diff options
Diffstat (limited to '')
-rw-r--r-- | testing/web-platform/tests/content-security-policy/frame-ancestors/frame-ancestors-overrides-xfo.html | 39 |
1 files changed, 39 insertions, 0 deletions
diff --git a/testing/web-platform/tests/content-security-policy/frame-ancestors/frame-ancestors-overrides-xfo.html b/testing/web-platform/tests/content-security-policy/frame-ancestors/frame-ancestors-overrides-xfo.html new file mode 100644 index 0000000000..9e6d3d729c --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/frame-ancestors/frame-ancestors-overrides-xfo.html @@ -0,0 +1,39 @@ +<!DOCTYPE html> +<html> +<head> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> +</head> +<body> + <script> + async_test(function (t) { + var i = document.createElement('iframe'); + i.src = "support/frame-ancestors-and-x-frame-options.sub.html?policy='self'&xfo=DENY"; + i.onload = t.step_func_done(function () { + assert_equals(i.contentWindow.origin, window.origin, "The same-origin page loaded."); + }); + document.body.appendChild(i); + }, "A 'frame-ancestors' CSP directive overrides an 'x-frame-options' header which would block the page."); + + async_test(function (t) { + var i = document.createElement('iframe'); + i.src = "support/frame-ancestors-and-x-frame-options.sub.html?policy=other-origin.com&xfo=SAMEORIGIN"; + checkDone = t.step_func(function() { + clearTimeout(timer); + try { + if (i.contentWindow.location.href === "about:blank" || + (i.contentDocument && i.contentDocument.readyState !== "complete")) { + timer = t.step_timeout(checkDone, 10); + return; + } + } catch(e) {} + assert_equals(i.contentDocument, null); + t.done(); + }); + i.onload = checkDone; + let timer = t.step_timeout(checkDone, 10); + document.body.appendChild(i); + }, "A 'frame-ancestors' CSP directive overrides an 'x-frame-options' header which would allow the page."); + </script> +</body> +</html> |