1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
|
<!DOCTYPE html>
<html>
<title>Test frame-ancestor</title>
<meta name="timeout" content="long">
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
<script src="resources/utils.js"></script>
<script src="/common/utils.js"></script>
<script src="/common/get-host-info.sub.js"></script>
<body>
<script>
async function runTest(embed_url,
cross_origin_to_top_level_fenced_frame, cross_origin_to_top_level_iframe,
expected_result) {
const ancestor_key = token();
// Generate the url for the top level fenced frame, including the information
// needed to pass on to its nested iframe
const cross_origin = get_host_info().HTTPS_REMOTE_ORIGIN;
let fenced_frame_url = generateURL(
"resources/ancestor-throttle-inner.https.html",
[ancestor_key, embed_url, cross_origin_to_top_level_iframe]);
if (cross_origin_to_top_level_fenced_frame)
fenced_frame_url = getRemoteOriginURL(fenced_frame_url, true);
attachFencedFrame(fenced_frame_url);
// There is no API to observe whether the document in the FencedFrame loaded
// or not. Instead, set up a timeout. If the document loads, "loaded" will be
// sent to the server. Otherwise "blocked" will be sent after 3 seconds.
step_timeout(() => {
writeValueToServer(ancestor_key, "blocked");
}, 3000);
// Get the result for the fenced frame's nested iframe.
const fenced_frame_result = await nextValueFromServer(ancestor_key);
assert_equals(fenced_frame_result, expected_result,
"The inner iframe was " + expected_result + ".");
}
promise_test(async () => {
return runTest("fenced-frame/resources/" +
"ancestor-throttle-nested.https.html?" +
"nested_url=ancestor-throttle-iframe-csp.https.html",
true, false, "blocked");
}, "root(origin1)->fenced(origin2)->iframe(origin1) should honor " +
"CSP frame-ancestors headers up until the fenced frame root");
promise_test(async () => {
return runTest("fenced-frame/resources/" +
"ancestor-throttle-nested.https.html?" +
"nested_url=ancestor-throttle-iframe-csp.https.html",
true, false, "blocked");
}, "root(origin1)->fenced(origin2)->iframe(origin1) should honor " +
"XFO SAMEORIGIN headers up until the fenced frame root");
promise_test(async () => {
return runTest("fenced-frame/resources/" +
"ancestor-throttle-iframe-csp.https.html", true, true, "loaded");
}, "root(origin1)->fenced(origin2)->iframe(origin2) should honor " +
"CSP frame-ancestors headers up until the fenced frame root");
promise_test(async () => {
return runTest("fenced-frame/resources/" +
"ancestor-throttle-iframe-xfo.https.html", true, true, "loaded");
}, "root(origin1)->fenced(origin2)->iframe(origin2) should honor " +
"XFO SAMEORIGIN headers up until the fenced frame root");
promise_test(async () => {
return runTest("fenced-frame/resources/" +
"ancestor-throttle-nested.https.html?" +
"nested_url=ancestor-throttle-iframe-csp.https.html",
false, true, "blocked");
}, "root(origin1)->fenced(origin1)->iframe(origin2)->iframe(origin2) should " +
"honor CSP frame-ancestors headers up until the fenced frame root");
promise_test(async () => {
return runTest("fenced-frame/resources/" +
"ancestor-throttle-nested.https.html?" +
"nested_url=ancestor-throttle-iframe-csp.https.html",
false, true, "blocked");
}, "root(origin1)->fenced(origin1)->iframe(origin2)->iframe(origin2) should " +
"honor XFO SAMEORIGIN headers up until the fenced frame root");
</script>
</body>
</html>
|
