Mercurial > hg
comparison tests/test-hgweb-csp.t @ 37828:3e3acf5d6a07 stable
hgweb: allow Content-Security-Policy header on 304 responses (issue5844)
A side-effect of 98baf8dea553 was that the Content-Security-Policy
header was set on all HTTP responses by default. This header wasn't
in our list of allowed headers for HTTP 304 responses. This would
trigger a ProgrammingError when a 304 response was issued via hgwebdir.
This commit adds Content-Security-Policy to the allow list of headers
for 304 responses so we no longer encounter the error.
Differential Revision: https://phab.mercurial-scm.org/D3436
| author | Gregory Szorc <gregory.szorc@gmail.com> |
|---|---|
| date | Mon, 30 Apr 2018 17:28:59 -0700 |
| parents | d105bbb74658 |
| children | 7e5be4a7cda7 |
comparison
equal
deleted
inserted
replaced
| 37827:11ee9bf24791 | 37828:3e3acf5d6a07 |
|---|---|
| 55 content-security-policy: script-src https://example.com/ 'unsafe-inline' | 55 content-security-policy: script-src https://example.com/ 'unsafe-inline' |
| 56 | 56 |
| 57 $ get-with-headers.py --twice --headeronly localhost:$HGPORT repo1/static/style.css content-security-policy | 57 $ get-with-headers.py --twice --headeronly localhost:$HGPORT repo1/static/style.css content-security-policy |
| 58 200 Script output follows | 58 200 Script output follows |
| 59 content-security-policy: script-src https://example.com/ 'unsafe-inline' | 59 content-security-policy: script-src https://example.com/ 'unsafe-inline' |
| 60 500 Internal Server Error | 60 304 Not Modified |
| 61 [1] | 61 content-security-policy: script-src https://example.com/ 'unsafe-inline' |
| 62 | 62 |
| 63 repo page should send CSP by default, include etag w/o nonce | 63 repo page should send CSP by default, include etag w/o nonce |
| 64 | 64 |
| 65 $ get-with-headers.py --headeronly localhost:$HGPORT repo1 content-security-policy etag | 65 $ get-with-headers.py --headeronly localhost:$HGPORT repo1 content-security-policy etag |
| 66 200 Script output follows | 66 200 Script output follows |