(function () {
var i, eventName,
- div = document.createElement("div" );
+ div = document.createElement( "div" );
- // Support: IE<9 (lack submit/change bubble), Firefox 17+ (lack focusin event)
- // Beware of CSP restrictions (https://developer.mozilla.org/en/Security/CSP)
+ // Support: IE<9 (lack submit/change bubble), Firefox 23+ (lack focusin event)
for ( i in { submit: true, change: true, focusin: true }) {
- div.setAttribute( eventName = "on" + i, "t" );
+ eventName = "on" + i;
- support[ i + "Bubbles" ] = eventName in window || div.attributes[ eventName ].expando === false;
+ if ( !(support[ i + "Bubbles" ] = eventName in window) ) {
+ // Beware of CSP restrictions (https://developer.mozilla.org/en/Security/CSP)
+ div.setAttribute( eventName, "t" );
+ support[ i + "Bubbles" ] = div.attributes[ eventName ].expando === false;
+ }
}
// Null elements to avoid leaks in IE.
--- /dev/null
+<?php
+ file_put_contents("csp.log", "", LOCK_EX);
+?>
--- /dev/null
+<?php
+ file_put_contents("csp.log", "error", LOCK_EX);
+?>
<?php
- # Support: Firefox
- header("X-Content-Security-Policy: default-src 'self';");
-
- # Support: Webkit, Safari 5
- # http://stackoverflow.com/questions/13663302/why-does-my-content-security-policy-work-everywhere-but-safari
- header("X-WebKit-CSP: script-src " . $_SERVER["HTTP_HOST"] . " 'self'");
-
- header("Content-Security-Policy: default-src 'self'");
+ # This test page checkes CSP only for browsers with "Content-Security-Policy" header support
+ # i.e. no old WebKit or old Firefox
+ header("Content-Security-Policy: default-src 'self'; report-uri csp-log.php");
?>
<!DOCTYPE html>
<html>
strictEqual( shrinkWrapBlocks, computedSupport.shrinkWrapBlocks, "jQuery.support.shrinkWrapBlocks properties are the same" );
});
+
+// This test checkes CSP only for browsers with "Content-Security-Policy" header support
+// i.e. no old WebKit or old Firefox
+testIframeWithCallback( "Check CSP (https://developer.mozilla.org/en-US/docs/Security/CSP) restrictions",
+ "support/csp.php",
+ function( support ) {
+ expect( 2 );
+ deepEqual( jQuery.extend( {}, support ), computedSupport, "No violations of CSP polices" );
+
+ stop();
+
+ supportjQuery.get( "data/support/csp.log" ).done(function( data ) {
+ equal( data, "", "No log request should be sent" );
+ supportjQuery.get( "data/support/csp-clean.php" ).done( start );
+ });
+ }
+);
+
(function() {
var expected, version,
userAgent = window.navigator.userAgent;
}
})();
-
-// Support: Safari 5.1
-// Shameless browser-sniff, but Safari 5.1 mishandles CSP
-if ( !( typeof navigator !== "undefined" &&
- (/ AppleWebKit\/\d.*? Version\/(\d+)/.exec(navigator.userAgent) || [])[1] < 6 ) ) {
-
- testIframeWithCallback( "Check CSP (https://developer.mozilla.org/en-US/docs/Security/CSP) restrictions",
- "support/csp.php",
- function( support ) {
- expect( 1 );
- deepEqual( jQuery.extend( {}, support ), computedSupport, "No violations of CSP polices" );
- }
- );
-}
projects / jquery.git / commitdiff