From: Oleg Date: Wed, 30 Oct 2013 12:20:38 +0000 (+0400) Subject: Add more thorough check for CSP violations X-Git-Tag: 2.1.0-beta2~34 X-Git-Url: https://source.dussan.org/?a=commitdiff_plain;h=ee0d0e6e3f3773d15d3b9c3d654a05cbb914d7ab;p=jquery.git Add more thorough check for CSP violations --- diff --git a/test/data/support/csp-clean.php b/test/data/support/csp-clean.php new file mode 100644 index 000000000..e16d047a3 --- /dev/null +++ b/test/data/support/csp-clean.php @@ -0,0 +1,3 @@ + diff --git a/test/data/support/csp-log.php b/test/data/support/csp-log.php new file mode 100644 index 000000000..efbb9d7bc --- /dev/null +++ b/test/data/support/csp-log.php @@ -0,0 +1,3 @@ + diff --git a/test/data/support/csp.log b/test/data/support/csp.log new file mode 100755 index 000000000..e69de29bb diff --git a/test/data/support/csp.php b/test/data/support/csp.php index b21ce0f74..d01def783 100644 --- a/test/data/support/csp.php +++ b/test/data/support/csp.php @@ -1,12 +1,7 @@ diff --git a/test/unit/support.js b/test/unit/support.js index 08685def1..965ea4cdd 100644 --- a/test/unit/support.js +++ b/test/unit/support.js @@ -30,6 +30,24 @@ if ( jQuery.css ) { }); } + +// This test checkes CSP only for browsers with "Content-Security-Policy" header support +// i.e. no old WebKit or old Firefox +testIframeWithCallback( "Check CSP (https://developer.mozilla.org/en-US/docs/Security/CSP) restrictions", + "support/csp.php", + function( support ) { + expect( 2 ); + deepEqual( jQuery.extend( {}, support ), computedSupport, "No violations of CSP polices" ); + + stop(); + + supportjQuery.get( "data/support/csp.log" ).done(function( data ) { + equal( data, "", "No log request should be sent" ); + supportjQuery.get( "data/support/csp-clean.php" ).done( start ); + }); + } +); + (function() { var expected, version, userAgent = window.navigator.userAgent; @@ -175,17 +193,3 @@ if ( jQuery.css ) { } })(); - -// Support: Safari 5.1 -// Shameless browser-sniff, but Safari 5.1 mishandles CSP -if ( !( typeof navigator !== "undefined" && - (/ AppleWebKit\/\d.*? Version\/(\d+)/.exec(navigator.userAgent) || [])[1] < 6 ) ) { - - testIframeWithCallback( "Check CSP (https://developer.mozilla.org/en-US/docs/Security/CSP) restrictions", - "support/csp.php", - function( support ) { - expect( 1 ); - deepEqual( jQuery.extend( {}, support ), computedSupport, "No violations of CSP polices" ); - } - ); -}