy/1.1/report-frame-ancestors-cross-origin.html
 === POST DATA ===
-{"csp-report":{"document-uri":"https://localhost:8443/security/contentSecurityPolicy/resources/echo-intertag.pl?header=Content-Security-Policy%3A+frame-ancestors+%27none%27%3B+report-uri+save-report.php%3Ftest%3D/security/contentSecurityPolicy/1.1/report-frame-ancestors-cross-origin.html&q=FAIL","referrer":"http://127.0.0.1:8000/security/contentSecurityPolicy/1.1/frame-ancestors/report-frame-ancestors-cross-origin-https.html","violated-directive":"frame-ancestors 'none'","effective-directive":"frame-ancestors","original-policy":"frame-ancestors 'none'; report-uri save-report.php?test=/security/contentSecurityPolicy/1.1/report-frame-ancestors-cross-origin.html","blocked-uri":"https://localhost:8443/security/contentSecurityPolicy/resources/echo-intertag.pl?header=Content-Security-Policy%3A+frame-ancestors+%27none%27%3B+report-uri+save-report.php%3Ftest%3D/security/contentSecurityPolicy/1.1/report-frame-ancestors-cross-origin.html&q=FAIL","status-code":0}}
+{"csp-report":{"document-uri":"https://localhost:8443/security/contentSecurityPolicy/resources/echo-intertag.pl?header=Content-Security-Policy%3A+frame-ancestors+%27none%27%3B+report-uri+save-report.py%3Ftest%3D/security/contentSecurityPolicy/1.1/report-frame-ancestors-cross-origin.html&q=FAIL","referrer":"http://127.0.0.1:8000/security/contentSecurityPolicy/1.1/frame-ancestors/report-frame-ancestors-cross-origin-https.html","violated-directive":"frame-ancestors 'none'","effective-directive":"frame-ancestors","original-policy":"frame-ancestors 'none'; report-uri save-report.py?test=/security/contentSecurityPolicy/1.1/report-frame-ancestors-cross-origin.html","blocked-uri":"https://localhost:8443/security/contentSecurityPolicy/resources/echo-intertag.pl?header=Content-Security-Policy%3A+frame-ancestors+%27none%27%3B+report-uri+save-report.py%3Ftest%3D/security/contentSecurityPolicy/1.1/report-frame-ancestors-cross-origin.html&q=FAIL","status-code":0}}
index 6f0173b95ea85a5a67bd0034634341d22e997f4d..8448e75cbf4e2a31a98c6b596cc058731d0efe98 100644 (file)
@@ -11,10 +11,10 @@ if (window.testRunner) {
 
 function navigateToReport()
 {
-    window.location = "http://localhost:8000/security/contentSecurityPolicy/resources/echo-report.php?test=/security/contentSecurityPolicy/1.1/report-frame-ancestors-cross-origin.html";
+    window.location = "http://localhost:8000/security/contentSecurityPolicy/resources/echo-report.py?test=/security/contentSecurityPolicy/1.1/report-frame-ancestors-cross-origin.html";
 }
 </script>
 </head>
-<iframe src="https://localhost:8443/security/contentSecurityPolicy/resources/echo-intertag.pl?header=Content-Security-Policy%3A+frame-ancestors+%27none%27%3B+report-uri+save-report.php%3Ftest%3D/security/contentSecurityPolicy/1.1/report-frame-ancestors-cross-origin.html&q=FAIL" onload="navigateToReport()"></iframe>
+<iframe src="https://localhost:8443/security/contentSecurityPolicy/resources/echo-intertag.pl?header=Content-Security-Policy%3A+frame-ancestors+%27none%27%3B+report-uri+save-report.py%3Ftest%3D/security/contentSecurityPolicy/1.1/report-frame-ancestors-cross-origin.html&q=FAIL" onload="navigateToReport()"></iframe>
 </body>
 </html>
index f6f6e067bd181b85dab800ffbc012380b3406c8f..c9596546a0fe7fc684032959cbffcc7ef1457c48 100644 (file)
@@ -11,10 +11,10 @@ if (window.testRunner) {
 
 function navigateToReport()
 {
-    window.location = "http://localhost:8000/security/contentSecurityPolicy/resources/echo-report.php?test=/security/contentSecurityPolicy/1.1/report-frame-ancestors-cross-origin.html";
+    window.location = "http://localhost:8000/security/contentSecurityPolicy/resources/echo-report.py?test=/security/contentSecurityPolicy/1.1/report-frame-ancestors-cross-origin.html";
 }
 </script>
 </head>
-<iframe src="http://localhost:8000/security/contentSecurityPolicy/resources/echo-intertag.pl?header=Content-Security-Policy%3A+frame-ancestors+%27none%27%3B+report-uri+save-report.php%3Ftest%3D/security/contentSecurityPolicy/1.1/report-frame-ancestors-cross-origin.html&q=FAIL" onload="navigateToReport()"></iframe>
+<iframe src="http://localhost:8000/security/contentSecurityPolicy/resources/echo-intertag.pl?header=Content-Security-Policy%3A+frame-ancestors+%27none%27%3B+report-uri+save-report.py%3Ftest%3D/security/contentSecurityPolicy/1.1/report-frame-ancestors-cross-origin.html&q=FAIL" onload="navigateToReport()"></iframe>
 </body>
 </html>
index 39361d1a798227932fddc48e547a5a0d20da1582..3918e3a6f04afb01bbf540e5228988cf3d675ba6 100644 (file)
@@ -1,8 +1,8 @@
-CONSOLE MESSAGE: Refused to load http://127.0.0.1:8000/security/contentSecurityPolicy/resources/echo-intertag.pl?header=Content-Security-Policy%3A+frame-ancestors+%27none%27%3B+report-uri+save-report.php%3Ftest%3D/security/contentSecurityPolicy/1.1/report-frame-ancestors-same-origin.html&q=FAIL because it does not appear in the frame-ancestors directive of the Content Security Policy.
+CONSOLE MESSAGE: Refused to load http://127.0.0.1:8000/security/contentSecurityPolicy/resources/echo-intertag.pl?header=Content-Security-Policy%3A+frame-ancestors+%27none%27%3B+report-uri+save-report.py%3Ftest%3D/security/contentSecurityPolicy/1.1/report-frame-ancestors-same-origin.html&q=FAIL because it does not appear in the frame-ancestors directive of the Content Security Policy.
 CSP report received:
 CONTENT_TYPE: application/csp-report
 HTTP_HOST: 127.0.0.1:8000
 REQUEST_METHOD: POST
-REQUEST_URI: /security/contentSecurityPolicy/resources/save-report.php?test=/security/contentSecurityPolicy/1.1/report-frame-ancestors-same-origin.html
+REQUEST_URI: /security/contentSecurityPolicy/resources/save-report.py?test=/security/contentSecurityPolicy/1.1/report-frame-ancestors-same-origin.html
 === POST DATA ===
-{"csp-report":{"document-uri":"http://127.0.0.1:8000/security/contentSecurityPolicy/resources/echo-intertag.pl?header=Content-Security-Policy%3A+frame-ancestors+%27none%27%3B+report-uri+save-report.php%3Ftest%3D/security/contentSecurityPolicy/1.1/report-frame-ancestors-same-origin.html&q=FAIL","referrer":"http://127.0.0.1:8000/security/contentSecurityPolicy/1.1/frame-ancestors/report-frame-ancestors-same-origin.html","violated-directive":"frame-ancestors 'none'","effective-directive":"frame-ancestors","original-policy":"frame-ancestors 'none'; report-uri save-report.php?test=/security/contentSecurityPolicy/1.1/report-frame-ancestors-same-origin.html","blocked-uri":"http://127.0.0.1:8000/security/contentSecurityPolicy/resources/echo-intertag.pl?header=Content-Security-Policy%3A+frame-ancestors+%27none%27%3B+report-uri+save-report.php%3Ftest%3D/security/contentSecurityPolicy/1.1/report-frame-ancestors-same-origin.html&q=FAIL","status-code":200}}
+{"csp-report":{"document-uri":"http://127.0.0.1:8000/security/contentSecurityPolicy/resources/echo-intertag.pl?header=Content-Security-Policy%3A+frame-ancestors+%27none%27%3B+report-uri+save-report.py%3Ftest%3D/security/contentSecurityPolicy/1.1/report-frame-ancestors-same-origin.html&q=FAIL","referrer":"http://127.0.0.1:8000/security/contentSecurityPolicy/1.1/frame-ancestors/report-frame-ancestors-same-origin.html","violated-directive":"frame-ancestors 'none'","effective-directive":"frame-ancestors","original-policy":"frame-ancestors 'none'; report-uri save-report.py?test=/security/contentSecurityPolicy/1.1/report-frame-ancestors-same-origin.html","blocked-uri":"http://127.0.0.1:8000/security/contentSecurityPolicy/resources/echo-intertag.pl?header=Content-Security-Policy%3A+frame-ancestors+%27none%27%3B+report-uri+save-report.py%3Ftest%3D/security/contentSecurityPolicy/1.1/report-frame-ancestors-same-origin.html&q=FAIL","status-code":200}}
index 3a5de372517100d9a15bae2a4309703cfe6057b1..503a03dfc706415fb09a832a2c1a1bbc0d2234a1 100644 (file)
@@ -1,8 +1,8 @@
-CONSOLE MESSAGE: Refused to load https://127.0.0.1:8443/security/contentSecurityPolicy/resources/echo-intertag.pl?header=Content-Security-Policy%3A+frame-ancestors+%27none%27%3B+report-uri+save-report.php%3Ftest%3D/security/contentSecurityPolicy/1.1/report-frame-ancestors-same-origin.html&q=FAIL because it does not appear in the frame-ancestors directive of the Content Security Policy.
+CONSOLE MESSAGE: Refused to load https://127.0.0.1:8443/security/contentSecurityPolicy/resources/echo-intertag.pl?header=Content-Security-Policy%3A+frame-ancestors+%27none%27%3B+report-uri+save-report.py%3Ftest%3D/security/contentSecurityPolicy/1.1/report-frame-ancestors-same-origin.html&q=FAIL because it does not appear in the frame-ancestors directive of the Content Security Policy.
 CSP report received:
 CONTENT_TYPE: application/csp-report
 HTTP_HOST: 127.0.0.1:8443
 REQUEST_METHOD: POST
-REQUEST_URI: /security/contentSecurityPolicy/resources/save-report.php?test=/security/contentSecurityPolicy/1.1/report-frame-ancestors-same-origin.html
+REQUEST_URI: /security/contentSecurityPolicy/resources/save-report.py?test=/security/contentSecurityPolicy/1.1/report-frame-ancestors-same-origin.html
 === POST DATA ===
-{"csp-report":{"document-uri":"https://127.0.0.1:8443/security/contentSecurityPolicy/resources/echo-intertag.pl?header=Content-Security-Policy%3A+frame-ancestors+%27none%27%3B+report-uri+save-report.php%3Ftest%3D/security/contentSecurityPolicy/1.1/report-frame-ancestors-same-origin.html&q=FAIL","referrer":"http://127.0.0.1:8000/security/contentSecurityPolicy/1.1/frame-ancestors/report-frame-ancestors-same-origin-https.html","violated-directive":"frame-ancestors 'none'","effective-directive":"frame-ancestors","original-policy":"frame-ancestors 'none'; report-uri save-report.php?test=/security/contentSecurityPolicy/1.1/report-frame-ancestors-same-origin.html","blocked-uri":"https://127.0.0.1:8443/security/contentSecurityPolicy/resources/echo-intertag.pl?header=Content-Security-Policy%3A+frame-ancestors+%27none%27%3B+report-uri+save-report.php%3Ftest%3D/security/contentSecurityPolicy/1.1/report-frame-ancestors-same-origin.html&q=FAIL","status-code":0}}
+{"csp-report":{"document-uri":"https://127.0.0.1:8443/security/contentSecurityPolicy/resources/echo-intertag.pl?header=Content-Security-Policy%3A+frame-ancestors+%27none%27%3B+report-uri+save-report.py%3Ftest%3D/security/contentSecurityPolicy/1.1/report-frame-ancestors-same-origin.html&q=FAIL","referrer":"http://127.0.0.1:8000/security/contentSecurityPolicy/1.1/frame-ancestors/report-frame-ancestors-same-origin-https.html","violated-directive":"frame-ancestors 'none'","effective-directive":"frame-ancestors","original-policy":"frame-ancestors 'none'; report-uri save-report.py?test=/security/contentSecurityPolicy/1.1/report-frame-ancestors-same-origin.html","blocked-uri":"https://127.0.0.1:8443/security/contentSecurityPolicy/resources/echo-intertag.pl?header=Content-Security-Policy%3A+frame-ancestors+%27none%27%3B+report-uri+save-report.py%3Ftest%3D/security/contentSecurityPolicy/1.1/report-frame-ancestors-same-origin.html&q=FAIL","status-code":0}}
index a99826bfb83c55fe9b902b1facd2be03bc3f7b64..bbdb477f1911edeebd72dc8e2ea2d1f45a178c6b 100644 (file)
@@ -11,10 +11,10 @@ if (window.testRunner) {
 
 function navigateToReport()
 {
-    window.location = "http://127.0.0.1:8000/security/contentSecurityPolicy/resources/echo-report.php?test=/security/contentSecurityPolicy/1.1/report-frame-ancestors-same-origin.html";
+    window.location = "http://127.0.0.1:8000/security/contentSecurityPolicy/resources/echo-report.py?test=/security/contentSecurityPolicy/1.1/report-frame-ancestors-same-origin.html";
 }
 </script>
 </head>
-<iframe src="https://127.0.0.1:8443/security/contentSecurityPolicy/resources/echo-intertag.pl?header=Content-Security-Policy%3A+frame-ancestors+%27none%27%3B+report-uri+save-report.php%3Ftest%3D/security/contentSecurityPolicy/1.1/report-frame-ancestors-same-origin.html&q=FAIL" onload="navigateToReport()"></iframe>
+<iframe src="https://127.0.0.1:8443/security/contentSecurityPolicy/resources/echo-intertag.pl?header=Content-Security-Policy%3A+frame-ancestors+%27none%27%3B+report-uri+save-report.py%3Ftest%3D/security/contentSecurityPolicy/1.1/report-frame-ancestors-same-origin.html&q=FAIL" onload="navigateToReport()"></iframe>
 </body>
 </html>
index 353ce8b20b2195ab5b4667292373546638e4f806..b18a65721c3dfa1b340d8a4ff53a4cb4f87573e9 100644 (file)
@@ -11,10 +11,10 @@ if (window.testRunner) {
 
 function navigateToReport()
 {
-    window.location = "http://127.0.0.1:8000/security/contentSecurityPolicy/resources/echo-report.php?test=/security/contentSecurityPolicy/1.1/report-frame-ancestors-same-origin.html";
+    window.location = "http://127.0.0.1:8000/security/contentSecurityPolicy/resources/echo-report.py?test=/security/contentSecurityPolicy/1.1/report-frame-ancestors-same-origin.html";
 }
 </script>
 </head>
-<iframe src="http://127.0.0.1:8000/security/contentSecurityPolicy/resources/echo-intertag.pl?header=Content-Security-Policy%3A+frame-ancestors+%27none%27%3B+report-uri+save-report.php%3Ftest%3D/security/contentSecurityPolicy/1.1/report-frame-ancestors-same-origin.html&q=FAIL" onload="navigateToReport()"></iframe>
+<iframe src="http://127.0.0.1:8000/security/contentSecurityPolicy/resources/echo-intertag.pl?header=Content-Security-Policy%3A+frame-ancestors+%27none%27%3B+report-uri+save-report.py%3Ftest%3D/security/contentSecurityPolicy/1.1/report-frame-ancestors-same-origin.html&q=FAIL" onload="navigateToReport()"></iframe>
 </body>
 </html>
index 93aec5a44bd846e486cc96b4c8d91fe734a16703..60932dc4e5c2711e6667e06019ae27962869e191 100644 (file)
@@ -4,6 +4,6 @@ CONTENT_TYPE: application/csp-report
 HTTP_HOST: 127.0.0.1:8000
 HTTP_REFERER: http://127.0.0.1:8000/security/contentSecurityPolicy/1.1/report-uri-effective-directive.py
 REQUEST_METHOD: POST
-REQUEST_URI: /security/contentSecurityPolicy/resources/save-report.php
+REQUEST_URI: /security/contentSecurityPolicy/resources/save-report.py
 === POST DATA ===
-{"csp-report":{"document-uri":"http://127.0.0.1:8000/security/contentSecurityPolicy/1.1/report-uri-effective-directive.py","referrer":"","violated-directive":"default-src 'self'","effective-directive":"script-src","original-policy":"default-src 'self'; report-uri ../resources/save-report.php","blocked-uri":"","status-code":200}}
+{"csp-report":{"document-uri":"http://127.0.0.1:8000/security/contentSecurityPolicy/1.1/report-uri-effective-directive.py","referrer":"","violated-directive":"default-src 'self'","effective-directive":"script-src","original-policy":"default-src 'self'; report-uri ../resources/save-report.py","blocked-uri":"","status-code":200}}
index f7cf7ca2576b32c468c6894c7ae8a95e8acc007e..e9dd9cb85cd6cb509da33d1c2d465152742915ef 100755 (executable)
@@ -3,7 +3,7 @@
 import sys
 
 sys.stdout.write(
-    'Content-Security-Policy: default-src \'self\'; report-uri ../resources/save-report.php\r\n'
+    'Content-Security-Policy: default-src \'self\'; report-uri ../resources/save-report.py\r\n'
     'Content-Type: text/html\r\n\r\n'
     '<!DOCTYPE html>\n'
     '<html>\n'
diff --git a/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/resources/testScriptHash.php b/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/resources/testScriptHash.php
deleted file mode 100644 (file)
index 4de0cf0..0000000
+++ /dev/null
@@ -1,15 +0,0 @@
-<?php
-    header("Expires: Thu, 01 Dec 2003 16:00:00 GMT");
-    header("Cache-Control: no-cache, must-revalidate");
-    header("Pragma: no-cache");
-    header("Content-Type: text/html; charset=" . (empty($_GET["charset"]) ? "UTF8" : $_GET["charset"]));
-    header("Content-Security-Policy: script-src 'self' " . $_GET["hashSource"]);
-?>
-<!DOCTYPE html>
-<html>
-<head>
-<script src="didRunInlineScriptPrologue.js"></script>
-<script><?php echo $_GET["script"]; ?></script> <!-- Will only execute if $_GET["hashSource"] represents a valid hash of this script. -->
-<script src="didRunInlineScriptEpilogue.js"></script>
-</head>
-</html>
diff --git a/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/resources/testScriptHash.py b/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/resources/testScriptHash.py
new file mode 100755 (executable)
index 0000000..9c28b35
--- /dev/null
@@ -0,0 +1,28 @@
+#!/usr/bin/env python3
+
+from ast import literal_eval
+import os
+import sys
+from urllib.parse import parse_qs, unquote_plus
+
+query = parse_qs(os.environ.get('QUERY_STRING', ''), keep_blank_values=True)
+charset = query.get('charset', ['UTF8'])[0]
+hash_source = query.get('hashSource', [''])[0]
+script = query.get('script', [''])[0]
+
+sys.stdout.write(
+    'Expires: Thu, 01 Dec 2003 16:00:00 GMT\r\n'
+    'Cache-Control: no-cache, must-revalidate\r\n'
+    'Pragma: no-cache\r\n'
+    'Content-Type: text/html; charset={}\r\n'
+    'Content-Security-Policy: script-src \'self\' {}\r\n\r\n'.format(charset, hash_source)
+)
+
+print('''<!DOCTYPE html>
+<html>
+<head>
+<script src="didRunInlineScriptPrologue.js"></script>
+<script>{}</script> <!-- Will only execute if hash_source represents a valid hash of this script. -->
+<script src="didRunInlineScriptEpilogue.js"></script>
+</head>
+</html>'''.format(script))
index 693b46cbfb15dfef537fffef695184f8402d68ca..156c8534791246b32e4cc0e2456b1b5d1fa4a9df 100644 (file)
@@ -11,9 +11,9 @@ CONTENT_TYPE: application/csp-report
 HTTP_HOST: 127.0.0.1:8000
 HTTP_REFERER: http://127.0.0.1:8000/security/contentSecurityPolicy/1.1/script-blocked-sends-multiple-reports.py
 REQUEST_METHOD: POST
-REQUEST_URI: /security/contentSecurityPolicy/resources/save-report.php?test=script-blocked-sends-multiple-reports-report-only
+REQUEST_URI: /security/contentSecurityPolicy/resources/save-report.py?test=script-blocked-sends-multiple-reports-report-only
 === POST DATA ===
-{"csp-report":{"document-uri":"http://127.0.0.1:8000/security/contentSecurityPolicy/1.1/script-blocked-sends-multiple-reports.py","referrer":"","violated-directive":"script-src http://example.com 'unsafe-inline'","effective-directive":"script-src","original-policy":"script-src http://example.com 'unsafe-inline'; report-uri ../resources/save-report.php?test=script-blocked-sends-multiple-reports-report-only","blocked-uri":"http://localhost:8000","status-code":200}}
+{"csp-report":{"document-uri":"http://127.0.0.1:8000/security/contentSecurityPolicy/1.1/script-blocked-sends-multiple-reports.py","referrer":"","violated-directive":"script-src http://example.com 'unsafe-inline'","effective-directive":"script-src","original-policy":"script-src http://example.com 'unsafe-inline'; report-uri ../resources/save-report.py?test=script-blocked-sends-multiple-reports-report-only","blocked-uri":"http://localhost:8000","status-code":200}}
 
 --------
 Frame: 'enforced-1'
@@ -23,9 +23,9 @@ CONTENT_TYPE: application/csp-report
 HTTP_HOST: 127.0.0.1:8000
 HTTP_REFERER: http://127.0.0.1:8000/security/contentSecurityPolicy/1.1/script-blocked-sends-multiple-reports.py
 REQUEST_METHOD: POST
-REQUEST_URI: /security/contentSecurityPolicy/resources/save-report.php?test=script-blocked-sends-multiple-reports-enforced-1
+REQUEST_URI: /security/contentSecurityPolicy/resources/save-report.py?test=script-blocked-sends-multiple-reports-enforced-1
 === POST DATA ===
-{"csp-report":{"document-uri":"http://127.0.0.1:8000/security/contentSecurityPolicy/1.1/script-blocked-sends-multiple-reports.py","referrer":"","violated-directive":"script-src http://127.0.0.1:8000 'unsafe-inline'","effective-directive":"script-src","original-policy":"script-src http://127.0.0.1:8000 'unsafe-inline'; report-uri ../resources/save-report.php?test=script-blocked-sends-multiple-reports-enforced-1","blocked-uri":"http://localhost:8000","status-code":200}}
+{"csp-report":{"document-uri":"http://127.0.0.1:8000/security/contentSecurityPolicy/1.1/script-blocked-sends-multiple-reports.py","referrer":"","violated-directive":"script-src http://127.0.0.1:8000 'unsafe-inline'","effective-directive":"script-src","original-policy":"script-src http://127.0.0.1:8000 'unsafe-inline'; report-uri ../resources/save-report.py?test=script-blocked-sends-multiple-reports-enforced-1","blocked-uri":"http://localhost:8000","status-code":200}}
 
 --------
 Frame: 'enforced-2'
@@ -35,6 +35,6 @@ CONTENT_TYPE: application/csp-report
 HTTP_HOST: 127.0.0.1:8000
 HTTP_REFERER: http://127.0.0.1:8000/security/contentSecurityPolicy/1.1/script-blocked-sends-multiple-reports.py
 REQUEST_METHOD: POST
-REQUEST_URI: /security/contentSecurityPolicy/resources/save-report.php?test=script-blocked-sends-multiple-reports-enforced-2
+REQUEST_URI: /security/contentSecurityPolicy/resources/save-report.py?test=script-blocked-sends-multiple-reports-enforced-2
 === POST DATA ===
-{"csp-report":{"document-uri":"http://127.0.0.1:8000/security/contentSecurityPolicy/1.1/script-blocked-sends-multiple-reports.py","referrer":"","violated-directive":"script-src http://127.0.0.1:8000 https://127.0.0.1:8443 'unsafe-inline'","effective-directive":"script-src","original-policy":" script-src http://127.0.0.1:8000 https://127.0.0.1:8443 'unsafe-inline'; report-uri ../resources/save-report.php?test=script-blocked-sends-multiple-reports-enforced-2","blocked-uri":"http://localhost:8000","status-code":200}}
+{"csp-report":{"document-uri":"http://127.0.0.1:8000/security/contentSecurityPolicy/1.1/script-blocked-sends-multiple-reports.py","referrer":"","violated-directive":"script-src http://127.0.0.1:8000 https://127.0.0.1:8443 'unsafe-inline'","effective-directive":"script-src","original-policy":" script-src http://127.0.0.1:8000 https://127.0.0.1:8443 'unsafe-inline'; report-uri ../resources/save-report.py?test=script-blocked-sends-multiple-reports-enforced-2","blocked-uri":"http://localhost:8000","status-code":200}}
index a6adad99567e2b58b03ab68761722ab3391c2ba0..c303616a985a0c60b0f3d8349f6bac404e30fefb 100755 (executable)
@@ -3,8 +3,8 @@
 import sys
 
 sys.stdout.write(
-    'Content-Security-Policy-Report-Only: script-src http://example.com \'unsafe-inline\'; report-uri ../resources/save-report.php?test=script-blocked-sends-multiple-reports-report-only\r\n'
-    'Content-Security-Policy: script-src http://127.0.0.1:8000 \'unsafe-inline\'; report-uri ../resources/save-report.php?test=script-blocked-sends-multiple-reports-enforced-1, script-src http://127.0.0.1:8000 https://127.0.0.1:8443 \'unsafe-inline\'; report-uri ../resources/save-report.php?test=script-blocked-sends-multiple-reports-enforced-2\r\n'
+    'Content-Security-Policy-Report-Only: script-src http://example.com \'unsafe-inline\'; report-uri ../resources/save-report.py?test=script-blocked-sends-multiple-reports-report-only\r\n'
+    'Content-Security-Policy: script-src http://127.0.0.1:8000 \'unsafe-inline\'; report-uri ../resources/save-report.py?test=script-blocked-sends-multiple-reports-enforced-1, script-src http://127.0.0.1:8000 https://127.0.0.1:8443 \'unsafe-inline\'; report-uri ../resources/save-report.py?test=script-blocked-sends-multiple-reports-enforced-2\r\n'
     'Content-Type: text/html\r\n\r\n'
     '<!DOCTYPE html>\n'
     '<html>\n'
@@ -20,9 +20,9 @@ sys.stdout.write(
     '<!-- Trigger CSP violation -->\n'
     '<script src="http://localhost:8000/security/contentSecurityPolicy/resources/alert-fail.js"></script>\n'
     '<!-- Reports -->\n'
-    '<iframe name="report-only" src="../resources/echo-report.php?test=script-blocked-sends-multiple-reports-report-only"></iframe>\n'
-    '<iframe name="enforced-1" src="../resources/echo-report.php?test=script-blocked-sends-multiple-reports-enforced-1"></iframe>\n'
-    '<iframe name="enforced-2" src="../resources/echo-report.php?test=script-blocked-sends-multiple-reports-enforced-2"></iframe>\n'
+    '<iframe name="report-only" src="../resources/echo-report.py?test=script-blocked-sends-multiple-reports-report-only"></iframe>\n'
+    '<iframe name="enforced-1" src="../resources/echo-report.py?test=script-blocked-sends-multiple-reports-enforced-1"></iframe>\n'
+    '<iframe name="enforced-2" src="../resources/echo-report.py?test=script-blocked-sends-multiple-reports-enforced-2"></iframe>\n'
     '</body>\n'
     '</html>\n'
 )
\ No newline at end of file
index ba04f456defec08df5e7f5eed9339a544d022958..9bd46dfbd5c96159a7445cca075cdad2413f7612 100644 (file)
@@ -11,6 +11,6 @@ CONTENT_TYPE: application/csp-report
 HTTP_HOST: 127.0.0.1:8000
 HTTP_REFERER: http://127.0.0.1:8000/security/contentSecurityPolicy/1.1/scripthash-allowed-by-enforced-policy-and-blocked-by-report-policy.py
 REQUEST_METHOD: POST
-REQUEST_URI: /security/contentSecurityPolicy/resources/save-report.php?test=/security/contentSecurityPolicy/1.1/scripthash-allowed-by-enforced-policy-and-blocked-by-report-policy.py
+REQUEST_URI: /security/contentSecurityPolicy/resources/save-report.py?test=/security/contentSecurityPolicy/1.1/scripthash-allowed-by-enforced-policy-and-blocked-by-report-policy.py
 === POST DATA ===
-{"csp-report":{"document-uri":"http://127.0.0.1:8000/security/contentSecurityPolicy/1.1/scripthash-allowed-by-enforced-policy-and-blocked-by-report-policy.py","referrer":"","violated-directive":"script-src 'sha256-33badf00d3badf00d3badf00d3badf00d3badf00d33=' 'nonce-dump-as-text'","effective-directive":"script-src","original-policy":"script-src 'sha256-33badf00d3badf00d3badf00d3badf00d3badf00d33=' 'nonce-dump-as-text'; report-uri ../resources/save-report.php?test=/security/contentSecurityPolicy/1.1/scripthash-allowed-by-enforced-policy-and-blocked-by-report-policy.py","blocked-uri":"","status-code":200}}
+{"csp-report":{"document-uri":"http://127.0.0.1:8000/security/contentSecurityPolicy/1.1/scripthash-allowed-by-enforced-policy-and-blocked-by-report-policy.py","referrer":"","violated-directive":"script-src 'sha256-33badf00d3badf00d3badf00d3badf00d3badf00d33=' 'nonce-dump-as-text'","effective-directive":"script-src","original-policy":"script-src 'sha256-33badf00d3badf00d3badf00d3badf00d3badf00d33=' 'nonce-dump-as-text'; report-uri ../resources/save-report.py?test=/security/contentSecurityPolicy/1.1/scripthash-allowed-by-enforced-policy-and-blocked-by-report-policy.py","blocked-uri":"","status-code":200}}
index ac2fbea889e04e08081113d0a1b52ca4a3eda62a..e3c4b0565ead22adb4f971d0b9dd2f687347270a 100755 (executable)
@@ -3,7 +3,7 @@
 import sys
 
 sys.stdout.write(
-    'Content-Security-Policy-Report-Only: script-src \'sha256-33badf00d3badf00d3badf00d3badf00d3badf00d33=\' \'nonce-dump-as-text\'; report-uri ../resources/save-report.php?test=/security/contentSecurityPolicy/1.1/scripthash-allowed-by-enforced-policy-and-blocked-by-report-policy.py\r\n'
+    'Content-Security-Policy-Report-Only: script-src \'sha256-33badf00d3badf00d3badf00d3badf00d3badf00d33=\' \'nonce-dump-as-text\'; report-uri ../resources/save-report.py?test=/security/contentSecurityPolicy/1.1/scripthash-allowed-by-enforced-policy-and-blocked-by-report-policy.py\r\n'
     'Content-Security-Policy: script-src \'sha256-n7CDY/1Rg9w5XVqu2QuiqpjBw0MVHvwDmHpkLXsuu2g=\' \'nonce-dump-as-text\'\r\n'
     'Content-Type: text/html\r\n\r\n'
     '<!DOCTYPE html>\n'
@@ -21,7 +21,7 @@ sys.stdout.write(
     '<script>\n'
     'document.getElementById("result").textContent = "PASS did execute script.";\n'
     '</script>\n'
-    '<iframe src="../resources/echo-report.php?test=/security/contentSecurityPolicy/1.1/scripthash-allowed-by-enforced-policy-and-blocked-by-report-policy.py"></iframe>\n'
+    '<iframe src="../resources/echo-report.py?test=/security/contentSecurityPolicy/1.1/scripthash-allowed-by-enforced-policy-and-blocked-by-report-policy.py"></iframe>\n'
     '</body>\n'
     '</html>\n'
 )
\ No newline at end of file
index de576e321d72e726ad8380ed29098ca9206a9ec7..e434f5c79c1a3d3502e44f1f7f3b2fff09236b4d 100644 (file)
@@ -11,6 +11,6 @@ CONTENT_TYPE: application/csp-report
 HTTP_HOST: 127.0.0.1:8000
 HTTP_REFERER: http://127.0.0.1:8000/security/contentSecurityPolicy/1.1/scripthash-allowed-by-enforced-policy-and-blocked-by-report-policy2.py
 REQUEST_METHOD: POST
-REQUEST_URI: /security/contentSecurityPolicy/resources/save-report.php?test=/security/contentSecurityPolicy/1.1/scripthash-allowed-by-enforced-policy-and-blocked-by-report-policy2.py
+REQUEST_URI: /security/contentSecurityPolicy/resources/save-report.py?test=/security/contentSecurityPolicy/1.1/scripthash-allowed-by-enforced-policy-and-blocked-by-report-policy2.py
 === POST DATA ===
-{"csp-report":{"document-uri":"http://127.0.0.1:8000/security/contentSecurityPolicy/1.1/scripthash-allowed-by-enforced-policy-and-blocked-by-report-policy2.py","referrer":"","violated-directive":"script-src 'sha256-33badf00d3badf00d3badf00d3badf00d3badf00d33=' 'nonce-dump-as-text'","effective-directive":"script-src","original-policy":"script-src 'sha256-33badf00d3badf00d3badf00d3badf00d3badf00d33=' 'nonce-dump-as-text'; report-uri ../resources/save-report.php?test=/security/contentSecurityPolicy/1.1/scripthash-allowed-by-enforced-policy-and-blocked-by-report-policy2.py","blocked-uri":"","status-code":200}}
+{"csp-report":{"document-uri":"http://127.0.0.1:8000/security/contentSecurityPolicy/1.1/scripthash-allowed-by-enforced-policy-and-blocked-by-report-policy2.py","referrer":"","violated-directive":"script-src 'sha256-33badf00d3badf00d3badf00d3badf00d3badf00d33=' 'nonce-dump-as-text'","effective-directive":"script-src","original-policy":"script-src 'sha256-33badf00d3badf00d3badf00d3badf00d3badf00d33=' 'nonce-dump-as-text'; report-uri ../resources/save-report.py?test=/security/contentSecurityPolicy/1.1/scripthash-allowed-by-enforced-policy-and-blocked-by-report-policy2.py","blocked-uri":"","status-code":200}}
index 9d8c0d1d9be2905532ada412ce0b5fade257db73..98d1de94b81dd220661b0abf1e0b9f8ffe990bad 100755 (executable)
@@ -3,7 +3,7 @@
 import sys
 
 sys.stdout.write(
-    'Content-Security-Policy-Report-Only: script-src \'sha256-33badf00d3badf00d3badf00d3badf00d3badf00d33=\' \'nonce-dump-as-text\'; report-uri ../resources/save-report.php?test=/security/contentSecurityPolicy/1.1/scripthash-allowed-by-enforced-policy-and-blocked-by-report-policy2.py\r\n'
+    'Content-Security-Policy-Report-Only: script-src \'sha256-33badf00d3badf00d3badf00d3badf00d3badf00d33=\' \'nonce-dump-as-text\'; report-uri ../resources/save-report.py?test=/security/contentSecurityPolicy/1.1/scripthash-allowed-by-enforced-policy-and-blocked-by-report-policy2.py\r\n'
     'Content-Type: text/html\r\n\r\n'
     '<!DOCTYPE html>\n'
     '<html>\n'
@@ -21,7 +21,7 @@ sys.stdout.write(
     '<script>\n'
     'document.getElementById("result").textContent = "PASS did execute script.";\n'
     '</script>\n'
-    '<iframe src="../resources/echo-report.php?test=/security/contentSecurityPolicy/1.1/scripthash-allowed-by-enforced-policy-and-blocked-by-report-policy2.py"></iframe>\n'
+    '<iframe src="../resources/echo-report.py?test=/security/contentSecurityPolicy/1.1/scripthash-allowed-by-enforced-policy-and-blocked-by-report-policy2.py"></iframe>\n'
     '</body>\n'
     '</html>\n'
 )
\ No newline at end of file
index 6d39fd8c3d95819b5b147ffe4bce83af904d96ab..12657dd70715613f2f2eccb4659fde9e04cdacbb 100644 (file)
@@ -11,6 +11,6 @@ CONTENT_TYPE: application/csp-report
 HTTP_HOST: 127.0.0.1:8000
 HTTP_REFERER: http://127.0.0.1:8000/security/contentSecurityPolicy/1.1/scripthash-allowed-by-legacy-enforced-policy-and-blocked-by-report-policy.py
 REQUEST_METHOD: POST
-REQUEST_URI: /security/contentSecurityPolicy/resources/save-report.php?test=/security/contentSecurityPolicy/1.1/scripthash-allowed-by-legacy-enforced-policy-and-blocked-by-report-policy.py
+REQUEST_URI: /security/contentSecurityPolicy/resources/save-report.py?test=/security/contentSecurityPolicy/1.1/scripthash-allowed-by-legacy-enforced-policy-and-blocked-by-report-policy.py
 === POST DATA ===
-{"csp-report":{"document-uri":"http://127.0.0.1:8000/security/contentSecurityPolicy/1.1/scripthash-allowed-by-legacy-enforced-policy-and-blocked-by-report-policy.py","referrer":"","violated-directive":"script-src 'sha256-33badf00d3badf00d3badf00d3badf00d3badf00d33=' 'nonce-dump-as-text'","effective-directive":"script-src","original-policy":"script-src 'sha256-33badf00d3badf00d3badf00d3badf00d3badf00d33=' 'nonce-dump-as-text'; report-uri ../resources/save-report.php?test=/security/contentSecurityPolicy/1.1/scripthash-allowed-by-legacy-enforced-policy-and-blocked-by-report-policy.py","blocked-uri":"","status-code":200}}
+{"csp-report":{"document-uri":"http://127.0.0.1:8000/security/contentSecurityPolicy/1.1/scripthash-allowed-by-legacy-enforced-policy-and-blocked-by-report-policy.py","referrer":"","violated-directive":"script-src 'sha256-33badf00d3badf00d3badf00d3badf00d3badf00d33=' 'nonce-dump-as-text'","effective-directive":"script-src","original-policy":"script-src 'sha256-33badf00d3badf00d3badf00d3badf00d3badf00d33=' 'nonce-dump-as-text'; report-uri ../resources/save-report.py?test=/security/contentSecurityPolicy/1.1/scripthash-allowed-by-legacy-enforced-policy-and-blocked-by-report-policy.py","blocked-uri":"","status-code":200}}
index f78a2cf2473fc9817d8a210a1111ba022c9f2218..a4901b5c02f103167bbd613b01e5dc0c32aea43f 100755 (executable)
@@ -3,7 +3,7 @@
 import sys
 
 sys.stdout.write(
-    'Content-Security-Policy-Report-Only: script-src \'sha256-33badf00d3badf00d3badf00d3badf00d3badf00d33=\' \'nonce-dump-as-text\'; report-uri ../resources/save-report.php?test=/security/contentSecurityPolicy/1.1/scripthash-allowed-by-legacy-enforced-policy-and-blocked-by-report-policy.py\r\n'
+    'Content-Security-Policy-Report-Only: script-src \'sha256-33badf00d3badf00d3badf00d3badf00d3badf00d33=\' \'nonce-dump-as-text\'; report-uri ../resources/save-report.py?test=/security/contentSecurityPolicy/1.1/scripthash-allowed-by-legacy-enforced-policy-and-blocked-by-report-policy.py\r\n'
     'X-WebKit-CSP: script-src \'sha256-n7CDY/1Rg9w5XVqu2QuiqpjBw0MVHvwDmHpkLXsuu2g=\' \'nonce-dump-as-text\'\r\n'
     'Content-Type: text/html\r\n\r\n'
     '<!DOCTYPE html>\n'
@@ -21,7 +21,7 @@ sys.stdout.write(
     '<script>\n'
     'document.getElementById("result").textContent = "PASS did execute script.";\n'
     '</script>\n'
-    '<iframe src="../resources/echo-report.php?test=/security/contentSecurityPolicy/1.1/scripthash-allowed-by-legacy-enforced-policy-and-blocked-by-report-policy.py"></iframe>\n'
+    '<iframe src="../resources/echo-report.py?test=/security/contentSecurityPolicy/1.1/scripthash-allowed-by-legacy-enforced-policy-and-blocked-by-report-policy.py"></iframe>\n'
     '</body>\n'
     '</html>\n'
     '\r\n'
index 89209ffa1bfbaca8005ef28e8c5066cd272ad015..30996743a79e4c16347017dfde518bfdddf7b9ae 100644 (file)
@@ -11,6 +11,6 @@ CONTENT_TYPE: application/csp-report
 HTTP_HOST: 127.0.0.1:8000
 HTTP_REFERER: http://127.0.0.1:8000/security/contentSecurityPolicy/1.1/scripthash-allowed-by-legacy-enforced-policy-and-blocked-by-report-policy2.py
 REQUEST_METHOD: POST
-REQUEST_URI: /security/contentSecurityPolicy/resources/save-report.php?test=/security/contentSecurityPolicy/1.1/scripthash-allowed-by-legacy-enforced-policy-and-blocked-by-report-policy2.py
+REQUEST_URI: /security/contentSecurityPolicy/resources/save-report.py?test=/security/contentSecurityPolicy/1.1/scripthash-allowed-by-legacy-enforced-policy-and-blocked-by-report-policy2.py
 === POST DATA ===
-{"csp-report":{"document-uri":"http://127.0.0.1:8000/security/contentSecurityPolicy/1.1/scripthash-allowed-by-legacy-enforced-policy-and-blocked-by-report-policy2.py","referrer":"","violated-directive":"script-src 'sha256-33badf00d3badf00d3badf00d3badf00d3badf00d33=' 'nonce-dump-as-text'","effective-directive":"script-src","original-policy":"script-src 'sha256-33badf00d3badf00d3badf00d3badf00d3badf00d33=' 'nonce-dump-as-text'; report-uri ../resources/save-report.php?test=/security/contentSecurityPolicy/1.1/scripthash-allowed-by-legacy-enforced-policy-and-blocked-by-report-policy2.py","blocked-uri":"","status-code":200}}
+{"csp-report":{"document-uri":"http://127.0.0.1:8000/security/contentSecurityPolicy/1.1/scripthash-allowed-by-legacy-enforced-policy-and-blocked-by-report-policy2.py","referrer":"","violated-directive":"script-src 'sha256-33badf00d3badf00d3badf00d3badf00d3badf00d33=' 'nonce-dump-as-text'","effective-directive":"script-src","original-policy":"script-src 'sha256-33badf00d3badf00d3badf00d3badf00d3badf00d33=' 'nonce-dump-as-text'; report-uri ../resources/save-report.py?test=/security/contentSecurityPolicy/1.1/scripthash-allowed-by-legacy-enforced-policy-and-blocked-by-report-policy2.py","blocked-uri":"","status-code":200}}
index 47540d7777092c0c4c25a5291b36fbb0e87a9c70..6252602945c26121d74a91a86cb0302bdea98120 100755 (executable)
@@ -3,7 +3,7 @@
 import sys
 
 sys.stdout.write(
-    'Content-Security-Policy-Report-Only: script-src \'sha256-33badf00d3badf00d3badf00d3badf00d3badf00d33=\' \'nonce-dump-as-text\'; report-uri ../resources/save-report.php?test=/security/contentSecurityPolicy/1.1/scripthash-allowed-by-legacy-enforced-policy-and-blocked-by-report-policy2.py\r\n'
+    'Content-Security-Policy-Report-Only: script-src \'sha256-33badf00d3badf00d3badf00d3badf00d3badf00d33=\' \'nonce-dump-as-text\'; report-uri ../resources/save-report.py?test=/security/contentSecurityPolicy/1.1/scripthash-allowed-by-legacy-enforced-policy-and-blocked-by-report-policy2.py\r\n'
     'Content-Type: text/html\r\n\r\n'
     '<!DOCTYPE html>\n'
     '<html>\n'
@@ -21,7 +21,7 @@ sys.stdout.write(
     '<script>\n'
     'document.getElementById("result").textContent = "PASS did execute script.";\n'
     '</script>\n'
-    '<iframe src="../resources/echo-report.php?test=/security/contentSecurityPolicy/1.1/scripthash-allowed-by-legacy-enforced-policy-and-blocked-by-report-policy2.py"></iframe>\n'
+    '<iframe src="../resources/echo-report.py?test=/security/contentSecurityPolicy/1.1/scripthash-allowed-by-legacy-enforced-policy-and-blocked-by-report-policy2.py"></iframe>\n'
     '</body>\n'
     '</html>\n'
 )
\ No newline at end of file
index 69603b5ca93bb7736409f015059dd15fe8da8c86..d2322f3240cb6258a564ad320bb014c942fbf020 100644 (file)
@@ -13,6 +13,6 @@ CONTENT_TYPE: application/csp-report
 HTTP_HOST: 127.0.0.1:8000
 HTTP_REFERER: http://127.0.0.1:8000/security/contentSecurityPolicy/1.1/scripthash-blocked-by-enforced-policy-and-allowed-by-report-policy.py
 REQUEST_METHOD: POST
-REQUEST_URI: /security/contentSecurityPolicy/resources/save-report.php?test=/security/contentSecurityPolicy/1.1/scripthash-blocked-by-enforced-policy-and-allowed-by-report-policy.py
+REQUEST_URI: /security/contentSecurityPolicy/resources/save-report.py?test=/security/contentSecurityPolicy/1.1/scripthash-blocked-by-enforced-policy-and-allowed-by-report-policy.py
 === POST DATA ===
-{"csp-report":{"document-uri":"http://127.0.0.1:8000/security/contentSecurityPolicy/1.1/scripthash-blocked-by-enforced-policy-and-allowed-by-report-policy.py","referrer":"","violated-directive":"script-src 'sha256-33badf00d3badf00d3badf00d3badf00d3badf00d33=' 'nonce-dump-as-text'","effective-directive":"script-src","original-policy":"script-src 'sha256-33badf00d3badf00d3badf00d3badf00d3badf00d33=' 'nonce-dump-as-text'; report-uri ../resources/save-report.php?test=/security/contentSecurityPolicy/1.1/scripthash-blocked-by-enforced-policy-and-allowed-by-report-policy.py","blocked-uri":"","status-code":200}}
+{"csp-report":{"document-uri":"http://127.0.0.1:8000/security/contentSecurityPolicy/1.1/scripthash-blocked-by-enforced-policy-and-allowed-by-report-policy.py","referrer":"","violated-directive":"script-src 'sha256-33badf00d3badf00d3badf00d3badf00d3badf00d33=' 'nonce-dump-as-text'","effective-directive":"script-src","original-policy":"script-src 'sha256-33badf00d3badf00d3badf00d3badf00d3badf00d33=' 'nonce-dump-as-text'; report-uri ../resources/save-report.py?test=/security/contentSecurityPolicy/1.1/scripthash-blocked-by-enforced-policy-and-allowed-by-report-policy.py","blocked-uri":"","status-code":200}}
index bfc55bbba00421d00ac4effc486b9fac4d0719d8..4fd7815eeddbba49ca5b7b26460618e104787215 100755 (executable)
@@ -4,7 +4,7 @@ import sys
 
 sys.stdout.write(
     'Content-Security-Policy-Report-Only: script-src \'sha256-AJqUvsXuHfMNXALcBPVqeiKkFk8OLvn3U7ksHP/QQ90=\' \'nonce-dump-as-text\'\r\n'
-    'Content-Security-Policy: script-src \'sha256-33badf00d3badf00d3badf00d3badf00d3badf00d33=\' \'nonce-dump-as-text\'; report-uri ../resources/save-report.php?test=/security/contentSecurityPolicy/1.1/scripthash-blocked-by-enforced-policy-and-allowed-by-report-policy.py\r\n'
+    'Content-Security-Policy: script-src \'sha256-33badf00d3badf00d3badf00d3badf00d3badf00d33=\' \'nonce-dump-as-text\'; report-uri ../resources/save-report.py?test=/security/contentSecurityPolicy/1.1/scripthash-blocked-by-enforced-policy-and-allowed-by-report-policy.py\r\n'
     'Content-Type: text/html\r\n\r\n'
     '<!DOCTYPE html>\n'
     '<html>\n'
@@ -21,7 +21,7 @@ sys.stdout.write(
     '<script>\n'
     'document.getElementById("result").textContent = "FAIL did execute script.";\n'
     '</script>\n'
-    '<iframe src="../resources/echo-report.php?test=/security/contentSecurityPolicy/1.1/scripthash-blocked-by-enforced-policy-and-allowed-by-report-policy.py"></iframe>\n'
+    '<iframe src="../resources/echo-report.py?test=/security/contentSecurityPolicy/1.1/scripthash-blocked-by-enforced-policy-and-allowed-by-report-policy.py"></iframe>\n'
     '</body>\n'
     '</html>\n'
 )
\ No newline at end of file
index d346a82906e06e4beda2e047d555a5bb75f3556e..e6928760520451ab071e260263628a8c608162e9 100755 (executable)
@@ -4,7 +4,7 @@ import sys
 
 sys.stdout.write(
     'Content-Security-Policy-Report-Only: script-src \'sha256-AJqUvsXuHfMNXALcBPVqeiKkFk8OLvn3U7ksHP/QQ90=\' \'nonce-dump-as-text\'\r\n'
-    'X-WebKit-CSP: script-src \'nonce-dump-as-text\'; report-uri ../resources/save-report.php?test=/security/contentSecurityPolicy/1.1/scripthash-blocked-by-legacy-enforced-policy-and-allowed-by-report-policy.py\r\n'
+    'X-WebKit-CSP: script-src \'nonce-dump-as-text\'; report-uri ../resources/save-report.py?test=/security/contentSecurityPolicy/1.1/scripthash-blocked-by-legacy-enforced-policy-and-allowed-by-report-policy.py\r\n'
     'Content-Type: text/html\r\n\r\n'
     '<!DOCTYPE html>\n'
     '<html>\n'
@@ -20,7 +20,7 @@ sys.stdout.write(
     'document.getElementById("result").textContent = "PASS did execute script.";\n'
     '</script>\n'
     '<!-- Call testRunner.dumpChildFramesAsText() and load\n'
-    '<iframe src="../resources/echo-report.php?test=/security/contentSecurityPolicy/1.1/scripthash-blocked-by-legacy-enforced-policy-and-allowed-by-report-policy.py"></iframe>\n'
+    '<iframe src="../resources/echo-report.py?test=/security/contentSecurityPolicy/1.1/scripthash-blocked-by-legacy-enforced-policy-and-allowed-by-report-policy.py"></iframe>\n'
     'once we fix reporting of nonce violations for report-only policies. See <https://bugs.webkit.org/show_bug.cgi?id=159830>. -->\n'
     '</body>\n'
     '</html>\n'
index eb9350b1424594d9ebe060a470b2e26a3a9260e4..002e6810b138c4606dbecd5521e94bf31d1aeb56 100644 (file)
@@ -11,6 +11,6 @@ CONTENT_TYPE: application/csp-report
 HTTP_HOST: 127.0.0.1:8000
 HTTP_REFERER: http://127.0.0.1:8000/security/contentSecurityPolicy/1.1/scripthash-blocked-by-legacy-enforced-policy-and-blocked-by-report-policy.py
 REQUEST_METHOD: POST
-REQUEST_URI: /security/contentSecurityPolicy/resources/save-report.php?test=/security/contentSecurityPolicy/1.1/scripthash-blocked-by-legacy-enforced-policy-and-blocked-by-report-policy.py
+REQUEST_URI: /security/contentSecurityPolicy/resources/save-report.py?test=/security/contentSecurityPolicy/1.1/scripthash-blocked-by-legacy-enforced-policy-and-blocked-by-report-policy.py
 === POST DATA ===
-{"csp-report":{"document-uri":"http://127.0.0.1:8000/security/contentSecurityPolicy/1.1/scripthash-blocked-by-legacy-enforced-policy-and-blocked-by-report-policy.py","referrer":"","violated-directive":"script-src 'sha256-33badf00d3badf00d3badf00d3badf00d3badf00d33=' 'nonce-dump-as-text'","effective-directive":"script-src","original-policy":"script-src 'sha256-33badf00d3badf00d3badf00d3badf00d3badf00d33=' 'nonce-dump-as-text'; report-uri ../resources/save-report.php?test=/security/contentSecurityPolicy/1.1/scripthash-blocked-by-legacy-enforced-policy-and-blocked-by-report-policy.py","blocked-uri":"","status-code":200}}
+{"csp-report":{"document-uri":"http://127.0.0.1:8000/security/contentSecurityPolicy/1.1/scripthash-blocked-by-legacy-enforced-policy-and-blocked-by-report-policy.py","referrer":"","violated-directive":"script-src 'sha256-33badf00d3badf00d3badf00d3badf00d3badf00d33=' 'nonce-dump-as-text'","effective-directive":"script-src","original-policy":"script-src 'sha256-33badf00d3badf00d3badf00d3badf00d3badf00d33=' 'nonce-dump-as-text'; report-uri ../resources/save-report.py?test=/security/contentSecurityPolicy/1.1/scripthash-blocked-by-legacy-enforced-policy-and-blocked-by-report-policy.py","blocked-uri":"","status-code":200}}
index 70ab3af0e40a72a917ab6a9b57d420dfbccd79af..d41925f5c377b4e38d0919c62f5269a899e184a6 100755 (executable)
@@ -3,7 +3,7 @@
 import sys
 
 sys.stdout.write(
-    'Content-Security-Policy-Report-Only: script-src \'sha256-33badf00d3badf00d3badf00d3badf00d3badf00d33=\' \'nonce-dump-as-text\'; report-uri ../resources/save-report.php?test=/security/contentSecurityPolicy/1.1/scripthash-blocked-by-legacy-enforced-policy-and-blocked-by-report-policy.py\r\n'
+    'Content-Security-Policy-Report-Only: script-src \'sha256-33badf00d3badf00d3badf00d3badf00d3badf00d33=\' \'nonce-dump-as-text\'; report-uri ../resources/save-report.py?test=/security/contentSecurityPolicy/1.1/scripthash-blocked-by-legacy-enforced-policy-and-blocked-by-report-policy.py\r\n'
     'X-WebKit-CSP: script-src \'nonce-dump-as-text\'\r\n'
     'Content-Type: text/html\r\n\r\n'
     '<!DOCTYPE html>\n'
@@ -21,7 +21,7 @@ sys.stdout.write(
     '<script>\n'
     'document.getElementById("result").textContent = "PASS did execute script.";\n'
     '</script>\n'
-    '<iframe src="../resources/echo-report.php?test=/security/contentSecurityPolicy/1.1/scripthash-blocked-by-legacy-enforced-policy-and-blocked-by-report-policy.py"></iframe>\n'
+    '<iframe src="../resources/echo-report.py?test=/security/contentSecurityPolicy/1.1/scripthash-blocked-by-legacy-enforced-policy-and-blocked-by-report-policy.py"></iframe>\n'
     '</body>\n'
     '</html>\n'
     '\r\n'
index ccf4734f662d572af6cae23ebeb502d96c848b28..65b9ac6e981b8c542208016e440708142dedc5ae 100644 (file)
@@ -11,6 +11,6 @@ CONTENT_TYPE: application/csp-report
 HTTP_HOST: 127.0.0.1:8000
 HTTP_REFERER: http://127.0.0.1:8000/security/contentSecurityPolicy/1.1/scripthash-blocked-by-legacy-enforced-policy-and-blocked-by-report-policy2.py
 REQUEST_METHOD: POST
-REQUEST_URI: /security/contentSecurityPolicy/resources/save-report.php?test=/security/contentSecurityPolicy/1.1/scripthash-blocked-by-legacy-enforced-policy-and-blocked-by-report-policy2.py
+REQUEST_URI: /security/contentSecurityPolicy/resources/save-report.py?test=/security/contentSecurityPolicy/1.1/scripthash-blocked-by-legacy-enforced-policy-and-blocked-by-report-policy2.py
 === POST DATA ===
-{"csp-report":{"document-uri":"http://127.0.0.1:8000/security/contentSecurityPolicy/1.1/scripthash-blocked-by-legacy-enforced-policy-and-blocked-by-report-policy2.py","referrer":"","violated-directive":"script-src 'sha256-33badf00d3badf00d3badf00d3badf00d3badf00d33=' 'nonce-dump-as-text'","effective-directive":"script-src","original-policy":"script-src 'sha256-33badf00d3badf00d3badf00d3badf00d3badf00d33=' 'nonce-dump-as-text'; report-uri ../resources/save-report.php?test=/security/contentSecurityPolicy/1.1/scripthash-blocked-by-legacy-enforced-policy-and-blocked-by-report-policy2.py","blocked-uri":"","status-code":200}}
+{"csp-report":{"document-uri":"http://127.0.0.1:8000/security/contentSecurityPolicy/1.1/scripthash-blocked-by-legacy-enforced-policy-and-blocked-by-report-policy2.py","referrer":"","violated-directive":"script-src 'sha256-33badf00d3badf00d3badf00d3badf00d3badf00d33=' 'nonce-dump-as-text'","effective-directive":"script-src","original-policy":"script-src 'sha256-33badf00d3badf00d3badf00d3badf00d3badf00d33=' 'nonce-dump-as-text'; report-uri ../resources/save-report.py?test=/security/contentSecurityPolicy/1.1/scripthash-blocked-by-legacy-enforced-policy-and-blocked-by-report-policy2.py","blocked-uri":"","status-code":200}}
index 559071afe73a11cb041695ec3df3362e5e2acda5..f9778f3c5f2a8755e7b1077faebc62538241aeb6 100755 (executable)
@@ -3,7 +3,7 @@
 import sys
 
 sys.stdout.write(
-    'Content-Security-Policy-Report-Only: script-src \'sha256-33badf00d3badf00d3badf00d3badf00d3badf00d33=\' \'nonce-dump-as-text\'; report-uri ../resources/save-report.php?test=/security/contentSecurityPolicy/1.1/scripthash-blocked-by-legacy-enforced-policy-and-blocked-by-report-policy2.py\r\n'
+    'Content-Security-Policy-Report-Only: script-src \'sha256-33badf00d3badf00d3badf00d3badf00d3badf00d33=\' \'nonce-dump-as-text\'; report-uri ../resources/save-report.py?test=/security/contentSecurityPolicy/1.1/scripthash-blocked-by-legacy-enforced-policy-and-blocked-by-report-policy2.py\r\n'
     'Content-Type: text/html\r\n\r\n'
     '<!DOCTYPE html>\n'
     '<html>\n'
@@ -21,7 +21,7 @@ sys.stdout.write(
     '<script>\n'
     'document.getElementById("result").textContent = "PASS did execute script.";\n'
     '</script>\n'
-    '<iframe src="../resources/echo-report.php?test=/security/contentSecurityPolicy/1.1/scripthash-blocked-by-legacy-enforced-policy-and-blocked-by-report-policy2.py"></iframe>\n'
+    '<iframe src="../resources/echo-report.py?test=/security/contentSecurityPolicy/1.1/scripthash-blocked-by-legacy-enforced-policy-and-blocked-by-report-policy2.py"></iframe>\n'
     '</body>\n'
     '</html>\n'
 )
\ No newline at end of file
index cbae88dce10e48a207e26dcc7d1c918eab3933b9..2526cf6b776312023c8088d425a0505ee5ed620e 100644 (file)
@@ -94,7 +94,7 @@ var tests = [
     name: "Big-5 page with Big-5 hash",
     charset: "Big5",
     script: "didRunInlineScript+%3D+true%3B+//+%A4%F4",
-    hashSource: "'sha256-J08nmORtZZyj86mnbklnHBObVEnsakqZcYsabqsSJmc='",
+    hashSource: "'sha256-CAEkHFV/oUoz+L2Oa6gIFelb73og89vCbxrz4u/jAY4='",
     expectedResult: RunInlineScript,
 },
 {
@@ -255,7 +255,7 @@ function runNextTest()
         hashSource: encodeURIComponent(test.hashSource),
     };
     var queryString = Object.keys(queryStringArguments).map(function (key) { return key + "=" + queryStringArguments[key]; }).join("&");
-    frame.src = "http://127.0.0.1:8000/security/contentSecurityPolicy/1.1/resources/testScriptHash.php?" + queryString;
+    frame.src = "http://127.0.0.1:8000/security/contentSecurityPolicy/1.1/resources/testScriptHash.py?" + queryString;
 }
 
 window.onload = function ()
index d798c6b034924b3c5cda522eff3b2bc78c52ad31..967aa85c541f25cc684c67ad5a5974a2e3a43a4d 100755 (executable)
@@ -3,7 +3,7 @@
 import sys
 
 sys.stdout.write(
-    'Content-Security-Policy-Report-Only: script-src \'nonce-that-is-not-equal-to-dummy\' \'nonce-dump-as-text\'; report-uri ../resources/save-report.php?test=/security/contentSecurityPolicy/1.1/scriptnonce-allowed-by-enforced-policy-and-blocked-by-report-policy.py\r\n'
+    'Content-Security-Policy-Report-Only: script-src \'nonce-that-is-not-equal-to-dummy\' \'nonce-dump-as-text\'; report-uri ../resources/save-report.py?test=/security/contentSecurityPolicy/1.1/scriptnonce-allowed-by-enforced-policy-and-blocked-by-report-policy.py\r\n'
     'Content-Security-Policy: script-src \'nonce-dummy\' \'nonce-dump-as-text\'\r\n'
     'Content-Type: text/html\r\n\r\n'
     '<!DOCTYPE html>\n'
@@ -20,7 +20,7 @@ sys.stdout.write(
     'document.getElementById("result").textContent = "PASS did execute script.";\n'
     '</script>\n'
     '<!-- FIXME: Call testRunner.dumpChildFramesAsText() and load\n'
-    '../resources/echo-report.php?test=/security/contentSecurityPolicy/1.1/scriptnonce-allowed-by-enforced-policy-and-blocked-by-report-policy.py\n'
+    '../resources/echo-report.py?test=/security/contentSecurityPolicy/1.1/scriptnonce-allowed-by-enforced-policy-and-blocked-by-report-policy.py\n'
     'in an <iframe> once we fix reporting of nonce violations for report-only policies. See <https://bugs.webkit.org/show_bug.cgi?id=159830>. -->\n'
     '</body>\n'
     '</html>\n'
index d3b30d1b4f925fc394605119391fc4ed968a2bdf..0a9876524491a042123eb89574cfff1d25f1775e 100755 (executable)
@@ -3,7 +3,7 @@
 import sys
 
 sys.stdout.write(
-    'Content-Security-Policy-Report-Only: script-src \'nonce-that-is-not-equal-to-dummy\' \'nonce-dump-as-text\'; report-uri ../resources/save-report.php?test=/security/contentSecurityPolicy/1.1/scriptnonce-allowed-by-enforced-policy-and-blocked-by-report-policy2.py\r\n'
+    'Content-Security-Policy-Report-Only: script-src \'nonce-that-is-not-equal-to-dummy\' \'nonce-dump-as-text\'; report-uri ../resources/save-report.py?test=/security/contentSecurityPolicy/1.1/scriptnonce-allowed-by-enforced-policy-and-blocked-by-report-policy2.py\r\n'
     'Content-Type: text/html\r\n\r\n'
     '<!DOCTYPE html>\n'
     '<html>\n'
@@ -20,7 +20,7 @@ sys.stdout.write(
     'document.getElementById("result").textContent = "PASS did execute script.";\n'
     '</script>\n'
     '<!-- FIXME: Call testRunner.dumpChildFramesAsText() and load\n'
-    '../resources/echo-report.php?test=/security/contentSecurityPolicy/1.1/scriptnonce-allowed-by-enforced-policy-and-blocked-by-report-policy2.py\n'
+    '../resources/echo-report.py?test=/security/contentSecurityPolicy/1.1/scriptnonce-allowed-by-enforced-policy-and-blocked-by-report-policy2.py\n'
     'in an <iframe> once we fix reporting of nonce violations for report-only policies. See <https://bugs.webkit.org/show_bug.cgi?id=159830>. -->\n'
     '</body>\n'
     '</html>\n'
index 7fc09c22478184d5fe8fc460c4bf7e3a0074e3e0..de1d769e3fd2d5e6116ae58cb0c5c387617d4e09 100755 (executable)
@@ -3,7 +3,7 @@
 import sys
 
 sys.stdout.write(
-    'Content-Security-Policy-Report-Only: script-src \'nonce-that-is-not-equal-to-dummy\' \'nonce-dump-as-text\'; report-uri ../resources/save-report.php?test=/security/contentSecurityPolicy/1.1/scriptnonce-allowed-by-legacy-enforced-policy-and-blocked-by-report-policy.py\r\n'
+    'Content-Security-Policy-Report-Only: script-src \'nonce-that-is-not-equal-to-dummy\' \'nonce-dump-as-text\'; report-uri ../resources/save-report.py?test=/security/contentSecurityPolicy/1.1/scriptnonce-allowed-by-legacy-enforced-policy-and-blocked-by-report-policy.py\r\n'
     'X-WebKit-CSP: script-src \'nonce-dummy\' \'nonce-dump-as-text\'\r\n'
     'Content-Type: text/html\r\n\r\n'
     '<!DOCTYPE html>\n'
@@ -20,7 +20,7 @@ sys.stdout.write(
     'document.getElementById("result").textContent = "PASS did execute script.";\n'
     '</script>\n'
     '<!-- FIXME: Call testRunner.dumpChildFramesAsText() and load\n'
-    '../resources/echo-report.php?test=/security/contentSecurityPolicy/1.1/scriptnonce-allowed-by-legacy-enforced-policy-and-blocked-by-report-policy.py\n'
+    '../resources/echo-report.py?test=/security/contentSecurityPolicy/1.1/scriptnonce-allowed-by-legacy-enforced-policy-and-blocked-by-report-policy.py\n'
     'in an <iframe> once we fix reporting of nonce violations for report-only policies. See <https://bugs.webkit.org/show_bug.cgi?id=159830>. -->\n'
     '</body>\n'
     '</html>\n'
index a8708cee4414c9702c475afe5e486c8621404eed..62131ecd3c656534448d1f05c870a65b353a3e38 100755 (executable)
@@ -3,7 +3,7 @@
 import sys
 
 sys.stdout.write(
-    'Content-Security-Policy-Report-Only: script-src \'nonce-that-is-not-equal-to-dummy\' \'nonce-dump-as-text\'; report-uri ../resources/save-report.php?test=/security/contentSecurityPolicy/1.1/scriptnonce-allowed-by-legacy-enforced-policy-and-blocked-by-report-policy2.py\r\n'
+    'Content-Security-Policy-Report-Only: script-src \'nonce-that-is-not-equal-to-dummy\' \'nonce-dump-as-text\'; report-uri ../resources/save-report.py?test=/security/contentSecurityPolicy/1.1/scriptnonce-allowed-by-legacy-enforced-policy-and-blocked-by-report-policy2.py\r\n'
     'Content-Type: text/html\r\n\r\n'
     '<!DOCTYPE html>\n'
     '<html>\n'
@@ -20,7 +20,7 @@ sys.stdout.write(
     'document.getElementById("result").textContent = "PASS did execute script.";\n'
     '</script>\n'
     '<!-- FIXME: Call testRunner.dumpChildFramesAsText() and load\n'
-    '../resources/echo-report.php?test=/security/contentSecurityPolicy/1.1/scriptnonce-allowed-by-legacy-enforced-policy-and-blocked-by-report-policy2.py\n'
+    '../resources/echo-report.py?test=/security/contentSecurityPolicy/1.1/scriptnonce-allowed-by-legacy-enforced-policy-and-blocked-by-report-policy2.py\n'
     'in an <iframe> once we fix reporting of nonce violations for report-only policies. See <https://bugs.webkit.org/show_bug.cgi?id=159830>. -->\n'
     '</body>\n'
     '</html>\n'
index 5e64d31185a031fc48a8f8c8d64a362610a5a8e1..c0ca814035c61cbbbef112ce62154913302160ef 100644 (file)
@@ -14,6 +14,6 @@ CONTENT_TYPE: application/csp-report
 HTTP_HOST: 127.0.0.1:8000
 HTTP_REFERER: http://127.0.0.1:8000/security/contentSecurityPolicy/1.1/scriptnonce-blocked-by-enforced-policy-and-allowed-by-report-policy.py
 REQUEST_METHOD: POST
-REQUEST_URI: /security/contentSecurityPolicy/resources/save-report.php?test=/security/contentSecurityPolicy/1.1/scriptnonce-blocked-by-enforced-policy-and-allowed-by-report-policy.py
+REQUEST_URI: /security/contentSecurityPolicy/resources/save-report.py?test=/security/contentSecurityPolicy/1.1/scriptnonce-blocked-by-enforced-policy-and-allowed-by-report-policy.py
 === POST DATA ===
-{"csp-report":{"document-uri":"http://127.0.0.1:8000/security/contentSecurityPolicy/1.1/scriptnonce-blocked-by-enforced-policy-and-allowed-by-report-policy.py","referrer":"","violated-directive":"script-src 'nonce-that-is-not-equal-to-dummy' 'nonce-dump-as-text'","effective-directive":"script-src","original-policy":"script-src 'nonce-that-is-not-equal-to-dummy' 'nonce-dump-as-text'; report-uri ../resources/save-report.php?test=/security/contentSecurityPolicy/1.1/scriptnonce-blocked-by-enforced-policy-and-allowed-by-report-policy.py","blocked-uri":"","status-code":200}}
+{"csp-report":{"document-uri":"http://127.0.0.1:8000/security/contentSecurityPolicy/1.1/scriptnonce-blocked-by-enforced-policy-and-allowed-by-report-policy.py","referrer":"","violated-directive":"script-src 'nonce-that-is-not-equal-to-dummy' 'nonce-dump-as-text'","effective-directive":"script-src","original-policy":"script-src 'nonce-that-is-not-equal-to-dummy' 'nonce-dump-as-text'; report-uri ../resources/save-report.py?test=/security/contentSecurityPolicy/1.1/scriptnonce-blocked-by-enforced-policy-and-allowed-by-report-policy.py","blocked-uri":"","status-code":200}}
index 6f1109459f41f5137ab510efadd0a9d5443c34e6..0b9e07d5119079be490e99713fb15ebe531ddb2c 100755 (executable)
@@ -4,7 +4,7 @@ import sys
 
 sys.stdout.write(
     'Content-Security-Policy-Report-Only: script-src \'nonce-dummy\' \'nonce-dump-as-text\'\r\n'
-    'Content-Security-Policy: script-src \'nonce-that-is-not-equal-to-dummy\' \'nonce-dump-as-text\'; report-uri ../resources/save-report.php?test=/security/contentSecurityPolicy/1.1/scriptnonce-blocked-by-enforced-policy-and-allowed-by-report-policy.py\r\n'
+    'Content-Security-Policy: script-src \'nonce-that-is-not-equal-to-dummy\' \'nonce-dump-as-text\'; report-uri ../resources/save-report.py?test=/security/contentSecurityPolicy/1.1/scriptnonce-blocked-by-enforced-policy-and-allowed-by-report-policy.py\r\n'
     'Content-Type: text/html\r\n\r\n'
     '<!DOCTYPE html>\n'
     '<html>\n'
@@ -21,7 +21,7 @@ sys.stdout.write(
     '<script nonce="dummy">\n'
     'document.getElementById("result").textContent = "FAIL did execute script.";\n'
     '</script>\n'
-    '<iframe src="../resources/echo-report.php?test=/security/contentSecurityPolicy/1.1/scriptnonce-blocked-by-enforced-policy-and-allowed-by-report-policy.py"></iframe>\n'
+    '<iframe src="../resources/echo-report.py?test=/security/contentSecurityPolicy/1.1/scriptnonce-blocked-by-enforced-policy-and-allowed-by-report-policy.py"></iframe>\n'
     '</body>\n'
     '</html>\n'
 )
\ No newline at end of file
index 8900e75260e1a21dcd5bf8cb1ec46e9999e1674f..f19fb9f737f57c0f4ceef1dbbeeb4b247870aceb 100755 (executable)
@@ -4,7 +4,7 @@ import sys
 
 sys.stdout.write(
     'Content-Security-Policy-Report-Only: script-src \'nonce-dummy\' \'nonce-dump-as-text\'\r\n'
-    'X-WebKit-CSP: script-src \'nonce-dump-as-text\'; report-uri ../resources/save-report.php?test=/security/contentSecurityPolicy/1.1/scriptnonce-blocked-by-legacy-enforced-policy-and-allowed-by-report-policy.py\r\n'
+    'X-WebKit-CSP: script-src \'nonce-dump-as-text\'; report-uri ../resources/save-report.py?test=/security/contentSecurityPolicy/1.1/scriptnonce-blocked-by-legacy-enforced-policy-and-allowed-by-report-policy.py\r\n'
     'Content-Type: text/html\r\n\r\n'
     '<!DOCTYPE html>\n'
     '<html>\n'
@@ -20,7 +20,7 @@ sys.stdout.write(
     'document.getElementById("result").textContent = "PASS did execute script.";\n'
     '</script>\n'
     '<!-- Call testRunner.dumpChildFramesAsText() and load\n'
-    '<iframe src="../resources/echo-report.php?test=/security/contentSecurityPolicy/1.1/scriptnonce-blocked-by-legacy-enforced-policy-and-allowed-by-report-policy.py"></iframe>\n'
+    '<iframe src="../resources/echo-report.py?test=/security/contentSecurityPolicy/1.1/scriptnonce-blocked-by-legacy-enforced-policy-and-allowed-by-report-policy.py"></iframe>\n'
     'once we fix reporting of nonce violations for report-only policies. See <https://bugs.webkit.org/show_bug.cgi?id=159830>. -->\n'
     '</body>\n'
     '</html>\n'
index d1ca4c29a87f189ea9fff53fe7180ec8154d45e0..7dfbd37357be85028b489f17fc5bff58c44d8c7f 100755 (executable)
@@ -3,7 +3,7 @@
 import sys
 
 sys.stdout.write(
-    'Content-Security-Policy-Report-Only: script-src \'nonce-that-is-not-equal-to-dummy\' \'nonce-dump-as-text\'; report-uri ../resources/save-report.php?test=/security/contentSecurityPolicy/1.1/scriptnonce-blocked-by-legacy-enforced-policy-and-blocked-by-report-policy.py\r\n'
+    'Content-Security-Policy-Report-Only: script-src \'nonce-that-is-not-equal-to-dummy\' \'nonce-dump-as-text\'; report-uri ../resources/save-report.py?test=/security/contentSecurityPolicy/1.1/scriptnonce-blocked-by-legacy-enforced-policy-and-blocked-by-report-policy.py\r\n'
     'X-WebKit-CSP: script-src \'nonce-dump-as-text\'\r\n'
     'Content-Type: text/html\r\n\r\n'
     '<!DOCTYPE html>\n'
@@ -20,7 +20,7 @@ sys.stdout.write(
     'document.getElementById("result").textContent = "PASS did execute script.";\n'
     '</script>\n'
     '<!-- Call testRunner.dumpChildFramesAsText() and load\n'
-    '<iframe src="../resources/echo-report.php?test=/security/contentSecurityPolicy/1.1/scriptnonce-blocked-by-legacy-enforced-policy-and-blocked-by-report-policy.py"></iframe>\n'
+    '<iframe src="../resources/echo-report.py?test=/security/contentSecurityPolicy/1.1/scriptnonce-blocked-by-legacy-enforced-policy-and-blocked-by-report-policy.py"></iframe>\n'
     'once we fix reporting of nonce violations for report-only policies. See <https://bugs.webkit.org/show_bug.cgi?id=159830>. -->\n'
     '</body>\n'
     '</html>\n'
index 7e81b08d068241ab13810aa26f5837b29c67e9a5..f57ea831a214341c7ad726498f3ff8bffb57c66c 100755 (executable)
@@ -3,7 +3,7 @@
 import sys
 
 sys.stdout.write(
-    'Content-Security-Policy-Report-Only: script-src \'nonce-that-is-not-equal-to-dummy\' \'nonce-dump-as-text\'; report-uri ../resources/save-report.php?test=/security/contentSecurityPolicy/1.1/scriptnonce-blocked-by-legacy-enforced-policy-and-blocked-by-report-policy.py\r\n'
+    'Content-Security-Policy-Report-Only: script-src \'nonce-that-is-not-equal-to-dummy\' \'nonce-dump-as-text\'; report-uri ../resources/save-report.py?test=/security/contentSecurityPolicy/1.1/scriptnonce-blocked-by-legacy-enforced-policy-and-blocked-by-report-policy.py\r\n'
     'Content-Type: text/html\r\n\r\n'
     '<!DOCTYPE html>\n'
     '<html>\n'
@@ -20,7 +20,7 @@ sys.stdout.write(
     'document.getElementById("result").textContent = "PASS did execute script.";\n'
     '</script>\n'
     '<!-- Call testRunner.dumpChildFramesAsText() and load\n'
-    '<iframe src="../resources/echo-report.php?test=/security/contentSecurityPolicy/1.1/scriptnonce-blocked-by-legacy-enforced-policy-and-blocked-by-report-policy.py"></iframe>\n'
+    '<iframe src="../resources/echo-report.py?test=/security/contentSecurityPolicy/1.1/scriptnonce-blocked-by-legacy-enforced-policy-and-blocked-by-report-policy.py"></iframe>\n'
     'once we fix reporting of nonce violations for report-only policies. See <https://bugs.webkit.org/show_bug.cgi?id=159830>. -->\n'
     '</body>\n'
     '</html>\n'
index 55d7919b3181a8b24c2c07fbcb8571056c576e68..4ecf216482888eff79a6472a3cfce48957716d6e 100644 (file)
@@ -4,7 +4,7 @@ frame "<!--frame1-->" - didCommitLoadForFrame
 CONSOLE MESSAGE: [Report Only] Blocked mixed content http://127.0.0.1:8000/security/mixedContent/resources/style.css because 'block-all-mixed-content' appears in the Content Security Policy.
 CONSOLE MESSAGE: [blocked] The page at https://127.0.0.1:8443/security/contentSecurityPolicy/block-all-mixed-content/resources/frame-with-insecure-css-report-only.py was not allowed to run insecure content from http://127.0.0.1:8000/security/mixedContent/resources/style.css.
 
-frame "<!--frame1-->" - willPerformClientRedirectToURL: https://127.0.0.1:8443/security/contentSecurityPolicy/resources/echo-report.php?test=/security/contentSecurityPolicy/block-all-mixed-content/resources/frame-with-insecure-css-report-only.py
+frame "<!--frame1-->" - willPerformClientRedirectToURL: https://127.0.0.1:8443/security/contentSecurityPolicy/resources/echo-report.py?test=/security/contentSecurityPolicy/block-all-mixed-content/resources/frame-with-insecure-css-report-only.py
 frame "<!--frame1-->" - didFinishDocumentLoadForFrame
 main frame - didHandleOnloadEventsForFrame
 frame "<!--frame1-->" - didFinishLoadForFrame
@@ -27,6 +27,6 @@ CONTENT_TYPE: application/csp-report
 HTTP_HOST: 127.0.0.1:8443
 HTTP_REFERER: https://127.0.0.1:8443/security/contentSecurityPolicy/block-all-mixed-content/resources/frame-with-insecure-css-report-only.py
 REQUEST_METHOD: POST
-REQUEST_URI: /security/contentSecurityPolicy/resources/save-report.php?test=/security/contentSecurityPolicy/block-all-mixed-content/resources/frame-with-insecure-css-report-only.py
+REQUEST_URI: /security/contentSecurityPolicy/resources/save-report.py?test=/security/contentSecurityPolicy/block-all-mixed-content/resources/frame-with-insecure-css-report-only.py
 === POST DATA ===
-{"csp-report":{"document-uri":"https://127.0.0.1:8443/security/contentSecurityPolicy/block-all-mixed-content/resources/frame-with-insecure-css-report-only.py","referrer":"http://127.0.0.1:8000/security/contentSecurityPolicy/block-all-mixed-content/insecure-css-in-iframe-report-only.html","violated-directive":"block-all-mixed-content","effective-directive":"block-all-mixed-content","original-policy":"block-all-mixed-content; report-uri ../../resources/save-report.php?test=/security/contentSecurityPolicy/block-all-mixed-content/resources/frame-with-insecure-css-report-only.py","blocked-uri":"http://127.0.0.1:8000","status-code":0}}
+{"csp-report":{"document-uri":"https://127.0.0.1:8443/security/contentSecurityPolicy/block-all-mixed-content/resources/frame-with-insecure-css-report-only.py","referrer":"http://127.0.0.1:8000/security/contentSecurityPolicy/block-all-mixed-content/insecure-css-in-iframe-report-only.html","violated-directive":"block-all-mixed-content","effective-directive":"block-all-mixed-content","original-policy":"block-all-mixed-content; report-uri ../../resources/save-report.py?test=/security/contentSecurityPolicy/block-all-mixed-content/resources/frame-with-insecure-css-report-only.py","blocked-uri":"http://127.0.0.1:8000","status-code":0}}
index 4beb2c468d1db1bfec27fe4d884ab6f8a2391bad..d4badace594c26f21ffd890dd5ca581b30526a72 100755 (executable)
@@ -3,7 +3,7 @@
 import sys
 
 sys.stdout.write(
-    'Content-Security-Policy-Report-Only: block-all-mixed-content; report-uri ../../resources/save-report.php?test=/security/contentSecurityPolicy/block-all-mixed-content/resources/frame-with-insecure-css-report-only.py\r\n'
+    'Content-Security-Policy-Report-Only: block-all-mixed-content; report-uri ../../resources/save-report.py?test=/security/contentSecurityPolicy/block-all-mixed-content/resources/frame-with-insecure-css-report-only.py\r\n'
     'Content-Type: text/html\r\n\r\n'
     '<!DOCTYPE html>\n'
     '<html>\n'
@@ -18,7 +18,7 @@ sys.stdout.write(
     '<body>\n'
     'This background color should be white.\n'
     '<script>\n'
-    '    window.location.href = "/security/contentSecurityPolicy/resources/echo-report.php?test=/security/contentSecurityPolicy/block-all-mixed-content/resources/frame-with-insecure-css-report-only.py";\n'
+    '    window.location.href = "/security/contentSecurityPolicy/resources/echo-report.py?test=/security/contentSecurityPolicy/block-all-mixed-content/resources/frame-with-insecure-css-report-only.py";\n'
     '</script>\n'
     '</body>\n'
     '</html>\n'
index eca3056c1a0429cba76840d6a21b2ca57c708351..2e14b5ca4d9713c6635060b48ff4cb6ce88f7282 100644 (file)
@@ -16,7 +16,7 @@ function log(msg)
 }
 
 try {
-    navigator.sendBeacon("http://127.0.0.1:8000/security/contentSecurityPolicy/resources/echo-report.php");
+    navigator.sendBeacon("http://127.0.0.1:8000/security/contentSecurityPolicy/resources/echo-report.py");
     log("Pass");
 } catch(e) {
     log("Fail");
index 38caa4137e7be0696def3d6889eb2c5228c9e950..0d3cf59f08429a028fce24f60110bc75d6a57a83 100644 (file)
@@ -1,3 +1,3 @@
-CONSOLE MESSAGE: Refused to connect to http://localhost:8000/security/contentSecurityPolicy/resources/echo-report.php because it does not appear in the connect-src directive of the Content Security Policy.
+CONSOLE MESSAGE: Refused to connect to http://localhost:8000/security/contentSecurityPolicy/resources/echo-report.py because it does not appear in the connect-src directive of the Content Security Policy.
 Pass
 
index 1eadc69c0617ba9373ae1faf5459743fcc2ef5bf..11b349157a2698552f4033f62df4afef29e533fe 100644 (file)
@@ -16,7 +16,7 @@ function log(msg)
 }
 
 try {
-    navigator.sendBeacon("http://localhost:8000/security/contentSecurityPolicy/resources/echo-report.php");
+    navigator.sendBeacon("http://localhost:8000/security/contentSecurityPolicy/resources/echo-report.py");
     log("Pass");
 } catch(e) {
     log("Fail");
index 9f6eebfcff2b70ccc6ac37ca2ffad969adf0325f..1cc2f76260e081083f94ae3fc5115f37ff7f7927 100644 (file)
@@ -6,4 +6,4 @@ CONTENT_TYPE: application/csp-report
 HTTP_REFERER: http://127.0.0.1:8000/security/contentSecurityPolicy/eval-allowed-in-report-only-mode-and-sends-report.html
 REQUEST_METHOD: POST
 === POST DATA ===
-{"csp-report":{"document-uri":"http://127.0.0.1:8000/security/contentSecurityPolicy/eval-allowed-in-report-only-mode-and-sends-report.html","referrer":"","violated-directive":"script-src 'self' 'unsafe-inline'","effective-directive":"script-src","original-policy":"script-src 'self' 'unsafe-inline'; report-uri resources/save-report.php","blocked-uri":"","source-file":"http://127.0.0.1:8000/security/contentSecurityPolicy/eval-allowed-in-report-only-mode-and-sends-report.html","line-number":13,"column-number":13,"status-code":200}}
+{"csp-report":{"document-uri":"http://127.0.0.1:8000/security/contentSecurityPolicy/eval-allowed-in-report-only-mode-and-sends-report.html","referrer":"","violated-directive":"script-src 'self' 'unsafe-inline'","effective-directive":"script-src","original-policy":"script-src 'self' 'unsafe-inline'; report-uri resources/save-report.py","blocked-uri":"","source-file":"http://127.0.0.1:8000/security/contentSecurityPolicy/eval-allowed-in-report-only-mode-and-sends-report.html","line-number":13,"column-number":13,"status-code":200}}
index 240161233e1134d0bcdb87345c3d70d2a60866e2..3f5f0a1199034d4b57d247cf16b0ebb65047fe6c 100755 (executable)
@@ -3,7 +3,7 @@
 import sys
 
 sys.stdout.write(
-    'Content-Security-Policy-Report-Only: script-src \'self\' \'unsafe-inline\'; report-uri resources/save-report.php\r\n'
+    'Content-Security-Policy-Report-Only: script-src \'self\' \'unsafe-inline\'; report-uri resources/save-report.py\r\n'
     'Content-Type: text/html\r\n\r\n'
     '<!DOCTYPE html>\n'
     '<html>\n'
index 5bb61530e7df0ffed7bb113721c4ac8d9d405a87..94c096a0c0eb2dc2ef060f13f52ab0d6202399bb 100644 (file)
@@ -6,4 +6,4 @@ CONTENT_TYPE: application/csp-report
 HTTP_REFERER: http://127.0.0.1:8000/security/contentSecurityPolicy/eval-blocked-and-sends-report.html
 REQUEST_METHOD: POST
 === POST DATA ===
-{"csp-report":{"document-uri":"http://127.0.0.1:8000/security/contentSecurityPolicy/eval-blocked-and-sends-report.html","referrer":"","violated-directive":"script-src 'self' 'unsafe-inline'","effective-directive":"script-src","original-policy":"script-src 'self' 'unsafe-inline'; report-uri resources/save-report.php","blocked-uri":"","source-file":"http://127.0.0.1:8000/security/contentSecurityPolicy/eval-blocked-and-sends-report.html","line-number":9,"column-number":13,"status-code":200}}
+{"csp-report":{"document-uri":"http://127.0.0.1:8000/security/contentSecurityPolicy/eval-blocked-and-sends-report.html","referrer":"","violated-directive":"script-src 'self' 'unsafe-inline'","effective-directive":"script-src","original-policy":"script-src 'self' 'unsafe-inline'; report-uri resources/save-report.py","blocked-uri":"","source-file":"http://127.0.0.1:8000/security/contentSecurityPolicy/eval-blocked-and-sends-report.html","line-number":9,"column-number":13,"status-code":200}}
index 65ca40e5981fb5b70afafe6b1052b4161b0e6e80..0a3c50f2804f016355091f2223eff16f0d2cd2f5 100644 (file)
@@ -1,7 +1,7 @@
 <!DOCTYPE html>
 <html>
 <head>
-    <meta http-equiv="Content-Security-Policy" content="script-src 'self' 'unsafe-inline'; report-uri resources/save-report.php">
+    <meta http-equiv="Content-Security-Policy" content="script-src 'self' 'unsafe-inline'; report-uri resources/save-report.py">
 </head>
 <body>
     <script>
index b99747b25c67065c5da9e0f806e566b4f3cf9092..bada8e4d281bee49398e8cb98b20bfab6ff5c464 100644 (file)
@@ -6,6 +6,6 @@ CONTENT_TYPE: application/csp-report
 HTTP_HOST: 127.0.0.1:8000
 HTTP_REFERER: http://127.0.0.1:8000/security/contentSecurityPolicy/report-and-enforce.py
 REQUEST_METHOD: POST
-REQUEST_URI: /security/contentSecurityPolicy/resources/save-report.php
+REQUEST_URI: /security/contentSecurityPolicy/resources/save-report.py
 === POST DATA ===
-{"csp-report":{"document-uri":"http://127.0.0.1:8000/security/contentSecurityPolicy/report-and-enforce.py","referrer":"","violated-directive":"script-src 'self'","effective-directive":"script-src","original-policy":"script-src 'self'; report-uri resources/save-report.php","blocked-uri":"","status-code":200}}
+{"csp-report":{"document-uri":"http://127.0.0.1:8000/security/contentSecurityPolicy/report-and-enforce.py","referrer":"","violated-directive":"script-src 'self'","effective-directive":"script-src","original-policy":"script-src 'self'; report-uri resources/save-report.py","blocked-uri":"","status-code":200}}
index 622880f1089f9b38d942384278db360b9c72dbe3..d87a52c825002f2a24906aa6a9ca1cd812738599 100755 (executable)
@@ -3,7 +3,7 @@
 import sys
 
 sys.stdout.write(
-    'Content-Security-Policy-Report-Only: script-src \'self\'; report-uri resources/save-report.php\r\n'
+    'Content-Security-Policy-Report-Only: script-src \'self\'; report-uri resources/save-report.py\r\n'
     'Content-Type: text/html\r\n\r\n'
     '<!DOCTYPE html>\n'
     '<html>\n'
index 29b839e3c18bf33b56073b8829fb3412771a6a65..c1876f6410cbea085f39d4c5df893e47f41a9b0e 100644 (file)
@@ -4,6 +4,6 @@ CONTENT_TYPE: application/csp-report
 HTTP_HOST: 127.0.0.1:8000
 HTTP_REFERER: http://127.0.0.1:8000/security/contentSecurityPolicy/report-blocked-data-uri.py
 REQUEST_METHOD: POST
-REQUEST_URI: /security/contentSecurityPolicy/resources/save-report.php
+REQUEST_URI: /security/contentSecurityPolicy/resources/save-report.py
 === POST DATA ===
-{"csp-report":{"document-uri":"http://127.0.0.1:8000/security/contentSecurityPolicy/report-blocked-data-uri.py","referrer":"","violated-directive":"img-src 'none'","effective-directive":"img-src","original-policy":"img-src 'none'; report-uri resources/save-report.php","blocked-uri":"data","status-code":200}}
+{"csp-report":{"document-uri":"http://127.0.0.1:8000/security/contentSecurityPolicy/report-blocked-data-uri.py","referrer":"","violated-directive":"img-src 'none'","effective-directive":"img-src","original-policy":"img-src 'none'; report-uri resources/save-report.py","blocked-uri":"data","status-code":200}}
index 7c8be5b32703d7f18808a0770731c82716fec49d..92df6ec6dce05137f09dfdc5304297b1b9ea85ff 100755 (executable)
@@ -3,7 +3,7 @@
 import sys
 
 sys.stdout.write(
-    'Content-Security-Policy: img-src \'none\'; report-uri resources/save-report.php\r\n'
+    'Content-Security-Policy: img-src \'none\'; report-uri resources/save-report.py\r\n'
     'Content-Type: text/html\r\n\r\n'
     '<!DOCTYPE html>\n'
     '<html>\n'
index ec812afded186740a42f4fc974fef8329e34bf59..51e0d8f6c9e79405e64399495b4e4a856ca096fc 100644 (file)
@@ -4,6 +4,6 @@ CONTENT_TYPE: application/csp-report
 HTTP_HOST: 127.0.0.1:8000
 HTTP_REFERER: http://127.0.0.1:8000/security/contentSecurityPolicy/report-blocked-file-uri.py
 REQUEST_METHOD: POST
-REQUEST_URI: /security/contentSecurityPolicy/resources/save-report.php
+REQUEST_URI: /security/contentSecurityPolicy/resources/save-report.py
 === POST DATA ===
-{"csp-report":{"document-uri":"http://127.0.0.1:8000/security/contentSecurityPolicy/report-blocked-file-uri.py","referrer":"","violated-directive":"img-src 'none'","effective-directive":"img-src","original-policy":"img-src 'none'; report-uri resources/save-report.php","blocked-uri":"file","status-code":200,"source-file":"http://127.0.0.1:8000/security/contentSecurityPolicy/report-blocked-file-uri.py","line-number":9,"column-number":26}}
+{"csp-report":{"document-uri":"http://127.0.0.1:8000/security/contentSecurityPolicy/report-blocked-file-uri.py","referrer":"","violated-directive":"img-src 'none'","effective-directive":"img-src","original-policy":"img-src 'none'; report-uri resources/save-report.py","blocked-uri":"file","status-code":200,"source-file":"http://127.0.0.1:8000/security/contentSecurityPolicy/report-blocked-file-uri.py","line-number":9,"column-number":26}}
index ae122859e101c96d67efd08aa3f918bc04ad3914..3ec51a9bbe8dddb4352fab4632f812c4433a5681 100755 (executable)
@@ -3,7 +3,7 @@
 import sys
 
 sys.stdout.write(
-    'Content-Security-Policy: img-src \'none\'; report-uri resources/save-report.php\r\n'
+    'Content-Security-Policy: img-src \'none\'; report-uri resources/save-report.py\r\n'
     'Content-Type: text/html\r\n\r\n'
     '<!DOCTYPE html>\n'
     '<html>\n'
index ad0738054323523bb3aafebd1124ce8b33404c94..dd755ae050ebf51e4aaa5cca508901d64206d2cb 100644 (file)
@@ -4,6 +4,6 @@ CONTENT_TYPE: application/csp-report
 HTTP_HOST: 127.0.0.1:8000
 HTTP_REFERER: http://127.0.0.1:8000/security/contentSecurityPolicy/report-blocked-uri-and-do-not-follow-redirect-when-sending-report.py
 REQUEST_METHOD: POST
-REQUEST_URI: /security/contentSecurityPolicy/resources/save-report-and-redirect-to-save-report.php
+REQUEST_URI: /security/contentSecurityPolicy/resources/save-report-and-redirect-to-save-report.py
 === POST DATA ===
-{"csp-report":{"document-uri":"http://127.0.0.1:8000/security/contentSecurityPolicy/report-blocked-uri-and-do-not-follow-redirect-when-sending-report.py","referrer":"","violated-directive":"img-src 'none'","effective-directive":"img-src","original-policy":"img-src 'none'; report-uri resources/save-report-and-redirect-to-save-report.php","blocked-uri":"http://127.0.0.1:8000/security/resources/abe.png","status-code":200}}
+{"csp-report":{"document-uri":"http://127.0.0.1:8000/security/contentSecurityPolicy/report-blocked-uri-and-do-not-follow-redirect-when-sending-report.py","referrer":"","violated-directive":"img-src 'none'","effective-directive":"img-src","original-policy":"img-src 'none'; report-uri resources/save-report-and-redirect-to-save-report.py","blocked-uri":"http://127.0.0.1:8000/security/resources/abe.png","status-code":200}}
index 8fd2bf7b1133be6fee92c1a4eb70905b9a1814e7..62ad14817d2ca4bb62507bf7bf39b56e8be0c251 100755 (executable)
@@ -3,12 +3,12 @@
 import sys
 
 sys.stdout.write(
-    'Content-Security-Policy-Report-Only: img-src \'none\'; report-uri resources/save-report-and-redirect-to-save-report.php\r\n'
+    'Content-Security-Policy-Report-Only: img-src \'none\'; report-uri resources/save-report-and-redirect-to-save-report.py\r\n'
     'Content-Type: text/html\r\n\r\n'
     '<!DOCTYPE html>\n'
     '<html>\n'
     '<body>\n'
-    '<p>This test PASSED if the filename of the REQUEST_URI in the dumped report is save-report-and-redirect-to-save-report.php. Otherwise, it FAILED.</p>\n'
+    '<p>This test PASSED if the filename of the REQUEST_URI in the dumped report is save-report-and-redirect-to-save-report.py. Otherwise, it FAILED.</p>\n'
     '<img src="../resources/abe.png"> <!-- Trigger CSP violation -->\n'
     '<script>\n'
     'if (window.testRunner) {\n'
@@ -18,7 +18,7 @@ sys.stdout.write(
     '\n'
     'function navigateToReport()\n'
     '{\n'
-    '    window.location = "/security/contentSecurityPolicy/resources/echo-report.php";\n'
+    '    window.location = "/security/contentSecurityPolicy/resources/echo-report.py";\n'
     '}\n'
     '\n'
     '// We assume that if redirects were followed when saving the report that they will complete within one second.\n'
index 28ab5dd5d73e1e72b10cc826a0620d5a83fb2c4c..aa339f71809bac0a82b29bceed95c09d8122344f 100644 (file)
@@ -4,6 +4,6 @@ CONTENT_TYPE: application/csp-report
 HTTP_HOST: 127.0.0.1:8000
 HTTP_REFERER: http://127.0.0.1:8000/security/contentSecurityPolicy/report-blocked-uri-cross-origin.py
 REQUEST_METHOD: POST
-REQUEST_URI: /security/contentSecurityPolicy/resources/save-report.php
+REQUEST_URI: /security/contentSecurityPolicy/resources/save-report.py
 === POST DATA ===
-{"csp-report":{"document-uri":"http://127.0.0.1:8000/security/contentSecurityPolicy/report-blocked-uri-cross-origin.py","referrer":"","violated-directive":"img-src 'none'","effective-directive":"img-src","original-policy":"img-src 'none'; report-uri resources/save-report.php","blocked-uri":"http://localhost:8080","status-code":200}}
+{"csp-report":{"document-uri":"http://127.0.0.1:8000/security/contentSecurityPolicy/report-blocked-uri-cross-origin.py","referrer":"","violated-directive":"img-src 'none'","effective-directive":"img-src","original-policy":"img-src 'none'; report-uri resources/save-report.py","blocked-uri":"http://localhost:8080","status-code":200}}
index 111b3fc7628436848e09491d01ed7dfb0b170c37..e1afc2421cffe042f7f0a72638e8809aa5296d51 100755 (executable)
@@ -3,7 +3,7 @@
 import sys
 
 sys.stdout.write(
-    'Content-Security-Policy-Report-Only: img-src \'none\'; report-uri resources/save-report.php\r\n'
+    'Content-Security-Policy-Report-Only: img-src \'none\'; report-uri resources/save-report.py\r\n'
     'Content-Type: text/html\r\n\r\n'
     'The origin of this image should show up in the violation report.\n'
     '<img src="http://localhost:8080/security/resources/abe.png">\n'
index 97a18bc01c0e4f7882650eabf56954fbdb420e65..28d08d38692ee8a1a8e1234a4c3dbb72115aa90b 100644 (file)
@@ -4,6 +4,6 @@ CONTENT_TYPE: application/csp-report
 HTTP_HOST: 127.0.0.1:8000
 HTTP_REFERER: http://127.0.0.1:8000/security/contentSecurityPolicy/report-blocked-uri.py
 REQUEST_METHOD: POST
-REQUEST_URI: /security/contentSecurityPolicy/resources/save-report.php
+REQUEST_URI: /security/contentSecurityPolicy/resources/save-report.py
 === POST DATA ===
-{"csp-report":{"document-uri":"http://127.0.0.1:8000/security/contentSecurityPolicy/report-blocked-uri.py","referrer":"","violated-directive":"img-src 'none'","effective-directive":"img-src","original-policy":"img-src 'none'; report-uri resources/save-report.php","blocked-uri":"http://127.0.0.1:8000/security/resources/abe.png","status-code":200}}
+{"csp-report":{"document-uri":"http://127.0.0.1:8000/security/contentSecurityPolicy/report-blocked-uri.py","referrer":"","violated-directive":"img-src 'none'","effective-directive":"img-src","original-policy":"img-src 'none'; report-uri resources/save-report.py","blocked-uri":"http://127.0.0.1:8000/security/resources/abe.png","status-code":200}}
index 3fc2d3ec07a0f4a870d871cb80841b1439b28a41..f56f708450f7b6b151b807cde70669c875db9d7e 100755 (executable)
@@ -3,7 +3,7 @@
 import sys
 
 sys.stdout.write(
-    'Content-Security-Policy-Report-Only: img-src \'none\'; report-uri resources/save-report.php\r\n'
+    'Content-Security-Policy-Report-Only: img-src \'none\'; report-uri resources/save-report.py\r\n'
     'Content-Type: text/html\r\n\r\n'
     'The URI of this image should show up in the violation report.\n'
     '<img src="../resources/abe.png#the-fragment-should-not-be-in-report">\n'
index 5d9dbae27fae7814a7629ff48cd8975e1fd7fdab..bff7451d1f9f5be52bb4afd1c6227621dde7fc65 100644 (file)
@@ -4,6 +4,6 @@ CONTENT_TYPE: application/csp-report
 HTTP_HOST: localhost:8080
 HTTP_REFERER: http://127.0.0.1:8000/security/contentSecurityPolicy/report-cross-origin-no-cookies.py
 REQUEST_METHOD: POST
-REQUEST_URI: /security/contentSecurityPolicy/resources/save-report.php
+REQUEST_URI: /security/contentSecurityPolicy/resources/save-report.py
 === POST DATA ===
-{"csp-report":{"document-uri":"http://127.0.0.1:8000/security/contentSecurityPolicy/report-cross-origin-no-cookies.py","referrer":"","violated-directive":"img-src 'none'","effective-directive":"img-src","original-policy":"img-src 'none'; report-uri http://localhost:8080/security/contentSecurityPolicy/resources/save-report.php","blocked-uri":"http://127.0.0.1:8000/security/resources/abe.png","status-code":200}}
+{"csp-report":{"document-uri":"http://127.0.0.1:8000/security/contentSecurityPolicy/report-cross-origin-no-cookies.py","referrer":"","violated-directive":"img-src 'none'","effective-directive":"img-src","original-policy":"img-src 'none'; report-uri http://localhost:8080/security/contentSecurityPolicy/resources/save-report.py","blocked-uri":"http://127.0.0.1:8000/security/resources/abe.png","status-code":200}}
index 6fe6c3632d2aead1f2fac483dc69f39aa5ab0102..7f0fd7bb73a96ae496ebe77fbbc745028cd93d19 100644 (file)
@@ -4,6 +4,6 @@ CONTENT_TYPE: application/csp-report
 HTTP_HOST: localhost:8080
 HTTP_REFERER: http://127.0.0.1:8000/security/contentSecurityPolicy/report-cross-origin-no-cookies-when-private-browsing-enabled.py
 REQUEST_METHOD: POST
-REQUEST_URI: /security/contentSecurityPolicy/resources/save-report.php
+REQUEST_URI: /security/contentSecurityPolicy/resources/save-report.py
 === POST DATA ===
-{"csp-report":{"document-uri":"http://127.0.0.1:8000/security/contentSecurityPolicy/report-cross-origin-no-cookies-when-private-browsing-enabled.py","referrer":"","violated-directive":"img-src 'none'","effective-directive":"img-src","original-policy":"img-src 'none'; report-uri http://localhost:8080/security/contentSecurityPolicy/resources/save-report.php","blocked-uri":"http://127.0.0.1:8000/security/resources/abe.png","status-code":200}}
+{"csp-report":{"document-uri":"http://127.0.0.1:8000/security/contentSecurityPolicy/report-cross-origin-no-cookies-when-private-browsing-enabled.py","referrer":"","violated-directive":"img-src 'none'","effective-directive":"img-src","original-policy":"img-src 'none'; report-uri http://localhost:8080/security/contentSecurityPolicy/resources/save-report.py","blocked-uri":"http://127.0.0.1:8000/security/resources/abe.png","status-code":200}}
index f4ab69da623c667d90021123a189d279d058eeb7..2140c8964d6d3e720fc77a82eb96e106f8be5b18 100755 (executable)
@@ -3,7 +3,7 @@
 import sys
 
 sys.stdout.write(
-    'Content-Security-Policy: img-src \'none\'; report-uri http://localhost:8080/security/contentSecurityPolicy/resources/save-report.php\r\n'
+    'Content-Security-Policy: img-src \'none\'; report-uri http://localhost:8080/security/contentSecurityPolicy/resources/save-report.py\r\n'
     'Content-Type: text/html\r\n\r\n'
     '<!-- webkit-test-runner [ useEphemeralSession=true ] -->\n'
     '<!DOCTYPE html>\n'
@@ -23,7 +23,7 @@ sys.stdout.write(
     '        // This image will generate a CSP violation report.\n'
     '        let imgElement = document.createElement("img");\n'
     '        imgElement.onload = imgElement.onerror = function () {\n'
-    '            window.location = "/security/contentSecurityPolicy/resources/echo-report.php";\n'
+    '            window.location = "/security/contentSecurityPolicy/resources/echo-report.py";\n'
     '        };\n'
     '        imgElement.src = "/security/resources/abe.png";\n'
     '        document.body.appendChild(imgElement);\n'
index 090a446a473c06e0b4e69bdd7cfee43944545bff..acecf942aaa4a01a094def261435d8d1cd6e8108 100644 (file)
@@ -1,8 +1,8 @@
 CSP report received:
 CONTENT_TYPE: application/csp-report
 HTTP_HOST: localhost:8080
-HTTP_REFERER: http://127.0.0.1:8000/security/contentSecurityPolicy/report-cross-origin-no-cookies-when-private-browsing-toggled.php
+HTTP_REFERER: http://127.0.0.1:8000/security/contentSecurityPolicy/report-cross-origin-no-cookies-when-private-browsing-toggled.py
 REQUEST_METHOD: POST
-REQUEST_URI: /security/contentSecurityPolicy/resources/save-report.php
+REQUEST_URI: /security/contentSecurityPolicy/resources/save-report.py
 === POST DATA ===
-{"csp-report":{"document-uri":"http://127.0.0.1:8000/security/contentSecurityPolicy/report-cross-origin-no-cookies-when-private-browsing-toggled.php","referrer":"","violated-directive":"img-src 'none'","effective-directive":"img-src","original-policy":"img-src 'none'; report-uri http://localhost:8080/security/contentSecurityPolicy/resources/save-report.php","blocked-uri":"http://127.0.0.1:8000/security/resources/abe.png","status-code":200}}
+{"csp-report":{"document-uri":"http://127.0.0.1:8000/security/contentSecurityPolicy/report-cross-origin-no-cookies-when-private-browsing-toggled.py","referrer":"","violated-directive":"img-src 'none'","effective-directive":"img-src","original-policy":"img-src 'none'; report-uri http://localhost:8080/security/contentSecurityPolicy/resources/save-report.py","blocked-uri":"http://127.0.0.1:8000/security/resources/abe.png","status-code":200}}
@@ -1,7 +1,13 @@
-<?php
-    header("Content-Security-Policy: img-src 'none'; report-uri http://localhost:8080/security/contentSecurityPolicy/resources/save-report.php");
-?>
-<!DOCTYPE html>
+#!/usr/bin/env python3
+
+import sys
+
+sys.stdout.write(
+    'Content-Security-Policy: img-src \'none\'; report-uri http://localhost:8080/security/contentSecurityPolicy/resources/save-report.py\r\n'
+    'Content-Type: text/html\r\n\r\n'
+)
+
+print('''<!DOCTYPE html>
 <html>
 <body>
 <script>
@@ -20,4 +26,4 @@
 
 <script src="resources/go-to-echo-report.js"></script>
 </body>
-</html>
+</html>''')
index 8fb55b6c39b9644938d64b412bad2a79cde93f95..618b88cb3478eb8a96435295a04c09950f1a148a 100755 (executable)
@@ -3,7 +3,7 @@
 import sys
 
 sys.stdout.write(
-    'Content-Security-Policy: img-src \'none\'; report-uri http://localhost:8080/security/contentSecurityPolicy/resources/save-report.php\r\n'
+    'Content-Security-Policy: img-src \'none\'; report-uri http://localhost:8080/security/contentSecurityPolicy/resources/save-report.py\r\n'
     'Content-Type: text/html\r\n\r\n'
     '<!DOCTYPE html>\n'
     '<html>\n'
@@ -22,7 +22,7 @@ sys.stdout.write(
     '        // This image will generate a CSP violation report.\n'
     '        let imgElement = document.createElement("img");\n'
     '        imgElement.onload = imgElement.onerror = function () {\n'
-    '            window.location = "/security/contentSecurityPolicy/resources/echo-report.php";\n'
+    '            window.location = "/security/contentSecurityPolicy/resources/echo-report.py";\n'
     '        };\n'
     '        imgElement.src = "/security/resources/abe.png";\n'
     '        document.body.appendChild(imgElement);\n'
index 0657ed9c62648a1a279947756bb90a06b1ad03b9..e22d6422985f64f23cde49fd5fc1dcaa9172b7cb 100644 (file)
@@ -1,7 +1,7 @@
 <!DOCTYPE html>
 <html>
 <head>
-    <meta http-equiv="Content-Security-Policy" content="connect-src http://127.0.0.1:8000/security/contentSecurityPolicy/resources/redir.php">
+    <meta http-equiv="Content-Security-Policy" content="connect-src http://127.0.0.1:8000/security/contentSecurityPolicy/resources/redir.py">
     <script src="/js-test-resources/js-test-pre.js"></script>
 </head>
 <body>
@@ -26,7 +26,7 @@
         try {
             // Redirect to a different host, because as of CSP2 paths
             // are ignored when matching after a redirect.
-            xhr.open("GET", "resources/redir.php?url=http://localhost:8000/security/contentSecurityPolicy/resources/xhr-redirect-not-allowed.py", true);
+            xhr.open("GET", "resources/redir.py?url=http://localhost:8000/security/contentSecurityPolicy/resources/xhr-redirect-not-allowed.py", true);
         } catch(e) {
             testFailed("XMLHttpRequest.open() should not throw an exception.");
         }
@@ -1,7 +1,13 @@
-<?php
-header("Content-Security-Policy-Report-Only: img-src 'none'; report-uri resources/does-not-exist");
-?>
-<!DOCTYPE html>
+#!/usr/bin/env python3
+
+import sys
+
+sys.stdout.write(
+    'Content-Security-Policy-Report-Only: img-src \'none\'; report-uri resources/does-not-exist\r\n'
+    'Content-Type: text/html\r\n\r\n'
+)
+
+print('''<!DOCTYPE html>
 <html>
 <body>
 <p>This tests that multiple violations on a page trigger multiple reports.
@@ -9,4 +15,4 @@ The test passes if two PingLoader callbacks are visible in the output.</p>
 <img src="../resources/abe.png">
 <img src="../resources/eba.png">
 </body>
-</html>
+</html>''')
@@ -1,7 +1,13 @@
-<?php
-header("Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'self'; report-uri resources/does-not-exist");
-?>
-<!DOCTYPE html>
+#!/usr/bin/env python3
+
+import sys
+
+sys.stdout.write(
+    'Content-Security-Policy-Report-Only: script-src \'unsafe-inline\' \'self\'; report-uri resources/does-not-exist\r\n'
+    'Content-Type: text/html\r\n\r\n'
+)
+
+print('''<!DOCTYPE html>
 <html>
 <body>
 <p>This tests that multiple violations on a page trigger multiple reports
@@ -12,4 +18,4 @@ for (var i = 0; i< 5; i++)
     setTimeout("alert('PASS: setTimeout #" + i + " executed.');", 0);
 </script>
 </body>
-</html>
+</html>''')
index 2eec6fc5e03037117105a57b707c0d6a2dd395bc..b78177a90117a35424a8d6c3cac588bb45585a11 100644 (file)
@@ -1,3 +1,3 @@
-CONSOLE MESSAGE: The Content Security Policy 'connect-src http://127.0.0.1:8000/security/contentSecurityPolicy/resources/redir.php' was delivered in report-only mode, but does not specify a 'report-uri'; the policy will have no effect. Please either add a 'report-uri' directive, or deliver the policy via the 'Content-Security-Policy' header.
+CONSOLE MESSAGE: The Content Security Policy 'connect-src http://127.0.0.1:8000/security/contentSecurityPolicy/resources/redir.py' was delivered in report-only mode, but does not specify a 'report-uri'; the policy will have no effect. Please either add a 'report-uri' directive, or deliver the policy via the 'Content-Security-Policy' header.
 Pass
 
diff --git a/LayoutTests/http/tests/security/contentSecurityPolicy/report-only-connect-src-beacon-redirect-blocked.php b/LayoutTests/http/tests/security/contentSecurityPolicy/report-only-connect-src-beacon-redirect-blocked.php
deleted file mode 100644 (file)
index b43bcc8..0000000
+++ /dev/null
@@ -1,28 +0,0 @@
-<?php
-    header("Content-Security-Policy-Report-Only: connect-src http://127.0.0.1:8000/security/contentSecurityPolicy/resources/redir.php");
-?>
-<!DOCTYPE html>
-<html>
-<head>
-<script>
-if (window.testRunner)
-    testRunner.dumpAsText();
-</script>
-</head>
-<body>
-<pre id="console"></pre>
-<script>
-function log(msg)
-{
-    document.getElementById("console").appendChild(document.createTextNode(msg + "\n"));
-}
-
-try {
-    navigator.sendBeacon("http://127.0.0.1:8000/security/contentSecurityPolicy/resources/redir.php?url=http://localhost:8000/security/contentSecurityPolicy/resources/echo-report.php");
-    log("Pass");
-} catch(e) {
-    log("Fail");
-}
-</script>
-</body>
-</html>
diff --git a/LayoutTests/http/tests/security/contentSecurityPolicy/report-only-connect-src-beacon-redirect-blocked.py b/LayoutTests/http/tests/security/contentSecurityPolicy/report-only-connect-src-beacon-redirect-blocked.py
new file mode 100755 (executable)
index 0000000..63249f1
--- /dev/null
@@ -0,0 +1,34 @@
+#!/usr/bin/env python3
+
+import sys
+
+sys.stdout.write(
+    'Content-Security-Policy-Report-Only: connect-src http://127.0.0.1:8000/security/contentSecurityPolicy/resources/redir.py\r\n'
+    'Content-Type: text/html\r\n\r\n'
+)
+
+print('''<!DOCTYPE html>
+<html>
+<head>
+<script>
+if (window.testRunner)
+    testRunner.dumpAsText();
+</script>
+</head>
+<body>
+<pre id="console"></pre>
+<script>
+function log(msg)
+{
+    document.getElementById("console").appendChild(document.createTextNode(msg + "\\n"));
+}
+
+try {
+    navigator.sendBeacon("http://127.0.0.1:8000/security/contentSecurityPolicy/resources/redir.py?url=http://localhost:8000/security/contentSecurityPolicy/resources/echo-report.py");
+    log("Pass");
+} catch(e) {
+    log("Fail");
+}
+</script>
+</body>
+</html>''')
@@ -1,7 +1,13 @@
-<?php
-    header("Content-Security-Policy-Report-Only: connect-src http://127.0.0.1:8000/security/contentSecurityPolicy/resources/redir.py");
-?>
-<!DOCTYPE html>
+#!/usr/bin/env python3
+
+import sys
+
+sys.stdout.write(
+    'Content-Security-Policy-Report-Only: connect-src http://127.0.0.1:8000/security/contentSecurityPolicy/resources/redir.py\r\n'
+    'Content-Type: text/html\r\n\r\n'
+)
+
+print('''<!DOCTYPE html>
 <html>
 <head>
     <script src="/js-test-resources/js-test-pre.js"></script>
@@ -10,7 +16,7 @@
     <script>
         window.jsTestIsAsync = true;
         function log(msg) {
-            document.getElementById("console").appendChild(document.createTextNode(msg + "\n"));
+            document.getElementById("console").appendChild(document.createTextNode(msg + "\\n"));
         }
 
         var xhr = new XMLHttpRequest;
@@ -36,4 +42,4 @@
 </script>
 <script src="/js-test-resources/js-test-post.js"></script>
 </body>
-</html>
+</html>''')
index 5d2fbff0efdb2985bc5d587b3c23a5f2eb927372..ef26dc7606ccdfb79f78f5a313ee34f5b89a0c00 100644 (file)
@@ -5,6 +5,6 @@ CONTENT_TYPE: application/csp-report
 HTTP_HOST: 127.0.0.1:8000
 HTTP_REFERER: http://127.0.0.1:8000/security/contentSecurityPolicy/report-only.py
 REQUEST_METHOD: POST
-REQUEST_URI: /security/contentSecurityPolicy/resources/save-report.php
+REQUEST_URI: /security/contentSecurityPolicy/resources/save-report.py
 === POST DATA ===
-{"csp-report":{"document-uri":"http://127.0.0.1:8000/security/contentSecurityPolicy/report-only.py","referrer":"","violated-directive":"script-src 'self'","effective-directive":"script-src","original-policy":"script-src 'self'; report-uri resources/save-report.php","blocked-uri":"","status-code":200}}
+{"csp-report":{"document-uri":"http://127.0.0.1:8000/security/contentSecurityPolicy/report-only.py","referrer":"","violated-directive":"script-src 'self'","effective-directive":"script-src","original-policy":"script-src 'self'; report-uri resources/save-report.py","blocked-uri":"","status-code":200}}
index 4d13cf6c642c08881e35463c60a0e7371e26ea8b..2444c49994966df2aa1889ae6a3aa1242e638d15 100644 (file)
@@ -5,6 +5,6 @@ CONTENT_TYPE: application/csp-report
 HTTP_HOST: 127.0.0.1:8000
 HTTP_REFERER: http://127.0.0.1:8000/security/contentSecurityPolicy/report-only-from-header.py
 REQUEST_METHOD: POST
-REQUEST_URI: /security/contentSecurityPolicy/resources/save-report.php
+REQUEST_URI: /security/contentSecurityPolicy/resources/save-report.py
 === POST DATA ===
-{"csp-report":{"document-uri":"http://127.0.0.1:8000/security/contentSecurityPolicy/report-only-from-header.py","referrer":"","violated-directive":"script-src 'self'","effective-directive":"script-src","original-policy":"script-src 'self'; report-uri resources/save-report.php","blocked-uri":"","status-code":200}}
+{"csp-report":{"document-uri":"http://127.0.0.1:8000/security/contentSecurityPolicy/report-only-from-header.py","referrer":"","violated-directive":"script-src 'self'","effective-directive":"script-src","original-policy":"script-src 'self'; report-uri resources/save-report.py","blocked-uri":"","status-code":200}}
index 597ab605d13ab0e946ad61e616c4a2deff343519..fbfd3dd643439026a45251a2f0915d2b0fabc54a 100755 (executable)
@@ -3,7 +3,7 @@
 import sys
 
 sys.stdout.write(
-    'Content-Security-Policy-Report-Only: script-src \'self\'; report-uri resources/save-report.php\r\n'
+    'Content-Security-Policy-Report-Only: script-src \'self\'; report-uri resources/save-report.py\r\n'
     'Content-Type: text/html\r\n\r\n'
     '<script>\n'
     '// This script block will trigger a violation report but shouldn\'t be blocked.\n'
index 9ae2fc548e712552f0343f7693f04695a1d39e01..97488e2d4fa1fc9e880396c9c5c4d5c5cfb6f3a8 100644 (file)
@@ -6,6 +6,6 @@ CONTENT_TYPE: application/csp-report
 HTTP_HOST: 127.0.0.1:8000
 HTTP_REFERER: http://127.0.0.1:8000/security/contentSecurityPolicy/report-only-upgrade-insecure.py
 REQUEST_METHOD: POST
-REQUEST_URI: /security/contentSecurityPolicy/resources/save-report.php
+REQUEST_URI: /security/contentSecurityPolicy/resources/save-report.py
 === POST DATA ===
-{"csp-report":{"document-uri":"http://127.0.0.1:8000/security/contentSecurityPolicy/report-only-upgrade-insecure.py","referrer":"","violated-directive":"script-src 'self'","effective-directive":"script-src","original-policy":"script-src 'self'; upgrade-insecure-requests; report-uri resources/save-report.php","blocked-uri":"","status-code":200}}
+{"csp-report":{"document-uri":"http://127.0.0.1:8000/security/contentSecurityPolicy/report-only-upgrade-insecure.py","referrer":"","violated-directive":"script-src 'self'","effective-directive":"script-src","original-policy":"script-src 'self'; upgrade-insecure-requests; report-uri resources/save-report.py","blocked-uri":"","status-code":200}}
index 0927cfa3d1c42729c7c7005fc68bff2a02410f65..a3c5b649a708ba18eb9cf0552c2c0fff6d051ae6 100755 (executable)
@@ -3,7 +3,7 @@
 import sys
 
 sys.stdout.write(
-    'Content-Security-Policy-Report-Only: script-src \'self\'; upgrade-insecure-requests; report-uri resources/save-report.php\r\n'
+    'Content-Security-Policy-Report-Only: script-src \'self\'; upgrade-insecure-requests; report-uri resources/save-report.py\r\n'
     'Content-Type: text/html\r\n\r\n'
     '<script>\n'
     '// This script block will trigger a violation report but shouldn\'t be blocked.\n'
index 597ab605d13ab0e946ad61e616c4a2deff343519..fbfd3dd643439026a45251a2f0915d2b0fabc54a 100755 (executable)
@@ -3,7 +3,7 @@
 import sys
 
 sys.stdout.write(
-    'Content-Security-Policy-Report-Only: script-src \'self\'; report-uri resources/save-report.php\r\n'
+    'Content-Security-Policy-Report-Only: script-src \'self\'; report-uri resources/save-report.py\r\n'
     'Content-Type: text/html\r\n\r\n'
     '<script>\n'
     '// This script block will trigger a violation report but shouldn\'t be blocked.\n'
index 36c4476822b4febf34c18d907d0b0f6f4ba91a39..b96d8990d93d2e7a9922b0bb3c17210b2cd603b4 100644 (file)
@@ -3,6 +3,6 @@ CONTENT_TYPE: application/csp-report
 HTTP_HOST: 127.0.0.1:8000
 HTTP_REFERER: http://127.0.0.1:8000/security/contentSecurityPolicy/report-same-origin-no-cookies-when-private-browsing-toggled.py
 REQUEST_METHOD: POST
-REQUEST_URI: /security/contentSecurityPolicy/resources/save-report.php
+REQUEST_URI: /security/contentSecurityPolicy/resources/save-report.py
 === POST DATA ===
-{"csp-report":{"document-uri":"http://127.0.0.1:8000/security/contentSecurityPolicy/report-same-origin-no-cookies-when-private-browsing-toggled.py","referrer":"","violated-directive":"img-src 'none'","effective-directive":"img-src","original-policy":"img-src 'none'; report-uri /security/contentSecurityPolicy/resources/save-report.php","blocked-uri":"http://127.0.0.1:8000/security/resources/abe.png","status-code":200}}
+{"csp-report":{"document-uri":"http://127.0.0.1:8000/security/contentSecurityPolicy/report-same-origin-no-cookies-when-private-browsing-toggled.py","referrer":"","violated-directive":"img-src 'none'","effective-directive":"img-src","original-policy":"img-src 'none'; report-uri /security/contentSecurityPolicy/resources/save-report.py","blocked-uri":"http://127.0.0.1:8000/security/resources/abe.png","status-code":200}}
index 310e19e3a17f8ddb636ed57d678e86001725741c..407457631341dd502016f495a44e675bfae29378 100755 (executable)
@@ -3,7 +3,7 @@
 import sys
 
 sys.stdout.write(
-    'Content-Security-Policy: img-src \'none\'; report-uri /security/contentSecurityPolicy/resources/save-report.php\r\n'
+    'Content-Security-Policy: img-src \'none\'; report-uri /security/contentSecurityPolicy/resources/save-report.py\r\n'
     'Content-Type: text/html\r\n\r\n'
     '<!DOCTYPE html>\n'
     '<html>\n'
index 4966e241f484d08a6389c2371075687a74a770db..049ba14997a56c4482c3a6869e18f2d4e63892e7 100644 (file)
@@ -5,6 +5,6 @@ HTTP_COOKIE: hello=world
 HTTP_HOST: 127.0.0.1:8000
 HTTP_REFERER: http://127.0.0.1:8000/security/contentSecurityPolicy/report-same-origin-with-cookies.py
 REQUEST_METHOD: POST
-REQUEST_URI: /security/contentSecurityPolicy/resources/save-report.php
+REQUEST_URI: /security/contentSecurityPolicy/resources/save-report.py
 === POST DATA ===
-{"csp-report":{"document-uri":"http://127.0.0.1:8000/security/contentSecurityPolicy/report-same-origin-with-cookies.py","referrer":"","violated-directive":"img-src 'none'","effective-directive":"img-src","original-policy":"img-src 'none'; report-uri /security/contentSecurityPolicy/resources/save-report.php","blocked-uri":"http://127.0.0.1:8000/security/resources/abe.png","status-code":200}}
+{"csp-report":{"document-uri":"http://127.0.0.1:8000/security/contentSecurityPolicy/report-same-origin-with-cookies.py","referrer":"","violated-directive":"img-src 'none'","effective-directive":"img-src","original-policy":"img-src 'none'; report-uri /security/contentSecurityPolicy/resources/save-report.py","blocked-uri":"http://127.0.0.1:8000/security/resources/abe.png","status-code":200}}
index 0cb4a393e08219b75b10327571597b67ca746b49..7b0cc5f5dd3abea5c4131ed2e4a5351e08ed3347 100644 (file)
@@ -5,6 +5,6 @@ HTTP_COOKIE: hello=world
 HTTP_HOST: 127.0.0.1:8000
 HTTP_REFERER: http://127.0.0.1:8000/security/contentSecurityPolicy/report-same-origin-with-cookies-when-private-browsing-enabled.py
 REQUEST_METHOD: POST
-REQUEST_URI: /security/contentSecurityPolicy/resources/save-report.php
+REQUEST_URI: /security/contentSecurityPolicy/resources/save-report.py
 === POST DATA ===
-{"csp-report":{"document-uri":"http://127.0.0.1:8000/security/contentSecurityPolicy/report-same-origin-with-cookies-when-private-browsing-enabled.py","referrer":"","violated-directive":"img-src 'none'","effective-directive":"img-src","original-policy":"img-src 'none'; report-uri /security/contentSecurityPolicy/resources/save-report.php","blocked-uri":"http://127.0.0.1:8000/security/resources/abe.png","status-code":200}}
+{"csp-report":{"document-uri":"http://127.0.0.1:8000/security/contentSecurityPolicy/report-same-origin-with-cookies-when-private-browsing-enabled.py","referrer":"","violated-directive":"img-src 'none'","effective-directive":"img-src","original-policy":"img-src 'none'; report-uri /security/contentSecurityPolicy/resources/save-report.py","blocked-uri":"http://127.0.0.1:8000/security/resources/abe.png","status-code":200}}
index dd9f6b4e9360743e9af13479f54dcf0313ffdeab..e9253101609c5f71a321601224c851de9d726643 100755 (executable)
@@ -3,7 +3,7 @@
 import sys
 
 sys.stdout.write(
-    'Content-Security-Policy: img-src \'none\'; report-uri /security/contentSecurityPolicy/resources/save-report.php\r\n'
+    'Content-Security-Policy: img-src \'none\'; report-uri /security/contentSecurityPolicy/resources/save-report.py\r\n'
     'Content-Type: text/html\r\n\r\n'
     '<!-- webkit-test-runner [ useEphemeralSession=true ] -->\n'
     '<!DOCTYPE html>\n'
index 8dc16836a2bd138efe1248058620dda9fd93deee..70097896965c5b6f3a021b8a477dae9c782e5f1c 100755 (executable)
@@ -3,7 +3,7 @@
 import sys
 
 sys.stdout.write(
-    'Content-Security-Policy: img-src \'none\'; report-uri /security/contentSecurityPolicy/resources/save-report.php\r\n'
+    'Content-Security-Policy: img-src \'none\'; report-uri /security/contentSecurityPolicy/resources/save-report.py\r\n'
     'Content-Type: text/html\r\n\r\n'
     '<!DOCTYPE html>\n'
     '<html>\n'
index c95e0b50778f74895eaf928824a38b1fa9692735..d16f73d61b3e838178803f5803fdccf44cba40fa 100644 (file)
@@ -9,8 +9,8 @@ Frame: '<!--frame1-->'
 CSP report received:
 CONTENT_TYPE: application/csp-report
 HTTP_HOST: 127.0.0.1:8443
-HTTP_REFERER: https://127.0.0.1:8443/security/contentSecurityPolicy/resources/generate-csp-report.php?test=/security/contentSecurityPolicy/report-status-code-zero-when-using-https.html
+HTTP_REFERER: https://127.0.0.1:8443/security/contentSecurityPolicy/resources/generate-csp-report.py?test=/security/contentSecurityPolicy/report-status-code-zero-when-using-https.html
 REQUEST_METHOD: POST
-REQUEST_URI: /security/contentSecurityPolicy/resources/save-report.php?test=/security/contentSecurityPolicy/report-status-code-zero-when-using-https.html
+REQUEST_URI: /security/contentSecurityPolicy/resources/save-report.py?test=/security/contentSecurityPolicy/report-status-code-zero-when-using-https.html
 === POST DATA ===
-{"csp-report":{"document-uri":"https://127.0.0.1:8443/security/contentSecurityPolicy/resources/generate-csp-report.php?test=/security/contentSecurityPolicy/report-status-code-zero-when-using-https.html","referrer":"http://127.0.0.1:8000/security/contentSecurityPolicy/report-status-code-zero-when-using-https.html","violated-directive":"script-src 'self'","effective-directive":"script-src","original-policy":"script-src 'self'; report-uri save-report.php?test=/security/contentSecurityPolicy/report-status-code-zero-when-using-https.html","blocked-uri":"","status-code":0}}
+{"csp-report":{"document-uri":"https://127.0.0.1:8443/security/contentSecurityPolicy/resources/generate-csp-report.py?test=/security/contentSecurityPolicy/report-status-code-zero-when-using-https.html","referrer":"http://127.0.0.1:8000/security/contentSecurityPolicy/report-status-code-zero-when-using-https.html","violated-directive":"script-src 'self'","effective-directive":"script-src","original-policy":"script-src 'self'; report-uri save-report.py?test=/security/contentSecurityPolicy/report-status-code-zero-when-using-https.html","blocked-uri":"","status-code":0}}
index 73bd4c8390eb6e5664319a62875fcee984afe3a2..53dca36a633012ae84a578242fd58136ef723ff6 100644 (file)
@@ -11,7 +11,7 @@ if (window.testRunner) {
 </head>
 <body>
 <p>This tests that the status-code is 0 in the Content Security Policy violation report for a protected resource delivered over HTTPS.</p>
-<!-- window.testRunner.notifyDone() will be ultimately called by generate-csp-report.php. -->
-<iframe src="https://127.0.0.1:8443/security/contentSecurityPolicy/resources/generate-csp-report.php?test=/security/contentSecurityPolicy/report-status-code-zero-when-using-https.html"></iframe>
+<!-- window.testRunner.notifyDone() will be ultimately called by generate-csp-report.py. -->
+<iframe src="https://127.0.0.1:8443/security/contentSecurityPolicy/resources/generate-csp-report.py?test=/security/contentSecurityPolicy/report-status-code-zero-when-using-https.html"></iframe>
 </body>
 </html>
index eb3754a0be0dbed4a0b5137499e9b1677c0a7a57..513d0b91f7b3286545e1bbafd10b2c790ecc4941 100644 (file)
@@ -4,6 +4,6 @@ CONTENT_TYPE: application/csp-report
 HTTP_HOST: 127.0.0.1:8000
 HTTP_REFERER: http://127.0.0.1:8000/security/contentSecurityPolicy/report-uri.py
 REQUEST_METHOD: POST
-REQUEST_URI: /security/contentSecurityPolicy/resources/save-report.php
+REQUEST_URI: /security/contentSecurityPolicy/resources/save-report.py
 === POST DATA ===
-{"csp-report":{"document-uri":"http://127.0.0.1:8000/security/contentSecurityPolicy/report-uri.py","referrer":"","violated-directive":"script-src 'self'","effective-directive":"script-src","original-policy":"script-src 'self'; report-uri resources/save-report.php","blocked-uri":"","status-code":200}}
+{"csp-report":{"document-uri":"http://127.0.0.1:8000/security/contentSecurityPolicy/report-uri.py","referrer":"","violated-directive":"script-src 'self'","effective-directive":"script-src","original-policy":"script-src 'self'; report-uri resources/save-report.py","blocked-uri":"","status-code":200}}
index 87719a74e6fe7394c62d0057748adcda4214fa2b..907b594c08c6d4c486e293d87f04ed835201d8f9 100644 (file)
@@ -7,8 +7,8 @@ Frame: '<!--frame1-->'
 CSP report received:
 CONTENT_TYPE: application/csp-report
 HTTP_HOST: 127.0.0.1:8000
-HTTP_REFERER: http://127.0.0.1:8000/security/contentSecurityPolicy/resources/generate-csp-report.php?test=/security/contentSecurityPolicy/report-uri-from-child-frame.html
+HTTP_REFERER: http://127.0.0.1:8000/security/contentSecurityPolicy/resources/generate-csp-report.py?test=/security/contentSecurityPolicy/report-uri-from-child-frame.html
 REQUEST_METHOD: POST
-REQUEST_URI: /security/contentSecurityPolicy/resources/save-report.php?test=/security/contentSecurityPolicy/report-uri-from-child-frame.html
+REQUEST_URI: /security/contentSecurityPolicy/resources/save-report.py?test=/security/contentSecurityPolicy/report-uri-from-child-frame.html
 === POST DATA ===
-{"csp-report":{"document-uri":"http://127.0.0.1:8000/security/contentSecurityPolicy/resources/generate-csp-report.php?test=/security/contentSecurityPolicy/report-uri-from-child-frame.html","referrer":"http://127.0.0.1:8000/security/contentSecurityPolicy/report-uri-from-child-frame.html","violated-directive":"script-src 'self'","effective-directive":"script-src","original-policy":"script-src 'self'; report-uri save-report.php?test=/security/contentSecurityPolicy/report-uri-from-child-frame.html","blocked-uri":"","status-code":200}}
+{"csp-report":{"document-uri":"http://127.0.0.1:8000/security/contentSecurityPolicy/resources/generate-csp-report.py?test=/security/contentSecurityPolicy/report-uri-from-child-frame.html","referrer":"http://127.0.0.1:8000/security/contentSecurityPolicy/report-uri-from-child-frame.html","violated-directive":"script-src 'self'","effective-directive":"script-src","original-policy":"script-src 'self'; report-uri save-report.py?test=/security/contentSecurityPolicy/report-uri-from-child-frame.html","blocked-uri":"","status-code":200}}
index a56d1fe1aef5d494e019d7fb171b9ae2c9054f30..4a745d730bc1a2e9e45b5d1be9b77c8f77f7d31e 100644 (file)
@@ -2,4 +2,4 @@
 if (window.testRunner)
     testRunner.dumpChildFramesAsText();
 </script>
-<iframe src="resources/generate-csp-report.php?test=/security/contentSecurityPolicy/report-uri-from-child-frame.html"></iframe>
+<iframe src="resources/generate-csp-report.py?test=/security/contentSecurityPolicy/report-uri-from-child-frame.html"></iframe>
index 5f462df68bb91c3d78cc2d4978dfcd520524316a..4aa3bec509ada8b4ed3f20032de8da009a08d6d9 100644 (file)
@@ -4,6 +4,6 @@ CONTENT_TYPE: application/csp-report
 HTTP_HOST: 127.0.0.1:8000
 HTTP_REFERER: http://127.0.0.1:8000/security/contentSecurityPolicy/report-uri-from-inline-javascript.py
 REQUEST_METHOD: POST
-REQUEST_URI: /security/contentSecurityPolicy/resources/save-report.php
+REQUEST_URI: /security/contentSecurityPolicy/resources/save-report.py
 === POST DATA ===
-{"csp-report":{"document-uri":"http://127.0.0.1:8000/security/contentSecurityPolicy/report-uri-from-inline-javascript.py","referrer":"","violated-directive":"img-src 'none'","effective-directive":"img-src","original-policy":"img-src 'none'; report-uri resources/save-report.php","blocked-uri":"http://127.0.0.1:8000/security/resources/abe.png","status-code":200,"source-file":"http://127.0.0.1:8000/security/contentSecurityPolicy/report-uri-from-inline-javascript.py","line-number":7,"column-number":10}}
+{"csp-report":{"document-uri":"http://127.0.0.1:8000/security/contentSecurityPolicy/report-uri-from-inline-javascript.py","referrer":"","violated-directive":"img-src 'none'","effective-directive":"img-src","original-policy":"img-src 'none'; report-uri resources/save-report.py","blocked-uri":"http://127.0.0.1:8000/security/resources/abe.png","status-code":200,"source-file":"http://127.0.0.1:8000/security/contentSecurityPolicy/report-uri-from-inline-javascript.py","line-number":7,"column-number":10}}
index 52f3f1824cce05c4099556ff25c6e0a5ff0b0d30..75b72171563dd0534a08d72893c619e23c592a5f 100755 (executable)
@@ -3,7 +3,7 @@
 import sys
 
 sys.stdout.write(
-    'Content-Security-Policy: img-src \'none\'; report-uri resources/save-report.php\r\n'
+    'Content-Security-Policy: img-src \'none\'; report-uri resources/save-report.py\r\n'
     'Content-Type: text/html\r\n\r\n'
     '<!DOCTYPE html>\n'
     '<html>\n'
index ef7c63a95b5570fdbe9b32a95cf734ef1e8197b6..2119e8c767e38c5e5befb59a18d3b05fce1d0713 100644 (file)
@@ -4,6 +4,6 @@ CONTENT_TYPE: application/csp-report
 HTTP_HOST: 127.0.0.1:8000
 HTTP_REFERER: http://127.0.0.1:8000/security/contentSecurityPolicy/report-uri-from-javascript.py
 REQUEST_METHOD: POST
-REQUEST_URI: /security/contentSecurityPolicy/resources/save-report.php
+REQUEST_URI: /security/contentSecurityPolicy/resources/save-report.py
 === POST DATA ===
-{"csp-report":{"document-uri":"http://127.0.0.1:8000/security/contentSecurityPolicy/report-uri-from-javascript.py","referrer":"","violated-directive":"img-src 'none'","effective-directive":"img-src","original-policy":"img-src 'none'; report-uri resources/save-report.php","blocked-uri":"http://127.0.0.1:8000/security/resources/abe.png","status-code":200,"source-file":"http://127.0.0.1:8000/security/contentSecurityPolicy/resources/inject-image.js","line-number":3,"column-number":2}}
+{"csp-report":{"document-uri":"http://127.0.0.1:8000/security/contentSecurityPolicy/report-uri-from-javascript.py","referrer":"","violated-directive":"img-src 'none'","effective-directive":"img-src","original-policy":"img-src 'none'; report-uri resources/save-report.py","blocked-uri":"http://127.0.0.1:8000/security/resources/abe.png","status-code":200,"source-file":"http://127.0.0.1:8000/security/contentSecurityPolicy/resources/inject-image.js","line-number":3,"column-number":2}}
index e30865953ddad6d737c23b4f86ed343c7d55ad33..98850dfed2a635e7492f0362dad496e4841d29cd 100755 (executable)
@@ -3,7 +3,7 @@
 import sys
 
 sys.stdout.write(
-    'Content-Security-Policy: img-src \'none\'; report-uri resources/save-report.php\r\n'
+    'Content-Security-Policy: img-src \'none\'; report-uri resources/save-report.py\r\n'
     'Content-Type: text/html\r\n\r\n'
     '<!DOCTYPE html>\n'
     '<html>\n'
index fb76a077ee5b4f3b8a2bad26d641c5132e371937..433f4f131d7b5aea91c781b8eabdd2bbf2792aaf 100644 (file)
@@ -1,7 +1,7 @@
 <!DOCTYPE html>
 <html>
 <head>
-<meta http-equiv="Content-Security-Policy" content="report-uri /security/contentSecurityPolicy/resources/save-report.php">
+<meta http-equiv="Content-Security-Policy" content="report-uri /security/contentSecurityPolicy/resources/save-report.py">
 <script>
 if (window.testRunner)
     testRunner.dumpAsText();
index bcef83bb23327845822df679c2087c18e6576702..b86dc1f350a15d7ae4ca9b70f30f3d4a5868d3be 100644 (file)
@@ -4,6 +4,6 @@ CONTENT_TYPE: application/csp-report
 HTTP_HOST: 127.0.0.1:8080
 HTTP_REFERER: http://127.0.0.1:8000/security/contentSecurityPolicy/report-uri-scheme-relative.py
 REQUEST_METHOD: POST
-REQUEST_URI: /security/contentSecurityPolicy/resources/save-report.php
+REQUEST_URI: /security/contentSecurityPolicy/resources/save-report.py
 === POST DATA ===
-{"csp-report":{"document-uri":"http://127.0.0.1:8000/security/contentSecurityPolicy/report-uri-scheme-relative.py","referrer":"","violated-directive":"script-src 'self'","effective-directive":"script-src","original-policy":"script-src 'self'; report-uri //127.0.0.1:8080/security/contentSecurityPolicy/resources/save-report.php","blocked-uri":"","status-code":200}}
+{"csp-report":{"document-uri":"http://127.0.0.1:8000/security/contentSecurityPolicy/report-uri-scheme-relative.py","referrer":"","violated-directive":"script-src 'self'","effective-directive":"script-src","original-policy":"script-src 'self'; report-uri //127.0.0.1:8080/security/contentSecurityPolicy/resources/save-report.py","blocked-uri":"","status-code":200}}
index 0447107a4848849cf543bd967e823eb9f754f323..70730b7e90454a9b26d00f009337c877e604e084 100755 (executable)
@@ -3,7 +3,7 @@
 import sys
 
 sys.stdout.write(
-    'Content-Security-Policy: script-src \'self\'; report-uri //127.0.0.1:8080/security/contentSecurityPolicy/resources/save-report.php\r\n'
+    'Content-Security-Policy: script-src \'self\'; report-uri //127.0.0.1:8080/security/contentSecurityPolicy/resources/save-report.py\r\n'
     'Content-Type: text/html\r\n\r\n'
     '<script>\n'
     '// This script block will trigger a violation report.\n'
index 9d8975e9a6a98c9a2e12fde81efa17f2b3025f3a..fb844564cef15a6613f84a454c8d651aa83b6291 100755 (executable)
@@ -3,7 +3,7 @@
 import sys
 
 sys.stdout.write(
-    'Content-Security-Policy: script-src \'self\'; report-uri resources/save-report.php\r\n'
+    'Content-Security-Policy: script-src \'self\'; report-uri resources/save-report.py\r\n'
     'Content-Type: text/html\r\n\r\n'
     '<script>\n'
     '// This script block will trigger a violation report.\n'
diff --git a/LayoutTests/http/tests/security/contentSecurityPolicy/resources/echo-report.php b/LayoutTests/http/tests/security/contentSecurityPolicy/resources/echo-report.php
deleted file mode 100644 (file)
index 4aa4499..0000000
+++ /dev/null
@@ -1,24 +0,0 @@
-<?php
-require_once "report-file-path.php";
-
-while (!file_exists($reportFilePath)) {
-    usleep(10000);
-    // file_exists() caches results, we want to invalidate the cache.
-    clearstatcache();
-}
-
-echo "<html><body>\n";
-echo "CSP report received:";
-$reportFile = fopen($reportFilePath, 'r');
-while ($line = fgets($reportFile)) {
-    echo "<br>";
-    echo trim($line);
-}
-fclose($reportFile);
-unlink($reportFilePath);
-echo "<script>";
-echo "if (window.testRunner)";
-echo "    testRunner.notifyDone();";
-echo "</script>";
-echo "</body></html>";
-?>
diff --git a/LayoutTests/http/tests/security/contentSecurityPolicy/resources/echo-report.py b/LayoutTests/http/tests/security/contentSecurityPolicy/resources/echo-report.py
new file mode 100755 (executable)
index 0000000..5c9cc41
--- /dev/null
@@ -0,0 +1,31 @@
+#!/usr/bin/env python3
+
+import os
+import sys
+import time
+from report_file_path import report_filepath
+
+while not os.path.isfile(report_filepath):
+    time.sleep(0.01)
+
+sys.stdout.write(
+    'Content-Type: text/html\r\n\r\n'
+    '<html><body>\n'
+    'CSP report received:'
+)
+
+report_file = open(report_filepath, 'r')
+for line in report_file.readlines():
+    sys.stdout.write('<br>{}'.format(line.strip()))
+
+report_file.close()
+if os.path.isfile(report_filepath):
+    os.remove(report_filepath)
+
+sys.stdout.write(
+    '<script>'
+    'if (window.testRunner)'
+    '    testRunner.notifyDone();'
+    '</script>'
+    '</body></html>'
+)
diff --git a/LayoutTests/http/tests/security/contentSecurityPolicy/resources/generate-csp-report.php b/LayoutTests/http/tests/security/contentSecurityPolicy/resources/generate-csp-report.php
deleted file mode 100644 (file)
index 70110a2..0000000
+++ /dev/null
@@ -1,8 +0,0 @@
-<?php
-    header("Content-Security-Policy: script-src 'self'; report-uri save-report.php?test=" . $_GET['test']);
-?>
-<script>
-// This script block will trigger a violation report.
-alert('FAIL');
-</script>
-<script src="go-to-echo-report.py?test=<?php echo $_GET['test']; ?>"></script>
diff --git a/LayoutTests/http/tests/security/contentSecurityPolicy/resources/generate-csp-report.py b/LayoutTests/http/tests/security/contentSecurityPolicy/resources/generate-csp-report.py
new file mode 100755 (executable)
index 0000000..3570ebe
--- /dev/null
@@ -0,0 +1,18 @@
+#!/usr/bin/env python3
+
+import os
+import sys
+from urllib.parse import parse_qs
+
+test = parse_qs(os.environ.get('QUERY_STRING', ''), keep_blank_values=True).get('test', [''])[0]
+
+sys.stdout.write(
+    'Content-Security-Policy: script-src \'self\'; report-uri save-report.py?test={}\r\n'
+    'Content-Type: text/html\r\n\r\n'.format(test)
+)
+
+print('''<script>
+// This script block will trigger a violation report.
+alert('FAIL');
+</script>
+<script src="go-to-echo-report.py?test={}"></script>'''.format(test))
index 739411d2c5cd7036b41e6621483d6f029871ea7b..94c146fe9c31b3eca8e7b5d2b799bbc55c841af9 100644 (file)
@@ -4,5 +4,5 @@ if (window.testRunner) {
 }
 
 window.onload = function () {
-    window.location = "/security/contentSecurityPolicy/resources/echo-report.php";
+    window.location = "/security/contentSecurityPolicy/resources/echo-report.py";
 }
index 0386e1a637ae554e8afcb68676930a4b7d2b6115..439d8565b6030c960d6f3d22398d8698bffb5e9c 100755 (executable)
@@ -14,6 +14,6 @@ sys.stdout.write(
     '}}\n'
     '\n'
     'window.onload = function () {{\n'
-    '    window.location = "/security/contentSecurityPolicy/resources/echo-report.php?test={}";\n'
+    '    window.location = "/security/contentSecurityPolicy/resources/echo-report.py?test={}";\n'
     '}}\n'.format(test)
 )
\ No newline at end of file
index b20323e1c8ee54c4bbf0679846d3c1f904fba82a..37d7c790b52a974cc0c5d170ef787a2e9585b7ab 100755 (executable)
@@ -3,7 +3,13 @@
 import os
 import sys
 
-filename = '../../../resources/square.png'
+filename = os.path.join('/'.join(__file__.split('/')[0:-4]), 'resources', 'square.png')
+
+if not os.path.isfile(filename):
+    sys.stderr.write('File {} does not exist\n'.format(filename))
+    sys.stdout.write('Content-Type: text/html\r\n\r\n')
+    sys.exit(0)
+
 filesize = os.path.getsize(filename)
 handle = open(filename, 'rb')
 contents = handle.read()
diff --git a/LayoutTests/http/tests/security/contentSecurityPolicy/resources/redir.php b/LayoutTests/http/tests/security/contentSecurityPolicy/resources/redir.php
deleted file mode 100644 (file)
index 53fc006..0000000
+++ /dev/null
@@ -1,4 +0,0 @@
-<?php
-header("location: ".$_GET["url"]);
-header('HTTP/1.1 307 Temporary Redirect');
-?>
diff --git a/LayoutTests/http/tests/security/contentSecurityPolicy/resources/report-file-path.php b/LayoutTests/http/tests/security/contentSecurityPolicy/resources/report-file-path.php
deleted file mode 100644 (file)
index 6eaaf26..0000000
+++ /dev/null
@@ -1,14 +0,0 @@
-<?php
-require_once '../../../resources/portabilityLayer.php';
-
-if (isset($_GET['test'])) {
-    $reportFilePath = sys_get_temp_dir() . "/" . str_replace("/", "-", $_GET['test']) . ".csp-report.txt"; 
-} elseif (isset($_SERVER["HTTP_REFERER"]) and strpos($_SERVER["HTTP_REFERER"], '/resources/') === false) {
-    $reportFilePath = sys_get_temp_dir() . "/" . str_replace("/", "-", parse_url($_SERVER["HTTP_REFERER"], PHP_URL_PATH)) . ".csp-report.txt"; 
-} else {
-    header("HTTP/1.1 500 Internal Server Error");
-    echo "This script needs to know the name of the test to form a unique temporary file path. It can get one either from HTTP referrer, or from a 'test' parameter.\n";
-    exit();
-}
-
-?>
diff --git a/LayoutTests/http/tests/security/contentSecurityPolicy/resources/report_file_path.py b/LayoutTests/http/tests/security/contentSecurityPolicy/resources/report_file_path.py
new file mode 100755 (executable)
index 0000000..6b764d3
--- /dev/null
@@ -0,0 +1,21 @@
+#!/usr/bin/env python3
+
+import os
+import sys
+import tempfile
+from urllib.parse import parse_qs, urlparse
+
+referer = os.environ.get('HTTP_REFERER', None)
+test = parse_qs(os.environ.get('QUERY_STRING', ''), keep_blank_values=True).get('test', [None])[0]
+
+if test is not None:
+    report_filepath = os.path.join(tempfile.gettempdir(), '{}.csp-report.txt'.format(test.replace('/', '-')))
+elif referer is not None and '/resources/' not in referer:
+    report_filepath = os.path.join(tempfile.gettempdir(), '{}.csp-report.txt'.format(urlparse(referer).path.replace('/', '-')))
+else:
+    sys.stdout.write(
+        'status: 500\r\n'
+        'Content-Type: text/html\r\n\r\n'
+        'This script needs to know the name of the test to form a unique temporary file path. It can get one either from HTTP referrer, or from a \'test\' parameter.\n'
+    )
+    sys.exit(0)
diff --git a/LayoutTests/http/tests/security/contentSecurityPolicy/resources/save-report-and-redirect-to-save-report.php b/LayoutTests/http/tests/security/contentSecurityPolicy/resources/save-report-and-redirect-to-save-report.php
deleted file mode 100644 (file)
index b305ff3..0000000
+++ /dev/null
@@ -1,9 +0,0 @@
-<?php
-require_once "report-file-path.php";
-
-$DO_NOT_CLEAR_COOKIES = true; // Used by save-report.php
-require_once "save-report.php";
-
-header("HTTP/1.1 307");
-header("Location: save-report.php" . (isset($_SERVER["QUERY_STRING"]) ? "?" . $_SERVER["QUERY_STRING"] : ""));
-?>
diff --git a/LayoutTests/http/tests/security/contentSecurityPolicy/resources/save-report-and-redirect-to-save-report.py b/LayoutTests/http/tests/security/contentSecurityPolicy/resources/save-report-and-redirect-to-save-report.py
new file mode 100755 (executable)
index 0000000..4038051
--- /dev/null
@@ -0,0 +1,16 @@
+#!/usr/bin/env python3
+
+import os
+import sys
+from save_report import save_report
+
+query_string = os.environ.get('QUERY_STRING', '')
+if query_string != '':
+    query_string = '?{}'.format(query_string)
+
+sys.stdout.write(
+    'status: 307\r\n'
+    'Location: save-report.py{}\r\n'.format(query_string)
+)
+
+save_report(True)
diff --git a/LayoutTests/http/tests/security/contentSecurityPolicy/resources/save-report.php b/LayoutTests/http/tests/security/contentSecurityPolicy/resources/save-report.php
deleted file mode 100644 (file)
index 9c4595e..0000000
+++ /dev/null
@@ -1,33 +0,0 @@
-<?php
-require_once "report-file-path.php";
-
-function undoMagicQuotes($value) {
-    if (get_magic_quotes_gpc())
-        return stripslashes($value);
-    return $value;
-}
-
-$reportFile = fopen($reportFilePath . ".tmp", 'w');
-$httpHeaders = $_SERVER;
-ksort($httpHeaders, SORT_STRING);
-foreach ($httpHeaders as $name => $value) {
-    if ($name === "CONTENT_TYPE" || $name === "HTTP_REFERER" || $name === "REQUEST_METHOD" || $name === "HTTP_COOKIE"
-        || $name === "HTTP_HOST" || $name === "REQUEST_URI") {
-        $value = undoMagicQuotes($value);
-        fwrite($reportFile, "$name: $value\n");
-    }
-}
-
-fwrite($reportFile, "=== POST DATA ===\n");
-fwrite($reportFile, file_get_contents("php://input"));
-fclose($reportFile);
-
-// On Windows, rename will sometimes fail because one of the files is used by another process.
-while (!rename($reportFilePath . ".tmp", $reportFilePath))
-    sleep(1);
-
-if (!isset($DO_NOT_CLEAR_COOKIES) || !$DO_NOT_CLEAR_COOKIES) {
-    foreach ($_COOKIE as $name => $value)
-        setcookie($name, "deleted", time() - 60, "/");
-}
-?>
diff --git a/LayoutTests/http/tests/security/contentSecurityPolicy/resources/save-report.py b/LayoutTests/http/tests/security/contentSecurityPolicy/resources/save-report.py
new file mode 100755 (executable)
index 0000000..a18ac99
--- /dev/null
@@ -0,0 +1,4 @@
+#!/usr/bin/env python3
+
+from save_report import save_report
+save_report(False)
diff --git a/LayoutTests/http/tests/security/contentSecurityPolicy/resources/save_report.py b/LayoutTests/http/tests/security/contentSecurityPolicy/resources/save_report.py
new file mode 100755 (executable)
index 0000000..35bda4e
--- /dev/null
@@ -0,0 +1,39 @@
+#!/usr/bin/env python3
+
+import os
+import sys
+from datetime import datetime, timedelta
+from report_file_path import report_filepath
+
+file = __file__.split(':/cygwin')[-1]
+http_root = os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(os.path.dirname(file)))))
+sys.path.insert(0, http_root)
+
+from resources.portabilityLayer import get_cookies
+
+
+def not_being_called():
+    cookies = get_cookies()
+    expires = datetime.utcnow() - timedelta(seconds=60)
+    for cookie in cookies.keys():
+        sys.stdout.write('Set-Cookie: {}=deleted; expires={} GMT; Max-Age=0; path=/\r\n'.format(cookie, expires.strftime('%a, %d-%b-%Y %H:%M:%S')))
+
+
+def save_report(is_being_called):
+    data = ''.join(sys.stdin.readlines())
+
+    report_file = open('{}.tmp'.format(report_filepath), 'w')
+
+    for name in sorted(os.environ.keys()):
+        if name in ['CONTENT_TYPE', 'HTTP_REFERER', 'REQUEST_METHOD', 'HTTP_COOKIE', 'HTTP_HOST', 'REQUEST_URI']:
+            report_file.write('{}: {}\n'.format(name, os.environ.get(name)))
+
+    report_file.write('=== POST DATA ===\n{}'.format(data))
+    report_file.close()
+
+    os.rename('{}.tmp'.format(report_filepath), report_filepath)
+
+    if not is_being_called:
+        not_being_called()
+
+    sys.stdout.write('Content-Type: text/html\r\n\r\n')
diff --git a/LayoutTests/http/tests/security/contentSecurityPolicy/resources/worker.php b/LayoutTests/http/tests/security/contentSecurityPolicy/resources/worker.php
deleted file mode 100644 (file)
index e77de18..0000000
+++ /dev/null
@@ -1,141 +0,0 @@
-<?php
-  header("Expires: Thu, 01 Dec 2003 16:00:00 GMT");
-  header("Cache-Control: no-cache, must-revalidate");
-  header("Pragma: no-cache");
-  if ($_GET["csp"]) {
-    $csp = $_GET["csp"];
-    // If the magic quotes option is enabled, the CSP could be escaped and
-    // the test would fail.
-    if (get_magic_quotes_gpc()) {
-      $csp = stripslashes($csp);
-    }
-    header("Content-Security-Policy: " . $csp);
-  } else if ($_GET["type"] == "multiple-headers") {
-    header("Content-Security-Policy: connect-src 'none'");
-    header("Content-Security-Policy: script-src 'self'", false);
-  }
-?>
-
-<?php
-if ($_GET["type"] == "eval") {
-?>
-
-var id = 0;
-try {
-  id = eval("1 + 2 + 3");
-}
-catch (e) {
-}
-
-postMessage(id === 0 ? "eval blocked" : "eval allowed");
-
-<?php
-} else if ($_GET["type"] == "function-function") {
-?>
-
-var fn = function() {
-    postMessage('Function() function blocked');
-}
-try {
-    fn = new Function("", "postMessage('Function() function allowed');");
-}
-catch(e) {
-}
-fn();
-
-<?php
-} else if ($_GET["type"] == "importscripts") {
-?>
-
-try {
-    importScripts("http://localhost:8000/security/contentSecurityPolicy/resources/post-message.js");
-    postMessage("importScripts allowed");
-} catch(e) {
-    postMessage("importScripts blocked: " + e);
-}
-
-<?php
-} else if ($_GET["type"] == "make-xhr") {
-?>
-
-var xhr = new XMLHttpRequest;
-xhr.addEventListener("load", function () {
-    postMessage("xhr allowed");
-});
-xhr.addEventListener("error", function () {
-    postMessage("xhr blocked");
-});
-xhr.open("GET", "http://127.0.0.1:8000/xmlhttprequest/resources/get.txt", true);
-xhr.send();
-
-<?php
-} else if ($_GET["type"] == "set-timeout") {
-?>
-
-var id = 0;
-try {
-    id = setTimeout("postMessage('handler invoked')", 100);
-} catch(e) {
-}
-postMessage(id === 0 ? "setTimeout blocked" : "setTimeout allowed");
-
-<?php
-} else if ($_GET["type"] == "post-message-pass") {
-?>
-
-postMessage("PASS");
-
-<?php
-} else if ($_GET["type"] == "report-referrer") {
-?>
-
-var xhr = new XMLHttpRequest;
-xhr.open("GET", "http://127.0.0.1:8000/security/resources/echo-referrer-header.php", true);
-xhr.onload = function () {
-    postMessage(this.responseText);
-};
-xhr.send();
-
-<?php
-} else if ($_GET["type"] == "shared-report-referrer") {
-?>
-
-onconnect = function (e) {
-    var port = e.ports[0];
-    var xhr = new XMLHttpRequest;
-    xhr.open(
-        "GET",
-        "http://127.0.0.1:8000/security/resources/echo-referrer-header.php",
-        true);
-    xhr.onload = function () {
-        port.postMessage(this.responseText);
-    };
-    xhr.send();
-};
-
-<?php
-} else if ($_GET["type"] == "multiple-headers") {
-?>
-
-var xhr = new XMLHttpRequest;
-xhr.addEventListener("load", function () {
-    postMessage("xhr allowed");
-});
-xhr.addEventListener("error", function () {
-    postMessage("xhr blocked");
-});
-xhr.open("GET", "http://127.0.0.1:8000/xmlhttprequest/resources/get.txt", true);
-xhr.send();
-
-var id = 0;
-try {
-  id = eval("1 + 2 + 3");
-}
-catch (e) {
-}
-
-postMessage(id === 0 ? "eval blocked" : "eval allowed");
-
-<?php
-}
-?>
diff --git a/LayoutTests/http/tests/security/contentSecurityPolicy/resources/worker.py b/LayoutTests/http/tests/security/contentSecurityPolicy/resources/worker.py
new file mode 100755 (executable)
index 0000000..2a66fd9
--- /dev/null
@@ -0,0 +1,135 @@
+#!/usr/bin/env python3
+
+import os
+import sys
+from urllib.parse import parse_qs
+
+query = parse_qs(os.environ.get('QUERY_STRING', ''), keep_blank_values=True)
+csp = query.get('csp', [None])[0]
+typ = query.get('type', [''])[0]
+
+sys.stdout.write(
+    'Expires: Thu, 01 Dec 2003 16:00:00 GMT\r\n'
+    'Cache-Control: no-cache, must-revalidate\r\n'
+    'Pragma: no-cache\r\n'
+    'Content-Type: text/html\r\n'
+)
+
+if csp is not None:
+    sys.stdout.write('Content-Security-Policy: {}\r\n'.format(csp))
+elif typ == 'multiple-headers':
+    sys.stdout.write(
+        'Content-Security-Policy: connect-src \'none\'\r\n'
+        'Content-Security-Policy: script-src \'self\'\r\n'
+    )
+
+sys.stdout.write('\r\n')
+
+if typ == 'eval':
+    sys.stdout.write(
+        'var id = 0;\n'
+        'try {\n'
+        '  id = eval("1 + 2 + 3");\n'
+        '}\n'
+        '  catch (e) {\n'
+        '}\n'
+        '\n'
+        'postMessage(id === 0 ? "eval blocked" : "eval allowed");\n'
+    )
+
+elif typ == 'function-function':
+    sys.stdout.write(
+        'var fn = function() {\n'
+        '    postMessage(\'Function() function blocked\');\n'
+        '}\n'
+        'try {\n'
+        '    fn = new Function("", "postMessage(\'Function() function allowed\');");\n'
+        '}\n'
+        'catch(e) {\n'
+        '}\n'
+        'fn();\n'
+    )
+
+elif typ == 'importscripts':
+    sys.stdout.write(
+        'try {\n'
+        '    importScripts("http://localhost:8000/security/contentSecurityPolicy/resources/post-message.js");\n'
+        '    postMessage("importScripts allowed");\n'
+        '} catch(e) {\n'
+        '    postMessage("importScripts blocked: " + e);\n'
+        '}\n'
+    )
+
+elif typ == 'make-xhr':
+    sys.stdout.write(
+        'var xhr = new XMLHttpRequest;\n'
+        'xhr.addEventListener("load", function () {\n'
+        '    postMessage("xhr allowed");\n'
+        '});\n'
+        'xhr.addEventListener("error", function () {\n'
+        '    postMessage("xhr blocked");\n'
+        '});\n'
+        'xhr.open("GET", "http://127.0.0.1:8000/xmlhttprequest/resources/get.txt", true);\n'
+        'xhr.send();\n'
+    )
+
+elif typ == 'set-timeout':
+    sys.stdout.write(
+        'var id = 0;\n'
+        'try {\n'
+        '    id = setTimeout("postMessage(\'handler invoked\')", 100);\n'
+        '} catch(e) {\n'
+        '}\n'
+        'postMessage(id === 0 ? "setTimeout blocked" : "setTimeout allowed");\n'
+    )
+
+elif typ == 'post-message-pass':
+    sys.stdout.write('postMessage("PASS");')
+
+elif typ == 'report-referrer':
+    sys.stdout.write(
+        'var xhr = new XMLHttpRequest;\n'
+        'xhr.open("GET", "http://127.0.0.1:8000/security/resources/echo-referrer-header.php", true);\n'
+        'xhr.onload = function () {\n'
+        '    postMessage(this.responseText);\n'
+        '};\n'
+        'xhr.send();\n'
+    )
+
+elif typ == 'shared-report-referrer':
+    sys.stdout.write(
+        'onconnect = function (e) {\n'
+        '    var port = e.ports[0];\n'
+        '    var xhr = new XMLHttpRequest;\n'
+        '    xhr.open(\n'
+        '        "GET",\n'
+        '        "http://127.0.0.1:8000/security/resources/echo-referrer-header.php",\n'
+        '        true);\n'
+        '    xhr.onload = function () {\n'
+        '        port.postMessage(this.responseText);\n'
+        '    };\n'
+        '    xhr.send();\n'
+        '};\n'
+    )
+
+elif typ == 'multiple-headers':
+    sys.stdout.write(
+        'var xhr = new XMLHttpRequest;\n'
+        'xhr.addEventListener("load", function () {\n'
+        '    postMessage("xhr allowed");\n'
+        '});\n'
+        'xhr.addEventListener("error", function () {\n'
+        '    postMessage("xhr blocked");\n'
+        '});\n'
+        'xhr.open("GET", "http://127.0.0.1:8000/xmlhttprequest/resources/get.txt", true);\n'
+        'xhr.send();\n'
+        '\n'
+        'var id = 0;\n'
+        'try {\n'
+        '  id = eval("1 + 2 + 3");\n'
+        '}\n'
+        'catch (e) {\n'
+        '}\n'
+        '\n'
+        'postMessage(id === 0 ? "eval blocked" : "eval allowed");\n'
+    )
index 6a593302680d391b0b9aacdf3b7a12b1474a4421..417f25953bb4286892204952a72c4bf47fbdf43a 100755 (executable)
@@ -6,4 +6,4 @@ sys.stdout.write(
     'Content-Type: text/plain\r\n'
     'Access-Control-Allow-Origin: *\r\n\r\n'
     'hello\n'
-)
\ No newline at end of file
+)
index ce0fab8696bb0574d9c82e3ebb046fc79d8c24a8..71b3b924c022a2a669958029f588d4d269956ac8 100644 (file)
@@ -4,6 +4,6 @@ CONTENT_TYPE: application/csp-report
 HTTP_HOST: 127.0.0.1:8000
 HTTP_REFERER: http://127.0.0.1:8000/plugins/resources/mock-plugin.pl
 REQUEST_METHOD: POST
-REQUEST_URI: /security/contentSecurityPolicy/resources/save-report.php?test=/security/contentSecurityPolicy/same-origin-plugin-document-blocked-in-child-window-report.py
+REQUEST_URI: /security/contentSecurityPolicy/resources/save-report.py?test=/security/contentSecurityPolicy/same-origin-plugin-document-blocked-in-child-window-report.py
 === POST DATA ===
-{"csp-report":{"document-uri":"http://127.0.0.1:8000/plugins/resources/mock-plugin.pl","referrer":"http://127.0.0.1:8000/security/contentSecurityPolicy/same-origin-plugin-document-blocked-in-child-window-report.py","violated-directive":"plugin-types application/x-webkit-dummy-plugin","effective-directive":"plugin-types","original-policy":"script-src 'self' 'unsafe-inline'; plugin-types application/x-webkit-dummy-plugin; report-uri /security/contentSecurityPolicy/resources/save-report.php?test=/security/contentSecurityPolicy/same-origin-plugin-document-blocked-in-child-window-report.py","blocked-uri":"http://127.0.0.1:8000/plugins/resources/mock-plugin.pl","status-code":200}}
+{"csp-report":{"document-uri":"http://127.0.0.1:8000/plugins/resources/mock-plugin.pl","referrer":"http://127.0.0.1:8000/security/contentSecurityPolicy/same-origin-plugin-document-blocked-in-child-window-report.py","violated-directive":"plugin-types application/x-webkit-dummy-plugin","effective-directive":"plugin-types","original-policy":"script-src 'self' 'unsafe-inline'; plugin-types application/x-webkit-dummy-plugin; report-uri /security/contentSecurityPolicy/resources/save-report.py?test=/security/contentSecurityPolicy/same-origin-plugin-document-blocked-in-child-window-report.py","blocked-uri":"http://127.0.0.1:8000/plugins/resources/mock-plugin.pl","status-code":200}}
index 5260f24fdefcf5795781bea203f70faacb733155..95c6d733561db87bac502e09a8784c19a0cbf057 100755 (executable)
@@ -3,7 +3,7 @@
 import sys
 
 sys.stdout.write(
-    'Content-Security-Policy: script-src \'self\' \'unsafe-inline\'; plugin-types application/x-webkit-dummy-plugin; report-uri /security/contentSecurityPolicy/resources/save-report.php?test=/security/contentSecurityPolicy/same-origin-plugin-document-blocked-in-child-window-report.py\r\n'
+    'Content-Security-Policy: script-src \'self\' \'unsafe-inline\'; plugin-types application/x-webkit-dummy-plugin; report-uri /security/contentSecurityPolicy/resources/save-report.py?test=/security/contentSecurityPolicy/same-origin-plugin-document-blocked-in-child-window-report.py\r\n'
     'Content-Type: text/html\r\n\r\n'
     '<!DOCTYPE html>\n'
     '<html>\n'
@@ -22,7 +22,7 @@ sys.stdout.write(
     '<script>\n'
     'function navigateToCSPReport()\n'
     '{\n'
-    '    window.location.href = "/security/contentSecurityPolicy/resources/echo-report.php?test=/security/contentSecurityPolicy/same-origin-plugin-document-blocked-in-child-window-report.py";\n'
+    '    window.location.href = "/security/contentSecurityPolicy/resources/echo-report.py?test=/security/contentSecurityPolicy/same-origin-plugin-document-blocked-in-child-window-report.py";\n'
     '}\n'
     '\n'
     'checkDidSameOriginChildWindowLoad(window.open("http://127.0.0.1:8000/plugins/resources/mock-plugin.pl"), navigateToCSPReport);\n'
index ad3c476756834147ad82cd5127a1dff53f6959f4..3701e53aa654114dc1e0fcaac75ed475118b9b79 100644 (file)
@@ -12,7 +12,7 @@ if (window.testRunner) {
 <body>
 <script>
 try {
-    var worker = new Worker('http://127.0.0.1:8000/security/contentSecurityPolicy/resources/worker.php?type=make-xhr&csp=' +
+    var worker = new Worker('http://127.0.0.1:8000/security/contentSecurityPolicy/resources/worker.py?type=make-xhr&csp=' +
                              encodeURIComponent("connect-src http://127.0.0.1:8000"));
     worker.onmessage = function (event) {
         alert(event.data);
index 98850cf28f97e27e0e4e6b99a6f739b37fb074d3..8c9b9a7b962c5255010fb73df92fd7559b3d82e5 100644 (file)
@@ -12,7 +12,7 @@ if (window.testRunner) {
 <body>
 <script>
 try {
-    var worker = new Worker('http://127.0.0.1:8000/security/contentSecurityPolicy/resources/worker.php?type=make-xhr&csp=' +
+    var worker = new Worker('http://127.0.0.1:8000/security/contentSecurityPolicy/resources/worker.py?type=make-xhr&csp=' +
                              encodeURIComponent("connect-src 'none'"));
     worker.onmessage = function (event) {
         alert(event.data);
index 3f8247f38e3b9322108ff44a7c69ac543b54688c..f375f5e7459f0baa435641e56bed806d01d16ff5 100644 (file)
@@ -12,7 +12,7 @@ if (window.testRunner) {
 <body>
 <script>
 try {
-    var worker = new Worker('http://127.0.0.1:8000/security/contentSecurityPolicy/resources/worker.php?type=eval&csp=' +
+    var worker = new Worker('http://127.0.0.1:8000/security/contentSecurityPolicy/resources/worker.py?type=eval&csp=' +
                              encodeURIComponent("script-src 'self' 'unsafe-inline'"));
     worker.onmessage = function (event) {
         alert(event.data);
index 92713f6711290835669d6114c65561ed2a47de26..de8ad70f168668cfcce39f38b3d39b04cf0d0526 100644 (file)
@@ -12,7 +12,7 @@ if (window.testRunner) {
 <body>
 <script>
 try {
-    var worker = new Worker('http://127.0.0.1:8000/security/contentSecurityPolicy/resources/worker.php?type=function-function&csp=' +
+    var worker = new Worker('http://127.0.0.1:8000/security/contentSecurityPolicy/resources/worker.py?type=function-function&csp=' +
                              encodeURIComponent("script-src 'self' 'unsafe-inline'"));
     worker.onmessage = function (event) {
         alert(event.data);
index 3f7856dbdb2d7c26e8f43b080f38915312c21cff..3dfa6e20d84bd7497a63f0b527ddf3efdc48d36c 100644 (file)
@@ -11,7 +11,7 @@
 
     var result = '';
     try {
-        var worker = new Worker('http://127.0.0.1:8000/security/contentSecurityPolicy/resources/worker.php?type=importscripts&csp=' +
+        var worker = new Worker('http://127.0.0.1:8000/security/contentSecurityPolicy/resources/worker.py?type=importscripts&csp=' +
                                  encodeURIComponent("script-src 'unsafe-eval' 'unsafe-inline' 127.0.0.1:8000"));
         worker.onmessage = function (event) {
             result = event.data;
index 104ca48e25f86656152b8b7b3640fa794ceae0b9..ca811e8e678dd8b6b2eb8a668db32307927496da 100644 (file)
@@ -7,7 +7,7 @@
 <body>
   <script>
   async_test(function () {
-      var worker = new Worker('http://127.0.0.1:8000/security/contentSecurityPolicy/resources/worker.php?type=multiple-headers');
+      var worker = new Worker('http://127.0.0.1:8000/security/contentSecurityPolicy/resources/worker.py?type=multiple-headers');
       var evalBlocked = false;
       var xhrBlocked = false;
       var numMessages = 0;
index c4005f8d0a8ba57aebdf00fda7974bdc8fe1bc33..22bf521ec6cef427c22a15926b07a61c0642d41b 100644 (file)
@@ -12,7 +12,7 @@ if (window.testRunner) {
 <script>
 try {
     // We ignore the message posted by the worker (by not registering an onmessage handler) as we are only interested in knowing whether an exception occurred.
-    var worker = new Worker('http://127.0.0.1:8000/security/contentSecurityPolicy/resources/worker.php?type=post-message-pass&csp=' +
+    var worker = new Worker('http://127.0.0.1:8000/security/contentSecurityPolicy/resources/worker.py?type=post-message-pass&csp=' +
                              encodeURIComponent("script-src 'self' 'unsafe-inline'"));
     alert("PASS");
 } catch (e) {
index dcaed7f31b0eb63e21ff88bf4832476ad6cbd3b1..1891254214525d29f20e29f91f1b359741c8b29a 100644 (file)
@@ -12,7 +12,7 @@ if (window.testRunner) {
 <body>
 <script>
 try {
-    var worker = new Worker('http://127.0.0.1:8000/security/contentSecurityPolicy/resources/worker.php?type=set-timeout&csp=' +
+    var worker = new Worker('http://127.0.0.1:8000/security/contentSecurityPolicy/resources/worker.py?type=set-timeout&csp=' +
                              encodeURIComponent("script-src 'self' 'unsafe-inline'"));
     worker.onmessage = function (event) {
         alert(event.data);
index 1ea7146d464495253755ea5bbd782fcdb2999316..9d0a1399459e6d85b3f9e4b97af3bc17bf51e079 100644 (file)
@@ -11,7 +11,7 @@
   // have no CSP, not the CSP of the responsible document.
 
   async_test(function () {
-      var worker = new Worker('http://127.0.0.1:8000/security/contentSecurityPolicy/resources/worker.php?type=make-xhr');
+      var worker = new Worker('http://127.0.0.1:8000/security/contentSecurityPolicy/resources/worker.py?type=make-xhr');
       worker.onmessage = this.step_func(function (event) {
           assert_equals(event.data, "xhr allowed");
           this.done();
index 23838bfaaadb94f9161ac592b5b4bb1e33d73904..87f9f7bf5e8282d9bc7f9f99a1d3c64fe86603ca 100644 (file)
@@ -16,7 +16,7 @@
           document.getElementById("console").appendChild(document.createTextNode(msg + "\n"));
       }
 
-      var protectedResource = "http://127.0.0.1:8000/security/contentSecurityPolicy/resources/generate-csp-report.php?test=/security/contentSecurityPolicy/xmlhttprequest-protected-resource-does-not-crash.html";
+      var protectedResource = "http://127.0.0.1:8000/security/contentSecurityPolicy/resources/generate-csp-report.py?test=/security/contentSecurityPolicy/xmlhttprequest-protected-resource-does-not-crash.html";
       var xhr = new XMLHttpRequest();
       xhr.responseType = "document";
       xhr.onreadystatechange = function () {
diff --git a/LayoutTests/http/tests/security/cookies/cookies-wrong-domain-rejected-result.php b/LayoutTests/http/tests/security/cookies/cookies-wrong-domain-rejected-result.php
deleted file mode 100644 (file)
index f136682..0000000
+++ /dev/null
@@ -1,21 +0,0 @@
-<html>
-<head>
-<script>
-function runTest() {
-
-    if (window.testRunner)
-        testRunner.dumpAsText();
-
-    <?php if (isset($_COOKIE['one_cookie']))
-              echo 'document.write("FAIL: Cookies with a wrong domain should be rejected in user agent.");';
-          else
-              echo 'document.write("PASS: User agent rejected the cookie with a wrong domain.")';
-    ?>;
-
-}
-</script>
-</head>
-<body onload="runTest()">
-</body>
-</html>
-
diff --git a/LayoutTests/http/tests/security/cookies/cookies-wrong-domain-rejected-result.py b/LayoutTests/http/tests/security/cookies/cookies-wrong-domain-rejected-result.py
new file mode 100755 (executable)
index 0000000..2d1a424
--- /dev/null
@@ -0,0 +1,34 @@
+#!/usr/bin/env python3
+
+import os
+import sys
+
+file = __file__.split(':/cygwin')[-1]
+http_root = os.path.dirname(os.path.dirname(os.path.abspath(os.path.dirname(file))))
+sys.path.insert(0, http_root)
+
+from resources.portabilityLayer import get_cookies
+
+cookies = get_cookies()
+
+sys.stdout.write('Content-Type: text/html\r\n\r\n')
+
+print('''<html>
+<head>
+<script>
+function runTest() {
+
+    if (window.testRunner)
+        testRunner.dumpAsText();''')
+
+if cookies.get('one_cookie', None) is not None:
+    sys.stdout.write('    document.write("FAIL: Cookies with a wrong domain should be rejected in user agent.");')
+else:
+    sys.stdout.write('    document.write("PASS: User agent rejected the cookie with a wrong domain.")')
+
+print('''}
+</script>
+</head>
+<body onload="runTest()">
+</body>
+</html>''')
index 2372f7624984150121f1468b45ffed40c464c291..015c351ddeed74091ecdff9b7df0ed9b2fa4a33d 100755 (executable)
@@ -4,6 +4,6 @@ import sys
 
 sys.stdout.write(
     'Set-Cookie: one_cookie=shouldBeRejeced; domain=WrongDomain\r\n'
-    'Location: cookies-wrong-domain-rejected-result.php\r\n'
+    'Location: cookies-wrong-domain-rejected-result.py\r\n'
     'Content-Type: text/html\r\n\r\n'
 )
\ No newline at end of file
index 56bae5d4e8e130c808fc148e74262b74bf21be5f..be7679667b30c64e0f616f02d4817f6ad9f233b1 100644 (file)
@@ -12,7 +12,7 @@ if (window.testRunner) {
 }
       </script>
       <body>
-        <iframe src="http://127.0.0.1:8000/security/cookies/resources/set-a-cookie.php"></iframe>
+        <iframe src="http://127.0.0.1:8000/security/cookies/resources/set-a-cookie.py"></iframe>
       </body>
     </html>
   </xsl:template>
old mode 100644 (file)
new mode 100755 (executable)
similarity index 72%
rename from LayoutTests/http/tests/security/cookies/resources/set-a-cookie.php
rename to LayoutTests/http/tests/security/cookies/resources/set-a-cookie.py
index 22121f1..bdc585c
@@ -1,7 +1,13 @@
-<?php
-    setcookie("test_cookie", "1", 0, "/");
-?>
-<!DOCTYPE html>
+#!/usr/bin/env python3
+
+import sys
+
+sys.stdout.write(
+    'Set-Cookie: test_cookie=1; path=/\r\n'
+    'Content-Type: text/html\r\n\r\n'
+)
+
+print('''<!DOCTYPE html>
 <html>
 <script>
 function checkCookie()
@@ -19,4 +25,4 @@ function checkCookie()
 <body onload="checkCookie()">
 <div id="log"></div>
 </body>
-</html>
+</html>''')
index d7b44b7445c55637231d0a7ed06e5a92afa6f3d4..04cbfc20c77663c511e29171d37a1c867e26a3ec 100644 (file)
@@ -12,7 +12,7 @@ if (window.testRunner) {
 }
       </script>
       <body>
-        <iframe src="http://localhost:8000/security/cookies/resources/set-a-cookie.php"></iframe>
+        <iframe src="http://localhost:8000/security/cookies/resources/set-a-cookie.py"></iframe>
       </body>
     </html>
   </xsl:template>
index 4f0240660ebe2ca4f4637beaa6dc7055e58b6182..fdbfae3b2518779bd9189ba03754291fefdd984d 100644 (file)
@@ -17,7 +17,7 @@ function runTest()
 </script>
 <body onload="runTest()">
     <div>
-        <form id="form" action="http://localhost:8000/security/cookies/resources/set-a-cookie.php" method="POST">
+        <form id="form" action="http://localhost:8000/security/cookies/resources/set-a-cookie.py" method="POST">
           <input type="submit" />
         </form>
         <iframe src="javascript:false" name="iframe"></iframe>
index 47085d21fe1590e09a492d7a5cc0774adb91675f..4d4959e02d9449139876ebd516d71841db6f0dc0 100644 (file)
@@ -25,7 +25,7 @@ function runTest()
 </script>
 <body onload="runTest()">
     <div>
-        <form id="form" action="http://localhost:8000/security/cookies/resources/set-a-cookie.php" method="POST" target="iframe">
+        <form id="form" action="http://localhost:8000/security/cookies/resources/set-a-cookie.py" method="POST" target="iframe">
           <input type="submit" />
         </form>
         <iframe src="javascript:false" name="iframe"></iframe>
index 6f1f190ea24ac6e1d49b500706dbf4af430efd38..8133e681c89e689d87925388ae089adfe3ced894 100644 (file)
@@ -18,7 +18,7 @@ function runTest()
 </script>
 <body onload="runTest()">
     <div>
-        <form id="form" action="http://localhost:8000/security/cookies/resources/set-a-cookie.php" method="POST" target="iframe">
+        <form id="form" action="http://localhost:8000/security/cookies/resources/set-a-cookie.py" method="POST" target="iframe">
           <input type="submit" />
         </form>
         <iframe src="javascript:false" name="iframe"></iframe>
index c4038fd79d6b2990ef799cae83bdef63bea5c583..aade9325f9ab1deb6c12032c082fa18ff4892641 100644 (file)
@@ -21,10 +21,10 @@ request1.onreadystatechange = function () {
                 window.open('http://127.0.0.1:8000/security/resources/credentials-from-different-domains-continued-1.html');
             }
         }
-        request2.open('GET', 'http://127.0.0.1:8000/security/resources/cors-basic-auth.php');
+        request2.open('GET', 'http://127.0.0.1:8000/security/resources/cors-basic-auth.py');
         request2.send();
     }
 };
-request1.open('GET', 'http://127.0.0.1:8000/security/resources/cors-basic-auth.php', true, "user", "pass");
+request1.open('GET', 'http://127.0.0.1:8000/security/resources/cors-basic-auth.py', true, "user", "pass");
 request1.send();
 </script>
index 9a26d8337832cabd71f602930aa2d9e68d7f961d..edaec4e7469a213f63f549485c35ac7544115742 100644 (file)
@@ -1,4 +1,4 @@
 ALERT: parent host: 127.0.0.1 iframe host: 127.0.0.1 credentials:User: same-domain-user, password: same-domain-password.
-http://127.0.0.1:8000/security/resources/cors-basic-auth.php - didReceiveAuthenticationChallenge - Simulating cancelled authentication sheet
+http://127.0.0.1:8000/security/resources/cors-basic-auth.py - didReceiveAuthenticationChallenge - Simulating cancelled authentication sheet
 ALERT: parent host: localhost iframe host: 127.0.0.1 credentials:Authentication canceled
 
index c1f0dd26c058e5a3827e6e5ac42acbbfecc7eaac..fba7802749b2fe0a13c41872c85b65dd24d77cc9 100644 (file)
@@ -1,4 +1,4 @@
 ALERT: parent host: 127.0.0.1 iframe host: 127.0.0.1 credentials:User: same-domain-user, password: same-domain-password.
-CONSOLE MESSAGE: Blocked http://127.0.0.1:8000/security/resources/cors-basic-auth.php from asking for credentials because it is a cross-origin request.
+CONSOLE MESSAGE: Blocked http://127.0.0.1:8000/security/resources/cors-basic-auth.py from asking for credentials because it is a cross-origin request.
 ALERT: parent host: localhost iframe host: 127.0.0.1 credentials:Authentication canceled
 
index ed4c2c261873a6c8859656236062ba1d9f43b6d1..84af0f6958c2586a135df44a8de1871b3ed45755 100644 (file)
@@ -16,7 +16,7 @@ function done(msg) {
 <script type="module">
 // Executed with "omit".
 // https://github.com/tc39/proposal-dynamic-import/blob/master/HTML%20Integration.md
-import("http://localhost:8000/security/resources/cors-script.php?credentials=false").then(
+import("http://localhost:8000/security/resources/cors-script.py?credentials=false").then(
     function() { done("PASS");},
     function() { done("FAIL"); });
 </script>
index 7f6ee397107b8115920551b5642f7c9ec6556819..b967edecbc30f86112406c24ba91109721eb2336 100644 (file)
@@ -15,7 +15,7 @@ function done(msg) {
 
 // Executed with "omit".
 // https://github.com/tc39/proposal-dynamic-import/blob/master/HTML%20Integration.md
-import("http://localhost:8000/security/resources/cors-script.php?credentials=false").then(
+import("http://localhost:8000/security/resources/cors-script.py?credentials=false").then(
     function() { done("PASS");},
     function() { done("FAIL"); });
 </script>
index d133477033ac26afbedcce8fb343ede97c0f7284..74c09a57fd2c72fc079ce44049707be3ecfa63b1 100644 (file)
@@ -25,7 +25,7 @@ function runTest()
     var worker;
     try {
         // We ignore the message posted by the worker (by not registering an onmessage handler) as we are only interested in knowing whether an exception occurred.
-        worker = new Worker("http://127.0.0.1:8000/security/contentSecurityPolicy/resources/worker.php?type=post-message-pass");
+        worker = new Worker("http://127.0.0.1:8000/security/contentSecurityPolicy/resources/worker.py?type=post-message-pass");
         window.postMessage("PASS worker instantiated.", "*");
     } catch (exception) {
         window.postMessage("FAIL should not have thrown an exception when creating worker. Threw exception " + exception + ".", "*");
index a84c5876e4df065ce05c1db0fb38145ce49b4898..b2d7e74de3faa51e02edfa4cec12df799e680ab5 100644 (file)
@@ -5,7 +5,7 @@ On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE
 
 
 PASS event.message.match(/SomeError/)[0] is "SomeError"
-PASS event.filename is "http://localhost:8000/security/resources/cors-script.php?fail=true"
+PASS event.filename is "http://localhost:8000/security/resources/cors-script.py?fail=true"
 PASS event.lineno is 1
 PASS event.colno is 52
 PASS event.error.toString() is "SomeError"
index ec3270bad76881807b1458950316dd4ea41d6e70..b9f055d107555ead777c1ee276eae62b50606cad 100644 (file)
@@ -9,7 +9,7 @@ description("The test passes if error event gets unsanitized information about t
 
 window.addEventListener('error', function() {
     shouldBeEqualToString("event.message.match(/SomeError/)[0]", "SomeError");
-    shouldBeEqualToString("event.filename", "http://localhost:8000/security/resources/cors-script.php?fail=true");
+    shouldBeEqualToString("event.filename", "http://localhost:8000/security/resources/cors-script.py?fail=true");
     shouldBe("event.lineno", "1");
     shouldBe("event.colno", "52");
     shouldBeEqualToString("event.error.toString()", "SomeError");
@@ -18,5 +18,5 @@ window.addEventListener('error', function() {
 
 successfullyParsed = true;
 </script>
-<script type="module" crossorigin="anonymous" src="http://localhost:8000/security/resources/cors-script.php?fail=true"></script>
+<script type="module" crossorigin="anonymous" src="http://localhost:8000/security/resources/cors-script.py?fail=true"></script>
 <script src="../../js-test-resources/js-test-post.js"></script>
index 419b60c39f172c93d44584950d2bbecd567e5a28..a3735d228472c79beac724e0aea28afc57da2609 100644 (file)
@@ -16,7 +16,7 @@ function done(msg) {
 var script = document.createElement("script");
 script.type = "module";
 script.crossOrigin = "use-credentials";
-script.src = "http://localhost:8000/security/resources/cors-script.php?credentials=true";
+script.src = "http://localhost:8000/security/resources/cors-script.py?credentials=true";
 script.onload = function() { done("PASS"); }
 script.onerror = function() { done("FAIL");}
 document.body.appendChild(script);
index 679612fd766fc486f30e3f179f4955ed091b5acd..4ff455739971acb4f6a358d1bbaaa154776a3d00 100644 (file)
@@ -15,7 +15,7 @@ function done(msg) {
 
 var script = document.createElement("script");
 script.type = "module";
-script.src = "http://localhost:8000/security/resources/cors-script.php?credentials=false";
+script.src = "http://localhost:8000/security/resources/cors-script.py?credentials=false";
 script.onload = function() { done("PASS"); }
 script.onerror = function() { done("FAIL");}
 document.body.appendChild(script);
index db337b262e95e98c91e2c99a1ba1af89259d04e8..be0d00df5c52b3534b905c94b1d3aacd475b5dff 100644 (file)
@@ -5,7 +5,7 @@ On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE
 
 
 PASS msg.match(/SomeError/)[0] is "SomeError"
-PASS url is "http://localhost:8000/security/resources/cors-script.php?fail=true"
+PASS url is "http://localhost:8000/security/resources/cors-script.py?fail=true"
 PASS line is 1
 PASS column is 52
 PASS error.toString() is "SomeError"
index 6f6d5c51bc641f914e6896a33238c5afe38ad047..92071d9fd5673f241caee43d934be273ad9045c7 100644 (file)
@@ -14,12 +14,12 @@ window.onerror = function(msg, url, line, column, error) {
     window.column = column;
     window.error = error;
     shouldBeEqualToString("msg.match(/SomeError/)[0]", "SomeError");
-    shouldBeEqualToString("url", "http://localhost:8000/security/resources/cors-script.php?fail=true");
+    shouldBeEqualToString("url", "http://localhost:8000/security/resources/cors-script.py?fail=true");
     shouldBe("line", "1");
     shouldBe("column", "52");
     shouldBeEqualToString("error.toString()", "SomeError");
     finishJSTest();
 }
 </script>
-<script type="module" crossorigin="    anonymous " src="http://localhost:8000/security/resources/cors-script.php?fail=true"></script>
+<script type="module" crossorigin="    anonymous " src="http://localhost:8000/security/resources/cors-script.py?fail=true"></script>
 <script src="../../js-test-resources/js-test-post.js"></script>
index 8c370ee11a46bf47a05a58f1132d734428d701fd..0c77ea8dcf71439db942960dfa0b62b8dc8beda9 100644 (file)
@@ -1,4 +1,4 @@
-http://127.0.0.1:8000/security/resources/basic-auth.php?username=webkit&password=rocks - didReceiveAuthenticationChallenge - Responding with webkit:rocks
+http://127.0.0.1:8000/security/resources/basic-auth.py?username=webkit&password=rocks - didReceiveAuthenticationChallenge - Responding with webkit:rocks
 This test makes sure that auth credentials cached during a private browsing session do not leak out after private browsing is disabled.
 
 --------
index e1eb17f23cd94be57b367760cc8e030169fb0f52..dd9899ac0b27aa51fa6ef65c706530859f4cc195 100644 (file)
@@ -35,5 +35,5 @@ function secondFrameLoaded() {
 </script>
 <body>
 This test makes sure that auth credentials cached during a private browsing session do not leak out after private browsing is disabled.
-<iframe src="resources/basic-auth.php?username=webkit&password=rocks" onload="firstFrameLoaded();"></iframe>
+<iframe src="resources/basic-auth.py?username=webkit&password=rocks" onload="firstFrameLoaded();"></iframe>
 </body>
index aa82c9410530dcd8ae0f8b3f839b9c53a527e1a0..df973f896b2586effe1739d15e9babbfe530defc 100644 (file)
@@ -34,19 +34,19 @@ Testing 'Referrer-Policy: origin' - referrer origin: https://127.0.0.1:8443/ - d
 PASS actualReferrer is "https://127.0.0.1:8443/"
 
 Testing 'Referrer-Policy: unsafe-url' - referrer origin: https://127.0.0.1:8443/ - destination origin: https://localhost:8443/ - isMultipartResponse? false
-PASS actualReferrer is "https://127.0.0.1:8443/security/resources/serve-referrer-policy-and-test.php?value=unsafe-url&destinationOrigin=https://localhost:8443/&isTestingMultipart=0"
+PASS actualReferrer is "https://127.0.0.1:8443/security/resources/serve-referrer-policy-and-test.py?value=unsafe-url&destinationOrigin=https://localhost:8443/&isTestingMultipart=0"
 
 Testing 'Referrer-Policy: unsafe-url' - referrer origin: https://127.0.0.1:8443/ - destination origin: https://127.0.0.1:8443/ - isMultipartResponse? false
-PASS actualReferrer is "https://127.0.0.1:8443/security/resources/serve-referrer-policy-and-test.php?value=unsafe-url&destinationOrigin=https://127.0.0.1:8443/&isTestingMultipart=0"
+PASS actualReferrer is "https://127.0.0.1:8443/security/resources/serve-referrer-policy-and-test.py?value=unsafe-url&destinationOrigin=https://127.0.0.1:8443/&isTestingMultipart=0"
 
 Testing 'Referrer-Policy: unsafe-url' - referrer origin: https://127.0.0.1:8443/ - destination origin: http://127.0.0.1:8000/ - isMultipartResponse? false
-PASS actualReferrer is "https://127.0.0.1:8443/security/resources/serve-referrer-policy-and-test.php?value=unsafe-url&destinationOrigin=http://127.0.0.1:8000/&isTestingMultipart=0"
+PASS actualReferrer is "https://127.0.0.1:8443/security/resources/serve-referrer-policy-and-test.py?value=unsafe-url&destinationOrigin=http://127.0.0.1:8000/&isTestingMultipart=0"
 
 Testing 'Referrer-Policy: no-referrer-when-downgrade' - referrer origin: https://127.0.0.1:8443/ - destination origin: https://localhost:8443/ - isMultipartResponse? false
-PASS actualReferrer is "https://127.0.0.1:8443/security/resources/serve-referrer-policy-and-test.php?value=no-referrer-when-downgrade&destinationOrigin=https://localhost:8443/&isTestingMultipart=0"
+PASS actualReferrer is "https://127.0.0.1:8443/security/resources/serve-referrer-policy-and-test.py?value=no-referrer-when-downgrade&destinationOrigin=https://localhost:8443/&isTestingMultipart=0"
 
 Testing 'Referrer-Policy: no-referrer-when-downgrade' - referrer origin: https://127.0.0.1:8443/ - destination origin: https://127.0.0.1:8443/ - isMultipartResponse? false
-PASS actualReferrer is "https://127.0.0.1:8443/security/resources/serve-referrer-policy-and-test.php?value=no-referrer-when-downgrade&destinationOrigin=https://127.0.0.1:8443/&isTestingMultipart=0"
+PASS actualReferrer is "https://127.0.0.1:8443/security/resources/serve-referrer-policy-and-test.py?value=no-referrer-when-downgrade&destinationOrigin=https://127.0.0.1:8443/&isTestingMultipart=0"
 
 Testing 'Referrer-Policy: no-referrer-when-downgrade' - referrer origin: https://127.0.0.1:8443/ - destination origin: http://127.0.0.1:8000/ - isMultipartResponse? false
 PASS actualReferrer is ""
@@ -55,7 +55,7 @@ Testing 'Referrer-Policy: same-origin' - referrer origin: https://127.0.0.1:8443
 PASS actualReferrer is ""
 
 Testing 'Referrer-Policy: same-origin' - referrer origin: https://127.0.0.1:8443/ - destination origin: https://127.0.0.1:8443/ - isMultipartResponse? false
-PASS actualReferrer is "https://127.0.0.1:8443/security/resources/serve-referrer-policy-and-test.php?value=same-origin&destinationOrigin=https://127.0.0.1:8443/&isTestingMultipart=0"
+PASS actualReferrer is "https://127.0.0.1:8443/security/resources/serve-referrer-policy-and-test.py?value=same-origin&destinationOrigin=https://127.0.0.1:8443/&isTestingMultipart=0"
 
 Testing 'Referrer-Policy: same-origin' - referrer origin: https://127.0.0.1:8443/ - destination origin: http://127.0.0.1:8000/ - isMultipartResponse? false
 PASS actualReferrer is ""
@@ -73,7 +73,7 @@ Testing 'Referrer-Policy: strict-origin-when-cross-origin' - referrer origin: ht
 PASS actualReferrer is "https://127.0.0.1:8443/"
 
 Testing 'Referrer-Policy: strict-origin-when-cross-origin' - referrer origin: https://127.0.0.1:8443/ - destination origin: https://127.0.0.1:8443/ - isMultipartResponse? false
-PASS actualReferrer is "https://127.0.0.1:8443/security/resources/serve-referrer-policy-and-test.php?value=strict-origin-when-cross-origin&destinationOrigin=https://127.0.0.1:8443/&isTestingMultipart=0"
+PASS actualReferrer is "https://127.0.0.1:8443/security/resources/serve-referrer-policy-and-test.py?value=strict-origin-when-cross-origin&destinationOrigin=https://127.0.0.1:8443/&isTestingMultipart=0"
 
 Testing 'Referrer-Policy: strict-origin-when-cross-origin' - referrer origin: https://127.0.0.1:8443/ - destination origin: http://127.0.0.1:8000/ - isMultipartResponse? false
 PASS actualReferrer is ""
@@ -82,25 +82,25 @@ Testing 'Referrer-Policy: origin-when-cross-origin' - referrer origin: https://1
 PASS actualReferrer is "https://127.0.0.1:8443/"
 
 Testing 'Referrer-Policy: origin-when-cross-origin' - referrer origin: https://127.0.0.1:8443/ - destination origin: https://127.0.0.1:8443/ - isMultipartResponse? false
-PASS actualReferrer is "https://127.0.0.1:8443/security/resources/serve-referrer-policy-and-test.php?value=origin-when-cross-origin&destinationOrigin=https://127.0.0.1:8443/&isTestingMultipart=0"
+PASS actualReferrer is "https://127.0.0.1:8443/security/resources/serve-referrer-policy-and-test.py?value=origin-when-cross-origin&destinationOrigin=https://127.0.0.1:8443/&isTestingMultipart=0"
 
 Testing 'Referrer-Policy: origin-when-cross-origin' - referrer origin: https://127.0.0.1:8443/ - destination origin: http://127.0.0.1:8000/ - isMultipartResponse? false
 PASS actualReferrer is "https://127.0.0.1:8443/"
 
 Testing 'Referrer-Policy: invalid' - referrer origin: https://127.0.0.1:8443/ - destination origin: https://localhost:8443/ - isMultipartResponse? false
-PASS actualReferrer is "https://127.0.0.1:8443/security/resources/serve-referrer-policy-and-test.php?value=invalid&destinationOrigin=https://localhost:8443/&isTestingMultipart=0"
+PASS actualReferrer is "https://127.0.0.1:8443/security/resources/serve-referrer-policy-and-test.py?value=invalid&destinationOrigin=https://localhost:8443/&isTestingMultipart=0"
 
 Testing 'Referrer-Policy: invalid' - referrer origin: https://127.0.0.1:8443/ - destination origin: https://127.0.0.1:8443/ - isMultipartResponse? false
-PASS actualReferrer is "https://127.0.0.1:8443/security/resources/serve-referrer-policy-and-test.php?value=invalid&destinationOrigin=https://127.0.0.1:8443/&isTestingMultipart=0"
+PASS actualReferrer is "https://127.0.0.1:8443/security/resources/serve-referrer-policy-and-test.py?value=invalid&destinationOrigin=https://127.0.0.1:8443/&isTestingMultipart=0"
 
 Testing 'Referrer-Policy: invalid' - referrer origin: https://127.0.0.1:8443/ - destination origin: http://127.0.0.1:8000/ - isMultipartResponse? false
 PASS actualReferrer is ""
 
 Testing 'Referrer-Policy: ' - referrer origin: https://127.0.0.1:8443/ - destination origin: https://localhost:8443/ - isMultipartResponse? false
-PASS actualReferrer is "https://127.0.0.1:8443/security/resources/serve-referrer-policy-and-test.php?value=&destinationOrigin=https://localhost:8443/&isTestingMultipart=0"
+PASS actualReferrer is "https://127.0.0.1:8443/security/resources/serve-referrer-policy-and-test.py?value=&destinationOrigin=https://localhost:8443/&isTestingMultipart=0"
 
 Testing 'Referrer-Policy: ' - referrer origin: https://127.0.0.1:8443/ - destination origin: https://127.0.0.1:8443/ - isMultipartResponse? false
-PASS actualReferrer is "https://127.0.0.1:8443/security/resources/serve-referrer-policy-and-test.php?value=&destinationOrigin=https://127.0.0.1:8443/&isTestingMultipart=0"
+PASS actualReferrer is "https://127.0.0.1:8443/security/resources/serve-referrer-policy-and-test.py?value=&destinationOrigin=https://127.0.0.1:8443/&isTestingMultipart=0"
 
 Testing 'Referrer-Policy: ' - referrer origin: https://127.0.0.1:8443/ - destination origin: http://127.0.0.1:8000/ - isMultipartResponse? false
 PASS actualReferrer is ""
@@ -124,19 +124,19 @@ Testing 'Referrer-Policy: origin' - referrer origin: https://127.0.0.1:8443/ - d
 PASS actualReferrer is "https://127.0.0.1:8443/"
 
 Testing 'Referrer-Policy: unsafe-url' - referrer origin: https://127.0.0.1:8443/ - destination origin: https://localhost:8443/ - isMultipartResponse? true
-PASS actualReferrer is "https://127.0.0.1:8443/security/resources/serve-referrer-policy-and-test.php?value=unsafe-url&destinationOrigin=https://localhost:8443/&isTestingMultipart=1"
+PASS actualReferrer is "https://127.0.0.1:8443/security/resources/serve-referrer-policy-and-test.py?value=unsafe-url&destinationOrigin=https://localhost:8443/&isTestingMultipart=1"
 
 Testing 'Referrer-Policy: unsafe-url' - referrer origin: https://127.0.0.1:8443/ - destination origin: https://127.0.0.1:8443/ - isMultipartResponse? true
-PASS actualReferrer is "https://127.0.0.1:8443/security/resources/serve-referrer-policy-and-test.php?value=unsafe-url&destinationOrigin=https://127.0.0.1:8443/&isTestingMultipart=1"
+PASS actualReferrer is "https://127.0.0.1:8443/security/resources/serve-referrer-policy-and-test.py?value=unsafe-url&destinationOrigin=https://127.0.0.1:8443/&isTestingMultipart=1"
 
 Testing 'Referrer-Policy: unsafe-url' - referrer origin: https://127.0.0.1:8443/ - destination origin: http://127.0.0.1:8000/ - isMultipartResponse? true
-PASS actualReferrer is "https://127.0.0.1:8443/security/resources/serve-referrer-policy-and-test.php?value=unsafe-url&destinationOrigin=http://127.0.0.1:8000/&isTestingMultipart=1"
+PASS actualReferrer is "https://127.0.0.1:8443/security/resources/serve-referrer-policy-and-test.py?value=unsafe-url&destinationOrigin=http://127.0.0.1:8000/&isTestingMultipart=1"
 
 Testing 'Referrer-Policy: no-referrer-when-downgrade' - referrer origin: https://127.0.0.1:8443/ - destination origin: https://localhost:8443/ - isMultipartResponse? true
-PASS actualReferrer is "https://127.0.0.1:8443/security/resources/serve-referrer-policy-and-test.php?value=no-referrer-when-downgrade&destinationOrigin=https://localhost:8443/&isTestingMultipart=1"
+PASS actualReferrer is "https://127.0.0.1:8443/security/resources/serve-referrer-policy-and-test.py?value=no-referrer-when-downgrade&destinationOrigin=https://localhost:8443/&isTestingMultipart=1"
 
 Testing 'Referrer-Policy: no-referrer-when-downgrade' - referrer origin: https://127.0.0.1:8443/ - destination origin: https://127.0.0.1:8443/ - isMultipartResponse? true
-PASS actualReferrer is "https://127.0.0.1:8443/security/resources/serve-referrer-policy-and-test.php?value=no-referrer-when-downgrade&destinationOrigin=https://127.0.0.1:8443/&isTestingMultipart=1"
+PASS actualReferrer is "https://127.0.0.1:8443/security/resources/serve-referrer-policy-and-test.py?value=no-referrer-when-downgrade&destinationOrigin=https://127.0.0.1:8443/&isTestingMultipart=1"
 
 Testing 'Referrer-Policy: no-referrer-when-downgrade' - referrer origin: https://127.0.0.1:8443/ - destination origin: http://127.0.0.1:8000/ - isMultipartResponse? true
 PASS actualReferrer is ""
@@ -145,7 +145,7 @@ Testing 'Referrer-Policy: same-origin' - referrer origin: https://127.0.0.1:8443
 PASS actualReferrer is ""
 
 Testing 'Referrer-Policy: same-origin' - referrer origin: https://127.0.0.1:8443/ - destination origin: https://127.0.0.1:8443/ - isMultipartResponse? true
-PASS actualReferrer is "https://127.0.0.1:8443/security/resources/serve-referrer-policy-and-test.php?value=same-origin&destinationOrigin=https://127.0.0.1:8443/&isTestingMultipart=1"
+PASS actualReferrer is "https://127.0.0.1:8443/security/resources/serve-referrer-policy-and-test.py?value=same-origin&destinationOrigin=https://127.0.0.1:8443/&isTestingMultipart=1"
 
 Testing 'Referrer-Policy: same-origin' - referrer origin: https://127.0.0.1:8443/ - destination origin: http://127.0.0.1:8000/ - isMultipartResponse? true
 PASS actualReferrer is ""
@@ -163,7 +163,7 @@ Testing 'Referrer-Policy: strict-origin-when-cross-origin' - referrer origin: ht
 PASS actualReferrer is "https://127.0.0.1:8443/"
 
 Testing 'Referrer-Policy: strict-origin-when-cross-origin' - referrer origin: https://127.0.0.1:8443/ - destination origin: https://127.0.0.1:8443/ - isMultipartResponse? true
-PASS actualReferrer is "https://127.0.0.1:8443/security/resources/serve-referrer-policy-and-test.php?value=strict-origin-when-cross-origin&destinationOrigin=https://127.0.0.1:8443/&isTestingMultipart=1"
+PASS actualReferrer is "https://127.0.0.1:8443/security/resources/serve-referrer-policy-and-test.py?value=strict-origin-when-cross-origin&destinationOrigin=https://127.0.0.1:8443/&isTestingMultipart=1"
 
 Testing 'Referrer-Policy: strict-origin-when-cross-origin' - referrer origin: https://127.0.0.1:8443/ - destination origin: http://127.0.0.1:8000/ - isMultipartResponse? true
 PASS actualReferrer is ""
@@ -172,25 +172,25 @@ Testing 'Referrer-Policy: origin-when-cross-origin' - referrer origin: https://1
 PASS actualReferrer is "https://127.0.0.1:8443/"
 
 Testing 'Referrer-Policy: origin-when-cross-origin' - referrer origin: https://127.0.0.1:8443/ - destination origin: https://127.0.0.1:8443/ - isMultipartResponse? true
-PASS actualReferrer is "https://127.0.0.1:8443/security/resources/serve-referrer-policy-and-test.php?value=origin-when-cross-origin&destinationOrigin=https://127.0.0.1:8443/&isTestingMultipart=1"
+PASS actualReferrer is "https://127.0.0.1:8443/security/resources/serve-referrer-policy-and-test.py?value=origin-when-cross-origin&destinationOrigin=https://127.0.0.1:8443/&isTestingMultipart=1"
 
 Testing 'Referrer-Policy: origin-when-cross-origin' - referrer origin: https://127.0.0.1:8443/ - destination origin: http://127.0.0.1:8000/ - isMultipartResponse? true
 PASS actualReferrer is "https://127.0.0.1:8443/"
 
 Testing 'Referrer-Policy: invalid' - referrer origin: https://127.0.0.1:8443/ - destination origin: https://localhost:8443/ - isMultipartResponse? true
-PASS actualReferrer is "https://127.0.0.1:8443/security/resources/serve-referrer-policy-and-test.php?value=invalid&destinationOrigin=https://localhost:8443/&isTestingMultipart=1"
+PASS actualReferrer is "https://127.0.0.1:8443/security/resources/serve-referrer-policy-and-test.py?value=invalid&destinationOrigin=https://localhost:8443/&isTestingMultipart=1"
 
 Testing 'Referrer-Policy: invalid' - referrer origin: https://127.0.0.1:8443/ - destination origin: https://127.0.0.1:8443/ - isMultipartResponse? true
-PASS actualReferrer is "https://127.0.0.1:8443/security/resources/serve-referrer-policy-and-test.php?value=invalid&destinationOrigin=https://127.0.0.1:8443/&isTestingMultipart=1"
+PASS actualReferrer is "https://127.0.0.1:8443/security/resources/serve-referrer-policy-and-test.py?value=invalid&destinationOrigin=https://127.0.0.1:8443/&isTestingMultipart=1"
 
 Testing 'Referrer-Policy: invalid' - referrer origin: https://127.0.0.1:8443/ - destination origin: http://127.0.0.1:8000/ - isMultipartResponse? true
 PASS actualReferrer is ""
 
 Testing 'Referrer-Policy: ' - referrer origin: https://127.0.0.1:8443/ - destination origin: https://localhost:8443/ - isMultipartResponse? true
-PASS actualReferrer is "https://127.0.0.1:8443/security/resources/serve-referrer-policy-and-test.php?value=&destinationOrigin=https://localhost:8443/&isTestingMultipart=1"
+PASS actualReferrer is "https://127.0.0.1:8443/security/resources/serve-referrer-policy-and-test.py?value=&destinationOrigin=https://localhost:8443/&isTestingMultipart=1"
 
 Testing 'Referrer-Policy: ' - referrer origin: https://127.0.0.1:8443/ - destination origin: https://127.0.0.1:8443/ - isMultipartResponse? true
-PASS actualReferrer is "https://127.0.0.1:8443/security/resources/serve-referrer-policy-and-test.php?value=&destinationOrigin=https://127.0.0.1:8443/&isTestingMultipart=1"
+PASS actualReferrer is "https://127.0.0.1:8443/security/resources/serve-referrer-policy-and-test.py?value=&destinationOrigin=https://127.0.0.1:8443/&isTestingMultipart=1"
 
 Testing 'Referrer-Policy: ' - referrer origin: https://127.0.0.1:8443/ - destination origin: http://127.0.0.1:8000/ - isMultipartResponse? true
 PASS actualReferrer is ""
index 0a14bc34d55adb398e647006f16447a3863aacc6..edf4fcf75a12671b1666b29f42640adaddd0b5d5 100644 (file)
@@ -53,7 +53,7 @@ let isTestingMultipart = false;
 onmessage = (msg) => {
     actualReferrer = msg.data;
     if (currentTest[1] === fullSourceURL)
-        shouldBeEqualToString("actualReferrer", sourceOrigin + "security/resources/serve-referrer-policy-and-test.php?value=" + currentTest[0] + "&destinationOrigin=" + currentTest[2] + "&isTestingMultipart=" + (isTestingMultipart ? "1" : "0"));
+        shouldBeEqualToString("actualReferrer", sourceOrigin + "security/resources/serve-referrer-policy-and-test.py?value=" + currentTest[0] + "&destinationOrigin=" + currentTest[2] + "&isTestingMultipart=" + (isTestingMultipart ? "1" : "0"));
     else
         shouldBeEqualToString("actualReferrer", "" + currentTest[1]);
     debug("");
@@ -78,7 +78,7 @@ function runNextTest()
     currentTest = tests[currentTestIndex];
     debug("Testing 'Referrer-Policy: " + currentTest[0] + "' - referrer origin: " + sourceOrigin + " - destination origin: " + currentTest[2] + " - isMultipartResponse? " + isTestingMultipart);
     frame = document.createElement("iframe");
-    frame.src = sourceOrigin + "security/resources/serve-referrer-policy-and-test.php?value=" + currentTest[0] + "&destinationOrigin=" + currentTest[2] + "&isTestingMultipart=" + (isTestingMultipart ? "1" : "0");
+    frame.src = sourceOrigin + "security/resources/serve-referrer-policy-and-test.py?value=" + currentTest[0] + "&destinationOrigin=" + currentTest[2] + "&isTestingMultipart=" + (isTestingMultipart ? "1" : "0");
     document.body.appendChild(frame);    
 }
 
diff --git a/LayoutTests/http/tests/security/resources/basic-auth.php b/LayoutTests/http/tests/security/resources/basic-auth.php
deleted file mode 100644 (file)
index f6a6f5b..0000000
+++ /dev/null
@@ -1,16 +0,0 @@
-<?php
-$expectedUsername = isset($_GET['username']) ? $_GET['username'] : 'username';
-$expectedPassword = isset($_GET['password']) ? $_GET['password'] : 'password';
-$realm = isset($_GET['realm']) ? $_GET['realm'] : $_SERVER['REQUEST_URI'];
-
-header("Cache-Control: no-store");
-header("Connection: close");
-if (!isset($_SERVER['PHP_AUTH_USER']) || $_SERVER['PHP_AUTH_USER'] != $expectedUsername ||  
-    !isset($_SERVER['PHP_AUTH_PW']) || $_SERVER['PHP_AUTH_PW'] != $expectedPassword) {
-    header("WWW-Authenticate: Basic realm=\"" . $realm . "\"");
-    header('HTTP/1.0 401 Unauthorized');
-    print 'Sent username:password of (' . $_SERVER['PHP_AUTH_USER'] . ':' . $_SERVER['PHP_AUTH_PW'] . ') which is not what was expected';
-    exit;
-}
-?>
-Authenticated as user: <?php print (string)$_SERVER['PHP_AUTH_USER']?> password: <?php print (string)$_SERVER['PHP_AUTH_PW']?>
diff --git a/LayoutTests/http/tests/security/resources/basic-auth.py b/LayoutTests/http/tests/security/resources/basic-auth.py
new file mode 100755 (executable)
index 0000000..535c08b
--- /dev/null
@@ -0,0 +1,31 @@
+#!/usr/bin/env python3
+
+import base64
+import os
+import sys
+from urllib.parse import parse_qs
+
+credentials = base64.b64decode(os.environ.get('HTTP_AUTHORIZATION', ' Og==').split(' ')[1]).decode().split(':')
+username = credentials[0]
+password = ':'.join(credentials[1:])
+
+query = parse_qs(os.environ.get('QUERY_STRING', ''), keep_blank_values=True)
+expected_username = query.get('username', ['username'])[0]
+expected_password = query.get('password', ['password'])[0]
+realm = query.get('realm', [os.environ.get('REQUEST_URI', '')])[0]
+
+sys.stdout.write(
+    'Cache-Control: no-store\r\n'
+    'Connection: close\r\n'
+    'Content-Type: text/html\r\n'
+)
+
+if username != expected_username or password != expected_password:
+    sys.stdout.write(
+        'WWW-Authenticate: Basic realm="{}"\r\n'
+        'status: 401\r\n\r\n'
+        'Sent username:password of ({}:{}) which is not what was expected'.format(realm, username, password)
+    )
+    sys.exit(0)
+
+sys.stdout.write('\r\nAuthenticated as user: {} password: {}'.format(username, password))
diff --git a/LayoutTests/http/tests/security/resources/cors-basic-auth.php b/LayoutTests/http/tests/security/resources/cors-basic-auth.php
deleted file mode 100644 (file)
index 461e608..0000000
+++ /dev/null
@@ -1,11 +0,0 @@
-<?php
-    header('Access-Control-Allow-Origin: *');
-    if (!isset($_SERVER['PHP_AUTH_USER']) || !isset($_SERVER['PHP_AUTH_PW'])) {
-        header('WWW-Authenticate: Basic realm="WebKit Test Realm"');
-        header('HTTP/1.0 401 Unauthorized');
-        echo 'Authentication canceled';
-        exit;
-    } else {
-        echo "User: {$_SERVER['PHP_AUTH_USER']}, password: {$_SERVER['PHP_AUTH_PW']}.";
-    }
-?>
diff --git a/LayoutTests/http/tests/security/resources/cors-basic-auth.py b/LayoutTests/http/tests/security/resources/cors-basic-auth.py
new file mode 100755 (executable)
index 0000000..1b3a73f
--- /dev/null
@@ -0,0 +1,24 @@
+#!/usr/bin/env python3
+
+import base64
+import os
+import sys
+
+credentials = base64.b64decode(os.environ.get('HTTP_AUTHORIZATION', ' Og==').split(' ')[1]).decode().split(':')
+username = credentials[0]
+password = ':'.join(credentials[1:])
+
+sys.stdout.write(
+    'Access-Control-Allow-Origin: *\r\n'
+    'Content-Type: text/html\r\n'
+)
+
+if not username or not password:
+    sys.stdout.write(
+        'WWW-Authenticate: Basic realm="WebKit Test Realm"\r\n'
+        'status: 401\r\n\r\n'
+        'Authentication canceled'
+    )
+    sys.exit(0)
+
+sys.stdout.write('\r\nUser: {}, password: {}.'.format(username, password))
diff --git a/LayoutTests/http/tests/security/resources/cors-script.php b/LayoutTests/http/tests/security/resources/cors-script.php
deleted file mode 100755 (executable)
index d0b3297..0000000
+++ /dev/null
@@ -1,17 +0,0 @@
-<?php
-header("Access-Control-Allow-Origin: http://127.0.0.1:8000");
-header("Content-Type: application/javascript");
-
-if (isset($_GET["credentials"])) {
-    if (strtolower($_GET["credentials"]) == "true") {
-        header("Access-Control-Allow-Credentials: true");
-    } else {
-        header("Access-Control-Allow-Credentials: false");
-    }
-}
-
-if (strtolower($_GET["fail"]) == "true")
-    echo "throw({toString: function(){ return 'SomeError' }});";
-else
-    echo "alert('script ran.');";
-?>
diff --git a/LayoutTests/http/tests/security/resources/cors-script.py b/LayoutTests/http/tests/security/resources/cors-script.py
new file mode 100755 (executable)
index 0000000..18675d9
--- /dev/null
@@ -0,0 +1,27 @@
+#!/usr/bin/env python3
+
+import os
+import sys
+from urllib.parse import parse_qs
+
+query = parse_qs(os.environ.get('QUERY_STRING', ''), keep_blank_values=True)
+credentials = query.get('credentials', [None])[0]
+fail = query.get('fail', [None])[0]
+
+sys.stdout.write(
+    'Access-Control-Allow-Origin: http://127.0.0.1:8000\r\n'
+    'Content-Type: application/javascript\r\n'
+)
+
+if credentials is not None:
+    if credentials.lower() == 'true':
+        sys.stdout.write('Access-Control-Allow-Credentials: true\r\n')
+    else:
+        sys.stdout.write('Access-Control-Allow-Credentials: false\r\n')
+
+sys.stdout.write('\r\n')
+
+if fail is not None and fail.lower() == 'true':
+    sys.stdout.write('throw({toString: function(){ return \'SomeError\' }});')
+else:
+    sys.stdout.write('alert(\'script ran.\');')
index 83a1922b43081a801ac560b13042d2439126f589..8d39e9b7b71305ade52d37c1d5a4b60e469f4074 100644 (file)
@@ -8,6 +8,6 @@ request.onreadystatechange = function () {
         window.open('http://localhost:8000/security/resources/credentials-from-different-domains-continued-2.html');
     }
 };
-request.open('GET', 'http://127.0.0.1:8000/security/resources/cors-basic-auth.php', true);
+request.open('GET', 'http://127.0.0.1:8000/security/resources/cors-basic-auth.py', true);
 request.send();
 </script>
index 4c9fc6dd52e16f04a70bd5b4a030dc55d3803a5e..4fb572a5cd4112c66f35f809de96ec317ddf39ed 100644 (file)
@@ -7,6 +7,6 @@ request.onreadystatechange = function () {
             testRunner.notifyDone();
     }
 };
-request.open('GET', 'http://127.0.0.1:8000/security/resources/cors-basic-auth.php', true);
+request.open('GET', 'http://127.0.0.1:8000/security/resources/cors-basic-auth.py', true);
 request.send();
 </script>