summaryrefslogtreecommitdiffstats
path: root/testing/web-platform/tests/portals/csp/frame-src.sub.html
diff options
context:
space:
mode:
Diffstat (limited to 'testing/web-platform/tests/portals/csp/frame-src.sub.html')
-rw-r--r--testing/web-platform/tests/portals/csp/frame-src.sub.html49
1 files changed, 49 insertions, 0 deletions
diff --git a/testing/web-platform/tests/portals/csp/frame-src.sub.html b/testing/web-platform/tests/portals/csp/frame-src.sub.html
new file mode 100644
index 0000000000..13d9e79667
--- /dev/null
+++ b/testing/web-platform/tests/portals/csp/frame-src.sub.html
@@ -0,0 +1,49 @@
+<!doctype html>
+<title>Tests that portals respect the frame-src</title>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+<body>
+</body>
+<script>
+ async_test(function(t) {
+ assert_implements("HTMLPortalElement" in self);
+ var w = window.open("resources/frame-src.sub.html?frame_src_policy=%27none%27");
+ w.onload = function() {
+ w.document.addEventListener("securitypolicyviolation",
+ t.step_func_done(function(e) {
+ assert_equals("frame-src", e.violatedDirective);
+ }));
+ var portal = w.document.createElement("portal");
+ portal.src = new URL("/portals/resources/simple-portal.html", location.href);
+ portal.onmessage = t.unreached_func("Portal should not load.");
+ w.document.body.appendChild(portal);
+ }
+ }, "Tests that a portal can't be loaded when it violates frame-src");
+
+ async_test(function(t) {
+ assert_implements("HTMLPortalElement" in self);
+ var w = window.open(`resources/frame-src.sub.html?frame_src_policy=http://{{hosts[][www]}}:{{ports[http][0]}}`);
+ w.onload = function() {
+ w.document.onsecuritypolicyviolation = t.unreached_func("Portal should load.");
+ var portal = w.document.createElement("portal");
+ portal.src = new URL("http://{{hosts[][www]}}:{{ports[http][0]}}/portals/resources/simple-portal.html", location.href);
+ portal.onmessage = t.step_func_done();
+ w.document.body.appendChild(portal);
+ }
+ }, "Tests that a portal can be loaded when the origin matches the frame-src CSP header.");
+ async_test(function(t) {
+ assert_implements("HTMLPortalElement" in self);
+ var w = window.open(`resources/frame-src.sub.html?frame_src_policy=http://{{hosts[][www]}}:{{ports[http][0]}}`);
+ w.onload = function() {
+ var portal = w.document.createElement("portal");
+ portal.src = new URL("http://{{hosts[alt][www]}}:{{ports[http][0]}}/portals/resources/simple-portal.html", location.href);
+ w.document.onsecuritypolicyviolation = t.step_func(function(e) {
+ w.document.onsecuritypolicyviolation = null;
+ assert_equals("frame-src", e.violatedDirective);
+ portal.src = new URL("http://{{hosts[][www]}}:{{ports[http][0]}}/portals/resources/simple-portal.html", location.href);
+ portal.onmessage = t.step_func_done();
+ });
+ w.document.body.appendChild(portal);
+ }
+ }, "Tests that a portal will fail to load on an origin different than the one specified in the frame-src CSP, but that it can be loaded when the origin matches the frame-src CSP.");
+</script>