| CONSOLE MESSAGE: The Content Security Policy 'script-src 'sha256-AJqUvsXuHfMNXALcBPVqeiKkFk8OLvn3U7ksHP/QQ90=' 'nonce-dump-as-text'' was delivered in report-only mode, but does not specify a 'report-uri'; the policy will have no effect. Please either add a 'report-uri' directive, or deliver the policy via the 'Content-Security-Policy' header. |
| CONSOLE MESSAGE: Refused to execute a script because its hash, its nonce, or 'unsafe-inline' does not appear in the script-src directive of the Content Security Policy. |
| CONSOLE MESSAGE: The Content Security Policy 'script-src 'sha256-AJqUvsXuHfMNXALcBPVqeiKkFk8OLvn3U7ksHP/QQ90=' 'nonce-dump-as-text'' was delivered in report-only mode, but does not specify a 'report-uri'; the policy will have no effect. Please either add a 'report-uri' directive, or deliver the policy via the 'Content-Security-Policy' header. |
| PASS did not execute script. |
| |
| |
| |
| -------- |
| Frame: '<!--frame1-->' |
| -------- |
| CSP report received: |
| CONTENT_TYPE: application/csp-report |
| HTTP_HOST: 127.0.0.1:8000 |
| HTTP_REFERER: http://127.0.0.1:8000/security/contentSecurityPolicy/1.1/scripthash-blocked-by-enforced-policy-and-allowed-by-report-policy.py |
| REQUEST_METHOD: POST |
| REQUEST_URI: /security/contentSecurityPolicy/resources/save-report.py?test=/security/contentSecurityPolicy/1.1/scripthash-blocked-by-enforced-policy-and-allowed-by-report-policy.py |
| === POST DATA === |
| {"csp-report":{"document-uri":"http://127.0.0.1:8000/security/contentSecurityPolicy/1.1/scripthash-blocked-by-enforced-policy-and-allowed-by-report-policy.py","referrer":"","violated-directive":"script-src-elem","effective-directive":"script-src-elem","original-policy":"script-src 'sha256-33badf00d3badf00d3badf00d3badf00d3badf00d33=' 'nonce-dump-as-text'; report-uri ../resources/save-report.py?test=/security/contentSecurityPolicy/1.1/scripthash-blocked-by-enforced-policy-and-allowed-by-report-policy.py","blocked-uri":"inline","status-code":200}} |
