diff options
Diffstat (limited to 'testing/web-platform/tests/content-security-policy/frame-src/frame-src-cross-origin-same-document-navigation.window.js')
| -rw-r--r-- | testing/web-platform/tests/content-security-policy/frame-src/frame-src-cross-origin-same-document-navigation.window.js | 45 |
1 files changed, 45 insertions, 0 deletions
diff --git a/testing/web-platform/tests/content-security-policy/frame-src/frame-src-cross-origin-same-document-navigation.window.js b/testing/web-platform/tests/content-security-policy/frame-src/frame-src-cross-origin-same-document-navigation.window.js new file mode 100644 index 0000000000..4c77193541 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/frame-src/frame-src-cross-origin-same-document-navigation.window.js @@ -0,0 +1,45 @@ +// META: script=/common/get-host-info.sub.js +// META: script=/common/utils.js +// META: script=/common/dispatcher/dispatcher.js + +// Regression test for https://crbug.com/1262203 +// +// A cross-origin document initiates a same-document navigation. This navigation +// is subject to CSP:frame-src 'none', but this doesn't apply, since it's a +// same-document navigation. This test checks this doesn't lead to a crash. + +promise_test(async test => { + const child_token = token(); + const child = new RemoteContext(child_token); + const iframe = document.createElement("iframe"); + iframe.src = remoteExecutorUrl(child_token, { + host: get_host_info().REMOTE_HOST + }); + document.body.appendChild(iframe); + + // Install a promise waiting for a same-document navigation to happen in the + // child. + await child.execute_script(() => { + window.sameDocumentNavigation = new Promise(resolve => { + window.addEventListener("popstate", resolve); + }); + }); + + // Append a new CSP, disallowing new iframe navigations. + const meta = document.createElement("meta"); + meta.httpEquiv = "Content-Security-Policy"; + meta.content = "frame-src 'none'"; + document.head.appendChild(meta); + + document.addEventListener( + "securitypolicyviolation", + test.unreached_func("same-document navigations aren't subject to CSP")); + + // Create a same-document navigation, inititated cross-origin in the iframe. + // It must not be blocked by the CSP above. + iframe.src += "#foo"; + + // Make sure the navigation succeeded and was indeed a same-document one: + await child.execute_script(() => sameDocumentNavigation); + assert_equals(await child.execute_script(() => location.href), iframe.src); +}) |