1 files changed, 35 insertions, 0 deletions

diff --git a/testing/web-platform/tests/loading/early-hints/iframe-coep-disallow.h2.html b/testing/web-platform/tests/loading/early-hints/iframe-coep-disallow.h2.html
new file mode 100644
index 0000000000..d2efc0fefe
--- /dev/null
+++ b/testing/web-platform/tests/loading/early-hints/iframe-coep-disallow.h2.html
@@ -0,0 +1,35 @@
+<!DOCTYPE html>
+<head>
+<meta charset="utf-8">
+<script src="/common/utils.js"></script>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+<script src="resources/early-hints-helpers.sub.js"></script>
+</head>
+<body>
+<script>
+promise_test(async (t) => {
+    const iframe = document.createElement("iframe");
+
+    const resource_url = CROSS_ORIGIN_RESOURCES_URL + "/empty.js?" + token();
+    const params = new URLSearchParams();
+    params.set("resource-url", resource_url);
+    params.set("token", token());
+    const iframe_url = CROSS_ORIGIN_RESOURCES_URL + "/html-with-early-hints.h2.py?" + params.toString();
+
+    iframe.src = iframe_url;
+    document.body.appendChild(iframe);
+    // Make sure the iframe didn't load. See https://github.com/whatwg/html/issues/125 for why a
+    // timeout is used here. Long term all network error handling should be similar and have a
+    // reliable event.
+    assert_equals(iframe.contentDocument.body.localName, "body");
+    await t.step_wait(() => iframe.contentDocument === null);
+
+    // Fetch the hinted resource and make sure it's not preloaded.
+    await fetchScript(resource_url);
+    const entries = performance.getEntriesByName(resource_url);
+    assert_equals(entries.length, 1);
+    assert_not_equals(entries[0].transferSize, 0);
+}, "Early hints for an iframe that violates Cross-Origin-Embedder-Policy should be ignored.");
+</script>
+</body>