1
0
mirror of https://github.com/kkapsner/CanvasBlocker synced 2024-11-13 08:38:53 +01:00
CanvasBlocker/test/cspTest.php

38 lines
1.1 KiB
PHP
Raw Normal View History

2019-12-14 21:22:18 +01:00
<?php
2021-09-08 23:09:08 +02:00
if (array_key_exists("304", $_COOKIE)){
http_response_code(304);
setcookie("304", "", time() - 1000);
die();
}
else {
header("Content-Security-Policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'");
}
2019-12-14 21:22:18 +01:00
?>
<!DOCTYPE html>
<html>
<head>
<title>CSP test</title>
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<link href="testIcon.svg" type="image/png" rel="icon">
<link href="testIcon.svg" type="image/png" rel="shortcut icon">
2020-11-21 13:58:32 +01:00
<link rel="stylesheet" href="../default.css" type="text/css">
2019-12-14 21:22:18 +01:00
</head>
<body>
<h1>CSP test</h1>
<h2>Expected result</h2>
<ul>
<li>if the window API protection is active the window name at start is always empty</li>
<li>the canvas hash changes upon reload (depending on CanvasBlocker settings - e.g. not in the stealth preset)</li>
2021-09-08 23:09:08 +02:00
<li>there is no line saying "THIS SHOULD NOT BE VISIBLE!" when reloading with <a id="reloadWith304" href="">this</a> link</li>
2019-12-14 21:22:18 +01:00
</ul>
<h2>Tests</h2>
<div id="results"></div>
2020-01-06 15:15:04 +01:00
<script src="testAPI.js"></script>
<script src="canvasAPI.js"></script>
2019-12-14 21:22:18 +01:00
<script src="cspTest.js"></script>
2021-09-08 23:09:08 +02:00
<script>
addLine("THIS SHOULD NOT BE VISIBLE!");
</script>
2019-12-14 21:22:18 +01:00
</body>
</html>