summaryrefslogtreecommitdiffstats
path: root/testing/web-platform/tests/loading/early-hints/iframe-coep-disallow.h2.html
blob: d2efc0fefe5eacc3796d28d1799e0a6bc9cab404 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
<!DOCTYPE html>
<head>
<meta charset="utf-8">
<script src="/common/utils.js"></script>
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
<script src="resources/early-hints-helpers.sub.js"></script>
</head>
<body>
<script>
promise_test(async (t) => {
    const iframe = document.createElement("iframe");

    const resource_url = CROSS_ORIGIN_RESOURCES_URL + "/empty.js?" + token();
    const params = new URLSearchParams();
    params.set("resource-url", resource_url);
    params.set("token", token());
    const iframe_url = CROSS_ORIGIN_RESOURCES_URL + "/html-with-early-hints.h2.py?" + params.toString();

    iframe.src = iframe_url;
    document.body.appendChild(iframe);
    // Make sure the iframe didn't load. See https://github.com/whatwg/html/issues/125 for why a
    // timeout is used here. Long term all network error handling should be similar and have a
    // reliable event.
    assert_equals(iframe.contentDocument.body.localName, "body");
    await t.step_wait(() => iframe.contentDocument === null);

    // Fetch the hinted resource and make sure it's not preloaded.
    await fetchScript(resource_url);
    const entries = performance.getEntriesByName(resource_url);
    assert_equals(entries.length, 1);
    assert_not_equals(entries[0].transferSize, 0);
}, "Early hints for an iframe that violates Cross-Origin-Embedder-Policy should be ignored.");
</script>
</body>