summaryrefslogtreecommitdiffstats
path: root/testing/web-platform/tests/fenced-frame/csp-allowed.https.html
blob: 4b2fadd59e4b8566fcb1f864b611773b5db01a48 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
<!DOCTYPE html>
<title>Test opaque fenced frame navigations with allowed CSP</title>
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
<script src="/common/utils.js"></script>
<script src="resources/utils.js"></script>
<script src="/common/dispatcher/dispatcher.js"></script>

<body>
<script>
const allowedCSPs = [
  "*",
  "https:",
  "https://*:*"
];
allowedCSPs.forEach((csp) => {
  for (const resolve_to_config of [true, false]) {
    promise_test(async() => {
      const iframe = setupCSP(csp);
      const key = token();

      await iframe.execute(async (key, resolve_to_config) => {
        window.addEventListener('securitypolicyviolation', function(e) {
          // Write to the server even though the listener is in the same file in
          // the test below.
          writeValueToServer(key, e.violatedDirective + ";" + e.blockedURI);
        }, {once: true});

        attachFencedFrame(await runSelectURL(
            "/fenced-frame/resources/embeddee.html", [key], resolve_to_config));
      }, [key, resolve_to_config]);

      const result = await nextValueFromServer(key);
      assert_equals(result, "PASS",
          "The fenced frame should load for CSP fenced-frame-src " + csp);
    }, "Fenced frame loaded for CSP fenced-frame-src " + csp + " using " +
         (resolve_to_config ? "config" : "urn:uuid"));

  }
  promise_test(async() => {
    const iframe = setupCSP(csp);
    await iframe.execute(() => {
      assert_true(navigator.canLoadAdAuctionFencedFrame());
    });
  }, "Opaque-ads can load API returns true for " + csp);
});
</script>
</body>