<!DOCTYPE html> <html> <head> <title>Test advertised required document policy</title> <script src="/resources/testharness.js"></script> <script src="/resources/testharnessreport.js"></script> </head> <body> <h1>Test advertised required document policy</h1> <script> // The top-level document has a document policy, but not a required document // policy. A request for a document in a frame should not include a // `Sec-Required-Document-Policy` header, unless that frame requires it // explicitly through the `policy` attribute. callbacks = {}; window.addEventListener('message', ev => { var id = ev.data.id; if (id && callbacks[id]) { callbacks[id](ev.data.requiredPolicy || null); } }); async_test(t => { var iframe = document.createElement('iframe'); iframe.src = "/document-policy/echo-policy.py?id=1"; callbacks["1"] = t.step_func_done(result => { assert_equals(result, null); }); document.body.appendChild(iframe); }, "Top-level document's policy should not affect child frame requests"); async_test(t => { var iframe = document.createElement('iframe'); iframe.src = "/document-policy/echo-policy.py?id=2"; iframe.policy = "font-display-late-swap=?0"; callbacks["2"] = t.step_func_done(result => { assert_equals(result, "font-display-late-swap=?0"); }); document.body.appendChild(iframe); }, "Child frame can have a required policy independent of the parent document."); async_test(t => { var iframe = document.createElement('iframe'); iframe.src = "/document-policy/echo-policy.py?id=3"; iframe.policy = "lossless-images-max-bpp=4"; callbacks["3"] = t.step_func_done(result => { assert_equals(result, "lossless-images-max-bpp=4.0"); }); document.body.appendChild(iframe); }, "Child frame can have a required policy which is less strict than the parent document's policy."); </script> </body> </html>