1 files changed, 87 insertions, 0 deletions

diff --git a/testing/web-platform/tests/fenced-frame/ancestor-throttle.https.html b/testing/web-platform/tests/fenced-frame/ancestor-throttle.https.html
new file mode 100644
index 0000000000..9b6dfb0d30
--- /dev/null
+++ b/testing/web-platform/tests/fenced-frame/ancestor-throttle.https.html
@@ -0,0 +1,87 @@
+<!DOCTYPE html>
+<html>
+<title>Test frame-ancestor</title>
+<meta name="timeout" content="long">
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+<script src="resources/utils.js"></script>
+<script src="/common/utils.js"></script>
+<script src="/common/get-host-info.sub.js"></script>
+<body>
+
+<script>
+async function runTest(embed_url,
+    cross_origin_to_top_level_fenced_frame, cross_origin_to_top_level_iframe,
+    expected_result) {
+  const ancestor_key = token();
+
+  // Generate the url for the top level fenced frame, including the information
+  // needed to pass on to its nested iframe
+  const cross_origin = get_host_info().HTTPS_REMOTE_ORIGIN;
+  let fenced_frame_url = generateURL(
+      "resources/ancestor-throttle-inner.https.html",
+      [ancestor_key, embed_url, cross_origin_to_top_level_iframe]);
+  if (cross_origin_to_top_level_fenced_frame)
+    fenced_frame_url = getRemoteOriginURL(fenced_frame_url, true);
+
+  attachFencedFrame(fenced_frame_url);
+
+  // There is no API to observe whether the document in the FencedFrame loaded
+  // or not. Instead, set up a timeout. If the document loads, "loaded" will be
+  // sent to the server. Otherwise "blocked" will be sent after 3 seconds.
+  step_timeout(() => {
+    writeValueToServer(ancestor_key, "blocked");
+  }, 3000);
+
+  // Get the result for the fenced frame's nested iframe.
+  const fenced_frame_result = await nextValueFromServer(ancestor_key);
+  assert_equals(fenced_frame_result, expected_result,
+      "The inner iframe was " + expected_result + ".");
+}
+
+promise_test(async () => {
+  return runTest("fenced-frame/resources/" +
+      "ancestor-throttle-nested.https.html?" +
+      "nested_url=ancestor-throttle-iframe-csp.https.html",
+      true, false, "blocked");
+}, "root(origin1)->fenced(origin2)->iframe(origin1) should honor " +
+    "CSP frame-ancestors headers up until the fenced frame root");
+
+promise_test(async () => {
+  return runTest("fenced-frame/resources/" +
+      "ancestor-throttle-nested.https.html?" +
+      "nested_url=ancestor-throttle-iframe-csp.https.html",
+      true, false, "blocked");
+}, "root(origin1)->fenced(origin2)->iframe(origin1) should honor " +
+    "XFO SAMEORIGIN headers up until the fenced frame root");
+
+promise_test(async () => {
+  return runTest("fenced-frame/resources/" +
+      "ancestor-throttle-iframe-csp.https.html", true, true, "loaded");
+}, "root(origin1)->fenced(origin2)->iframe(origin2) should honor " +
+    "CSP frame-ancestors headers up until the fenced frame root");
+
+promise_test(async () => {
+  return runTest("fenced-frame/resources/" +
+      "ancestor-throttle-iframe-xfo.https.html", true, true, "loaded");
+}, "root(origin1)->fenced(origin2)->iframe(origin2) should honor " +
+    "XFO SAMEORIGIN headers up until the fenced frame root");
+
+promise_test(async () => {
+  return runTest("fenced-frame/resources/" +
+      "ancestor-throttle-nested.https.html?" +
+      "nested_url=ancestor-throttle-iframe-csp.https.html",
+      false, true, "blocked");
+}, "root(origin1)->fenced(origin1)->iframe(origin2)->iframe(origin2) should " +
+    "honor CSP frame-ancestors headers up until the fenced frame root");
+
+promise_test(async () => {
+  return runTest("fenced-frame/resources/" +
+      "ancestor-throttle-nested.https.html?" +
+      "nested_url=ancestor-throttle-iframe-csp.https.html",
+      false, true, "blocked");
+}, "root(origin1)->fenced(origin1)->iframe(origin2)->iframe(origin2) should " +
+    "honor XFO SAMEORIGIN headers up until the fenced frame root");
+</script>
+</body>
+</html>