diff options
| author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-19 01:47:29 +0000 |
|---|---|---|
| committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-19 01:47:29 +0000 |
| commit | 0ebf5bdf043a27fd3dfb7f92e0cb63d88954c44d (patch) | |
| tree | a31f07c9bcca9d56ce61e9a1ffd30ef350d513aa /testing/web-platform/tests/fenced-frame/csp-blocked.https.html | |
| parent | Initial commit. (diff) | |
| download | firefox-esr-0ebf5bdf043a27fd3dfb7f92e0cb63d88954c44d.tar.xz firefox-esr-0ebf5bdf043a27fd3dfb7f92e0cb63d88954c44d.zip | |
Adding upstream version 115.8.0esr.upstream/115.8.0esr
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'testing/web-platform/tests/fenced-frame/csp-blocked.https.html')
| -rw-r--r-- | testing/web-platform/tests/fenced-frame/csp-blocked.https.html | 65 |
1 files changed, 65 insertions, 0 deletions
diff --git a/testing/web-platform/tests/fenced-frame/csp-blocked.https.html b/testing/web-platform/tests/fenced-frame/csp-blocked.https.html new file mode 100644 index 0000000000..3826fdd7f4 --- /dev/null +++ b/testing/web-platform/tests/fenced-frame/csp-blocked.https.html @@ -0,0 +1,65 @@ +<!DOCTYPE html> +<title>Test opaque fenced frame navigations with disallowed CSP blocked</title> +<script src="/resources/testharness.js"></script> +<script src="/resources/testharnessreport.js"></script> +<script src="/common/utils.js"></script> +<script src="resources/utils.js"></script> + +<body> +<script> +for (const resolve_to_config of [true, false]) { + const blockedCSPs = ["'none'", "'self'", "data:", "https://*", "https://*:80", + "https://b.test:*"]; + blockedCSPs.forEach((csp) => { + promise_test(async() => { + setupCSP(csp); + + const key = token(); + window.addEventListener('securitypolicyviolation', function(e) { + // Write to the server even though the listener is in the same file in + // the test below. + writeValueToServer(key, e.violatedDirective + ";" + e.blockedURI); + }, {once: true}); + + attachFencedFrame(await runSelectURL("resources/embeddee.html", + [key], resolve_to_config)); + + const result = await nextValueFromServer(key); + assert_equals(result, "fenced-frame-src;", + "The fenced frame should not load for CSP fenced-frame-src " + csp); + }, "Fenced frame blocked for CSP fenced-frame-src " + csp + " using " + + (resolve_to_config ? "config" : "urn:uuid")); + + promise_test(async() => { + setupCSP(csp); + assert_false(navigator.canLoadAdAuctionFencedFrame()); + }, "Opaque-ads can load API returns false for " + csp + " using " + + (resolve_to_config ? "config" : "urn:uuid")); + }); + + promise_test(async() => { + setupCSP("*", "'self'"); + + const key = token(); + window.addEventListener('securitypolicyviolation', function(e) { + // Write to the server even though the listener is in the same file in + // the test below. + writeValueToServer(key, e.violatedDirective + ";" + e.blockedURI); + }, {once: true}); + + attachFencedFrame(await runSelectURL("resources/embeddee.html", + [key], resolve_to_config)); + + const result = await nextValueFromServer(key); + assert_equals(result, "fenced-frame-src;", + "The fenced frame should not load for CSP frame-src 'self' even if " + + "another CSP allows loading a fenced frame."); + + // Test the canLoadOpaqueURL API to ensure it arrives at the same result. + assert_false(navigator.canLoadAdAuctionFencedFrame()); + }, "Fenced frame not loaded using " + + (resolve_to_config ? "config" : "urn:uuid") + + " if any of CSPs in place disallow loading"); +} +</script> +</body> |