3 files changed, 20 insertions, 1 deletions

diff --git a/test/data/csp-nonce-globaleval.html b/test/data/csp-nonce-globaleval.html
new file mode 100644
index 000000000..aa620c566
--- /dev/null
+++ b/test/data/csp-nonce-globaleval.html
@@ -0,0 +1,13 @@
+<!DOCTYPE html>
+<html>
+<head>
+	<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+	<title>CSP nonce via jQuery.globalEval Test Page</title>
+	<script nonce="jquery+hardcoded+nonce" src="../jquery.js"></script>
+	<script nonce="jquery+hardcoded+nonce" src="iframeTest.js"></script>
+	<script nonce="jquery+hardcoded+nonce" src="csp-nonce-globaleval.js"></script>
+</head>
+<body>
+	<p>CSP nonce via jQuery.globalEval Test Page</p>
+</body>
+</html>
diff --git a/test/data/csp-nonce-globaleval.js b/test/data/csp-nonce-globaleval.js
new file mode 100644
index 000000000..23d549fd6
--- /dev/null
+++ b/test/data/csp-nonce-globaleval.js
@@ -0,0 +1,5 @@
+/* global startIframeTest */
+
+jQuery( function() {
+	$.globalEval( "startIframeTest()", { nonce: "jquery+hardcoded+nonce" } );
+} );
diff --git a/test/data/mock.php b/test/data/mock.php
index 7e6aa1bec..52de8ae9d 100644
--- a/test/data/mock.php
+++ b/test/data/mock.php
@@ -201,9 +201,10 @@ ok( true, "mock executed");';
 	protected function cspNonce( $req ) {
 		// This is CSP only for browsers with "Content-Security-Policy" header support
 		// i.e. no old WebKit or old Firefox
+		$test = $req->query['test'] ? '-' . $req->query['test'] : '';
 		header( "Content-Security-Policy: script-src 'nonce-jquery+hardcoded+nonce'; report-uri ./mock.php?action=cspLog" );
 		header( 'Content-type: text/html' );
-		echo file_get_contents( __DIR__ . '/csp-nonce.html' );
+		echo file_get_contents( __DIR__ . '/csp-nonce' . $test . '.html' );
 	}
 
 	protected function cspLog( $req ) {