library-mirrors/jquery
1
0
Fork 0
mirror of https://github.com/jquery/jquery.git synced 2024-11-23 02:54:22 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Add more thorough check for CSP violations

Browse Source
This commit is contained in:
Oleg 2013-10-30 16:20:38 +04:00
parent c66a5e70f2
commit ee0d0e6e3f
5 changed files with 27 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
test/data/support/csp-clean.php Normal file
View File

@ -0,0 +1,3 @@
<?php
file_put_contents("csp.log", "", LOCK_EX);
?>

3
test/data/support/csp-log.php Normal file
View File

@ -0,0 +1,3 @@
<?php
file_put_contents("csp.log", "error", LOCK_EX);
?>

0
test/data/support/csp.log Executable file
View File

11
test/data/support/csp.php
View File

@ -1,12 +1,7 @@
<?php
# Support: Firefox
header("X-Content-Security-Policy: default-src 'self';");
# Support: Webkit, Safari 5
# http://stackoverflow.com/questions/13663302/why-does-my-content-security-policy-work-everywhere-but-safari
header("X-WebKit-CSP: script-src " . $_SERVER["HTTP_HOST"] . " 'self'");
header("Content-Security-Policy: default-src 'self'");
# This test page checkes CSP only for browsers with "Content-Security-Policy" header support
# i.e. no old WebKit or old Firefox
header("Content-Security-Policy: default-src 'self'; report-uri csp-log.php");
?>
<!DOCTYPE html>
<html>

32
test/unit/support.js
View File

@ -30,6 +30,24 @@ if ( jQuery.css ) {
});
}
// This test checkes CSP only for browsers with "Content-Security-Policy" header support
// i.e. no old WebKit or old Firefox
testIframeWithCallback( "Check CSP (https://developer.mozilla.org/en-US/docs/Security/CSP) restrictions",
"support/csp.php",
function( support ) {
expect( 2 );
deepEqual( jQuery.extend( {}, support ), computedSupport, "No violations of CSP polices" );
stop();
supportjQuery.get( "data/support/csp.log" ).done(function( data ) {
equal( data, "", "No log request should be sent" );
supportjQuery.get( "data/support/csp-clean.php" ).done( start );
});
}
);
(function() {
var expected, version,
userAgent = window.navigator.userAgent;
@ -175,17 +193,3 @@ if ( jQuery.css ) {
}
})();
// Support: Safari 5.1
// Shameless browser-sniff, but Safari 5.1 mishandles CSP
if ( !( typeof navigator !== "undefined" &&
(/ AppleWebKit\/\d.*? Version\/(\d+)/.exec(navigator.userAgent) || [])[1] < 6 ) ) {
testIframeWithCallback( "Check CSP (https://developer.mozilla.org/en-US/docs/Security/CSP) restrictions",
"support/csp.php",
function( support ) {
expect( 1 );
deepEqual( jQuery.extend( {}, support ), computedSupport, "No violations of CSP polices" );
}
);
}