kylefang/angular.js
1
0
Fork 0
mirror of https://github.com/zhigang1992/angular.js.git synced 2026-04-24 03:55:49 +08:00
Code Issues Packages Projects Releases Wiki Activity

fix(csp): fix autodetection of CSP + better docs

Browse Source 
CSP spec got changed and it is no longer possible to autodetect if a policy is
active without triggering a CSP error:

18882953ce

Now we use `new Function('')` to detect if CSP is on. To prevent error from this
detection to show up in console developers have to use the ngCsp directive.

(This problem became more severe after our recent removal of `simpleGetterFn`
 which made us depend on function constructor for all expressions.)

Closes #8162
Closes #8191
This commit is contained in:
Igor Minar
2014-07-14 10:30:32 -07:00
parent 02c0ed27bc
commit 0113f22574
3 changed files with 43 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
test/AngularSpec.js
View File

@@ -413,14 +413,15 @@ describe('angular', function() {
describe('csp', function() {
var originalSecurityPolicy;
var originalFunction;
beforeEach(function() {
originalSecurityPolicy = document.securityPolicy;
originalFunction = window.Function;
});
afterEach(function() {
document.securityPolicy = originalSecurityPolicy;
window.Function = originalFunction;
delete csp.isActive_;
});
@@ -430,10 +431,11 @@ describe('angular', function() {
it('should return true if CSP is autodetected via CSP v1.1 securityPolicy.isActive property', function() {
document.securityPolicy = {isActive: true};
window.Function = function() { throw new Error('CSP test'); };
expect(csp()).toBe(true);
});
it('should return the true when CSP is enabled manually via [ng-csp]', function() {
spyOn(document, 'querySelector').andCallFake(function(selector) {
if (selector == '[ng-csp]') return {};