upstream/mercurial-mirror Commit - r37847:3e3acf5d

hgweb: allow Content-Security-Policy header on 304 responses (issue5844)...

Gregory Szorc -

r37847:3e3acf5d stable

parent child

mercurial/hgweb/request.py

0 +1 0

                                       if k.lower() not in ('date', 'etag', 'expires',
                                                            'cache-control',
                                                            'content-location',
+                                                           'content-security-policy',
                                                            'vary')}
                         if badheaders:
                             raise error.ProgrammingError(

tests/test-hgweb-csp.t

0 +2 -2

               $ get-with-headers.py --twice --headeronly localhost:$HGPORT repo1/static/style.css content-security-policy
 Script output follows
               content-security-policy: script-src https://example.com/ 'unsafe-inline'
-Internal Server Error
+Not Modified
-              [1]
+              content-security-policy: script-src https://example.com/ 'unsafe-inline'
             repo page should send CSP by default, include etag w/o nonce

General Comments 0

You need to be logged in to leave comments. Login now

No reviewers

No TODOs yet

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages