summaryrefslogtreecommitdiffstats
path: root/testing/web-platform/tests/content-security-policy/embedded-enforcement/required-csp-header-cascade.html
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--testing/web-platform/tests/content-security-policy/embedded-enforcement/required-csp-header-cascade.html67
1 files changed, 67 insertions, 0 deletions
diff --git a/testing/web-platform/tests/content-security-policy/embedded-enforcement/required-csp-header-cascade.html b/testing/web-platform/tests/content-security-policy/embedded-enforcement/required-csp-header-cascade.html
new file mode 100644
index 0000000000..92fe2dd431
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/embedded-enforcement/required-csp-header-cascade.html
@@ -0,0 +1,67 @@
+<!DOCTYPE html>
+<html>
+<head>
+<title>Embedded Enforcement: Sec-Required-CSP header.</title>
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="support/testharness-helper.sub.js"></script>
+</head>
+<body>
+ <script>
+ var tests = [
+ { "name": "Test same policy for both iframes",
+ "csp1": "script-src 'unsafe-inline';",
+ "csp2": "script-src 'unsafe-inline';",
+ "expected1": "script-src 'unsafe-inline';",
+ "expected2": "script-src 'unsafe-inline';"},
+ { "name": "Test more restrictive policy on second iframe",
+ "csp1": "script-src 'unsafe-inline';",
+ "csp2": "script-src 'unsafe-inline'; style-src 'self';",
+ "expected1": "script-src 'unsafe-inline';",
+ "expected2": "script-src 'unsafe-inline'; style-src 'self';"},
+ { "name": "Test less restrictive policy on second iframe",
+ "csp1": "script-src 'unsafe-inline'; style-src 'self';",
+ "csp2": "script-src 'unsafe-inline';",
+ "expected1": "script-src 'unsafe-inline'; style-src 'self';",
+ "expected2": "script-src 'unsafe-inline'; style-src 'self';"},
+ { "name": "Test no policy on second iframe",
+ "csp1": "script-src 'unsafe-inline'; style-src 'self';",
+ "csp2": "",
+ "expected1": "script-src 'unsafe-inline'; style-src 'self';",
+ "expected2": "script-src 'unsafe-inline'; style-src 'self';"},
+ { "name": "Test no policy on first iframe",
+ "csp1": "",
+ "csp2": "script-src 'unsafe-inline'; style-src 'self';",
+ "expected1": null,
+ "expected2": "script-src 'unsafe-inline'; style-src 'self';"},
+ { "name": "Test invalid policy on first iframe (bad directive name)",
+ "csp1": "default-src http://example.com; i//nvalid-policy-name http://example.com",
+ "csp2": "script-src 'unsafe-inline'; style-src 'self';",
+ "expected1": null,
+ "expected2": "script-src 'unsafe-inline'; style-src 'self';"},
+ { "name": "Test invalid policy on first iframe (report directive)",
+ "csp1": "script-src 'unsafe-inline'; report-uri resources/dummy-report.php",
+ "csp2": "script-src 'unsafe-inline'; style-src 'self';",
+ "expected1": null,
+ "expected2": "script-src 'unsafe-inline'; style-src 'self';"},
+ { "name": "Test invalid policy on second iframe (bad directive name)",
+ "csp1": "script-src 'unsafe-inline'; style-src 'self';",
+ "csp2": "default-src http://example.com; i//nvalid-policy-name http://example.com",
+ "expected1": "script-src 'unsafe-inline'; style-src 'self';",
+ "expected2": "script-src 'unsafe-inline'; style-src 'self';"},
+ { "name": "Test invalid policy on second iframe (report directive)",
+ "csp1": "script-src 'unsafe-inline'; style-src 'self';",
+ "csp2": "script-src 'unsafe-inline'; report-uri resources/dummy-report.php",
+ "expected1": "script-src 'unsafe-inline'; style-src 'self';",
+ "expected2": "script-src 'unsafe-inline'; style-src 'self';"},
+ ];
+
+ tests.forEach(test => {
+ async_test(t => {
+ var url = generateURLStringWithSecondIframeParams(Host.SAME_ORIGIN, PolicyHeader.REQUIRED_CSP, test.csp2);
+ assert_required_csp(t, url, test.csp1, [test.expected1, test.expected2]);
+ }, "Test same origin: " + test.name);
+ });
+ </script>
+</body>
+</html>
generated by cgit v1.2.3 (git 2.39.1) at 2024-09-06 18:50:01 +0000