blob: c95e0b50778f74895eaf928824a38b1fa9692735 [file] [log] [blame]
CONSOLE MESSAGE: Refused to execute a script because its hash, its nonce, or 'unsafe-inline' does not appear in the script-src directive of the Content Security Policy.
This tests that the status-code is 0 in the Content Security Policy violation report for a protected resource delivered over HTTPS.
--------
Frame: '<!--frame1-->'
--------
CSP report received:
CONTENT_TYPE: application/csp-report
HTTP_HOST: 127.0.0.1:8443
HTTP_REFERER: https://127.0.0.1:8443/security/contentSecurityPolicy/resources/generate-csp-report.php?test=/security/contentSecurityPolicy/report-status-code-zero-when-using-https.html
REQUEST_METHOD: POST
REQUEST_URI: /security/contentSecurityPolicy/resources/save-report.php?test=/security/contentSecurityPolicy/report-status-code-zero-when-using-https.html
=== POST DATA ===
{"csp-report":{"document-uri":"https://127.0.0.1:8443/security/contentSecurityPolicy/resources/generate-csp-report.php?test=/security/contentSecurityPolicy/report-status-code-zero-when-using-https.html","referrer":"http://127.0.0.1:8000/security/contentSecurityPolicy/report-status-code-zero-when-using-https.html","violated-directive":"script-src 'self'","effective-directive":"script-src","original-policy":"script-src 'self'; report-uri save-report.php?test=/security/contentSecurityPolicy/report-status-code-zero-when-using-https.html","blocked-uri":"","status-code":0}}