security-and-privacy/CanvasBlocker
security-and-privacy/CanvasBlocker
1
0
Fork 0
mirror of https://github.com/kkapsner/CanvasBlocker synced 2024-12-22 04:40:20 +01:00
Code Releases Activity

Added 304 test

Browse Source 
For #577
This commit is contained in:
kkapsner 2021-09-08 23:09:08 +02:00
parent 8e4a881288
commit 2f6ca07bba
2 changed files with 20 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
test/cspTest.js
View File

@ -18,4 +18,11 @@ addLine("window name after set: " + window.name);
const hashValue = await testAPI.hash(canvasAPI.fingerprint(window).url);
addLine("canvas hash: " + hashValue);
}());
}());
document.getElementById("reloadWith304").addEventListener("click", function(){
"use strict";
document.cookie = "304=1";
location.reload();
});

14
test/cspTest.php
View File

@ -1,6 +1,12 @@
<?php
header("Content-Security-Policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'");
if (array_key_exists("304", $_COOKIE)){
http_response_code(304);
setcookie("304", "", time() - 1000);
die();
}
else {
header("Content-Security-Policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'");
}
?>
<!DOCTYPE html>
@ -18,11 +24,15 @@ header("Content-Security-Policy: default-src 'none'; img-src 'self'; script-src
<ul>
<li>if the window API protection is active the window name at start is always empty</li>
<li>the canvas hash changes upon reload (depending on CanvasBlocker settings - e.g. not in the stealth preset)</li>
<li>there is no line saying "THIS SHOULD NOT BE VISIBLE!" when reloading with <a id="reloadWith304" href="">this</a> link</li>
</ul>
<h2>Tests</h2>
<div id="results"></div>
<script src="testAPI.js"></script>
<script src="canvasAPI.js"></script>
<script src="cspTest.js"></script>
<script>
addLine("THIS SHOULD NOT BE VISIBLE!");
</script>
</body>
</html>