diff --git a/packages/hint-no-html-only-headers/src/hint.ts b/packages/hint-no-html-only-headers/src/hint.ts
index dd2b418b61b..af3c0336a0e 100644
--- a/packages/hint-no-html-only-headers/src/hint.ts
+++ b/packages/hint-no-html-only-headers/src/hint.ts
@@ -101,7 +101,12 @@ export default class NoHtmlOnlyHeadersHint implements IHint {
}
if (!willBeTreatedAsHTML(response)) {
- const headers: string[] = includedHeaders(response.headers, unneededHeaders);
+ let headersToValidate: string[] = unneededHeaders;
+
+ if (response.mediaType === 'text/javascript') {
+ headersToValidate = mergeIgnoreIncludeArrays(headersToValidate, ['content-security-policy', 'x-content-security-policy'], []);
+ }
+ const headers: string[] = includedHeaders(response.headers, headersToValidate);
const numberOfHeaders: number = headers.length;
if (numberOfHeaders > 0) {
diff --git a/packages/hint-no-html-only-headers/tests/tests.ts b/packages/hint-no-html-only-headers/tests/tests.ts
index b0a4b2d83d9..65dfcac6eab 100644
--- a/packages/hint-no-html-only-headers/tests/tests.ts
+++ b/packages/hint-no-html-only-headers/tests/tests.ts
@@ -13,24 +13,6 @@ const generateMessage = (values: string[]): string => {
const testsForDefaults: HintTest[] = [
{
name: `Non HTML resource is served without unneeded headers`,
- serverConfig: {
- '/': {
- content: htmlPage,
- headers: {
- 'Content-Type': 'text/html; charset=utf-8',
- 'X-Frame-Options': 'SAMEORIGIN'
- }
- },
- '/test.js': { headers: { 'Content-Type': 'application/javascript; charset=utf-8' } }
- }
- },
- {
- name: `Non HTML resource is specified as a data URI`,
- serverConfig: { '/': generateHTMLPage(undefined, '
') }
- },
- {
- name: `Non HTML resource is served with unneeded header`,
- reports: [{ message: generateMessage(['content-security-policy']) }],
serverConfig: {
'/': {
content: htmlPage,
@@ -47,14 +29,16 @@ const testsForDefaults: HintTest[] = [
}
}
},
+ {
+ name: `Non HTML resource is specified as a data URI`,
+ serverConfig: { '/': generateHTMLPage(undefined, '') }
+ },
{
name: `Non HTML resource is served with multiple unneeded headers`,
reports: [
{
message: generateMessage([
- 'content-security-policy',
'feature-policy',
- 'x-content-security-policy',
'x-frame-options',
'x-ua-compatible',
'x-webkit-csp',
@@ -159,7 +143,6 @@ const testsForIncludeConfigs: HintTest[] = [
reports: [
{
message: generateMessage([
- 'content-security-policy',
'x-test-1',
'x-ua-compatible'
])
@@ -193,7 +176,6 @@ const testsForConfigs: HintTest[] = [
reports: [
{
message: generateMessage([
- 'content-security-policy',
'x-test-1',
'x-ua-compatible'
])
@@ -223,8 +205,8 @@ const testsForConfigs: HintTest[] = [
];
testHint(hintPath, testsForDefaults);
-testHint(hintPath, testsForIgnoreConfigs, { hintOptions: { ignore: ['Content-Security-Policy', 'X-UA-Compatible', 'X-Test-1'] } });
-testHint(hintPath, testsForIncludeConfigs, { hintOptions: { include: ['Content-Security-Policy', 'X-Test-1', 'X-Test-2'] } });
+testHint(hintPath, testsForIgnoreConfigs, { hintOptions: { ignore: ['X-UA-Compatible', 'X-Test-1'] } });
+testHint(hintPath, testsForIncludeConfigs, { hintOptions: { include: ['X-Test-1', 'X-Test-2'] } });
testHint(hintPath, testsForConfigs, {
hintOptions: {
ignore: ['X-Frame-Options', 'X-Test-2', 'X-Test-3'],