1 files changed, 44 insertions, 0 deletions

diff --git a/testing/web-platform/tests/document-policy/required-policy/no-document-policy.html b/testing/web-platform/tests/document-policy/required-policy/no-document-policy.html
new file mode 100644
index 0000000000..8a3624440f
--- /dev/null
+++ b/testing/web-platform/tests/document-policy/required-policy/no-document-policy.html
@@ -0,0 +1,44 @@
+<!DOCTYPE html>
+<html>
+  <head>
+    <title>Test advertised required document policy</title>
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>  </head>
+  <body>
+    <h1>Test advertised required document policy</h1>
+<script>
+// The top-level document does not have any document-policy-related headers.
+// A request for a document in a frame should not include a
+// `Sec-Required-Document-Policy` header, unless that frame requires it
+// explicitly through the `policy` attribute.
+
+callbacks = {};
+
+window.addEventListener('message', ev => {
+  var id = ev.data.id;
+  if (id && callbacks[id]) {
+    callbacks[id](ev.data.requiredPolicy || null);
+  }
+});
+
+async_test(t => {
+  var iframe = document.createElement('iframe');
+  iframe.src = "/document-policy/echo-policy.py?id=1";
+  callbacks["1"] = t.step_func_done(result => {
+    assert_equals(result, null);
+  });
+  document.body.appendChild(iframe);
+}, "Child frame should have no required policy by default.");
+
+async_test(t => {
+  var iframe = document.createElement('iframe');
+  iframe.src = "/document-policy/echo-policy.py?id=2";
+  iframe.policy = "font-display-late-swap=?0";
+  callbacks["2"] = t.step_func_done(result => {
+    assert_equals(result, "font-display-late-swap=?0");
+  });
+  document.body.appendChild(iframe);
+}, "Child frame can have an explicit required policy.");
+    </script>
+  </body>
+</html>