Mercurial > hg

annotate tests/test-hgweb-csp.t @ 31975:76169296e52f

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
obsolescence: add test for the "branch replacement" logic during push, case A2 Mercurial checks for the introduction of new heads on push. Evolution comes into play to detect if existing branches on the server are being replaced by some of the new one we push. The current code for this logic is very basic (eg: issue4354) and was poorly tested. We have a better implementation coming in the evolve extension fixing these issues and with more serious tests coverage. In the process of upstreaming this improved logic, we start with adding the test case that are already passing with the current implementation. Once they are all in, we'll upstream the better implementation and the extra test case. See inline documentation for details about the test case added in this changeset.
author Pierre-Yves David <pierre-yves.david@ens-lyon.org>
date Thu, 13 Apr 2017 16:23:01 +0200
parents d7bf7d2bd5ab
children a6d95a8b7243
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
30766
d7bf7d2bd5ab hgweb: support Content Security Policy
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
1 #require serve
d7bf7d2bd5ab hgweb: support Content Security Policy
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
2
d7bf7d2bd5ab hgweb: support Content Security Policy
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
3 $ cat > web.conf << EOF
d7bf7d2bd5ab hgweb: support Content Security Policy
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
4 > [paths]
d7bf7d2bd5ab hgweb: support Content Security Policy
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
5 > / = $TESTTMP/*
d7bf7d2bd5ab hgweb: support Content Security Policy
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
6 > EOF
d7bf7d2bd5ab hgweb: support Content Security Policy
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
7
d7bf7d2bd5ab hgweb: support Content Security Policy
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
8 $ hg init repo1
d7bf7d2bd5ab hgweb: support Content Security Policy
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
9 $ cd repo1
d7bf7d2bd5ab hgweb: support Content Security Policy
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
10 $ touch foo
d7bf7d2bd5ab hgweb: support Content Security Policy
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
11 $ hg -q commit -A -m initial
d7bf7d2bd5ab hgweb: support Content Security Policy
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
12 $ cd ..
d7bf7d2bd5ab hgweb: support Content Security Policy
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
13
d7bf7d2bd5ab hgweb: support Content Security Policy
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
14 $ hg serve -p $HGPORT -d --pid-file=hg.pid --web-conf web.conf
d7bf7d2bd5ab hgweb: support Content Security Policy
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
15 $ cat hg.pid >> $DAEMON_PIDS
d7bf7d2bd5ab hgweb: support Content Security Policy
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
16
d7bf7d2bd5ab hgweb: support Content Security Policy
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
17 repo index should not send Content-Security-Policy header by default
d7bf7d2bd5ab hgweb: support Content Security Policy
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
18
d7bf7d2bd5ab hgweb: support Content Security Policy
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
19 $ get-with-headers.py --headeronly localhost:$HGPORT '' content-security-policy etag
d7bf7d2bd5ab hgweb: support Content Security Policy
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
20 200 Script output follows
d7bf7d2bd5ab hgweb: support Content Security Policy
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
21
d7bf7d2bd5ab hgweb: support Content Security Policy
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
22 static page should not send CSP by default
d7bf7d2bd5ab hgweb: support Content Security Policy
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
23
d7bf7d2bd5ab hgweb: support Content Security Policy
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
24 $ get-with-headers.py --headeronly localhost:$HGPORT static/mercurial.js content-security-policy etag
d7bf7d2bd5ab hgweb: support Content Security Policy
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
25 200 Script output follows
d7bf7d2bd5ab hgweb: support Content Security Policy
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
26
d7bf7d2bd5ab hgweb: support Content Security Policy
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
27 repo page should not send CSP by default, should send ETag
d7bf7d2bd5ab hgweb: support Content Security Policy
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
28
d7bf7d2bd5ab hgweb: support Content Security Policy
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
29 $ get-with-headers.py --headeronly localhost:$HGPORT repo1 content-security-policy etag
d7bf7d2bd5ab hgweb: support Content Security Policy
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
30 200 Script output follows
d7bf7d2bd5ab hgweb: support Content Security Policy
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
31 etag: W/"*" (glob)
d7bf7d2bd5ab hgweb: support Content Security Policy
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
32
d7bf7d2bd5ab hgweb: support Content Security Policy
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
33 $ killdaemons.py
d7bf7d2bd5ab hgweb: support Content Security Policy
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
34
d7bf7d2bd5ab hgweb: support Content Security Policy
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
35 Configure CSP without nonce
d7bf7d2bd5ab hgweb: support Content Security Policy
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
36
d7bf7d2bd5ab hgweb: support Content Security Policy
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
37 $ cat >> web.conf << EOF
d7bf7d2bd5ab hgweb: support Content Security Policy
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
38 > [web]
d7bf7d2bd5ab hgweb: support Content Security Policy
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
39 > csp = script-src https://example.com/ 'unsafe-inline'
d7bf7d2bd5ab hgweb: support Content Security Policy
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
40 > EOF
d7bf7d2bd5ab hgweb: support Content Security Policy
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
41
d7bf7d2bd5ab hgweb: support Content Security Policy
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
42 $ hg serve -p $HGPORT -d --pid-file=hg.pid --web-conf web.conf
d7bf7d2bd5ab hgweb: support Content Security Policy
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
43 $ cat hg.pid > $DAEMON_PIDS
d7bf7d2bd5ab hgweb: support Content Security Policy
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
44
d7bf7d2bd5ab hgweb: support Content Security Policy
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
45 repo index should send Content-Security-Policy header when enabled
d7bf7d2bd5ab hgweb: support Content Security Policy
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
46
d7bf7d2bd5ab hgweb: support Content Security Policy
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
47 $ get-with-headers.py --headeronly localhost:$HGPORT '' content-security-policy etag
d7bf7d2bd5ab hgweb: support Content Security Policy
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
48 200 Script output follows
d7bf7d2bd5ab hgweb: support Content Security Policy
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
49 content-security-policy: script-src https://example.com/ 'unsafe-inline'
d7bf7d2bd5ab hgweb: support Content Security Policy
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
50
d7bf7d2bd5ab hgweb: support Content Security Policy
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
51 static page should send CSP when enabled
d7bf7d2bd5ab hgweb: support Content Security Policy
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
52
d7bf7d2bd5ab hgweb: support Content Security Policy
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
53 $ get-with-headers.py --headeronly localhost:$HGPORT static/mercurial.js content-security-policy etag
d7bf7d2bd5ab hgweb: support Content Security Policy
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
54 200 Script output follows
d7bf7d2bd5ab hgweb: support Content Security Policy
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
55 content-security-policy: script-src https://example.com/ 'unsafe-inline'
d7bf7d2bd5ab hgweb: support Content Security Policy
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
56
d7bf7d2bd5ab hgweb: support Content Security Policy
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
57 repo page should send CSP by default, include etag w/o nonce
d7bf7d2bd5ab hgweb: support Content Security Policy
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
58
d7bf7d2bd5ab hgweb: support Content Security Policy
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
59 $ get-with-headers.py --headeronly localhost:$HGPORT repo1 content-security-policy etag
d7bf7d2bd5ab hgweb: support Content Security Policy
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
60 200 Script output follows
d7bf7d2bd5ab hgweb: support Content Security Policy
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
61 content-security-policy: script-src https://example.com/ 'unsafe-inline'
d7bf7d2bd5ab hgweb: support Content Security Policy
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
62 etag: W/"*" (glob)
d7bf7d2bd5ab hgweb: support Content Security Policy
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
63
d7bf7d2bd5ab hgweb: support Content Security Policy
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
64 nonce should not be added to html if CSP doesn't use it
d7bf7d2bd5ab hgweb: support Content Security Policy
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
65
d7bf7d2bd5ab hgweb: support Content Security Policy
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
66 $ get-with-headers.py localhost:$HGPORT repo1/graph/tip | egrep 'content-security-policy|<script'
d7bf7d2bd5ab hgweb: support Content Security Policy
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
67 <script type="text/javascript" src="/repo1/static/mercurial.js"></script>
d7bf7d2bd5ab hgweb: support Content Security Policy
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
68 <!--[if IE]><script type="text/javascript" src="/repo1/static/excanvas.js"></script><![endif]-->
d7bf7d2bd5ab hgweb: support Content Security Policy
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
69 <script type="text/javascript">
d7bf7d2bd5ab hgweb: support Content Security Policy
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
70 <script type="text/javascript">
d7bf7d2bd5ab hgweb: support Content Security Policy
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
71
d7bf7d2bd5ab hgweb: support Content Security Policy
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
72 Configure CSP with nonce
d7bf7d2bd5ab hgweb: support Content Security Policy
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
73
d7bf7d2bd5ab hgweb: support Content Security Policy
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
74 $ killdaemons.py
d7bf7d2bd5ab hgweb: support Content Security Policy
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
75 $ cat >> web.conf << EOF
d7bf7d2bd5ab hgweb: support Content Security Policy
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
76 > csp = image-src 'self'; script-src https://example.com/ 'nonce-%nonce%'
d7bf7d2bd5ab hgweb: support Content Security Policy
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
77 > EOF
d7bf7d2bd5ab hgweb: support Content Security Policy
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
78
d7bf7d2bd5ab hgweb: support Content Security Policy
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
79 $ hg serve -p $HGPORT -d --pid-file=hg.pid --web-conf web.conf
d7bf7d2bd5ab hgweb: support Content Security Policy
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
80 $ cat hg.pid > $DAEMON_PIDS
d7bf7d2bd5ab hgweb: support Content Security Policy
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
81
d7bf7d2bd5ab hgweb: support Content Security Policy
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
82 nonce should be substituted in CSP header
d7bf7d2bd5ab hgweb: support Content Security Policy
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
83
d7bf7d2bd5ab hgweb: support Content Security Policy
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
84 $ get-with-headers.py --headeronly localhost:$HGPORT '' content-security-policy etag
d7bf7d2bd5ab hgweb: support Content Security Policy
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
85 200 Script output follows
d7bf7d2bd5ab hgweb: support Content Security Policy
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
86 content-security-policy: image-src 'self'; script-src https://example.com/ 'nonce-*' (glob)
d7bf7d2bd5ab hgweb: support Content Security Policy
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
87
d7bf7d2bd5ab hgweb: support Content Security Policy
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
88 nonce should be included in CSP for static pages
d7bf7d2bd5ab hgweb: support Content Security Policy
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
89
d7bf7d2bd5ab hgweb: support Content Security Policy
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
90 $ get-with-headers.py --headeronly localhost:$HGPORT static/mercurial.js content-security-policy etag
d7bf7d2bd5ab hgweb: support Content Security Policy
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
91 200 Script output follows
d7bf7d2bd5ab hgweb: support Content Security Policy
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
92 content-security-policy: image-src 'self'; script-src https://example.com/ 'nonce-*' (glob)
d7bf7d2bd5ab hgweb: support Content Security Policy
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
93
d7bf7d2bd5ab hgweb: support Content Security Policy
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
94 repo page should have nonce, no ETag
d7bf7d2bd5ab hgweb: support Content Security Policy
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
95
d7bf7d2bd5ab hgweb: support Content Security Policy
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
96 $ get-with-headers.py --headeronly localhost:$HGPORT repo1 content-security-policy etag
d7bf7d2bd5ab hgweb: support Content Security Policy
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
97 200 Script output follows
d7bf7d2bd5ab hgweb: support Content Security Policy
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
98 content-security-policy: image-src 'self'; script-src https://example.com/ 'nonce-*' (glob)
d7bf7d2bd5ab hgweb: support Content Security Policy
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
99
d7bf7d2bd5ab hgweb: support Content Security Policy
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
100 nonce should be added to html when used
d7bf7d2bd5ab hgweb: support Content Security Policy
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
101
d7bf7d2bd5ab hgweb: support Content Security Policy
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
102 $ get-with-headers.py localhost:$HGPORT repo1/graph/tip content-security-policy | egrep 'content-security-policy|<script'
d7bf7d2bd5ab hgweb: support Content Security Policy
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
103 content-security-policy: image-src 'self'; script-src https://example.com/ 'nonce-*' (glob)
d7bf7d2bd5ab hgweb: support Content Security Policy
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
104 <script type="text/javascript" src="/repo1/static/mercurial.js"></script>
d7bf7d2bd5ab hgweb: support Content Security Policy
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
105 <!--[if IE]><script type="text/javascript" src="/repo1/static/excanvas.js"></script><![endif]-->
d7bf7d2bd5ab hgweb: support Content Security Policy
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
106 <script type="text/javascript" nonce="*"> (glob)
d7bf7d2bd5ab hgweb: support Content Security Policy
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
107 <script type="text/javascript" nonce="*"> (glob)
d7bf7d2bd5ab hgweb: support Content Security Policy
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
108
d7bf7d2bd5ab hgweb: support Content Security Policy
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
109 hgweb_mod w/o hgwebdir works as expected
d7bf7d2bd5ab hgweb: support Content Security Policy
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
110
d7bf7d2bd5ab hgweb: support Content Security Policy
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
111 $ killdaemons.py
d7bf7d2bd5ab hgweb: support Content Security Policy
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
112
d7bf7d2bd5ab hgweb: support Content Security Policy
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
113 $ hg -R repo1 serve -p $HGPORT -d --pid-file=hg.pid --config "web.csp=image-src 'self'; script-src https://example.com/ 'nonce-%nonce%'"
d7bf7d2bd5ab hgweb: support Content Security Policy
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
114 $ cat hg.pid > $DAEMON_PIDS
d7bf7d2bd5ab hgweb: support Content Security Policy
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
115
d7bf7d2bd5ab hgweb: support Content Security Policy
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
116 static page sends CSP
d7bf7d2bd5ab hgweb: support Content Security Policy
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
117
d7bf7d2bd5ab hgweb: support Content Security Policy
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
118 $ get-with-headers.py --headeronly localhost:$HGPORT static/mercurial.js content-security-policy etag
d7bf7d2bd5ab hgweb: support Content Security Policy
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
119 200 Script output follows
d7bf7d2bd5ab hgweb: support Content Security Policy
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
120 content-security-policy: image-src 'self'; script-src https://example.com/ 'nonce-*' (glob)
d7bf7d2bd5ab hgweb: support Content Security Policy
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
121
d7bf7d2bd5ab hgweb: support Content Security Policy
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
122 nonce included in <script> and headers
d7bf7d2bd5ab hgweb: support Content Security Policy
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
123
d7bf7d2bd5ab hgweb: support Content Security Policy
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
124 $ get-with-headers.py localhost:$HGPORT graph/tip content-security-policy | egrep 'content-security-policy|<script'
d7bf7d2bd5ab hgweb: support Content Security Policy
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
125 content-security-policy: image-src 'self'; script-src https://example.com/ 'nonce-*' (glob)
d7bf7d2bd5ab hgweb: support Content Security Policy
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
126 <script type="text/javascript" src="/static/mercurial.js"></script>
d7bf7d2bd5ab hgweb: support Content Security Policy
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
127 <!--[if IE]><script type="text/javascript" src="/static/excanvas.js"></script><![endif]-->
d7bf7d2bd5ab hgweb: support Content Security Policy
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
128 <script type="text/javascript" nonce="*"> (glob)
d7bf7d2bd5ab hgweb: support Content Security Policy
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
129 <script type="text/javascript" nonce="*"> (glob)