summaryrefslogtreecommitdiffstats
path: root/testing/web-platform/tests/content-security-policy/navigate-to
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-19 01:47:29 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-19 01:47:29 +0000
commit0ebf5bdf043a27fd3dfb7f92e0cb63d88954c44d (patch)
treea31f07c9bcca9d56ce61e9a1ffd30ef350d513aa /testing/web-platform/tests/content-security-policy/navigate-to
parentInitial commit. (diff)
downloadfirefox-esr-0ebf5bdf043a27fd3dfb7f92e0cb63d88954c44d.tar.xz
firefox-esr-0ebf5bdf043a27fd3dfb7f92e0cb63d88954c44d.zip
Adding upstream version 115.8.0esr.upstream/115.8.0esr
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'testing/web-platform/tests/content-security-policy/navigate-to')
-rw-r--r--testing/web-platform/tests/content-security-policy/navigate-to/anchor-navigation-always-allowed.html23
-rw-r--r--testing/web-platform/tests/content-security-policy/navigate-to/anchor-navigation-always-allowed.html.headers4
-rw-r--r--testing/web-platform/tests/content-security-policy/navigate-to/child-navigates-parent-allowed.html18
-rw-r--r--testing/web-platform/tests/content-security-policy/navigate-to/child-navigates-parent-allowed.html.headers4
-rw-r--r--testing/web-platform/tests/content-security-policy/navigate-to/child-navigates-parent-blocked.sub.html19
-rw-r--r--testing/web-platform/tests/content-security-policy/navigate-to/child-navigates-parent-blocked.sub.html.headers4
-rw-r--r--testing/web-platform/tests/content-security-policy/navigate-to/form-action/form-action-allows-navigate-to-allows.sub.html16
-rw-r--r--testing/web-platform/tests/content-security-policy/navigate-to/form-action/form-action-allows-navigate-to-blocks.sub.html16
-rw-r--r--testing/web-platform/tests/content-security-policy/navigate-to/form-action/form-action-blocks-navigate-to-allows.sub.html17
-rw-r--r--testing/web-platform/tests/content-security-policy/navigate-to/form-action/form-action-blocks-navigate-to-blocks.sub.html17
-rw-r--r--testing/web-platform/tests/content-security-policy/navigate-to/form-allowed.html16
-rw-r--r--testing/web-platform/tests/content-security-policy/navigate-to/form-blocked.sub.html19
-rw-r--r--testing/web-platform/tests/content-security-policy/navigate-to/form-cross-origin-allowed.sub.html16
-rw-r--r--testing/web-platform/tests/content-security-policy/navigate-to/form-cross-origin-blocked.sub.html19
-rw-r--r--testing/web-platform/tests/content-security-policy/navigate-to/form-redirected-allowed.html16
-rw-r--r--testing/web-platform/tests/content-security-policy/navigate-to/form-redirected-blocked.sub.html20
-rw-r--r--testing/web-platform/tests/content-security-policy/navigate-to/href-location-allowed.html17
-rw-r--r--testing/web-platform/tests/content-security-policy/navigate-to/href-location-blocked.sub.html20
-rw-r--r--testing/web-platform/tests/content-security-policy/navigate-to/href-location-cross-origin-allowed.sub.html17
-rw-r--r--testing/web-platform/tests/content-security-policy/navigate-to/href-location-cross-origin-blocked.sub.html20
-rw-r--r--testing/web-platform/tests/content-security-policy/navigate-to/href-location-redirected-allowed.html17
-rw-r--r--testing/web-platform/tests/content-security-policy/navigate-to/href-location-redirected-blocked.sub.html20
-rw-r--r--testing/web-platform/tests/content-security-policy/navigate-to/link-click-allowed.html16
-rw-r--r--testing/web-platform/tests/content-security-policy/navigate-to/link-click-blocked.sub.html19
-rw-r--r--testing/web-platform/tests/content-security-policy/navigate-to/link-click-cross-origin-allowed.sub.html16
-rw-r--r--testing/web-platform/tests/content-security-policy/navigate-to/link-click-cross-origin-blocked.sub.html20
-rw-r--r--testing/web-platform/tests/content-security-policy/navigate-to/link-click-redirected-allowed.html16
-rw-r--r--testing/web-platform/tests/content-security-policy/navigate-to/link-click-redirected-blocked.sub.html19
-rw-r--r--testing/web-platform/tests/content-security-policy/navigate-to/meta-refresh-allowed.html16
-rw-r--r--testing/web-platform/tests/content-security-policy/navigate-to/meta-refresh-blocked.sub.html20
-rw-r--r--testing/web-platform/tests/content-security-policy/navigate-to/meta-refresh-cross-origin-allowed.sub.html16
-rw-r--r--testing/web-platform/tests/content-security-policy/navigate-to/meta-refresh-cross-origin-blocked.sub.html20
-rw-r--r--testing/web-platform/tests/content-security-policy/navigate-to/meta-refresh-redirected-allowed.html16
-rw-r--r--testing/web-platform/tests/content-security-policy/navigate-to/meta-refresh-redirected-blocked.sub.html20
-rw-r--r--testing/web-platform/tests/content-security-policy/navigate-to/parent-navigates-child-allowed.html26
-rw-r--r--testing/web-platform/tests/content-security-policy/navigate-to/parent-navigates-child-allowed.html.headers4
-rw-r--r--testing/web-platform/tests/content-security-policy/navigate-to/parent-navigates-child-blocked.html28
-rw-r--r--testing/web-platform/tests/content-security-policy/navigate-to/parent-navigates-child-blocked.html.sub.headers5
-rw-r--r--testing/web-platform/tests/content-security-policy/navigate-to/spv-only-sent-to-initiator.sub.html48
-rw-r--r--testing/web-platform/tests/content-security-policy/navigate-to/support/delayed_frame.py12
-rw-r--r--testing/web-platform/tests/content-security-policy/navigate-to/support/form_action_navigation.sub.html33
-rw-r--r--testing/web-platform/tests/content-security-policy/navigate-to/support/form_action_navigation.sub.html.sub.headers4
-rw-r--r--testing/web-platform/tests/content-security-policy/navigate-to/support/href_location_navigation.sub.html17
-rw-r--r--testing/web-platform/tests/content-security-policy/navigate-to/support/href_location_navigation.sub.html.sub.headers4
-rw-r--r--testing/web-platform/tests/content-security-policy/navigate-to/support/link_click_navigation.sub.html16
-rw-r--r--testing/web-platform/tests/content-security-policy/navigate-to/support/link_click_navigation.sub.html.sub.headers4
-rw-r--r--testing/web-platform/tests/content-security-policy/navigate-to/support/meta_refresh_navigation.sub.html16
-rw-r--r--testing/web-platform/tests/content-security-policy/navigate-to/support/meta_refresh_navigation.sub.html.sub.headers4
-rw-r--r--testing/web-platform/tests/content-security-policy/navigate-to/support/navigate_parent.sub.html18
-rw-r--r--testing/web-platform/tests/content-security-policy/navigate-to/support/navigate_parent.sub.html.sub.headers4
-rw-r--r--testing/web-platform/tests/content-security-policy/navigate-to/support/post_message_to_frame_owner.html6
-rw-r--r--testing/web-platform/tests/content-security-policy/navigate-to/support/redirect_to_post_message_to_frame_owner.py6
-rw-r--r--testing/web-platform/tests/content-security-policy/navigate-to/support/spv-test-iframe1.sub.html19
-rw-r--r--testing/web-platform/tests/content-security-policy/navigate-to/support/spv-test-iframe1.sub.html.sub.headers4
-rw-r--r--testing/web-platform/tests/content-security-policy/navigate-to/support/spv-test-iframe2.sub.html14
-rw-r--r--testing/web-platform/tests/content-security-policy/navigate-to/support/spv-test-iframe3.sub.html12
-rw-r--r--testing/web-platform/tests/content-security-policy/navigate-to/support/wait_for_navigation.html14
-rw-r--r--testing/web-platform/tests/content-security-policy/navigate-to/support/wait_for_navigation.html.sub.headers4
-rw-r--r--testing/web-platform/tests/content-security-policy/navigate-to/unsafe-allow-redirects/allowed-end-of-chain-because-of-same-origin.sub.html29
-rw-r--r--testing/web-platform/tests/content-security-policy/navigate-to/unsafe-allow-redirects/allowed-end-of-chain.sub.html28
-rw-r--r--testing/web-platform/tests/content-security-policy/navigate-to/unsafe-allow-redirects/blocked-end-of-chain.sub.html29
61 files changed, 977 insertions, 0 deletions
diff --git a/testing/web-platform/tests/content-security-policy/navigate-to/anchor-navigation-always-allowed.html b/testing/web-platform/tests/content-security-policy/navigate-to/anchor-navigation-always-allowed.html
new file mode 100644
index 0000000000..658897fb1b
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/navigate-to/anchor-navigation-always-allowed.html
@@ -0,0 +1,23 @@
+<!DOCTYPE html>
+
+<head>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+</head>
+
+<body>
+
+<a name="anchor"></a>
+
+<script>
+ var t = async_test("Test that anchor navigation is allowed regardless of the `navigate-to` directive");
+
+ window.addEventListener('securitypolicyviolation', t.unreached_func("Should not have triggered any violation"));
+
+ try {
+ window.location.hash = "anchor";
+ t.done();
+ } catch(ex) {}
+</script>
+
+</body> \ No newline at end of file
diff --git a/testing/web-platform/tests/content-security-policy/navigate-to/anchor-navigation-always-allowed.html.headers b/testing/web-platform/tests/content-security-policy/navigate-to/anchor-navigation-always-allowed.html.headers
new file mode 100644
index 0000000000..739a2ce175
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/navigate-to/anchor-navigation-always-allowed.html.headers
@@ -0,0 +1,4 @@
+Expires: Mon, 26 Jul 1997 05:00:00 GMT
+Cache-Control: no-store, no-cache, must-revalidate
+Pragma: no-cache
+Content-Security-Policy: navigate-to 'none'
diff --git a/testing/web-platform/tests/content-security-policy/navigate-to/child-navigates-parent-allowed.html b/testing/web-platform/tests/content-security-policy/navigate-to/child-navigates-parent-allowed.html
new file mode 100644
index 0000000000..7b4b455d8d
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/navigate-to/child-navigates-parent-allowed.html
@@ -0,0 +1,18 @@
+<!DOCTYPE html>
+
+<head>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+</head>
+
+<body>
+<script>
+ var t = async_test("Test that the child can navigate the parent because the relevant policy belongs to the navigation initiator (in this case the child, which has the policy `navigate-to 'self'`)");
+ window.onmessage = t.step_func_done(function(e) {
+ assert_equals(e.data.result, 'success');
+ });
+</script>
+
+<iframe srcdoc="<iframe src='support/navigate_parent.sub.html?csp=navigate-to%20%27self%27'>">
+
+</body>
diff --git a/testing/web-platform/tests/content-security-policy/navigate-to/child-navigates-parent-allowed.html.headers b/testing/web-platform/tests/content-security-policy/navigate-to/child-navigates-parent-allowed.html.headers
new file mode 100644
index 0000000000..aced1c6d05
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/navigate-to/child-navigates-parent-allowed.html.headers
@@ -0,0 +1,4 @@
+Expires: Mon, 26 Jul 1997 05:00:00 GMT
+Cache-Control: no-store, no-cache, must-revalidate
+Pragma: no-cache
+Content-Security-Policy: navigate-to 'self' support/navigate_parent.sub.html
diff --git a/testing/web-platform/tests/content-security-policy/navigate-to/child-navigates-parent-blocked.sub.html b/testing/web-platform/tests/content-security-policy/navigate-to/child-navigates-parent-blocked.sub.html
new file mode 100644
index 0000000000..4e50617e3c
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/navigate-to/child-navigates-parent-blocked.sub.html
@@ -0,0 +1,19 @@
+<!DOCTYPE html>
+
+<head>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+</head>
+
+<body>
+<script>
+ var t = async_test("Test that the child can't navigate the parent because the relevant policy belongs to the navigation initiator (in this case the child which has the policy `navigate-to 'none'`)");
+ window.onmessage = t.step_func_done(function(e) {
+ assert_equals(e.data.result, 'fail');
+ assert_equals(e.data.violatedDirective, 'navigate-to');
+ });
+</script>
+<iframe srcdoc="<iframe src='support/navigate_parent.sub.html?csp=navigate-to%20%27none%27&report_id={{$id:uuid()}}'>"></iframe>
+
+<script async defer src='../support/checkReport.sub.js?reportField=violated-directive&reportValue=navigate-to%20%27none%27&reportID={{$id}}'></script>
+</body>
diff --git a/testing/web-platform/tests/content-security-policy/navigate-to/child-navigates-parent-blocked.sub.html.headers b/testing/web-platform/tests/content-security-policy/navigate-to/child-navigates-parent-blocked.sub.html.headers
new file mode 100644
index 0000000000..9cb770bcc1
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/navigate-to/child-navigates-parent-blocked.sub.html.headers
@@ -0,0 +1,4 @@
+Expires: Mon, 26 Jul 1997 05:00:00 GMT
+Cache-Control: no-store, no-cache, must-revalidate
+Pragma: no-cache
+Content-Security-Policy: navigate-to 'self'
diff --git a/testing/web-platform/tests/content-security-policy/navigate-to/form-action/form-action-allows-navigate-to-allows.sub.html b/testing/web-platform/tests/content-security-policy/navigate-to/form-action/form-action-allows-navigate-to-allows.sub.html
new file mode 100644
index 0000000000..f58407ac6d
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/navigate-to/form-action/form-action-allows-navigate-to-allows.sub.html
@@ -0,0 +1,16 @@
+<!DOCTYPE html>
+
+<head>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+</head>
+
+<body>
+<script>
+ var t = async_test("Test that form-action overrides navigate-to when present.");
+ window.onmessage = t.step_func_done(function(e) {
+ assert_equals(e.data.result, 'success');
+ });
+</script>
+<iframe src="../support/form_action_navigation.sub.html?csp=navigate-to%20%27self%27%3B%20form-action%20%27self%27%3B&action=post_message_to_frame_owner.html&report_id={{uuid()}}">
+</body> \ No newline at end of file
diff --git a/testing/web-platform/tests/content-security-policy/navigate-to/form-action/form-action-allows-navigate-to-blocks.sub.html b/testing/web-platform/tests/content-security-policy/navigate-to/form-action/form-action-allows-navigate-to-blocks.sub.html
new file mode 100644
index 0000000000..0ddc8820f9
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/navigate-to/form-action/form-action-allows-navigate-to-blocks.sub.html
@@ -0,0 +1,16 @@
+<!DOCTYPE html>
+
+<head>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+</head>
+
+<body>
+<script>
+ var t = async_test("Test that form-action overrides navigate-to when present.");
+ window.onmessage = t.step_func_done(function(e) {
+ assert_equals(e.data.result, 'success');
+ });
+</script>
+<iframe src="../support/form_action_navigation.sub.html?csp=navigate-to%20%27none%27%3B%20form-action%20%27self%27%3B&action=post_message_to_frame_owner.html&report_id={{uuid()}}">
+</body> \ No newline at end of file
diff --git a/testing/web-platform/tests/content-security-policy/navigate-to/form-action/form-action-blocks-navigate-to-allows.sub.html b/testing/web-platform/tests/content-security-policy/navigate-to/form-action/form-action-blocks-navigate-to-allows.sub.html
new file mode 100644
index 0000000000..927ebb4d36
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/navigate-to/form-action/form-action-blocks-navigate-to-allows.sub.html
@@ -0,0 +1,17 @@
+<!DOCTYPE html>
+
+<head>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+</head>
+
+<body>
+<script>
+ var t = async_test("Test that form-action overrides navigate-to when present.");
+ window.onmessage = t.step_func_done(function(e) {
+ assert_equals(e.data.result, 'fail');
+ assert_equals(e.data.violatedDirective, 'form-action');
+ });
+</script>
+<iframe src="../support/form_action_navigation.sub.html?csp=navigate-to%20%27self%27%3B%20form-action%20%27none%27%3B&action=post_message_to_frame_owner.html&report_id={{uuid()}}"">
+</body>
diff --git a/testing/web-platform/tests/content-security-policy/navigate-to/form-action/form-action-blocks-navigate-to-blocks.sub.html b/testing/web-platform/tests/content-security-policy/navigate-to/form-action/form-action-blocks-navigate-to-blocks.sub.html
new file mode 100644
index 0000000000..56688fa418
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/navigate-to/form-action/form-action-blocks-navigate-to-blocks.sub.html
@@ -0,0 +1,17 @@
+<!DOCTYPE html>
+
+<head>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+</head>
+
+<body>
+<script>
+ var t = async_test("Test that form-action overrides navigate-to when present.");
+ window.onmessage = t.step_func_done(function(e) {
+ assert_equals(e.data.result, 'fail');
+ assert_equals(e.data.violatedDirective, 'form-action');
+ });
+</script>
+<iframe src="../support/form_action_navigation.sub.html?csp=navigate-to%20%27none%27%3B%20form-action%20%27none%27%3B&action=post_message_to_frame_owner.html&report_id={{uuid()}}">
+</body> \ No newline at end of file
diff --git a/testing/web-platform/tests/content-security-policy/navigate-to/form-allowed.html b/testing/web-platform/tests/content-security-policy/navigate-to/form-allowed.html
new file mode 100644
index 0000000000..aa38d898ab
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/navigate-to/form-allowed.html
@@ -0,0 +1,16 @@
+<!DOCTYPE html>
+
+<head>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+</head>
+
+<body>
+<script>
+ var t = async_test("Test that the child iframe navigation is allowed");
+ window.onmessage = t.step_func_done(function(e) {
+ assert_equals(e.data.result, 'success');
+ });
+</script>
+<iframe src="support/form_action_navigation.sub.html?csp=navigate-to%20%27self%27&action=post_message_to_frame_owner.html"></iframe>
+</body> \ No newline at end of file
diff --git a/testing/web-platform/tests/content-security-policy/navigate-to/form-blocked.sub.html b/testing/web-platform/tests/content-security-policy/navigate-to/form-blocked.sub.html
new file mode 100644
index 0000000000..72db7b8d1d
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/navigate-to/form-blocked.sub.html
@@ -0,0 +1,19 @@
+<!DOCTYPE html>
+
+<head>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+</head>
+
+<body>
+<script>
+ var t = async_test("Test that the child iframe navigation is not allowed");
+ window.onmessage = t.step_func_done(function(e) {
+ assert_equals(e.data.result, 'fail');
+ assert_equals(e.data.violatedDirective, 'navigate-to');
+ });
+</script>
+<iframe src="support/form_action_navigation.sub.html?csp=navigate-to%20%27none%27&report_id={{$id:uuid()}}&action=post_message_to_frame_owner.html"></iframe>
+
+<script async defer src='../support/checkReport.sub.js?reportField=violated-directive&reportValue=navigate-to%20%27none%27&reportID={{$id}}'></script>
+</body> \ No newline at end of file
diff --git a/testing/web-platform/tests/content-security-policy/navigate-to/form-cross-origin-allowed.sub.html b/testing/web-platform/tests/content-security-policy/navigate-to/form-cross-origin-allowed.sub.html
new file mode 100644
index 0000000000..4d0ddc30f1
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/navigate-to/form-cross-origin-allowed.sub.html
@@ -0,0 +1,16 @@
+<!DOCTYPE html>
+
+<head>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+</head>
+
+<body>
+<script>
+ var t = async_test("Test that the child iframe navigation is allowed");
+ window.onmessage = t.step_func_done(function(e) {
+ assert_equals(e.data.result, 'success');
+ });
+</script>
+<iframe src="support/form_action_navigation.sub.html?csp=navigate-to%20http%3A%2F%2F{{domains[www1]}}:{{ports[http][0]}}&action=http%3A%2F%2F{{domains[www1]}}:{{ports[http][0]}}%2Fcontent-security-policy%2Fnavigate-to%2Fsupport%2Fpost_message_to_frame_owner.html"></iframe>
+</body> \ No newline at end of file
diff --git a/testing/web-platform/tests/content-security-policy/navigate-to/form-cross-origin-blocked.sub.html b/testing/web-platform/tests/content-security-policy/navigate-to/form-cross-origin-blocked.sub.html
new file mode 100644
index 0000000000..be5f70c8b1
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/navigate-to/form-cross-origin-blocked.sub.html
@@ -0,0 +1,19 @@
+<!DOCTYPE html>
+
+<head>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+</head>
+
+<body>
+<script>
+ var t = async_test("Test that the child iframe navigation is not allowed");
+ window.onmessage = t.step_func_done(function(e) {
+ assert_equals(e.data.result, 'fail');
+ assert_equals(e.data.violatedDirective, 'navigate-to');
+ });
+</script>
+<iframe src="support/form_action_navigation.sub.html?csp=navigate-to%20%27self%27&report_id={{$id:uuid()}}&action=http%3A%2F%2F{{domains[www1]}}:{{ports[http][0]}}%2Fcontent-security-policy%2Fnavigate-to%2Fsupport%2Fpost_message_to_frame_owner.html"></iframe>
+
+<script async defer src='../support/checkReport.sub.js?reportField=violated-directive&reportValue=navigate-to%20%27self%27&reportID={{$id}}'></script>
+</body> \ No newline at end of file
diff --git a/testing/web-platform/tests/content-security-policy/navigate-to/form-redirected-allowed.html b/testing/web-platform/tests/content-security-policy/navigate-to/form-redirected-allowed.html
new file mode 100644
index 0000000000..129b719c22
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/navigate-to/form-redirected-allowed.html
@@ -0,0 +1,16 @@
+<!DOCTYPE html>
+
+<head>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+</head>
+
+<body>
+<script>
+ var t = async_test("Test that the child iframe navigation is allowed");
+ window.onmessage = t.step_func_done(function(e) {
+ assert_equals(e.data.result, 'success');
+ });
+</script>
+<iframe src="support/form_action_navigation.sub.html?csp=navigate-to%20%27self%27&action=redirect_to_post_message_to_frame_owner.py%3Flocation%3Dpost_message_to_frame_owner.html"></iframe>
+</body> \ No newline at end of file
diff --git a/testing/web-platform/tests/content-security-policy/navigate-to/form-redirected-blocked.sub.html b/testing/web-platform/tests/content-security-policy/navigate-to/form-redirected-blocked.sub.html
new file mode 100644
index 0000000000..d60b8a7aa8
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/navigate-to/form-redirected-blocked.sub.html
@@ -0,0 +1,20 @@
+<!DOCTYPE html>
+
+<head>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+</head>
+
+<body>
+<script>
+ var t = async_test("Test that the child iframe navigation is not allowed");
+ window.onmessage = t.step_func_done(function(e) {
+ assert_equals(e.data.result, 'fail');
+ assert_equals(e.data.violatedDirective, 'navigate-to');
+ });
+</script>
+
+<iframe src="support/form_action_navigation.sub.html?csp=navigate-to%20%27self%27&report_id={{$id:uuid()}}&action=redirect_to_post_message_to_frame_owner.py%3Flocation%3Dhttp%3A%2F%2F{{domains[www1]}}%3A{{ports[http][0]}}%2Fcontent-security-policy%2Fnavigate-to%2Fsupport%2Fpost_message_to_frame_owner.html"></iframe>
+
+<script async defer src='../support/checkReport.sub.js?reportField=violated-directive&reportValue=navigate-to%20%27self%27&reportID={{$id}}'></script>
+</body> \ No newline at end of file
diff --git a/testing/web-platform/tests/content-security-policy/navigate-to/href-location-allowed.html b/testing/web-platform/tests/content-security-policy/navigate-to/href-location-allowed.html
new file mode 100644
index 0000000000..16e11e0c65
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/navigate-to/href-location-allowed.html
@@ -0,0 +1,17 @@
+<!DOCTYPE html>
+
+<head>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+</head>
+
+<body>
+<script>
+ var t = async_test("Test that the child iframe navigation is allowed");
+ window.onmessage = t.step_func_done(function(e) {
+ assert_equals(e.data.result, 'success');
+ });
+
+ window.open("support/href_location_navigation.sub.html?csp=navigate-to%20%27self%27&target=post_message_to_frame_owner.html", "_blank");
+</script>
+</body> \ No newline at end of file
diff --git a/testing/web-platform/tests/content-security-policy/navigate-to/href-location-blocked.sub.html b/testing/web-platform/tests/content-security-policy/navigate-to/href-location-blocked.sub.html
new file mode 100644
index 0000000000..721f055c71
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/navigate-to/href-location-blocked.sub.html
@@ -0,0 +1,20 @@
+<!DOCTYPE html>
+
+<head>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+</head>
+
+<body>
+<script>
+ var t = async_test("Test that the child iframe navigation is not allowed");
+ window.onmessage = t.step_func_done(function(e) {
+ assert_equals(e.data.result, 'fail');
+ assert_equals(e.data.violatedDirective, 'navigate-to');
+ });
+
+ window.open("support/href_location_navigation.sub.html?csp=navigate-to%20%27none%27&report_id={{$id:uuid()}}&target=post_message_to_frame_owner.html", "_blank");
+</script>
+
+<script async defer src='../support/checkReport.sub.js?reportField=violated-directive&reportValue=navigate-to%20%27none%27&reportID={{$id}}'></script>
+</body> \ No newline at end of file
diff --git a/testing/web-platform/tests/content-security-policy/navigate-to/href-location-cross-origin-allowed.sub.html b/testing/web-platform/tests/content-security-policy/navigate-to/href-location-cross-origin-allowed.sub.html
new file mode 100644
index 0000000000..a9396fc406
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/navigate-to/href-location-cross-origin-allowed.sub.html
@@ -0,0 +1,17 @@
+<!DOCTYPE html>
+
+<head>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+</head>
+
+<body>
+<script>
+ var t = async_test("Test that the child iframe navigation is allowed");
+ window.onmessage = t.step_func_done(function(e) {
+ assert_equals(e.data.result, 'success');
+ });
+
+ window.open("support/href_location_navigation.sub.html?csp=navigate-to%20http%3A%2F%2F{{domains[www1]}}:{{ports[http][0]}}&target=http%3A%2F%2F{{domains[www1]}}:{{ports[http][0]}}%2Fcontent-security-policy%2Fnavigate-to%2Fsupport%2Fpost_message_to_frame_owner.html", "_blank");
+</script>
+</body> \ No newline at end of file
diff --git a/testing/web-platform/tests/content-security-policy/navigate-to/href-location-cross-origin-blocked.sub.html b/testing/web-platform/tests/content-security-policy/navigate-to/href-location-cross-origin-blocked.sub.html
new file mode 100644
index 0000000000..cd0cd9106d
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/navigate-to/href-location-cross-origin-blocked.sub.html
@@ -0,0 +1,20 @@
+<!DOCTYPE html>
+
+<head>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+</head>
+
+<body>
+<script>
+ var t = async_test("Test that the child iframe navigation is not allowed");
+ window.onmessage = t.step_func_done(function(e) {
+ assert_equals(e.data.result, 'fail');
+ assert_equals(e.data.violatedDirective, 'navigate-to');
+ });
+
+ window.open("support/href_location_navigation.sub.html?csp=navigate-to%20%27self%27&report_id={{$id:uuid()}}&target=http%3A%2F%2F{{domains[www1]}}:{{ports[http][0]}}%2Fcontent-security-policy%2Fnavigate-to%2Fsupport%2Fpost_message_to_frame_owner.html", "_blank");
+</script>
+
+<script async defer src='../support/checkReport.sub.js?reportField=violated-directive&reportValue=navigate-to%20%27self%27&reportID={{$id}}'></script>
+</body> \ No newline at end of file
diff --git a/testing/web-platform/tests/content-security-policy/navigate-to/href-location-redirected-allowed.html b/testing/web-platform/tests/content-security-policy/navigate-to/href-location-redirected-allowed.html
new file mode 100644
index 0000000000..4dbfa7aef9
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/navigate-to/href-location-redirected-allowed.html
@@ -0,0 +1,17 @@
+<!DOCTYPE html>
+
+<head>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+</head>
+
+<body>
+<script>
+ var t = async_test("Test that the child iframe navigation is allowed");
+ window.onmessage = t.step_func_done(function(e) {
+ assert_equals(e.data.result, 'success');
+ });
+
+ window.open("support/href_location_navigation.sub.html?csp=navigate-to%20%27self%27&target=redirect_to_post_message_to_frame_owner.py", "_blank");
+</script>
+</body> \ No newline at end of file
diff --git a/testing/web-platform/tests/content-security-policy/navigate-to/href-location-redirected-blocked.sub.html b/testing/web-platform/tests/content-security-policy/navigate-to/href-location-redirected-blocked.sub.html
new file mode 100644
index 0000000000..5d8fafb313
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/navigate-to/href-location-redirected-blocked.sub.html
@@ -0,0 +1,20 @@
+<!DOCTYPE html>
+
+<head>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+</head>
+
+<body>
+<script>
+ var t = async_test("Test that the child iframe navigation is not allowed");
+ window.onmessage = t.step_func_done(function(e) {
+ assert_equals(e.data.result, 'fail');
+ assert_equals(e.data.violatedDirective, 'navigate-to');
+ });
+
+ window.open("support/href_location_navigation.sub.html?csp=navigate-to%20%27self%27&report_id={{$id:uuid()}}&target=redirect_to_post_message_to_frame_owner.py%3Flocation%3Dhttp%3A%2F%2F{{domains[www1]}}%3A{{ports[http][0]}}%2Fcontent-security-policy%2Fnavigate-to%2Fsupport%2Fpost_message_to_frame_owner.html", "_blank");
+</script>
+
+<script async defer src='../support/checkReport.sub.js?reportField=violated-directive&reportValue=navigate-to%20%27self%27&reportID={{$id}}'></script>
+</body> \ No newline at end of file
diff --git a/testing/web-platform/tests/content-security-policy/navigate-to/link-click-allowed.html b/testing/web-platform/tests/content-security-policy/navigate-to/link-click-allowed.html
new file mode 100644
index 0000000000..977b85dfb2
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/navigate-to/link-click-allowed.html
@@ -0,0 +1,16 @@
+<!DOCTYPE html>
+
+<head>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+</head>
+
+<body>
+<script>
+ var t = async_test("Test that the child iframe navigation is allowed");
+ window.onmessage = t.step_func_done(function(e) {
+ assert_equals(e.data.result, 'success');
+ });
+</script>
+<iframe src="support/link_click_navigation.sub.html?csp=navigate-to%20%27self%27&target=post_message_to_frame_owner.html">
+</body> \ No newline at end of file
diff --git a/testing/web-platform/tests/content-security-policy/navigate-to/link-click-blocked.sub.html b/testing/web-platform/tests/content-security-policy/navigate-to/link-click-blocked.sub.html
new file mode 100644
index 0000000000..29686fcaef
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/navigate-to/link-click-blocked.sub.html
@@ -0,0 +1,19 @@
+<!DOCTYPE html>
+
+<head>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+</head>
+
+<body>
+<script>
+ var t = async_test("Test that the child iframe navigation is not allowed");
+ window.onmessage = t.step_func_done(function(e) {
+ assert_equals(e.data.result, 'fail');
+ assert_equals(e.data.violatedDirective, 'navigate-to');
+ });
+</script>
+<iframe src="support/link_click_navigation.sub.html?csp=navigate-to%20%27none%27&report_id={{$id:uuid()}}&target=post_message_to_frame_owner.html"></iframe>
+
+<script async defer src='../support/checkReport.sub.js?reportField=violated-directive&reportValue=navigate-to%20%27self%27&reportID={{$id}}'></script>
+</body> \ No newline at end of file
diff --git a/testing/web-platform/tests/content-security-policy/navigate-to/link-click-cross-origin-allowed.sub.html b/testing/web-platform/tests/content-security-policy/navigate-to/link-click-cross-origin-allowed.sub.html
new file mode 100644
index 0000000000..4381bcb08d
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/navigate-to/link-click-cross-origin-allowed.sub.html
@@ -0,0 +1,16 @@
+<!DOCTYPE html>
+
+<head>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+</head>
+
+<body>
+<script>
+ var t = async_test("Test that the child iframe navigation is allowed");
+ window.onmessage = t.step_func_done(function(e) {
+ assert_equals(e.data.result, 'success');
+ });
+</script>
+<iframe src="support/link_click_navigation.sub.html?csp=navigate-to%20http%3A%2F%2F{{domains[www1]}}:{{ports[http][0]}}&target=http%3A%2F%2F{{domains[www1]}}:{{ports[http][0]}}%2Fcontent-security-policy%2Fnavigate-to%2Fsupport%2Fpost_message_to_frame_owner.html">
+</body> \ No newline at end of file
diff --git a/testing/web-platform/tests/content-security-policy/navigate-to/link-click-cross-origin-blocked.sub.html b/testing/web-platform/tests/content-security-policy/navigate-to/link-click-cross-origin-blocked.sub.html
new file mode 100644
index 0000000000..f2b106c577
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/navigate-to/link-click-cross-origin-blocked.sub.html
@@ -0,0 +1,20 @@
+<!DOCTYPE html>
+
+<head>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+</head>
+
+<body>
+<script>
+ var t = async_test("Test that the child iframe navigation is not allowed");
+ window.onmessage = t.step_func_done(function(e) {
+ assert_equals(e.data.result, 'fail');
+ assert_equals(e.data.violatedDirective, 'navigate-to');
+ });
+</script>
+
+<iframe src="support/link_click_navigation.sub.html?csp=navigate-to%20%27self%27&report_id={{$id:uuid()}}&target=http%3A%2F%2F{{domains[www1]}}:{{ports[http][0]}}%2Fcontent-security-policy%2Fnavigate-to%2Fsupport%2Fpost_message_to_frame_owner.html"></iframe>
+
+<script async defer src='../support/checkReport.sub.js?reportField=violated-directive&reportValue=navigate-to%20%27self%27&reportID={{$id}}'></script>
+</body> \ No newline at end of file
diff --git a/testing/web-platform/tests/content-security-policy/navigate-to/link-click-redirected-allowed.html b/testing/web-platform/tests/content-security-policy/navigate-to/link-click-redirected-allowed.html
new file mode 100644
index 0000000000..87dea95b1d
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/navigate-to/link-click-redirected-allowed.html
@@ -0,0 +1,16 @@
+<!DOCTYPE html>
+
+<head>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+</head>
+
+<body>
+<script>
+ var t = async_test("Test that the child iframe navigation is allowed");
+ window.onmessage = t.step_func_done(function(e) {
+ assert_equals(e.data.result, 'success');
+ });
+</script>
+<iframe src="support/link_click_navigation.sub.html?csp=navigate-to%20%27self%27&target=redirect_to_post_message_to_frame_owner.py">
+</body> \ No newline at end of file
diff --git a/testing/web-platform/tests/content-security-policy/navigate-to/link-click-redirected-blocked.sub.html b/testing/web-platform/tests/content-security-policy/navigate-to/link-click-redirected-blocked.sub.html
new file mode 100644
index 0000000000..9b9205a526
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/navigate-to/link-click-redirected-blocked.sub.html
@@ -0,0 +1,19 @@
+<!DOCTYPE html>
+
+<head>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+</head>
+
+<body>
+<script>
+ var t = async_test("Test that the child iframe navigation is not allowed");
+ window.onmessage = t.step_func_done(function(e) {
+ assert_equals(e.data.result, 'fail');
+ assert_equals(e.data.violatedDirective, 'navigate-to');
+ });
+</script>
+<iframe src="support/link_click_navigation.sub.html?csp=navigate-to%20%27self%27&report_id={{$id:uuid()}}&target=redirect_to_post_message_to_frame_owner.py%3Flocation%3Dhttp%3A%2F%2F{{domains[www1]}}%3A{{ports[http][0]}}%2Fcontent-security-policy%2Fnavigate-to%2Fsupport%2Fpost_message_to_frame_owner.html"></iframe>
+
+<script async defer src='../support/checkReport.sub.js?reportField=violated-directive&reportValue=navigate-to%20%27self%27&reportID={{$id}}'></script>
+</body> \ No newline at end of file
diff --git a/testing/web-platform/tests/content-security-policy/navigate-to/meta-refresh-allowed.html b/testing/web-platform/tests/content-security-policy/navigate-to/meta-refresh-allowed.html
new file mode 100644
index 0000000000..eeaefc496e
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/navigate-to/meta-refresh-allowed.html
@@ -0,0 +1,16 @@
+<!DOCTYPE html>
+
+<head>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+</head>
+
+<body>
+<script>
+ var t = async_test("Test that the child iframe navigation is allowed");
+ window.onmessage = t.step_func_done(function(e) {
+ assert_equals(e.data.result, 'success');
+ });
+</script>
+<iframe src="support/meta_refresh_navigation.sub.html?csp=navigate-to%20%27self%27&target=post_message_to_frame_owner.html">
+</body> \ No newline at end of file
diff --git a/testing/web-platform/tests/content-security-policy/navigate-to/meta-refresh-blocked.sub.html b/testing/web-platform/tests/content-security-policy/navigate-to/meta-refresh-blocked.sub.html
new file mode 100644
index 0000000000..1292c9ba5f
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/navigate-to/meta-refresh-blocked.sub.html
@@ -0,0 +1,20 @@
+<!DOCTYPE html>
+
+<head>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+</head>
+
+<body>
+<script>
+ var t = async_test("Test that the child iframe navigation is not allowed");
+ window.onmessage = t.step_func_done(function(e) {
+ assert_equals(e.data.result, 'fail');
+ assert_equals(e.data.violatedDirective, 'navigate-to');
+ });
+</script>
+
+<iframe src="support/meta_refresh_navigation.sub.html?csp=navigate-to%20%27none%27&report_id={{$id:uuid()}}&target=post_message_to_frame_owner.html"></iframe>
+
+<script async defer src='../support/checkReport.sub.js?reportField=violated-directive&reportValue=navigate-to%20%27none%27&reportID={{$id}}'></script>
+</body> \ No newline at end of file
diff --git a/testing/web-platform/tests/content-security-policy/navigate-to/meta-refresh-cross-origin-allowed.sub.html b/testing/web-platform/tests/content-security-policy/navigate-to/meta-refresh-cross-origin-allowed.sub.html
new file mode 100644
index 0000000000..39e887eaad
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/navigate-to/meta-refresh-cross-origin-allowed.sub.html
@@ -0,0 +1,16 @@
+<!DOCTYPE html>
+
+<head>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+</head>
+
+<body>
+<script>
+ var t = async_test("Test that the child iframe navigation is allowed");
+ window.onmessage = t.step_func_done(function(e) {
+ assert_equals(e.data.result, 'success');
+ });
+</script>
+<iframe src="support/meta_refresh_navigation.sub.html?csp=navigate-to%20http%3A%2F%2F{{domains[www1]}}:{{ports[http][0]}}&target=http%3A%2F%2F{{domains[www1]}}:{{ports[http][0]}}%2Fcontent-security-policy%2Fnavigate-to%2Fsupport%2Fpost_message_to_frame_owner.html">
+</body> \ No newline at end of file
diff --git a/testing/web-platform/tests/content-security-policy/navigate-to/meta-refresh-cross-origin-blocked.sub.html b/testing/web-platform/tests/content-security-policy/navigate-to/meta-refresh-cross-origin-blocked.sub.html
new file mode 100644
index 0000000000..d7ccd33620
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/navigate-to/meta-refresh-cross-origin-blocked.sub.html
@@ -0,0 +1,20 @@
+<!DOCTYPE html>
+
+<head>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+</head>
+
+<body>
+<script>
+ var t = async_test("Test that the child iframe navigation is not allowed");
+ window.onmessage = t.step_func_done(function(e) {
+ assert_equals(e.data.result, 'fail');
+ assert_equals(e.data.violatedDirective, 'navigate-to');
+ });
+</script>
+
+<iframe src="support/meta_refresh_navigation.sub.html?csp=navigate-to%20%27self%27&report_id={{$id:uuid()}}&target=http%3A%2F%2F{{domains[www1]}}:{{ports[http][0]}}%2Fcontent-security-policy%2Fnavigate-to%2Fsupport%2Fpost_message_to_frame_owner.html"></iframe>
+
+<script async defer src='../support/checkReport.sub.js?reportField=violated-directive&reportValue=navigate-to%20%27self%27&reportID={{$id}}'></script>
+</body> \ No newline at end of file
diff --git a/testing/web-platform/tests/content-security-policy/navigate-to/meta-refresh-redirected-allowed.html b/testing/web-platform/tests/content-security-policy/navigate-to/meta-refresh-redirected-allowed.html
new file mode 100644
index 0000000000..de756bce8b
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/navigate-to/meta-refresh-redirected-allowed.html
@@ -0,0 +1,16 @@
+<!DOCTYPE html>
+
+<head>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+</head>
+
+<body>
+<script>
+ var t = async_test("Test that the child iframe navigation is allowed");
+ window.onmessage = t.step_func_done(function(e) {
+ assert_equals(e.data.result, 'success');
+ });
+</script>
+<iframe src="support/meta_refresh_navigation.sub.html?csp=navigate-to%20%27self%27&target=redirect_to_post_message_to_frame_owner.py">
+</body> \ No newline at end of file
diff --git a/testing/web-platform/tests/content-security-policy/navigate-to/meta-refresh-redirected-blocked.sub.html b/testing/web-platform/tests/content-security-policy/navigate-to/meta-refresh-redirected-blocked.sub.html
new file mode 100644
index 0000000000..0734473ee6
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/navigate-to/meta-refresh-redirected-blocked.sub.html
@@ -0,0 +1,20 @@
+<!DOCTYPE html>
+
+<head>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+</head>
+
+<body>
+<script>
+ var t = async_test("Test that the child iframe navigation is not allowed");
+ window.onmessage = t.step_func_done(function(e) {
+ assert_equals(e.data.result, 'fail');
+ assert_equals(e.data.violatedDirective, 'navigate-to');
+ });
+</script>
+
+<iframe src="support/meta_refresh_navigation.sub.html?csp=navigate-to%20%27self%27&report_id={{$id:uuid()}}&target=redirect_to_post_message_to_frame_owner.py%3Flocation%3Dhttp%3A%2F%2F{{domains[www1]}}%3A{{ports[http][0]}}%2Fcontent-security-policy%2Fnavigate-to%2Fsupport%2Fpost_message_to_frame_owner.html"></iframe>
+
+<script async defer src='../support/checkReport.sub.js?reportField=violated-directive&reportValue=navigate-to%20%27self%27&reportID={{$id}}'></script>
+</body> \ No newline at end of file
diff --git a/testing/web-platform/tests/content-security-policy/navigate-to/parent-navigates-child-allowed.html b/testing/web-platform/tests/content-security-policy/navigate-to/parent-navigates-child-allowed.html
new file mode 100644
index 0000000000..47a661157c
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/navigate-to/parent-navigates-child-allowed.html
@@ -0,0 +1,26 @@
+<!DOCTYPE html>
+
+<head>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+</head>
+
+<body>
+<script>
+ var t = async_test("Test that the parent can navigate the child because the relevant policy belongs to the navigation initiator (in this case the parent, which has the policy `navigate-to 'self'`)");
+ window.onmessage = t.step_func_done(function(e) {
+ assert_equals(e.data.result, 'success');
+ });
+ window.addEventListener('securitypolicyviolation', t.unreached_func("Should not have triggered a policy violation"));
+
+ var i = document.createElement('iframe');
+ var src_changed = false;
+ i.onload = function() {
+ if (src_changed) return;
+ src_changed = true;
+ i.src = "support/post_message_to_frame_owner.html";
+ }
+ i.src = "support/wait_for_navigation.html?csp=navigate-to%20%none%27";
+ document.body.appendChild(i);
+</script>
+</body>
diff --git a/testing/web-platform/tests/content-security-policy/navigate-to/parent-navigates-child-allowed.html.headers b/testing/web-platform/tests/content-security-policy/navigate-to/parent-navigates-child-allowed.html.headers
new file mode 100644
index 0000000000..9cb770bcc1
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/navigate-to/parent-navigates-child-allowed.html.headers
@@ -0,0 +1,4 @@
+Expires: Mon, 26 Jul 1997 05:00:00 GMT
+Cache-Control: no-store, no-cache, must-revalidate
+Pragma: no-cache
+Content-Security-Policy: navigate-to 'self'
diff --git a/testing/web-platform/tests/content-security-policy/navigate-to/parent-navigates-child-blocked.html b/testing/web-platform/tests/content-security-policy/navigate-to/parent-navigates-child-blocked.html
new file mode 100644
index 0000000000..c662da95fa
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/navigate-to/parent-navigates-child-blocked.html
@@ -0,0 +1,28 @@
+<!DOCTYPE html>
+
+<head>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+</head>
+
+<body>
+<script>
+ var t = async_test("Test that the parent can't navigate the child because the relevant policy belongs to the navigation initiator (in this case the parent, which has the policy `navigate-to support/wait_for_navigation.html;`)");
+ window.onmessage = t.unreached_func("Should not have received a message as the navigation should not have been successful");
+ window.addEventListener('securitypolicyviolation', t.step_func_done(function(e) {
+ assert_equals(e.violatedDirective, 'navigate-to');
+ }));
+
+ var i = document.createElement('iframe');
+ var src_changed = false;
+ i.onload = function() {
+ if (src_changed) return;
+ src_changed = true;
+ i.src = "support/post_message_to_frame_owner.html";
+ }
+ i.src = "support/wait_for_navigation.html?csp=navigate-to%20%27self%27";
+ document.body.appendChild(i);
+</script>
+
+<script async defer src='../support/checkReport.sub.js?reportField=violated-directive&reportValue=navigate-to%20support%2Fwait_for_navigation.html'></script>
+</body>
diff --git a/testing/web-platform/tests/content-security-policy/navigate-to/parent-navigates-child-blocked.html.sub.headers b/testing/web-platform/tests/content-security-policy/navigate-to/parent-navigates-child-blocked.html.sub.headers
new file mode 100644
index 0000000000..36238fa78a
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/navigate-to/parent-navigates-child-blocked.html.sub.headers
@@ -0,0 +1,5 @@
+Expires: Mon, 26 Jul 1997 05:00:00 GMT
+Cache-Control: no-store, no-cache, must-revalidate
+Pragma: no-cache
+Set-Cookie: parent-navigates-child-blocked={{$id:uuid()}}; Path=/content-security-policy/navigate-to/
+Content-Security-Policy: navigate-to support/wait_for_navigation.html; report-uri /reporting/resources/report.py?op=put&reportID={{$id}}
diff --git a/testing/web-platform/tests/content-security-policy/navigate-to/spv-only-sent-to-initiator.sub.html b/testing/web-platform/tests/content-security-policy/navigate-to/spv-only-sent-to-initiator.sub.html
new file mode 100644
index 0000000000..a09057e715
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/navigate-to/spv-only-sent-to-initiator.sub.html
@@ -0,0 +1,48 @@
+<!DOCTYPE html>
+
+<head>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+</head>
+<body>
+<!-- This tests that a navigation initiator that has been replaced by the time
+ the navigation it initiates is blocked, will not receive the SPV event.
+
+ An iframe will navigate another iframe and the navigate itself.
+ The second iframe's navigation response will be delayed by the server but will
+ eventually be blocked by the CSP of the first iframe.
+ By the time this happens the first iframe should be an entirely different
+ document and it should not receive a SPV event -->
+<script>
+ var t = async_test("Test that no spv event is raised");
+ window.onmessage = t.step_func(function(e) {
+ if (e.data == "end_test") t.done();
+ else assert_unreached("Should not have raised a spv event");
+ });
+
+ var frames_loaded_count = 0;
+ var frame_loaded = function() {
+ if (++frames_loaded_count == 2) {
+ // both child frame have loaded we can start the
+ // test now, send a message to iframe1 so it knows to start
+ document.getElementById('iframe1').contentWindow.postMessage('start_test', '*');
+ }
+ }
+ var i1 = document.createElement('iframe');
+ i1.src = "support/spv-test-iframe1.sub.html?report_id={{$id:uuid()}}";
+ i1.id = "iframe1";
+ i1.name = "iframe1";
+ i1.onload = frame_loaded;
+ document.body.appendChild(i1);
+
+ var i2 = document.createElement('iframe');
+ i2.src = "support/spv-test-iframe2.sub.html";
+ i2.id = "iframe2";
+ i2.name = "iframe2";
+ i2.onload = frame_loaded;
+ document.body.appendChild(i2);
+</script>
+
+<script async defer src='../support/checkReport.sub.js?reportExists=false&reportID={{$id}}'></script>
+
+</body>
diff --git a/testing/web-platform/tests/content-security-policy/navigate-to/support/delayed_frame.py b/testing/web-platform/tests/content-security-policy/navigate-to/support/delayed_frame.py
new file mode 100644
index 0000000000..06bcb9b680
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/navigate-to/support/delayed_frame.py
@@ -0,0 +1,12 @@
+import time
+def main(request, response):
+ time.sleep(1)
+ headers = [(b"Content-Type", b"text/html")]
+ return headers, u'''
+<!DOCTYPE html>
+<head>
+</head>
+<body>
+ DELAYED FRAME
+</body
+'''
diff --git a/testing/web-platform/tests/content-security-policy/navigate-to/support/form_action_navigation.sub.html b/testing/web-platform/tests/content-security-policy/navigate-to/support/form_action_navigation.sub.html
new file mode 100644
index 0000000000..a4121944ea
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/navigate-to/support/form_action_navigation.sub.html
@@ -0,0 +1,33 @@
+<!DOCTYPE html>
+<head>
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+
+ <script>
+ window.addEventListener('securitypolicyviolation', function(e) {
+ top.postMessage({result: 'fail', violatedDirective: e.violatedDirective}, '*');
+ });
+ </script>
+</head>
+
+<body>
+<form action='{{GET[action]}}' target='_self' id='form'>
+ <input type="text" name="dummy">
+ <div id="form-div"></div>
+</form>
+
+<script>
+ try {
+ url = new URL("{{GET[action]}}", location.href);
+ for (var p of url.searchParams) {
+ var elem = document.createElement('input');
+ elem.type = 'text';
+ elem.name = p[0];
+ elem.value = p[1];
+ document.getElementById('form-div').appendChild(elem);
+ }
+ } catch(ex) {}
+
+ document.getElementById('form').submit();
+</script>
+</body> \ No newline at end of file
diff --git a/testing/web-platform/tests/content-security-policy/navigate-to/support/form_action_navigation.sub.html.sub.headers b/testing/web-platform/tests/content-security-policy/navigate-to/support/form_action_navigation.sub.html.sub.headers
new file mode 100644
index 0000000000..a42cfe2d95
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/navigate-to/support/form_action_navigation.sub.html.sub.headers
@@ -0,0 +1,4 @@
+Expires: Mon, 26 Jul 1997 05:00:00 GMT
+Cache-Control: no-store, no-cache, must-revalidate
+Pragma: no-cache
+Content-Security-Policy: {{GET[csp]}}; report-uri /reporting/resources/report.py?op=put&reportID={{GET[report_id]}}
diff --git a/testing/web-platform/tests/content-security-policy/navigate-to/support/href_location_navigation.sub.html b/testing/web-platform/tests/content-security-policy/navigate-to/support/href_location_navigation.sub.html
new file mode 100644
index 0000000000..15b1365cc2
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/navigate-to/support/href_location_navigation.sub.html
@@ -0,0 +1,17 @@
+<!DOCTYPE html>
+<head>
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+</head>
+
+<body>
+<script>
+ window.addEventListener('securitypolicyviolation', function(e) {
+ opener.postMessage({result: 'fail', violatedDirective: e.violatedDirective}, '*');
+ });
+
+ try {
+ location.href = "{{GET[target]}}";
+ } catch(ex) {}
+</script>
+</body> \ No newline at end of file
diff --git a/testing/web-platform/tests/content-security-policy/navigate-to/support/href_location_navigation.sub.html.sub.headers b/testing/web-platform/tests/content-security-policy/navigate-to/support/href_location_navigation.sub.html.sub.headers
new file mode 100644
index 0000000000..a42cfe2d95
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/navigate-to/support/href_location_navigation.sub.html.sub.headers
@@ -0,0 +1,4 @@
+Expires: Mon, 26 Jul 1997 05:00:00 GMT
+Cache-Control: no-store, no-cache, must-revalidate
+Pragma: no-cache
+Content-Security-Policy: {{GET[csp]}}; report-uri /reporting/resources/report.py?op=put&reportID={{GET[report_id]}}
diff --git a/testing/web-platform/tests/content-security-policy/navigate-to/support/link_click_navigation.sub.html b/testing/web-platform/tests/content-security-policy/navigate-to/support/link_click_navigation.sub.html
new file mode 100644
index 0000000000..2434271211
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/navigate-to/support/link_click_navigation.sub.html
@@ -0,0 +1,16 @@
+<!DOCTYPE html>
+<head>
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+</head>
+
+<body>
+<a href="{{GET[target]}}" id="link">dummy link</a>
+<script>
+ window.addEventListener('securitypolicyviolation', function(e) {
+ top.postMessage({result: 'fail', violatedDirective: e.violatedDirective}, '*');
+ });
+
+ document.getElementById('link').click();
+</script>
+</body> \ No newline at end of file
diff --git a/testing/web-platform/tests/content-security-policy/navigate-to/support/link_click_navigation.sub.html.sub.headers b/testing/web-platform/tests/content-security-policy/navigate-to/support/link_click_navigation.sub.html.sub.headers
new file mode 100644
index 0000000000..a42cfe2d95
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/navigate-to/support/link_click_navigation.sub.html.sub.headers
@@ -0,0 +1,4 @@
+Expires: Mon, 26 Jul 1997 05:00:00 GMT
+Cache-Control: no-store, no-cache, must-revalidate
+Pragma: no-cache
+Content-Security-Policy: {{GET[csp]}}; report-uri /reporting/resources/report.py?op=put&reportID={{GET[report_id]}}
diff --git a/testing/web-platform/tests/content-security-policy/navigate-to/support/meta_refresh_navigation.sub.html b/testing/web-platform/tests/content-security-policy/navigate-to/support/meta_refresh_navigation.sub.html
new file mode 100644
index 0000000000..64bae27fed
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/navigate-to/support/meta_refresh_navigation.sub.html
@@ -0,0 +1,16 @@
+<!DOCTYPE html>
+<head>
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+
+ <script>
+ window.addEventListener('securitypolicyviolation', function(e) {
+ top.postMessage({result: 'fail', violatedDirective: e.violatedDirective}, '*');
+ });
+ </script>
+
+ <meta http-equiv="refresh" content="0; url={{GET[target]}}">
+</head>
+
+<body>
+</body> \ No newline at end of file
diff --git a/testing/web-platform/tests/content-security-policy/navigate-to/support/meta_refresh_navigation.sub.html.sub.headers b/testing/web-platform/tests/content-security-policy/navigate-to/support/meta_refresh_navigation.sub.html.sub.headers
new file mode 100644
index 0000000000..a42cfe2d95
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/navigate-to/support/meta_refresh_navigation.sub.html.sub.headers
@@ -0,0 +1,4 @@
+Expires: Mon, 26 Jul 1997 05:00:00 GMT
+Cache-Control: no-store, no-cache, must-revalidate
+Pragma: no-cache
+Content-Security-Policy: {{GET[csp]}}; report-uri /reporting/resources/report.py?op=put&reportID={{GET[report_id]}}
diff --git a/testing/web-platform/tests/content-security-policy/navigate-to/support/navigate_parent.sub.html b/testing/web-platform/tests/content-security-policy/navigate-to/support/navigate_parent.sub.html
new file mode 100644
index 0000000000..a84c9c64ca
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/navigate-to/support/navigate_parent.sub.html
@@ -0,0 +1,18 @@
+<!DOCTYPE html>
+<head>
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+
+ <script>
+ window.addEventListener('securitypolicyviolation', function(e) {
+ top.postMessage({result: 'fail', violatedDirective: e.violatedDirective}, '*');
+ });
+ </script>
+</head>
+
+<body>
+<a href="post_message_to_frame_owner.html" id="link" target="_parent">dummy link</a>
+<script>
+ document.getElementById('link').click();
+</script>
+</body> \ No newline at end of file
diff --git a/testing/web-platform/tests/content-security-policy/navigate-to/support/navigate_parent.sub.html.sub.headers b/testing/web-platform/tests/content-security-policy/navigate-to/support/navigate_parent.sub.html.sub.headers
new file mode 100644
index 0000000000..a42cfe2d95
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/navigate-to/support/navigate_parent.sub.html.sub.headers
@@ -0,0 +1,4 @@
+Expires: Mon, 26 Jul 1997 05:00:00 GMT
+Cache-Control: no-store, no-cache, must-revalidate
+Pragma: no-cache
+Content-Security-Policy: {{GET[csp]}}; report-uri /reporting/resources/report.py?op=put&reportID={{GET[report_id]}}
diff --git a/testing/web-platform/tests/content-security-policy/navigate-to/support/post_message_to_frame_owner.html b/testing/web-platform/tests/content-security-policy/navigate-to/support/post_message_to_frame_owner.html
new file mode 100644
index 0000000000..c25e49d146
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/navigate-to/support/post_message_to_frame_owner.html
@@ -0,0 +1,6 @@
+<script>
+ if (window.opener)
+ window.opener.postMessage({result: 'success'}, '*');
+ else
+ top.postMessage({result: 'success'}, '*');
+</script> \ No newline at end of file
diff --git a/testing/web-platform/tests/content-security-policy/navigate-to/support/redirect_to_post_message_to_frame_owner.py b/testing/web-platform/tests/content-security-policy/navigate-to/support/redirect_to_post_message_to_frame_owner.py
new file mode 100644
index 0000000000..0f6f6eca7b
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/navigate-to/support/redirect_to_post_message_to_frame_owner.py
@@ -0,0 +1,6 @@
+def main(request, response):
+ response.status = 302
+ if b"location" in request.GET:
+ response.headers.set(b"Location", request.GET[b"location"])
+ else:
+ response.headers.set(b"Location", b"post_message_to_frame_owner.html")
diff --git a/testing/web-platform/tests/content-security-policy/navigate-to/support/spv-test-iframe1.sub.html b/testing/web-platform/tests/content-security-policy/navigate-to/support/spv-test-iframe1.sub.html
new file mode 100644
index 0000000000..9e26c02be3
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/navigate-to/support/spv-test-iframe1.sub.html
@@ -0,0 +1,19 @@
+<!DOCTYPE html>
+<head>
+ <script>
+ window.onmessage = function(e) {
+ if (e.data == "start_test") {
+ document.getElementById('link').click();
+ location.href = "{{location[server]}}/content-security-policy/navigate-to/support/spv-test-iframe3.sub.html";
+ }
+ }
+ window.addEventListener('securitypolicyviolation', function(e) {
+ top.postMessage({iframe: 'iframe1', violatedDirective: e.violatedDirective}, '*');
+ });
+ </script>
+</head>
+
+<body>
+ <a href="{{location[server]}}/content-security-policy/navigate-to/support/delayed_frame.py" id="link" target="iframe2">dummy link</a>
+ IFRAME 1
+</body>
diff --git a/testing/web-platform/tests/content-security-policy/navigate-to/support/spv-test-iframe1.sub.html.sub.headers b/testing/web-platform/tests/content-security-policy/navigate-to/support/spv-test-iframe1.sub.html.sub.headers
new file mode 100644
index 0000000000..9d83b92d96
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/navigate-to/support/spv-test-iframe1.sub.html.sub.headers
@@ -0,0 +1,4 @@
+Expires: Mon, 26 Jul 1997 05:00:00 GMT
+Cache-Control: no-store, no-cache, must-revalidate
+Pragma: no-cache
+Content-Security-Policy: navigate-to {{location[server]}}/content-security-policy/navigate-to/support/spv-test-iframe3.sub.html 'unsafe-allow-redirects'; report-uri /reporting/resources/report.py?op=put&reportID={{GET[report_id]}}
diff --git a/testing/web-platform/tests/content-security-policy/navigate-to/support/spv-test-iframe2.sub.html b/testing/web-platform/tests/content-security-policy/navigate-to/support/spv-test-iframe2.sub.html
new file mode 100644
index 0000000000..1329683c88
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/navigate-to/support/spv-test-iframe2.sub.html
@@ -0,0 +1,14 @@
+<!DOCTYPE html>
+<head>
+</head>
+<body>
+ <script>
+ window.addEventListener('securitypolicyviolation', function(e) {
+ top.postMessage({iframe: 'iframe1', violatedDirective: e.violatedDirective}, '*');
+ });
+ setTimeout(function() {
+ top.postMessage("end_test", "*");
+ }, 4000);
+ </script>
+ IFRAME 2
+</body>
diff --git a/testing/web-platform/tests/content-security-policy/navigate-to/support/spv-test-iframe3.sub.html b/testing/web-platform/tests/content-security-policy/navigate-to/support/spv-test-iframe3.sub.html
new file mode 100644
index 0000000000..09dbf6863d
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/navigate-to/support/spv-test-iframe3.sub.html
@@ -0,0 +1,12 @@
+<!DOCTYPE html>
+<head>
+ <script>
+ window.addEventListener('securitypolicyviolation', function(e) {
+ top.postMessage({iframe: 'iframe3', violatedDirective: e.violatedDirective}, '*');
+ });
+ </script>
+</head>
+
+<body>
+ IFRAME 3
+</body>
diff --git a/testing/web-platform/tests/content-security-policy/navigate-to/support/wait_for_navigation.html b/testing/web-platform/tests/content-security-policy/navigate-to/support/wait_for_navigation.html
new file mode 100644
index 0000000000..2450ff1c0a
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/navigate-to/support/wait_for_navigation.html
@@ -0,0 +1,14 @@
+<!DOCTYPE html>
+<head>
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+
+ <script>
+ window.addEventListener('securitypolicyviolation', function(e) {
+ top.postMessage({result: 'fail', violatedDirective: e.violatedDirective}, '*');
+ });
+ </script>
+</head>
+
+<body>
+</body> \ No newline at end of file
diff --git a/testing/web-platform/tests/content-security-policy/navigate-to/support/wait_for_navigation.html.sub.headers b/testing/web-platform/tests/content-security-policy/navigate-to/support/wait_for_navigation.html.sub.headers
new file mode 100644
index 0000000000..d3c635b9a0
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/navigate-to/support/wait_for_navigation.html.sub.headers
@@ -0,0 +1,4 @@
+Expires: Mon, 26 Jul 1997 05:00:00 GMT
+Cache-Control: no-store, no-cache, must-revalidate
+Pragma: no-cache
+Content-Security-Policy: {{GET[csp]}}
diff --git a/testing/web-platform/tests/content-security-policy/navigate-to/unsafe-allow-redirects/allowed-end-of-chain-because-of-same-origin.sub.html b/testing/web-platform/tests/content-security-policy/navigate-to/unsafe-allow-redirects/allowed-end-of-chain-because-of-same-origin.sub.html
new file mode 100644
index 0000000000..192477296b
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/navigate-to/unsafe-allow-redirects/allowed-end-of-chain-because-of-same-origin.sub.html
@@ -0,0 +1,29 @@
+<!DOCTYPE html>
+
+<head>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+</head>
+
+<body>
+<script>
+ var t = async_test("Test that the child iframe navigation is allowed");
+ window.onmessage = t.step_func_done(function(e) {
+ assert_equals(e.data.result, 'success');
+ });
+
+ // the iframe will navigate to:
+ // [www2]/..../redirect.py (which is not in the navigate-to source list) which will in turn navigate to
+ // [www1]/..../post_message_to_frame_owner.html which is not exactly in
+ // the list but the check should be reduced to an origin check since there has been a redirect.
+ // Because of 'unsafe-allow-redirects' only the second one is checked since the first is a redirect
+
+ var i = document.createElement('iframe');
+ i.src = "../support/link_click_navigation.sub.html" +
+ "?csp=" + encodeURIComponent("navigate-to {{location[scheme]}}://{{domains[www1]}}:{{location[port]}}/some-path/ 'unsafe-allow-redirects'") +
+ "&target=" + encodeURIComponent("{{location[scheme]}}://{{domains[www2]}}:{{location[port]}}/common/redirect.py?location=" +
+ encodeURIComponent("{{location[scheme]}}://{{domains[www1]}}:{{location[port]}}/content-security-policy/navigate-to/support/post_message_to_frame_owner.html"));
+ document.body.appendChild(i);
+</script>
+
+</body>
diff --git a/testing/web-platform/tests/content-security-policy/navigate-to/unsafe-allow-redirects/allowed-end-of-chain.sub.html b/testing/web-platform/tests/content-security-policy/navigate-to/unsafe-allow-redirects/allowed-end-of-chain.sub.html
new file mode 100644
index 0000000000..74fe8f2e7a
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/navigate-to/unsafe-allow-redirects/allowed-end-of-chain.sub.html
@@ -0,0 +1,28 @@
+<!DOCTYPE html>
+
+<head>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+</head>
+
+<body>
+<script>
+ var t = async_test("Test that the child iframe navigation is allowed");
+ window.onmessage = t.step_func_done(function(e) {
+ assert_equals(e.data.result, 'success');
+ });
+
+ // the iframe will navigate to:
+ // [www2]/..../redirect.py (which is not in the navigate-to source list) which will in turn navigate to
+ // [www1]/..../post_message_to_frame_owner.html which is in the list
+ // because of 'unsafe-allow-redirects' only the second one is checked since the first is a redirect
+
+ var i = document.createElement('iframe');
+ i.src = "../support/link_click_navigation.sub.html" +
+ "?csp=" + encodeURIComponent("navigate-to {{location[scheme]}}://{{domains[www1]}}:{{location[port]}} 'unsafe-allow-redirects'") +
+ "&target=" + encodeURIComponent("{{location[scheme]}}://{{domains[www2]}}:{{location[port]}}/common/redirect.py?location=" +
+ encodeURIComponent("{{location[scheme]}}://{{domains[www1]}}:{{location[port]}}/content-security-policy/navigate-to/support/post_message_to_frame_owner.html"));
+ document.body.appendChild(i);
+</script>
+
+</body>
diff --git a/testing/web-platform/tests/content-security-policy/navigate-to/unsafe-allow-redirects/blocked-end-of-chain.sub.html b/testing/web-platform/tests/content-security-policy/navigate-to/unsafe-allow-redirects/blocked-end-of-chain.sub.html
new file mode 100644
index 0000000000..86e54b3d93
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/navigate-to/unsafe-allow-redirects/blocked-end-of-chain.sub.html
@@ -0,0 +1,29 @@
+<!DOCTYPE html>
+
+<head>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+</head>
+
+<body>
+<script>
+ var t = async_test("Test that the child iframe navigation is blocked");
+ window.onmessage = t.step_func_done(function(e) {
+ assert_equals(e.data.result, 'fail');
+ assert_equals(e.data.violatedDirective, 'navigate-to');
+ });
+
+ // the iframe will navigate to:
+ // [www2]/..../redirect.py (which is not in the navigate-to source list) which will in turn navigate to
+ // [www2]/..../post_message_to_frame_owner.html which is also not in the list
+ // because of 'unsafe-allow-redirects' only the second one is checked since the first is a redirect
+
+ var i = document.createElement('iframe');
+ i.src = "../support/link_click_navigation.sub.html" +
+ "?csp=" + encodeURIComponent("navigate-to {{location[scheme]}}://{{domains[www1]}}:{{location[port]}} 'unsafe-allow-redirects'") +
+ "&target=" + encodeURIComponent("{{location[scheme]}}://{{domains[www2]}}:{{location[port]}}/common/redirect.py?location=" +
+ encodeURIComponent("{{location[scheme]}}://{{domains[www2]}}:{{location[port]}}/content-security-policy/navigate-to/support/post_message_to_frame_owner.html"));
+ document.body.appendChild(i);
+</script>
+
+</body>