summaryrefslogtreecommitdiffstats
path: root/testing/web-platform/tests/document-policy/required-policy/document-policy.html
blob: aaa8d6920018efd0b3871cc46f201887fdaeec37 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
<!DOCTYPE html>
<html>
  <head>
    <title>Test advertised required document policy</title>
    <script src="/resources/testharness.js"></script>
    <script src="/resources/testharnessreport.js"></script>  </head>
  <body>
    <h1>Test advertised required document policy</h1>
<script>
// The top-level document has a document policy, but not a required document
// policy. A request for a document in a frame should not include a
// `Sec-Required-Document-Policy` header, unless that frame requires it
// explicitly through the `policy` attribute.

callbacks = {};

window.addEventListener('message', ev => {
  var id = ev.data.id;
  if (id && callbacks[id]) {
    callbacks[id](ev.data.requiredPolicy || null);
  }
});

async_test(t => {
  var iframe = document.createElement('iframe');
  iframe.src = "/document-policy/echo-policy.py?id=1";
  callbacks["1"] = t.step_func_done(result => {
    assert_equals(result, null);
  });
  document.body.appendChild(iframe);
}, "Top-level document's policy should not affect child frame requests");

async_test(t => {
  var iframe = document.createElement('iframe');
  iframe.src = "/document-policy/echo-policy.py?id=2";
  iframe.policy = "font-display-late-swap=?0";
  callbacks["2"] = t.step_func_done(result => {
    assert_equals(result, "font-display-late-swap=?0");
  });
  document.body.appendChild(iframe);
}, "Child frame can have a required policy independent of the parent document.");

async_test(t => {
  var iframe = document.createElement('iframe');
  iframe.src = "/document-policy/echo-policy.py?id=3";
  iframe.policy = "lossless-images-max-bpp=4";
  callbacks["3"] = t.step_func_done(result => {
    assert_equals(result, "lossless-images-max-bpp=4.0");
  });
  document.body.appendChild(iframe);
}, "Child frame can have a required policy which is less strict than the parent document's policy.");
    </script>
  </body>
</html>