-
Notifications
You must be signed in to change notification settings - Fork 83
Closed
web-platform-tests/wpt
#51522Description
Looking for "Content-Security-Policy-Report-Only", I can't find any test related to workers:
find -type f | xargs grep 'Content-Security-Policy-Report-Only'
./trusted-types-reporting.html.headers:Content-Security-Policy-Report-Only: trusted-types two; report-uri /content-security-policy/resources/dummy-report.php
./trusted-types-reporting-check-report.html.sub.headers:Content-Security-Policy-Report-Only: trusted-types one two; report-uri /reporting/resources/report.py?op=put&reportID={{$id}}
./trusted-types-eval-reporting-report-only.html: // Content-Security-Policy-Report-Only: require-trusted-types-for 'script'
./trusted-types-report-only.html.headers:Content-Security-Policy-Report-Only: trusted-types two; report-uri /content-security-policy/resources/dummy-report.php; require-trusted-types-for 'script';
./trusted-types-duplicate-names-list-report-only.html.headers:Content-Security-Policy-Report-Only: trusted-types a b c
./support/navigation-report-only-support.html.headers:Content-Security-Policy-Report-Only: require-trusted-types-for 'script';
./trusted-types-report-only.html: // Content-Security-Policy-Report-Only: trusted-types ...; report-uri ...
./no-require-trusted-types-for-report-only.html.headers:Content-Security-Policy-Report-Only: require-trusted-types-for 'script'
./trusted-types-reporting-check-report.html: Content-Security-Policy-Report-Only: \
./empty-default-policy-report-only.html.headers:Content-Security-Policy-Report-Only: require-trusted-types-for 'script';
./require-trusted-types-for-report-only.html.headers:Content-Security-Policy-Report-Only: require-trusted-types-for 'script'
./trusted-types-duplicate-names-list-report-only.html:// Content-Security-Policy-Report-Only: trusted-types a b c
./default-policy-report-only.html.headers:Content-Security-Policy-Report-Only: require-trusted-types-for 'script';
./trusted-types-eval-reporting-report-only.html.headers:Content-Security-Policy-Report-Only: require-trusted-types-for 'script'
./trusted-types-reporting.html: // Content-Security-Policy-Report-Only: trusted-types two; report-uri ...
This is used for the following algorithms:
- https://w3c.github.io/trusted-types/dist/spec/#does-sink-require-trusted-types (only when includeReportOnlyPolicies=false, which is needed for Add
trusted-types-eval
source expression forscript-src
webappsec-csp#665) - https://w3c.github.io/trusted-types/dist/spec/#should-block-sink-type-mismatch
- https://w3c.github.io/trusted-types/dist/spec/#should-block-create-policy
Metadata
Metadata
Assignees
Labels
No labels