blob: 88e4a8b89f03b0deb675fc43d8317bbcefece5f5 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
|
<!DOCTYPE html>
<meta http-equiv="Content-Security-Policy" content="img-src 'self' https: https://*:*">
<meta http-equiv="Content-Security-Policy" content="frame-src 'none'">
<title>Test Content-Security-Policy fenced-frame-src falling back to frame-src</title>
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
<script src="resources/utils.js"></script>
<script src="/common/utils.js"></script>
<body>
<script>
const key = token();
window.addEventListener('securitypolicyviolation', function(e) {
// Write to the server even though the listener is in the same file in the
// test below.
writeValueToServer(key, e.violatedDirective + ";" + e.blockedURI);
});
promise_test(async () => {
attachFencedFrame(generateURL(
"resources/csp-frame-src-blocked-inner.html",
[key]));
const result = await nextValueFromServer(key);
const expected_blocked_uri = generateURL(
"resources/csp-frame-src-blocked-inner.html", [key]).toString();
assert_equals(result, "fenced-frame-src;" + expected_blocked_uri,
"The fenced frame is blocked because of CSP violation");
}, "csp-frame-src-blocked");
promise_test(async () => {
assert_false(navigator.canLoadAdAuctionFencedFrame());
}, "frame-src none is taken into account with navigator.canLoadAdAuctionFencedFrame");
</script>
</body>
|
