52 lines
1.9 KiB
HTML
52 lines
1.9 KiB
HTML
<script src="/resources/testharness.js"></script>
|
|
<script src="/resources/testharnessreport.js"></script>
|
|
<html>
|
|
<body></body>
|
|
<script>
|
|
promise_test(async test => {
|
|
// 1. Load an iframe (not blocked).
|
|
let iframe = document.createElement("iframe");
|
|
{
|
|
iframe.name = "theiframe";
|
|
iframe.src =
|
|
"http://www1.{{host}}:{{ports[http][0]}}/content-security-policy/frame-src/support/frame.html?0";
|
|
let iframeLoaded = new Promise(resolve => { iframe.onload = resolve });
|
|
document.body.appendChild(iframe);
|
|
await iframeLoaded;
|
|
}
|
|
|
|
// 2. Start blocking iframes using CSP frame-src 'none'.
|
|
{
|
|
let meta = document.createElement('meta');
|
|
meta.httpEquiv = "Content-Security-Policy";
|
|
meta.content = "frame-src 'none'";
|
|
document.getElementsByTagName('head')[0].appendChild(meta);
|
|
}
|
|
|
|
// 3. Blocked same-document navigation using iframe.src.
|
|
{
|
|
let violation = new Promise(resolve => {
|
|
window.addEventListener('securitypolicyviolation', () => resolve());
|
|
});
|
|
iframe.src =
|
|
"http://www1.{{host}}:{{ports[http][0]}}/content-security-policy/frame-src/support/frame.html?1";
|
|
await violation;
|
|
}
|
|
|
|
// 4. Blocked same-document navigation using window.open.
|
|
{
|
|
let violation = new Promise(resolve => {
|
|
window.addEventListener('securitypolicyviolation', resolve);
|
|
});
|
|
window.open(
|
|
"http://www1.{{host}}:{{ports[http][0]}}/content-security-policy/frame-src/support/frame.html?2",
|
|
"theiframe");
|
|
await violation;
|
|
}
|
|
|
|
// 5. Regression test for https://crbug.com/1018385. The browser should
|
|
// not crash while displaying the error page.
|
|
await new Promise(resolve => window.setTimeout(resolve, 1000));
|
|
}, "Same-document navigations in an iframe blocked by CSP frame-src dynamically using the <meta> tag");
|
|
</script>
|
|
</html>
|