29 lines
914 B
HTML
29 lines
914 B
HTML
<!DOCTYPE html>
|
|
<html>
|
|
<head>
|
|
<title>Frame-src: 'self' matches even if the parent's origin is unique.</title>
|
|
<script src="/resources/testharness.js"></script>
|
|
<script src="/resources/testharnessreport.js"></script>
|
|
</head>
|
|
<body>
|
|
<script>
|
|
var t = async_test('SubframeLoaded');
|
|
|
|
window.addEventListener('securitypolicyviolation', t.step_func(function(e) {
|
|
if (e.violatedDirective === "frame-src") {
|
|
assert_unreached('unexpected securitypolicyviolation');
|
|
t.done();
|
|
}
|
|
}));
|
|
|
|
window.addEventListener("message", t.step_func(function(event) {
|
|
assert_equals(event.data, "PASS", 'unexpected message: ' + event.data);
|
|
t.done();
|
|
}));
|
|
|
|
f = document.createElement("iframe");
|
|
f.src = "/content-security-policy/support/postmessage-pass.html";
|
|
document.body.appendChild(f);
|
|
</script>
|
|
</body>
|
|
</html>
|