D3436: hgweb: allow Content-Security-Policy header on 304 responses (issue5844)
indygreg (Gregory Szorc)
phabricator at mercurial-scm.org
Wed May 2 22:25:38 EDT 2018
This revision was automatically updated to reflect the committed changes.
Closed by commit rHG3e3acf5d6a07: hgweb: allow Content-Security-Policy header on 304 responses (issue5844) (authored by indygreg, committed by ).
REPOSITORY
rHG Mercurial
CHANGES SINCE LAST UPDATE
https://phab.mercurial-scm.org/D3436?vs=8444&id=8448
REVISION DETAIL
https://phab.mercurial-scm.org/D3436
AFFECTED FILES
mercurial/hgweb/request.py
tests/test-hgweb-csp.t
CHANGE DETAILS
diff --git a/tests/test-hgweb-csp.t b/tests/test-hgweb-csp.t
--- a/tests/test-hgweb-csp.t
+++ b/tests/test-hgweb-csp.t
@@ -57,8 +57,8 @@
$ get-with-headers.py --twice --headeronly localhost:$HGPORT repo1/static/style.css content-security-policy
200 Script output follows
content-security-policy: script-src https://example.com/ 'unsafe-inline'
- 500 Internal Server Error
- [1]
+ 304 Not Modified
+ content-security-policy: script-src https://example.com/ 'unsafe-inline'
repo page should send CSP by default, include etag w/o nonce
diff --git a/mercurial/hgweb/request.py b/mercurial/hgweb/request.py
--- a/mercurial/hgweb/request.py
+++ b/mercurial/hgweb/request.py
@@ -473,6 +473,7 @@
if k.lower() not in ('date', 'etag', 'expires',
'cache-control',
'content-location',
+ 'content-security-policy',
'vary')}
if badheaders:
raise error.ProgrammingError(
To: indygreg, #hg-reviewers, krbullock
Cc: krbullock, mercurial-devel
More information about the Mercurial-devel
mailing list