Adding upstream version 1:115.7.0.upstream/1%115.7.0upstream

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>

45 files changed, 774 insertions, 0 deletions

diff --git a/testing/web-platform/tests/content-security-policy/frame-ancestors/frame-ancestors-from-serviceworker.https.html b/testing/web-platform/tests/content-security-policy/frame-ancestors/frame-ancestors-from-serviceworker.https.html
new file mode 100644
index 0000000000..a0656a97a7
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/frame-ancestors/frame-ancestors-from-serviceworker.https.html
@@ -0,0 +1,46 @@
+<!DOCTYPE html>
+<html>
+<head>
+  <script src="/resources/testharness.js"></script>
+  <script src="/resources/testharnessreport.js"></script>
+  <script src="/service-workers/service-worker/resources/test-helpers.sub.js"></script>
+</head>
+<body>
+  <script>
+    var t = async_test("A 'frame-ancestors' CSP directive set from a serviceworker response with a value 'none' should block rendering.");
+
+    // Register service worker.
+    var worker = 'support/service-worker.js';
+    var scope = 'support/service-worker/';
+    service_worker_unregister_and_register(t, worker, scope)
+      .then(registration => wait_for_state(t, registration.installing, 'activated'))
+      .then(() => {
+        // Load iframe.
+        var iframe = document.createElement("iframe");
+        let timer;
+        function pollForLoadCompletion() {
+          timer = t.step_timeout(() => iframeMayBeLoaded({isPoll: true}), 10);
+        }
+        function iframeMayBeLoaded({isPoll}) {
+          var failed = false;
+          clearTimeout(timer);
+          try {
+            let href = iframe.contentWindow.location.href;
+            if (isPoll && (href === "about:blank" || iframe.contentDocument.readyState !== "complete")) {
+              pollForLoadCompletion();
+              return;
+            }
+            failed = true;
+          } catch (ex) {}
+          t.step_func_done(() => assert_false(failed, "The IFrame should have been blocked. It wasn't."))();
+        };
+        iframe.addEventListener("load", () => iframeMayBeLoaded({isPoll: false}));
+        iframe.addEventListener("error", () => iframeMayBeLoaded({isPoll: false}));
+        iframe.src = "/content-security-policy/frame-ancestors/support/service-worker/frame-ancestors-none.html";
+        document.body.appendChild(iframe);
+        pollForLoadCompletion();
+      });
+  </script>
+</body>
+</html>
+
diff --git a/testing/web-platform/tests/content-security-policy/frame-ancestors/frame-ancestors-nested-cross-in-cross-none-block.html b/testing/web-platform/tests/content-security-policy/frame-ancestors/frame-ancestors-nested-cross-in-cross-none-block.html
new file mode 100644
index 0000000000..674deb655a
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/frame-ancestors/frame-ancestors-nested-cross-in-cross-none-block.html
@@ -0,0 +1,15 @@
+<!DOCTYPE html>
+<html>
+<head>
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src="support/frame-ancestors-test.sub.js"></script>
+</head>
+<body>
+    <script>
+        test = async_test("A 'frame-ancestors' CSP directive with a value 'none' should block rendering in nested frames.");
+
+        testNestedIFrame("'none'", CROSS_ORIGIN, CROSS_ORIGIN, EXPECT_BLOCK);
+    </script>
+</body>
+</html>
diff --git a/testing/web-platform/tests/content-security-policy/frame-ancestors/frame-ancestors-nested-cross-in-cross-self-block.html b/testing/web-platform/tests/content-security-policy/frame-ancestors/frame-ancestors-nested-cross-in-cross-self-block.html
new file mode 100644
index 0000000000..85b7f0efdc
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/frame-ancestors/frame-ancestors-nested-cross-in-cross-self-block.html
@@ -0,0 +1,15 @@
+<!DOCTYPE html>
+<html>
+<head>
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src="support/frame-ancestors-test.sub.js"></script>
+</head>
+<body>
+    <script>
+        test = async_test("A 'frame-ancestors' CSP directive with a value 'same' should block render in same-origin nested frames.");
+
+        testNestedIFrame("'self'", CROSS_ORIGIN, CROSS_ORIGIN, EXPECT_BLOCK);
+    </script>
+</body>
+</html>
diff --git a/testing/web-platform/tests/content-security-policy/frame-ancestors/frame-ancestors-nested-cross-in-cross-star-allow.html b/testing/web-platform/tests/content-security-policy/frame-ancestors/frame-ancestors-nested-cross-in-cross-star-allow.html
new file mode 100644
index 0000000000..7f5a867de9
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/frame-ancestors/frame-ancestors-nested-cross-in-cross-star-allow.html
@@ -0,0 +1,15 @@
+<!DOCTYPE html>
+<html>
+<head>
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src="support/frame-ancestors-test.sub.js"></script>
+</head>
+<body>
+    <script>
+        test = async_test("A 'frame-ancestors' CSP directive with a value '*' should render in nested frames.");
+
+        testNestedIFrame("*", CROSS_ORIGIN, CROSS_ORIGIN, EXPECT_LOAD);
+    </script>
+</body>
+</html>
diff --git a/testing/web-platform/tests/content-security-policy/frame-ancestors/frame-ancestors-nested-cross-in-cross-url-allow.html b/testing/web-platform/tests/content-security-policy/frame-ancestors/frame-ancestors-nested-cross-in-cross-url-allow.html
new file mode 100644
index 0000000000..99ab0718e8
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/frame-ancestors/frame-ancestors-nested-cross-in-cross-url-allow.html
@@ -0,0 +1,15 @@
+<!DOCTYPE html>
+<html>
+<head>
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src="support/frame-ancestors-test.sub.js"></script>
+</head>
+<body>
+    <script>
+        test = async_test("A 'frame-ancestors' CSP directive with a URL value should block or allow rendering in nested frames as appropriate.");
+
+        testNestedIFrame(SAMEORIGIN_ORIGIN + " " + CROSSORIGIN_ORIGIN, CROSS_ORIGIN, CROSS_ORIGIN, EXPECT_LOAD);
+    </script>
+</body>
+</html>
diff --git a/testing/web-platform/tests/content-security-policy/frame-ancestors/frame-ancestors-nested-cross-in-cross-url-block.html b/testing/web-platform/tests/content-security-policy/frame-ancestors/frame-ancestors-nested-cross-in-cross-url-block.html
new file mode 100644
index 0000000000..9bcf63735e
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/frame-ancestors/frame-ancestors-nested-cross-in-cross-url-block.html
@@ -0,0 +1,15 @@
+<!DOCTYPE html>
+<html>
+<head>
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src="support/frame-ancestors-test.sub.js"></script>
+</head>
+<body>
+    <script>
+        test = async_test("A 'frame-ancestors' CSP directive with a URL value should block or allow rendering in nested frames as appropriate.");
+
+        testNestedIFrame(CROSSORIGIN_ORIGIN, CROSS_ORIGIN, CROSS_ORIGIN, EXPECT_BLOCK);
+    </script>
+</body>
+</html>
diff --git a/testing/web-platform/tests/content-security-policy/frame-ancestors/frame-ancestors-nested-cross-in-same-none-block.html b/testing/web-platform/tests/content-security-policy/frame-ancestors/frame-ancestors-nested-cross-in-same-none-block.html
new file mode 100644
index 0000000000..1cdd540149
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/frame-ancestors/frame-ancestors-nested-cross-in-same-none-block.html
@@ -0,0 +1,16 @@
+
+<!DOCTYPE html>
+<html>
+<head>
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src="support/frame-ancestors-test.sub.js"></script>
+</head>
+<body>
+    <script>
+        test = async_test("A 'frame-ancestors' CSP directive with a value 'none' should block rendering in nested frames.");
+
+        testNestedIFrame("'none'", SAME_ORIGIN, CROSS_ORIGIN, EXPECT_BLOCK);
+    </script>
+</body>
+</html>
diff --git a/testing/web-platform/tests/content-security-policy/frame-ancestors/frame-ancestors-nested-cross-in-same-self-block.html b/testing/web-platform/tests/content-security-policy/frame-ancestors/frame-ancestors-nested-cross-in-same-self-block.html
new file mode 100644
index 0000000000..da97339711
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/frame-ancestors/frame-ancestors-nested-cross-in-same-self-block.html
@@ -0,0 +1,15 @@
+<!DOCTYPE html>
+<html>
+<head>
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src="support/frame-ancestors-test.sub.js"></script>
+</head>
+<body>
+    <script>
+        test = async_test("A 'frame-ancestors' CSP directive with a value 'same' should block render in same-origin nested frames.");
+
+        testNestedIFrame("'self'", SAME_ORIGIN, CROSS_ORIGIN, EXPECT_BLOCK);
+    </script>
+</body>
+</html>
diff --git a/testing/web-platform/tests/content-security-policy/frame-ancestors/frame-ancestors-nested-cross-in-same-star-allow.html b/testing/web-platform/tests/content-security-policy/frame-ancestors/frame-ancestors-nested-cross-in-same-star-allow.html
new file mode 100644
index 0000000000..3658fb6502
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/frame-ancestors/frame-ancestors-nested-cross-in-same-star-allow.html
@@ -0,0 +1,17 @@
+<!DOCTYPE html>
+<html>
+<head>
+    <meta name="timeout" content="long">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src="support/frame-ancestors-test.sub.js"></script>
+</head>
+<body>
+    <script>
+        test = async_test("A 'frame-ancestors' CSP directive with a value '*' should render in nested frames.");
+
+        // Note that we can't distinguish blocked URLs from allowed cross-origin URLs due to the same-origin policy. This test passes if no console message declares that the frame was blocked.
+        testNestedIFrame("*", SAME_ORIGIN, CROSS_ORIGIN, EXPECT_BLOCK);
+    </script>
+</body>
+</html>
diff --git a/testing/web-platform/tests/content-security-policy/frame-ancestors/frame-ancestors-nested-cross-in-same-url-allow.html b/testing/web-platform/tests/content-security-policy/frame-ancestors/frame-ancestors-nested-cross-in-same-url-allow.html
new file mode 100644
index 0000000000..1f1ffb9f89
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/frame-ancestors/frame-ancestors-nested-cross-in-same-url-allow.html
@@ -0,0 +1,16 @@
+<!DOCTYPE html>
+<html>
+<head>
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src="support/frame-ancestors-test.sub.js"></script>
+</head>
+<body>
+    <script>
+        test = async_test("A 'frame-ancestors' CSP directive with a URL value should block or allow rendering in nested frames as appropriate.");
+
+        // Note that we can't distinguish blocked URLs from allowed cross-origin URLs due to the same-origin policy. This test passes if no console message declares that the frame was blocked.
+        testNestedIFrame(SAMEORIGIN_ORIGIN + " " + CROSSORIGIN_ORIGIN, SAME_ORIGIN, CROSS_ORIGIN, EXPECT_BLOCK);
+    </script>
+</body>
+</html>
diff --git a/testing/web-platform/tests/content-security-policy/frame-ancestors/frame-ancestors-nested-cross-in-same-url-block.html b/testing/web-platform/tests/content-security-policy/frame-ancestors/frame-ancestors-nested-cross-in-same-url-block.html
new file mode 100644
index 0000000000..62dd1c1ef6
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/frame-ancestors/frame-ancestors-nested-cross-in-same-url-block.html
@@ -0,0 +1,15 @@
+<!DOCTYPE html>
+<html>
+<head>
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src="support/frame-ancestors-test.sub.js"></script>
+</head>
+<body>
+    <script>
+        test = async_test("A 'frame-ancestors' CSP directive with a URL value should block or allow rendering in nested frames as appropriate.");
+
+        testNestedIFrame(CROSSORIGIN_ORIGIN, SAME_ORIGIN, CROSS_ORIGIN, EXPECT_BLOCK);
+    </script>
+</body>
+</html>
diff --git a/testing/web-platform/tests/content-security-policy/frame-ancestors/frame-ancestors-nested-cross-in-sandboxed-cross-url-block.html b/testing/web-platform/tests/content-security-policy/frame-ancestors/frame-ancestors-nested-cross-in-sandboxed-cross-url-block.html
new file mode 100644
index 0000000000..d7c83ae2f5
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/frame-ancestors/frame-ancestors-nested-cross-in-sandboxed-cross-url-block.html
@@ -0,0 +1,16 @@
+<!DOCTYPE html>
+<html>
+<head>
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src="support/frame-ancestors-test.sub.js"></script>
+</head>
+<body>
+    <script>
+        test = async_test("A 'frame-ancestors' CSP directive with a URL value should compare against each frame's origin rather than URL, " +
+                          "so a nested frame with a sandboxed parent frame should be blocked due to the parent having a unique origin.");
+
+        testNestedSandboxedIFrame(SAMEORIGIN_ORIGIN + " " + CROSSORIGIN_ORIGIN, CROSS_ORIGIN, CROSS_ORIGIN, EXPECT_BLOCK);
+    </script>
+</body>
+</html>
diff --git a/testing/web-platform/tests/content-security-policy/frame-ancestors/frame-ancestors-nested-same-in-cross-none-block.html b/testing/web-platform/tests/content-security-policy/frame-ancestors/frame-ancestors-nested-same-in-cross-none-block.html
new file mode 100644
index 0000000000..f01c6d766f
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/frame-ancestors/frame-ancestors-nested-same-in-cross-none-block.html
@@ -0,0 +1,15 @@
+<!DOCTYPE html>
+<html>
+<head>
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src="support/frame-ancestors-test.sub.js"></script>
+</head>
+<body>
+    <script>
+        test = async_test("A 'frame-ancestors' CSP directive with a value 'none' should block rendering in nested frames.");
+
+        testNestedIFrame("'none'", CROSS_ORIGIN, SAME_ORIGIN, EXPECT_BLOCK);
+    </script>
+</body>
+</html>
diff --git a/testing/web-platform/tests/content-security-policy/frame-ancestors/frame-ancestors-nested-same-in-cross-self-block.html b/testing/web-platform/tests/content-security-policy/frame-ancestors/frame-ancestors-nested-same-in-cross-self-block.html
new file mode 100644
index 0000000000..bae5992e86
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/frame-ancestors/frame-ancestors-nested-same-in-cross-self-block.html
@@ -0,0 +1,15 @@
+<!DOCTYPE html>
+<html>
+<head>
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src="support/frame-ancestors-test.sub.js"></script>
+</head>
+<body>
+    <script>
+        test = async_test("A 'frame-ancestors' CSP directive with a value 'same' should block render in same-origin nested frames.");
+
+        testNestedIFrame("'self'", CROSS_ORIGIN, SAME_ORIGIN, EXPECT_BLOCK);
+    </script>
+</body>
+</html>
diff --git a/testing/web-platform/tests/content-security-policy/frame-ancestors/frame-ancestors-nested-same-in-cross-star-allow.html b/testing/web-platform/tests/content-security-policy/frame-ancestors/frame-ancestors-nested-same-in-cross-star-allow.html
new file mode 100644
index 0000000000..85d66f660a
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/frame-ancestors/frame-ancestors-nested-same-in-cross-star-allow.html
@@ -0,0 +1,15 @@
+<!DOCTYPE html>
+<html>
+<head>
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src="support/frame-ancestors-test.sub.js"></script>
+</head>
+<body>
+    <script>
+        test = async_test("A 'frame-ancestors' CSP directive with a value '*' should render in nested frames.");
+
+        testNestedIFrame("*", CROSS_ORIGIN, SAME_ORIGIN, EXPECT_LOAD);
+    </script>
+</body>
+</html>
diff --git a/testing/web-platform/tests/content-security-policy/frame-ancestors/frame-ancestors-nested-same-in-cross-url-allow.html b/testing/web-platform/tests/content-security-policy/frame-ancestors/frame-ancestors-nested-same-in-cross-url-allow.html
new file mode 100644
index 0000000000..dff041be9a
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/frame-ancestors/frame-ancestors-nested-same-in-cross-url-allow.html
@@ -0,0 +1,15 @@
+<!DOCTYPE html>
+<html>
+<head>
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src="support/frame-ancestors-test.sub.js"></script>
+</head>
+<body>
+    <script>
+        test = async_test("A 'frame-ancestors' CSP directive with a URL value should block or allow rendering in nested frames as appropriate.");
+
+        testNestedIFrame(SAMEORIGIN_ORIGIN + " " + CROSSORIGIN_ORIGIN, CROSS_ORIGIN, SAME_ORIGIN, EXPECT_LOAD);
+    </script>
+</body>
+</html>
diff --git a/testing/web-platform/tests/content-security-policy/frame-ancestors/frame-ancestors-nested-same-in-cross-url-block.html b/testing/web-platform/tests/content-security-policy/frame-ancestors/frame-ancestors-nested-same-in-cross-url-block.html
new file mode 100644
index 0000000000..5d2fc57ac1
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/frame-ancestors/frame-ancestors-nested-same-in-cross-url-block.html
@@ -0,0 +1,15 @@
+<!DOCTYPE html>
+<html>
+<head>
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src="support/frame-ancestors-test.sub.js"></script>
+</head>
+<body>
+    <script>
+        test = async_test("A 'frame-ancestors' CSP directive with a URL value should block or allow rendering in nested frames as appropriate.");
+
+        testNestedIFrame(SAMEORIGIN_ORIGIN, CROSS_ORIGIN, SAME_ORIGIN, EXPECT_BLOCK);
+    </script>
+</body>
+</html>
diff --git a/testing/web-platform/tests/content-security-policy/frame-ancestors/frame-ancestors-nested-same-in-same-none-block.html b/testing/web-platform/tests/content-security-policy/frame-ancestors/frame-ancestors-nested-same-in-same-none-block.html
new file mode 100644
index 0000000000..234cca82c8
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/frame-ancestors/frame-ancestors-nested-same-in-same-none-block.html
@@ -0,0 +1,15 @@
+<!DOCTYPE html>
+<html>
+<head>
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src="support/frame-ancestors-test.sub.js"></script>
+</head>
+<body>
+    <script>
+        test = async_test("A 'frame-ancestors' CSP directive with a value 'none' should block rendering in nested frames.");
+
+        testNestedIFrame("'none'", SAME_ORIGIN, SAME_ORIGIN, EXPECT_BLOCK);
+    </script>
+</body>
+</html>
diff --git a/testing/web-platform/tests/content-security-policy/frame-ancestors/frame-ancestors-nested-same-in-same-self-allow.html b/testing/web-platform/tests/content-security-policy/frame-ancestors/frame-ancestors-nested-same-in-same-self-allow.html
new file mode 100644
index 0000000000..747c563696
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/frame-ancestors/frame-ancestors-nested-same-in-same-self-allow.html
@@ -0,0 +1,15 @@
+<!DOCTYPE html>
+<html>
+<head>
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src="support/frame-ancestors-test.sub.js"></script>
+</head>
+<body>
+    <script>
+        test = async_test("A 'frame-ancestors' CSP directive with a value 'same' should block render in same-origin nested frames.");
+
+        testNestedIFrame("'self'", SAME_ORIGIN, SAME_ORIGIN, EXPECT_LOAD);
+    </script>
+</body>
+</html>
diff --git a/testing/web-platform/tests/content-security-policy/frame-ancestors/frame-ancestors-nested-same-in-same-star-allow.html b/testing/web-platform/tests/content-security-policy/frame-ancestors/frame-ancestors-nested-same-in-same-star-allow.html
new file mode 100644
index 0000000000..d7eaf73fd6
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/frame-ancestors/frame-ancestors-nested-same-in-same-star-allow.html
@@ -0,0 +1,15 @@
+<!DOCTYPE html>
+<html>
+<head>
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src="support/frame-ancestors-test.sub.js"></script>
+</head>
+<body>
+    <script>
+        test = async_test("A 'frame-ancestors' CSP directive with a value '*' should render in nested frames.");
+
+        testNestedIFrame("*", SAME_ORIGIN, SAME_ORIGIN, EXPECT_LOAD);
+    </script>
+</body>
+</html>
diff --git a/testing/web-platform/tests/content-security-policy/frame-ancestors/frame-ancestors-nested-same-in-same-url-allow.html b/testing/web-platform/tests/content-security-policy/frame-ancestors/frame-ancestors-nested-same-in-same-url-allow.html
new file mode 100644
index 0000000000..432c25f0d2
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/frame-ancestors/frame-ancestors-nested-same-in-same-url-allow.html
@@ -0,0 +1,15 @@
+<!DOCTYPE html>
+<html>
+<head>
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src="support/frame-ancestors-test.sub.js"></script>
+</head>
+<body>
+    <script>
+        test = async_test("A 'frame-ancestors' CSP directive with a URL value should block or allow rendering in nested frames as appropriate.");
+
+        testNestedIFrame(SAMEORIGIN_ORIGIN, SAME_ORIGIN, SAME_ORIGIN, EXPECT_LOAD);
+    </script>
+</body>
+</html>
diff --git a/testing/web-platform/tests/content-security-policy/frame-ancestors/frame-ancestors-nested-same-in-same-url-block.html b/testing/web-platform/tests/content-security-policy/frame-ancestors/frame-ancestors-nested-same-in-same-url-block.html
new file mode 100644
index 0000000000..c02091bf4f
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/frame-ancestors/frame-ancestors-nested-same-in-same-url-block.html
@@ -0,0 +1,15 @@
+<!DOCTYPE html>
+<html>
+<head>
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src="support/frame-ancestors-test.sub.js"></script>
+</head>
+<body>
+    <script>
+        test = async_test("A 'frame-ancestors' CSP directive with a URL value should block or allow rendering in nested frames as appropriate.");
+
+        testNestedIFrame(CROSSORIGIN_ORIGIN, SAME_ORIGIN, SAME_ORIGIN, EXPECT_BLOCK);
+    </script>
+</body>
+</html>
diff --git a/testing/web-platform/tests/content-security-policy/frame-ancestors/frame-ancestors-none-block.html b/testing/web-platform/tests/content-security-policy/frame-ancestors/frame-ancestors-none-block.html
new file mode 100644
index 0000000000..f494468e37
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/frame-ancestors/frame-ancestors-none-block.html
@@ -0,0 +1,23 @@
+<!DOCTYPE html>
+<html>
+<head>
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src="support/frame-ancestors-test.sub.js"></script>
+</head>
+<body>
+  <script>
+    async_test(t => {
+      window.addEventListener('securitypolicyviolation', t.step_func(function(e) {
+        if (e.violatedDirective === 'frame-ancestors')
+          assert_unreached('No securitypolicyviolation event shoud be raised in the parent.');
+      }));
+      t.step_timeout(function() { t.done(); }, 2000);
+    });
+
+    test = async_test("A 'frame-ancestors' CSP directive with a value 'none' should block rendering.");
+
+    sameOriginFrameShouldBeBlocked("'none'");
+  </script>
+</body>
+</html>
diff --git a/testing/web-platform/tests/content-security-policy/frame-ancestors/frame-ancestors-overrides-xfo.html b/testing/web-platform/tests/content-security-policy/frame-ancestors/frame-ancestors-overrides-xfo.html
new file mode 100644
index 0000000000..9e6d3d729c
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/frame-ancestors/frame-ancestors-overrides-xfo.html
@@ -0,0 +1,39 @@
+<!DOCTYPE html>
+<html>
+<head>
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+</head>
+<body>
+    <script>
+        async_test(function (t) {
+            var i = document.createElement('iframe');
+            i.src = "support/frame-ancestors-and-x-frame-options.sub.html?policy='self'&xfo=DENY";
+            i.onload = t.step_func_done(function () {
+                assert_equals(i.contentWindow.origin, window.origin, "The same-origin page loaded.");
+            });
+            document.body.appendChild(i);
+        }, "A 'frame-ancestors' CSP directive overrides an 'x-frame-options' header which would block the page.");
+
+        async_test(function (t) {
+            var i = document.createElement('iframe');
+            i.src = "support/frame-ancestors-and-x-frame-options.sub.html?policy=other-origin.com&xfo=SAMEORIGIN";
+            checkDone = t.step_func(function() {
+                clearTimeout(timer);
+                try {
+                    if (i.contentWindow.location.href === "about:blank" ||
+                        (i.contentDocument && i.contentDocument.readyState !== "complete")) {
+                        timer = t.step_timeout(checkDone, 10);
+                        return;
+                    }
+                } catch(e) {}
+                assert_equals(i.contentDocument, null);
+                t.done();
+            });
+            i.onload = checkDone;
+            let timer = t.step_timeout(checkDone, 10);
+            document.body.appendChild(i);
+        }, "A 'frame-ancestors' CSP directive overrides an 'x-frame-options' header which would allow the page.");
+    </script>
+</body>
+</html>
diff --git a/testing/web-platform/tests/content-security-policy/frame-ancestors/frame-ancestors-sandbox-same-origin-self.html b/testing/web-platform/tests/content-security-policy/frame-ancestors/frame-ancestors-sandbox-same-origin-self.html
new file mode 100644
index 0000000000..4a2a19698d
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/frame-ancestors/frame-ancestors-sandbox-same-origin-self.html
@@ -0,0 +1,17 @@
+<!DOCTYPE html>
+<html>
+<head>
+  <script src="/resources/testharness.js"></script>
+  <script src="/resources/testharnessreport.js"></script>
+  <script src="support/frame-ancestors-test.sub.js"></script>
+</head>
+<body>
+  <script>
+    test = async_test("A 'frame-ancestors' CSP directive with a 'self' value " +
+      "should compare the child URL (self) against each parent's origin's URL" +
+      " rather then URL. When the ancestors are sandboxed, they never match.");
+
+    testNestedSandboxedIFrame('self', SAME_ORIGIN, SAME_ORIGIN, EXPECT_BLOCK);
+  </script>
+</body>
+</html>
diff --git a/testing/web-platform/tests/content-security-policy/frame-ancestors/frame-ancestors-self-allow.html b/testing/web-platform/tests/content-security-policy/frame-ancestors/frame-ancestors-self-allow.html
new file mode 100644
index 0000000000..a8a295dfc4
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/frame-ancestors/frame-ancestors-self-allow.html
@@ -0,0 +1,16 @@
+<!DOCTYPE html>
+<html>
+<head>
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src="support/frame-ancestors-test.sub.js"></script>
+</head>
+<body>
+    <script>
+        test = async_test("A 'frame-ancestors' CSP directive with a value 'self' should allow rendering.");
+
+        sameOriginFrameShouldBeAllowed("'self'");
+    </script>
+</body>
+</html>
+
diff --git a/testing/web-platform/tests/content-security-policy/frame-ancestors/frame-ancestors-self-block.html b/testing/web-platform/tests/content-security-policy/frame-ancestors/frame-ancestors-self-block.html
new file mode 100644
index 0000000000..438f2b8eb2
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/frame-ancestors/frame-ancestors-self-block.html
@@ -0,0 +1,15 @@
+<!DOCTYPE html>
+<html>
+<head>
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src="support/frame-ancestors-test.sub.js"></script>
+</head>
+<body>
+    <script>
+        test = async_test("A 'frame-ancestors' CSP directive with a value 'self' should block rendering.");
+
+        crossOriginFrameShouldBeBlocked("'self'");
+    </script>
+</body>
+</html>
diff --git a/testing/web-platform/tests/content-security-policy/frame-ancestors/frame-ancestors-star-allow-crossorigin.html b/testing/web-platform/tests/content-security-policy/frame-ancestors/frame-ancestors-star-allow-crossorigin.html
new file mode 100644
index 0000000000..09ee28bbea
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/frame-ancestors/frame-ancestors-star-allow-crossorigin.html
@@ -0,0 +1,16 @@
+<!DOCTYPE html>
+<html>
+<head>
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src="support/frame-ancestors-test.sub.js"></script>
+</head>
+<body>
+    <script>
+        test = async_test("A 'frame-ancestors' CSP directive with '*' should allow rendering.");
+
+        // Note that we can't distinguish blocked URLs from allowed cross-origin URLs due to the same-origin policy. This test passes if no console message declares that the frame was blocked.
+        crossOriginFrameShouldBeBlocked("*");
+    </script>
+</body>
+</html>
diff --git a/testing/web-platform/tests/content-security-policy/frame-ancestors/frame-ancestors-star-allow-sameorigin.html b/testing/web-platform/tests/content-security-policy/frame-ancestors/frame-ancestors-star-allow-sameorigin.html
new file mode 100644
index 0000000000..62bbe45b25
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/frame-ancestors/frame-ancestors-star-allow-sameorigin.html
@@ -0,0 +1,15 @@
+<!DOCTYPE html>
+<html>
+<head>
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src="support/frame-ancestors-test.sub.js"></script>
+</head>
+<body>
+    <script>
+        test = async_test("A 'frame-ancestors' CSP directive with '*' should allow rendering.");
+
+        sameOriginFrameShouldBeAllowed("*");
+    </script>
+</body>
+</html>
diff --git a/testing/web-platform/tests/content-security-policy/frame-ancestors/frame-ancestors-url-allow.sub.html b/testing/web-platform/tests/content-security-policy/frame-ancestors/frame-ancestors-url-allow.sub.html
new file mode 100644
index 0000000000..f4f42e475f
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/frame-ancestors/frame-ancestors-url-allow.sub.html
@@ -0,0 +1,15 @@
+<!DOCTYPE html>
+<html>
+<head>
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src="support/frame-ancestors-test.sub.js"></script>
+</head>
+<body>
+    <script>
+        test = async_test("A 'frame-ancestors' CSP directive with a URL matching this origin should allow rendering.");
+
+        sameOriginFrameShouldBeAllowed('{{location[scheme]}}://{{location[host]}}');
+    </script>
+</body>
+</html>
diff --git a/testing/web-platform/tests/content-security-policy/frame-ancestors/frame-ancestors-url-block.html b/testing/web-platform/tests/content-security-policy/frame-ancestors/frame-ancestors-url-block.html
new file mode 100644
index 0000000000..c320370be5
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/frame-ancestors/frame-ancestors-url-block.html
@@ -0,0 +1,15 @@
+<!DOCTYPE html>
+<html>
+<head>
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src="support/frame-ancestors-test.sub.js"></script>
+</head>
+<body>
+    <script>
+        test = async_test("A 'frame-ancestors' CSP directive with a URL which doesn't match this origin should be blocked.");
+
+        crossOriginFrameShouldBeBlocked("http://example.com/");
+    </script>
+</body>
+</html>
diff --git a/testing/web-platform/tests/content-security-policy/frame-ancestors/report-blocked-frame.sub.html b/testing/web-platform/tests/content-security-policy/frame-ancestors/report-blocked-frame.sub.html
new file mode 100644
index 0000000000..a7532b7cf2
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/frame-ancestors/report-blocked-frame.sub.html
@@ -0,0 +1,13 @@
+<!DOCTYPE html>
+<html>
+<meta name="timeout" content="long">
+<head>
+  <script src="/resources/testharness.js"></script>
+  <script src="/resources/testharnessreport.js"></script>
+  <title>Blocked frames are reported correctly</title>
+</head>
+<body>
+  <iframe src="support/content-security-policy.sub.html?policy=report-uri%20/reporting/resources/report.py%3Fop=put%26reportID={{$id:uuid()}}%3B%20frame-ancestors%20'none'"></iframe>
+  <script async defer src="../support/checkReport.sub.js?reportField=violated-directive&reportValue=frame-ancestors%20'none'&reportID={{$id}}"></script>
+</body>
+</html>
diff --git a/testing/web-platform/tests/content-security-policy/frame-ancestors/report-only-frame.sub.html b/testing/web-platform/tests/content-security-policy/frame-ancestors/report-only-frame.sub.html
new file mode 100644
index 0000000000..55289db6d6
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/frame-ancestors/report-only-frame.sub.html
@@ -0,0 +1,13 @@
+<!DOCTYPE html>
+<html>
+<meta name="timeout" content="long">
+<head>
+  <script src="/resources/testharness.js"></script>
+  <script src="/resources/testharnessreport.js"></script>
+  <title>Blocked frames are reported correctly</title>
+</head>
+<body>
+  <iframe src="support/content-security-policy-report-only.sub.html?policy=report-uri%20/reporting/resources/report.py%3Fop=put%26reportID={{$id:uuid()}}%3B%20frame-ancestors%20'none'"></iframe>
+  <script async defer src="../support/checkReport.sub.js?reportField=violated-directive&reportValue=frame-ancestors%20'none'&reportID={{$id}}"></script>
+</body>
+</html>
diff --git a/testing/web-platform/tests/content-security-policy/frame-ancestors/support/content-security-policy-report-only.sub.html b/testing/web-platform/tests/content-security-policy/frame-ancestors/support/content-security-policy-report-only.sub.html
new file mode 100644
index 0000000000..c8317b91cf
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/frame-ancestors/support/content-security-policy-report-only.sub.html
@@ -0,0 +1,6 @@
+<!DOCTYPE html>
+<html>
+<body>
+    <p>This is an IFrame sending a Content-Security-Policy-Report-Only header containing "{{GET[policy]}}".</p>
+</body>
+</html>
diff --git a/testing/web-platform/tests/content-security-policy/frame-ancestors/support/content-security-policy-report-only.sub.html.sub.headers b/testing/web-platform/tests/content-security-policy/frame-ancestors/support/content-security-policy-report-only.sub.html.sub.headers
new file mode 100644
index 0000000000..ccb142e569
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/frame-ancestors/support/content-security-policy-report-only.sub.html.sub.headers
@@ -0,0 +1 @@
+Content-Security-Policy-Report-Only: {{GET[policy]}}
diff --git a/testing/web-platform/tests/content-security-policy/frame-ancestors/support/content-security-policy.sub.html b/testing/web-platform/tests/content-security-policy/frame-ancestors/support/content-security-policy.sub.html
new file mode 100644
index 0000000000..2182f4a3d2
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/frame-ancestors/support/content-security-policy.sub.html
@@ -0,0 +1,6 @@
+<!DOCTYPE html>
+<html>
+<body>
+    <p>This is an IFrame sending a Content Security Policy header containing "{{GET[policy]}}".</p>
+</body>
+</html>
diff --git a/testing/web-platform/tests/content-security-policy/frame-ancestors/support/content-security-policy.sub.html.sub.headers b/testing/web-platform/tests/content-security-policy/frame-ancestors/support/content-security-policy.sub.html.sub.headers
new file mode 100644
index 0000000000..322c99d518
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/frame-ancestors/support/content-security-policy.sub.html.sub.headers
@@ -0,0 +1 @@
+Content-Security-Policy: {{GET[policy]}}
diff --git a/testing/web-platform/tests/content-security-policy/frame-ancestors/support/frame-ancestors-and-x-frame-options.sub.html b/testing/web-platform/tests/content-security-policy/frame-ancestors/support/frame-ancestors-and-x-frame-options.sub.html
new file mode 100644
index 0000000000..e22fea3ccd
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/frame-ancestors/support/frame-ancestors-and-x-frame-options.sub.html
@@ -0,0 +1,9 @@
+<!DOCTYPE html>
+<html>
+<body>
+    <p>This is an IFrame sending a Content Security Policy header containing "frame-ancestors {{GET[policy]}}" and "X-Frame-Options: {{GET[xfo]}}".</p>
+    <script>
+        // This is an IFrame sending a Content Security Policy header containing "frame-ancestors {{GET[policy]}}" and "X-Frame-Options: {{GET[xfo]}}".
+    </script>
+</body>
+</html>
diff --git a/testing/web-platform/tests/content-security-policy/frame-ancestors/support/frame-ancestors-and-x-frame-options.sub.html.sub.headers b/testing/web-platform/tests/content-security-policy/frame-ancestors/support/frame-ancestors-and-x-frame-options.sub.html.sub.headers
new file mode 100644
index 0000000000..636e0facde
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/frame-ancestors/support/frame-ancestors-and-x-frame-options.sub.html.sub.headers
@@ -0,0 +1,3 @@
+Content-Type: text/html; charset=UTF-8
+Content-Security-Policy: frame-ancestors {{GET[policy]}}
+X-Frame-Options: {{GET[xfo]}}
diff --git a/testing/web-platform/tests/content-security-policy/frame-ancestors/support/frame-ancestors-test.sub.js b/testing/web-platform/tests/content-security-policy/frame-ancestors/support/frame-ancestors-test.sub.js
new file mode 100644
index 0000000000..6e816e89b3
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/frame-ancestors/support/frame-ancestors-test.sub.js
@@ -0,0 +1,147 @@
+var SAME_ORIGIN = true;
+var CROSS_ORIGIN = false;
+
+var EXPECT_BLOCK = true;
+var EXPECT_LOAD = false;
+
+var SAMEORIGIN_ORIGIN = "{{location[scheme]}}://{{location[host]}}";
+var CROSSORIGIN_ORIGIN = "http://{{domains[www1]}}:{{ports[http][1]}}";
+
+var test;
+
+function endTest(failed, message) {
+    if (typeof test === 'undefined') return;
+
+    if (failed) {
+        test.step(function() {
+            assert_unreached(message);
+            test.done();
+        });
+    }
+    else test.done({message: message});
+}
+
+window.addEventListener("message", function (e) {
+    if (window.parent != window)
+        window.parent.postMessage(e.data, "*");
+    else
+        if (e.data.type === 'test_result')
+            endTest(e.data.failed, "Inner IFrame msg: " + e.data.message);
+});
+
+function injectNestedIframe(policy, parent, child, expectation, isSandboxed) {
+    var iframe = document.createElement("iframe");
+
+    var url = "/content-security-policy/frame-ancestors/support/frame-in-frame.sub.html"
+              + "?policy=" + policy
+              + "&parent=" + parent
+              + "&child=" + child
+              + "&expectation=" + expectation;
+    url = (parent == "same" ? SAMEORIGIN_ORIGIN : CROSSORIGIN_ORIGIN) + url;
+
+    iframe.src = url;
+
+    if (isSandboxed)
+        iframe.sandbox = 'allow-scripts';
+
+    document.body.appendChild(iframe);
+}
+
+let timer;
+function pollForLoadCompletion({iframe, expectBlock}) {
+    let fn = iframeLoaded({expectBlock, isPoll: true});
+    timer = test.step_timeout(() => fn({target: iframe}), 10);
+}
+
+function injectIFrame(policy, sameOrigin, expectBlock) {
+    var iframe = document.createElement("iframe");
+    iframe.addEventListener("load", iframeLoaded({expectBlock, isPoll: false}));
+    iframe.addEventListener("error", iframeLoaded({expectBlock, isPoll: false}));
+
+    var url = "/content-security-policy/frame-ancestors/support/frame-ancestors.sub.html?policy=" + policy;
+    if (sameOrigin)
+        url = SAMEORIGIN_ORIGIN + url;
+    else
+        url = CROSSORIGIN_ORIGIN + url;
+
+    iframe.src = url;
+    document.body.appendChild(iframe);
+    pollForLoadCompletion({iframe, expectBlock});
+}
+
+function iframeLoaded({isPoll, expectBlock}) {
+    return function(ev) {
+        clearTimeout(timer);
+        var failed = true;
+        var message = "";
+        try {
+            let url = ev.target.contentWindow.location.href;
+            if (isPoll && (url === "about:blank" || ev.target.contentDocument.readyState !== "complete")) {
+                pollForLoadCompletion({iframe: ev.target, expectBlock});
+                return;
+            }
+            if (expectBlock) {
+                message = "The IFrame should have been blocked (or cross-origin). It wasn't.";
+                failed = true;
+            } else {
+                message = "The IFrame should not have been blocked. It wasn't.";
+                failed = false;
+            }
+        } catch (ex) {
+            if (expectBlock) {
+                message = "The IFrame should have been blocked (or cross-origin). It was.";
+                failed = false;
+            } else {
+                message = "The IFrame should not have been blocked. It was.";
+                failed = true;
+            }
+        }
+        if (window.parent != window)
+            window.parent.postMessage({type: 'test_result', failed: failed, message: message}, '*');
+        else
+            endTest(failed, message);
+    };
+}
+
+function originFrameShouldBe(child, expectation, policy) {
+    if (child == "cross" && expectation == "blocked") crossOriginFrameShouldBeBlocked(policy);
+    if (child == "same" && expectation == "blocked") sameOriginFrameShouldBeBlocked(policy);
+    if (child == "cross" && expectation == "allowed") crossOriginFrameShouldBeAllowed(policy);
+    if (child == "same" && expectation == "allowed") sameOriginFrameShouldBeAllowed(policy);
+}
+
+function crossOriginFrameShouldBeBlocked(policy) {
+    window.onload = function () {
+        injectIFrame(policy, CROSS_ORIGIN, EXPECT_BLOCK);
+    };
+}
+
+function crossOriginFrameShouldBeAllowed(policy) {
+    window.onload = function () {
+        injectIFrame(policy, CROSS_ORIGIN, EXPECT_LOAD);
+    };
+}
+
+function sameOriginFrameShouldBeBlocked(policy) {
+    window.onload = function () {
+        injectIFrame(policy, SAME_ORIGIN, EXPECT_BLOCK);
+    };
+}
+
+function sameOriginFrameShouldBeAllowed(policy) {
+    window.onload = function () {
+        injectIFrame(policy, SAME_ORIGIN, EXPECT_LOAD);
+    };
+}
+
+function testNestedIFrame(policy, parent, child, expectation) {
+    window.onload = function () {
+        injectNestedIframe(policy, parent == SAME_ORIGIN ? "same" : "cross", child == SAME_ORIGIN ? "same" : "cross", expectation == EXPECT_LOAD ? "allowed" : "blocked", false /* isSandboxed */);
+    };
+}
+
+function testNestedSandboxedIFrame(policy, parent, child, expectation) {
+    window.onload = function () {
+        injectNestedIframe(policy, parent == SAME_ORIGIN ? "same" : "cross", child == SAME_ORIGIN ? "same" : "cross", expectation == EXPECT_LOAD ? "allowed" : "blocked", true /* isSandboxed */);
+    };
+}
diff --git a/testing/web-platform/tests/content-security-policy/frame-ancestors/support/frame-ancestors.sub.html b/testing/web-platform/tests/content-security-policy/frame-ancestors/support/frame-ancestors.sub.html
new file mode 100644
index 0000000000..de65277343
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/frame-ancestors/support/frame-ancestors.sub.html
@@ -0,0 +1,9 @@
+<!DOCTYPE html>
+<html>
+<body>
+    <p>This is an IFrame sending a Content Security Policy header containing "frame-ancestors {{GET[policy]}}".</p>
+    <script>
+         // This is an IFrame sending a Content Security Policy header containing "frame-ancestors {{GET[policy]}}"
+    </script>
+</body>
+</html>
diff --git a/testing/web-platform/tests/content-security-policy/frame-ancestors/support/frame-ancestors.sub.html.sub.headers b/testing/web-platform/tests/content-security-policy/frame-ancestors/support/frame-ancestors.sub.html.sub.headers
new file mode 100644
index 0000000000..9369a4101f
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/frame-ancestors/support/frame-ancestors.sub.html.sub.headers
@@ -0,0 +1,2 @@
+Content-Type: text/html; charset=UTF-8
+Content-Security-Policy: frame-ancestors {{GET[policy]}}
diff --git a/testing/web-platform/tests/content-security-policy/frame-ancestors/support/frame-in-frame.sub.html b/testing/web-platform/tests/content-security-policy/frame-ancestors/support/frame-in-frame.sub.html
new file mode 100644
index 0000000000..993b6bfd4b
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/frame-ancestors/support/frame-in-frame.sub.html
@@ -0,0 +1,16 @@
+<!DOCTYPE html>
+<html>
+<body>
+    <script src='/resources/testharness.js'></script>
+    <script src='/resources/testharnessreport.js'></script>
+    <script src='/content-security-policy/frame-ancestors/support/frame-ancestors-test.sub.js'></script>
+
+    <span id="escape">{{GET[policy]}}</span>
+
+    <script>
+        test = async_test("Testing a {{GET[child]}}-origin child with a policy of {{GET[policy]}} nested in a {{GET[parent]}}-origin parent");
+        const policy = document.getElementById("escape").textContent;
+        originFrameShouldBe("{{GET[child]}}", "{{GET[expectation]}}", policy);
+    </script>
+</body>
+</html>
diff --git a/testing/web-platform/tests/content-security-policy/frame-ancestors/support/frame-in-frame.sub.html.sub.headers b/testing/web-platform/tests/content-security-policy/frame-ancestors/support/frame-in-frame.sub.html.sub.headers
new file mode 100644
index 0000000000..e853d6cee5
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/frame-ancestors/support/frame-in-frame.sub.html.sub.headers
@@ -0,0 +1 @@
+Content-Type: text/html; charset=UTF-8
diff --git a/testing/web-platform/tests/content-security-policy/frame-ancestors/support/service-worker.js b/testing/web-platform/tests/content-security-policy/frame-ancestors/support/service-worker.js
new file mode 100644
index 0000000000..ebced90f50
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/frame-ancestors/support/service-worker.js
@@ -0,0 +1,10 @@
+self.onfetch = e => {
+  e.respondWith(function() {
+    return new Promise((resolve) => {
+      var headers = new Headers;
+      headers.append("Content-Security-Policy", "frame-ancestors 'none'");
+      var response = new Response("", { "headers" : headers, "status": 200, "statusText" : "OK" });
+      resolve(response);
+    });
+  }());
+};