blob: 9e6d3d729c31e0d6cdc36e964ac99c2d14596f21 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
|
<!DOCTYPE html>
<html>
<head>
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
</head>
<body>
<script>
async_test(function (t) {
var i = document.createElement('iframe');
i.src = "support/frame-ancestors-and-x-frame-options.sub.html?policy='self'&xfo=DENY";
i.onload = t.step_func_done(function () {
assert_equals(i.contentWindow.origin, window.origin, "The same-origin page loaded.");
});
document.body.appendChild(i);
}, "A 'frame-ancestors' CSP directive overrides an 'x-frame-options' header which would block the page.");
async_test(function (t) {
var i = document.createElement('iframe');
i.src = "support/frame-ancestors-and-x-frame-options.sub.html?policy=other-origin.com&xfo=SAMEORIGIN";
checkDone = t.step_func(function() {
clearTimeout(timer);
try {
if (i.contentWindow.location.href === "about:blank" ||
(i.contentDocument && i.contentDocument.readyState !== "complete")) {
timer = t.step_timeout(checkDone, 10);
return;
}
} catch(e) {}
assert_equals(i.contentDocument, null);
t.done();
});
i.onload = checkDone;
let timer = t.step_timeout(checkDone, 10);
document.body.appendChild(i);
}, "A 'frame-ancestors' CSP directive overrides an 'x-frame-options' header which would allow the page.");
</script>
</body>
</html>
|
