45 lines
1.7 KiB
JavaScript
45 lines
1.7 KiB
JavaScript
// META: script=/common/get-host-info.sub.js
|
|
// META: script=/common/utils.js
|
|
// META: script=/common/dispatcher/dispatcher.js
|
|
|
|
// Regression test for https://crbug.com/1262203
|
|
//
|
|
// A cross-origin document initiates a same-document navigation. This navigation
|
|
// is subject to CSP:frame-src 'none', but this doesn't apply, since it's a
|
|
// same-document navigation. This test checks this doesn't lead to a crash.
|
|
|
|
promise_test(async test => {
|
|
const child_token = token();
|
|
const child = new RemoteContext(child_token);
|
|
const iframe = document.createElement("iframe");
|
|
iframe.src = remoteExecutorUrl(child_token, {
|
|
host: get_host_info().REMOTE_HOST
|
|
});
|
|
document.body.appendChild(iframe);
|
|
|
|
// Install a promise waiting for a same-document navigation to happen in the
|
|
// child.
|
|
await child.execute_script(() => {
|
|
window.sameDocumentNavigation = new Promise(resolve => {
|
|
window.addEventListener("popstate", resolve);
|
|
});
|
|
});
|
|
|
|
// Append a new CSP, disallowing new iframe navigations.
|
|
const meta = document.createElement("meta");
|
|
meta.httpEquiv = "Content-Security-Policy";
|
|
meta.content = "frame-src 'none'";
|
|
document.head.appendChild(meta);
|
|
|
|
document.addEventListener(
|
|
"securitypolicyviolation",
|
|
test.unreached_func("same-document navigations aren't subject to CSP"));
|
|
|
|
// Create a same-document navigation, inititated cross-origin in the iframe.
|
|
// It must not be blocked by the CSP above.
|
|
iframe.src += "#foo";
|
|
|
|
// Make sure the navigation succeeded and was indeed a same-document one:
|
|
await child.execute_script(() => sameDocumentNavigation);
|
|
assert_equals(await child.execute_script(() => location.href), iframe.src);
|
|
})
|