61 files changed, 977 insertions, 0 deletions

diff --git a/testing/web-platform/tests/content-security-policy/navigate-to/anchor-navigation-always-allowed.html b/testing/web-platform/tests/content-security-policy/navigate-to/anchor-navigation-always-allowed.html
new file mode 100644
index 0000000000..658897fb1b
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/navigate-to/anchor-navigation-always-allowed.html
@@ -0,0 +1,23 @@
+<!DOCTYPE html>
+
+<head>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+</head>
+
+<body>
+
+<a name="anchor"></a>
+
+<script>
+  var t = async_test("Test that anchor navigation is allowed regardless of the `navigate-to` directive");
+
+  window.addEventListener('securitypolicyviolation', t.unreached_func("Should not have triggered any violation"));
+
+  try {
+    window.location.hash = "anchor";
+    t.done();
+  } catch(ex) {}
+</script>
+
+</body>
\ No newline at end of file
diff --git a/testing/web-platform/tests/content-security-policy/navigate-to/anchor-navigation-always-allowed.html.headers b/testing/web-platform/tests/content-security-policy/navigate-to/anchor-navigation-always-allowed.html.headers
new file mode 100644
index 0000000000..739a2ce175
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/navigate-to/anchor-navigation-always-allowed.html.headers
@@ -0,0 +1,4 @@
+Expires: Mon, 26 Jul 1997 05:00:00 GMT
+Cache-Control: no-store, no-cache, must-revalidate
+Pragma: no-cache
+Content-Security-Policy: navigate-to 'none'
diff --git a/testing/web-platform/tests/content-security-policy/navigate-to/child-navigates-parent-allowed.html b/testing/web-platform/tests/content-security-policy/navigate-to/child-navigates-parent-allowed.html
new file mode 100644
index 0000000000..7b4b455d8d
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/navigate-to/child-navigates-parent-allowed.html
@@ -0,0 +1,18 @@
+<!DOCTYPE html>
+
+<head>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+</head>
+
+<body>
+<script>
+  var t = async_test("Test that the child can navigate the parent because the relevant policy belongs to the navigation initiator (in this case the child, which has the policy `navigate-to 'self'`)");
+  window.onmessage = t.step_func_done(function(e) {
+    assert_equals(e.data.result, 'success');
+  });
+</script>
+
+<iframe srcdoc="<iframe src='support/navigate_parent.sub.html?csp=navigate-to%20%27self%27'>">
+
+</body>
diff --git a/testing/web-platform/tests/content-security-policy/navigate-to/child-navigates-parent-allowed.html.headers b/testing/web-platform/tests/content-security-policy/navigate-to/child-navigates-parent-allowed.html.headers
new file mode 100644
index 0000000000..aced1c6d05
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/navigate-to/child-navigates-parent-allowed.html.headers
@@ -0,0 +1,4 @@
+Expires: Mon, 26 Jul 1997 05:00:00 GMT
+Cache-Control: no-store, no-cache, must-revalidate
+Pragma: no-cache
+Content-Security-Policy: navigate-to 'self' support/navigate_parent.sub.html
diff --git a/testing/web-platform/tests/content-security-policy/navigate-to/child-navigates-parent-blocked.sub.html b/testing/web-platform/tests/content-security-policy/navigate-to/child-navigates-parent-blocked.sub.html
new file mode 100644
index 0000000000..4e50617e3c
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/navigate-to/child-navigates-parent-blocked.sub.html
@@ -0,0 +1,19 @@
+<!DOCTYPE html>
+
+<head>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+</head>
+
+<body>
+<script>
+  var t = async_test("Test that the child can't navigate the parent because the relevant policy belongs to the navigation initiator (in this case the child which has the policy `navigate-to 'none'`)");
+  window.onmessage = t.step_func_done(function(e) {
+    assert_equals(e.data.result, 'fail');
+    assert_equals(e.data.violatedDirective, 'navigate-to');
+  });
+</script>
+<iframe srcdoc="<iframe src='support/navigate_parent.sub.html?csp=navigate-to%20%27none%27&report_id={{$id:uuid()}}'>"></iframe>
+
+<script async defer src='../support/checkReport.sub.js?reportField=violated-directive&reportValue=navigate-to%20%27none%27&reportID={{$id}}'></script>
+</body>
diff --git a/testing/web-platform/tests/content-security-policy/navigate-to/child-navigates-parent-blocked.sub.html.headers b/testing/web-platform/tests/content-security-policy/navigate-to/child-navigates-parent-blocked.sub.html.headers
new file mode 100644
index 0000000000..9cb770bcc1
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/navigate-to/child-navigates-parent-blocked.sub.html.headers
@@ -0,0 +1,4 @@
+Expires: Mon, 26 Jul 1997 05:00:00 GMT
+Cache-Control: no-store, no-cache, must-revalidate
+Pragma: no-cache
+Content-Security-Policy: navigate-to 'self'
diff --git a/testing/web-platform/tests/content-security-policy/navigate-to/form-action/form-action-allows-navigate-to-allows.sub.html b/testing/web-platform/tests/content-security-policy/navigate-to/form-action/form-action-allows-navigate-to-allows.sub.html
new file mode 100644
index 0000000000..f58407ac6d
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/navigate-to/form-action/form-action-allows-navigate-to-allows.sub.html
@@ -0,0 +1,16 @@
+<!DOCTYPE html>
+
+<head>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+</head>
+
+<body>
+<script>
+  var t = async_test("Test that form-action overrides navigate-to when present.");
+  window.onmessage = t.step_func_done(function(e) {
+    assert_equals(e.data.result, 'success');
+  });
+</script>
+<iframe src="../support/form_action_navigation.sub.html?csp=navigate-to%20%27self%27%3B%20form-action%20%27self%27%3B&action=post_message_to_frame_owner.html&report_id={{uuid()}}">
+</body>
\ No newline at end of file
diff --git a/testing/web-platform/tests/content-security-policy/navigate-to/form-action/form-action-allows-navigate-to-blocks.sub.html b/testing/web-platform/tests/content-security-policy/navigate-to/form-action/form-action-allows-navigate-to-blocks.sub.html
new file mode 100644
index 0000000000..0ddc8820f9
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/navigate-to/form-action/form-action-allows-navigate-to-blocks.sub.html
@@ -0,0 +1,16 @@
+<!DOCTYPE html>
+
+<head>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+</head>
+
+<body>
+<script>
+  var t = async_test("Test that form-action overrides navigate-to when present.");
+  window.onmessage = t.step_func_done(function(e) {
+    assert_equals(e.data.result, 'success');
+  });
+</script>
+<iframe src="../support/form_action_navigation.sub.html?csp=navigate-to%20%27none%27%3B%20form-action%20%27self%27%3B&action=post_message_to_frame_owner.html&report_id={{uuid()}}">
+</body>
\ No newline at end of file
diff --git a/testing/web-platform/tests/content-security-policy/navigate-to/form-action/form-action-blocks-navigate-to-allows.sub.html b/testing/web-platform/tests/content-security-policy/navigate-to/form-action/form-action-blocks-navigate-to-allows.sub.html
new file mode 100644
index 0000000000..927ebb4d36
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/navigate-to/form-action/form-action-blocks-navigate-to-allows.sub.html
@@ -0,0 +1,17 @@
+<!DOCTYPE html>
+
+<head>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+</head>
+
+<body>
+<script>
+  var t = async_test("Test that form-action overrides navigate-to when present.");
+  window.onmessage = t.step_func_done(function(e) {
+    assert_equals(e.data.result, 'fail');
+    assert_equals(e.data.violatedDirective, 'form-action');
+  });
+</script>
+<iframe src="../support/form_action_navigation.sub.html?csp=navigate-to%20%27self%27%3B%20form-action%20%27none%27%3B&action=post_message_to_frame_owner.html&report_id={{uuid()}}"">
+</body>
diff --git a/testing/web-platform/tests/content-security-policy/navigate-to/form-action/form-action-blocks-navigate-to-blocks.sub.html b/testing/web-platform/tests/content-security-policy/navigate-to/form-action/form-action-blocks-navigate-to-blocks.sub.html
new file mode 100644
index 0000000000..56688fa418
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/navigate-to/form-action/form-action-blocks-navigate-to-blocks.sub.html
@@ -0,0 +1,17 @@
+<!DOCTYPE html>
+
+<head>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+</head>
+
+<body>
+<script>
+  var t = async_test("Test that form-action overrides navigate-to when present.");
+  window.onmessage = t.step_func_done(function(e) {
+    assert_equals(e.data.result, 'fail');
+    assert_equals(e.data.violatedDirective, 'form-action');
+  });
+</script>
+<iframe src="../support/form_action_navigation.sub.html?csp=navigate-to%20%27none%27%3B%20form-action%20%27none%27%3B&action=post_message_to_frame_owner.html&report_id={{uuid()}}">
+</body>
\ No newline at end of file
diff --git a/testing/web-platform/tests/content-security-policy/navigate-to/form-allowed.html b/testing/web-platform/tests/content-security-policy/navigate-to/form-allowed.html
new file mode 100644
index 0000000000..aa38d898ab
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/navigate-to/form-allowed.html
@@ -0,0 +1,16 @@
+<!DOCTYPE html>
+
+<head>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+</head>
+
+<body>
+<script>
+  var t = async_test("Test that the child iframe navigation is allowed");
+  window.onmessage = t.step_func_done(function(e) {
+    assert_equals(e.data.result, 'success');
+  });
+</script>
+<iframe src="support/form_action_navigation.sub.html?csp=navigate-to%20%27self%27&action=post_message_to_frame_owner.html"></iframe>
+</body>
\ No newline at end of file
diff --git a/testing/web-platform/tests/content-security-policy/navigate-to/form-blocked.sub.html b/testing/web-platform/tests/content-security-policy/navigate-to/form-blocked.sub.html
new file mode 100644
index 0000000000..72db7b8d1d
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/navigate-to/form-blocked.sub.html
@@ -0,0 +1,19 @@
+<!DOCTYPE html>
+
+<head>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+</head>
+
+<body>
+<script>
+  var t = async_test("Test that the child iframe navigation is not allowed");
+  window.onmessage = t.step_func_done(function(e) {
+    assert_equals(e.data.result, 'fail');
+    assert_equals(e.data.violatedDirective, 'navigate-to');
+  });
+</script>
+<iframe src="support/form_action_navigation.sub.html?csp=navigate-to%20%27none%27&report_id={{$id:uuid()}}&action=post_message_to_frame_owner.html"></iframe>
+
+<script async defer src='../support/checkReport.sub.js?reportField=violated-directive&reportValue=navigate-to%20%27none%27&reportID={{$id}}'></script>
+</body>
\ No newline at end of file
diff --git a/testing/web-platform/tests/content-security-policy/navigate-to/form-cross-origin-allowed.sub.html b/testing/web-platform/tests/content-security-policy/navigate-to/form-cross-origin-allowed.sub.html
new file mode 100644
index 0000000000..4d0ddc30f1
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/navigate-to/form-cross-origin-allowed.sub.html
@@ -0,0 +1,16 @@
+<!DOCTYPE html>
+
+<head>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+</head>
+
+<body>
+<script>
+  var t = async_test("Test that the child iframe navigation is allowed");
+  window.onmessage = t.step_func_done(function(e) {
+    assert_equals(e.data.result, 'success');
+  });
+</script>
+<iframe src="support/form_action_navigation.sub.html?csp=navigate-to%20http%3A%2F%2F{{domains[www1]}}:{{ports[http][0]}}&action=http%3A%2F%2F{{domains[www1]}}:{{ports[http][0]}}%2Fcontent-security-policy%2Fnavigate-to%2Fsupport%2Fpost_message_to_frame_owner.html"></iframe>
+</body>
\ No newline at end of file
diff --git a/testing/web-platform/tests/content-security-policy/navigate-to/form-cross-origin-blocked.sub.html b/testing/web-platform/tests/content-security-policy/navigate-to/form-cross-origin-blocked.sub.html
new file mode 100644
index 0000000000..be5f70c8b1
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/navigate-to/form-cross-origin-blocked.sub.html
@@ -0,0 +1,19 @@
+<!DOCTYPE html>
+
+<head>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+</head>
+
+<body>
+<script>
+  var t = async_test("Test that the child iframe navigation is not allowed");
+  window.onmessage = t.step_func_done(function(e) {
+    assert_equals(e.data.result, 'fail');
+    assert_equals(e.data.violatedDirective, 'navigate-to');
+  });
+</script>
+<iframe src="support/form_action_navigation.sub.html?csp=navigate-to%20%27self%27&report_id={{$id:uuid()}}&action=http%3A%2F%2F{{domains[www1]}}:{{ports[http][0]}}%2Fcontent-security-policy%2Fnavigate-to%2Fsupport%2Fpost_message_to_frame_owner.html"></iframe>
+
+<script async defer src='../support/checkReport.sub.js?reportField=violated-directive&reportValue=navigate-to%20%27self%27&reportID={{$id}}'></script>
+</body>
\ No newline at end of file
diff --git a/testing/web-platform/tests/content-security-policy/navigate-to/form-redirected-allowed.html b/testing/web-platform/tests/content-security-policy/navigate-to/form-redirected-allowed.html
new file mode 100644
index 0000000000..129b719c22
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/navigate-to/form-redirected-allowed.html
@@ -0,0 +1,16 @@
+<!DOCTYPE html>
+
+<head>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+</head>
+
+<body>
+<script>
+  var t = async_test("Test that the child iframe navigation is allowed");
+  window.onmessage = t.step_func_done(function(e) {
+    assert_equals(e.data.result, 'success');
+  });
+</script>
+<iframe src="support/form_action_navigation.sub.html?csp=navigate-to%20%27self%27&action=redirect_to_post_message_to_frame_owner.py%3Flocation%3Dpost_message_to_frame_owner.html"></iframe>
+</body>
\ No newline at end of file
diff --git a/testing/web-platform/tests/content-security-policy/navigate-to/form-redirected-blocked.sub.html b/testing/web-platform/tests/content-security-policy/navigate-to/form-redirected-blocked.sub.html
new file mode 100644
index 0000000000..d60b8a7aa8
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/navigate-to/form-redirected-blocked.sub.html
@@ -0,0 +1,20 @@
+<!DOCTYPE html>
+
+<head>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+</head>
+
+<body>
+<script>
+  var t = async_test("Test that the child iframe navigation is not allowed");
+  window.onmessage = t.step_func_done(function(e) {
+    assert_equals(e.data.result, 'fail');
+    assert_equals(e.data.violatedDirective, 'navigate-to');
+  });
+</script>
+
+<iframe src="support/form_action_navigation.sub.html?csp=navigate-to%20%27self%27&report_id={{$id:uuid()}}&action=redirect_to_post_message_to_frame_owner.py%3Flocation%3Dhttp%3A%2F%2F{{domains[www1]}}%3A{{ports[http][0]}}%2Fcontent-security-policy%2Fnavigate-to%2Fsupport%2Fpost_message_to_frame_owner.html"></iframe>
+
+<script async defer src='../support/checkReport.sub.js?reportField=violated-directive&reportValue=navigate-to%20%27self%27&reportID={{$id}}'></script>
+</body>
\ No newline at end of file
diff --git a/testing/web-platform/tests/content-security-policy/navigate-to/href-location-allowed.html b/testing/web-platform/tests/content-security-policy/navigate-to/href-location-allowed.html
new file mode 100644
index 0000000000..16e11e0c65
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/navigate-to/href-location-allowed.html
@@ -0,0 +1,17 @@
+<!DOCTYPE html>
+
+<head>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+</head>
+
+<body>
+<script>
+  var t = async_test("Test that the child iframe navigation is allowed");
+  window.onmessage = t.step_func_done(function(e) {
+    assert_equals(e.data.result, 'success');
+  });
+
+  window.open("support/href_location_navigation.sub.html?csp=navigate-to%20%27self%27&target=post_message_to_frame_owner.html", "_blank");
+</script>
+</body>
\ No newline at end of file
diff --git a/testing/web-platform/tests/content-security-policy/navigate-to/href-location-blocked.sub.html b/testing/web-platform/tests/content-security-policy/navigate-to/href-location-blocked.sub.html
new file mode 100644
index 0000000000..721f055c71
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/navigate-to/href-location-blocked.sub.html
@@ -0,0 +1,20 @@
+<!DOCTYPE html>
+
+<head>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+</head>
+
+<body>
+<script>
+  var t = async_test("Test that the child iframe navigation is not allowed");
+  window.onmessage = t.step_func_done(function(e) {
+    assert_equals(e.data.result, 'fail');
+    assert_equals(e.data.violatedDirective, 'navigate-to');
+  });
+
+  window.open("support/href_location_navigation.sub.html?csp=navigate-to%20%27none%27&report_id={{$id:uuid()}}&target=post_message_to_frame_owner.html", "_blank");
+</script>
+
+<script async defer src='../support/checkReport.sub.js?reportField=violated-directive&reportValue=navigate-to%20%27none%27&reportID={{$id}}'></script>
+</body>
\ No newline at end of file
diff --git a/testing/web-platform/tests/content-security-policy/navigate-to/href-location-cross-origin-allowed.sub.html b/testing/web-platform/tests/content-security-policy/navigate-to/href-location-cross-origin-allowed.sub.html
new file mode 100644
index 0000000000..a9396fc406
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/navigate-to/href-location-cross-origin-allowed.sub.html
@@ -0,0 +1,17 @@
+<!DOCTYPE html>
+
+<head>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+</head>
+
+<body>
+<script>
+  var t = async_test("Test that the child iframe navigation is allowed");
+  window.onmessage = t.step_func_done(function(e) {
+    assert_equals(e.data.result, 'success');
+  });
+
+  window.open("support/href_location_navigation.sub.html?csp=navigate-to%20http%3A%2F%2F{{domains[www1]}}:{{ports[http][0]}}&target=http%3A%2F%2F{{domains[www1]}}:{{ports[http][0]}}%2Fcontent-security-policy%2Fnavigate-to%2Fsupport%2Fpost_message_to_frame_owner.html", "_blank");
+</script>
+</body>
\ No newline at end of file
diff --git a/testing/web-platform/tests/content-security-policy/navigate-to/href-location-cross-origin-blocked.sub.html b/testing/web-platform/tests/content-security-policy/navigate-to/href-location-cross-origin-blocked.sub.html
new file mode 100644
index 0000000000..cd0cd9106d
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/navigate-to/href-location-cross-origin-blocked.sub.html
@@ -0,0 +1,20 @@
+<!DOCTYPE html>
+
+<head>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+</head>
+
+<body>
+<script>
+  var t = async_test("Test that the child iframe navigation is not allowed");
+  window.onmessage = t.step_func_done(function(e) {
+    assert_equals(e.data.result, 'fail');
+    assert_equals(e.data.violatedDirective, 'navigate-to');
+  });
+
+  window.open("support/href_location_navigation.sub.html?csp=navigate-to%20%27self%27&report_id={{$id:uuid()}}&target=http%3A%2F%2F{{domains[www1]}}:{{ports[http][0]}}%2Fcontent-security-policy%2Fnavigate-to%2Fsupport%2Fpost_message_to_frame_owner.html", "_blank");
+</script>
+
+<script async defer src='../support/checkReport.sub.js?reportField=violated-directive&reportValue=navigate-to%20%27self%27&reportID={{$id}}'></script>
+</body>
\ No newline at end of file
diff --git a/testing/web-platform/tests/content-security-policy/navigate-to/href-location-redirected-allowed.html b/testing/web-platform/tests/content-security-policy/navigate-to/href-location-redirected-allowed.html
new file mode 100644
index 0000000000..4dbfa7aef9
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/navigate-to/href-location-redirected-allowed.html
@@ -0,0 +1,17 @@
+<!DOCTYPE html>
+
+<head>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+</head>
+
+<body>
+<script>
+  var t = async_test("Test that the child iframe navigation is allowed");
+  window.onmessage = t.step_func_done(function(e) {
+    assert_equals(e.data.result, 'success');
+  });
+
+  window.open("support/href_location_navigation.sub.html?csp=navigate-to%20%27self%27&target=redirect_to_post_message_to_frame_owner.py", "_blank");
+</script>
+</body>
\ No newline at end of file
diff --git a/testing/web-platform/tests/content-security-policy/navigate-to/href-location-redirected-blocked.sub.html b/testing/web-platform/tests/content-security-policy/navigate-to/href-location-redirected-blocked.sub.html
new file mode 100644
index 0000000000..5d8fafb313
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/navigate-to/href-location-redirected-blocked.sub.html
@@ -0,0 +1,20 @@
+<!DOCTYPE html>
+
+<head>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+</head>
+
+<body>
+<script>
+  var t = async_test("Test that the child iframe navigation is not allowed");
+  window.onmessage = t.step_func_done(function(e) {
+    assert_equals(e.data.result, 'fail');
+    assert_equals(e.data.violatedDirective, 'navigate-to');
+  });
+
+  window.open("support/href_location_navigation.sub.html?csp=navigate-to%20%27self%27&report_id={{$id:uuid()}}&target=redirect_to_post_message_to_frame_owner.py%3Flocation%3Dhttp%3A%2F%2F{{domains[www1]}}%3A{{ports[http][0]}}%2Fcontent-security-policy%2Fnavigate-to%2Fsupport%2Fpost_message_to_frame_owner.html", "_blank");
+</script>
+
+<script async defer src='../support/checkReport.sub.js?reportField=violated-directive&reportValue=navigate-to%20%27self%27&reportID={{$id}}'></script>
+</body>
\ No newline at end of file
diff --git a/testing/web-platform/tests/content-security-policy/navigate-to/link-click-allowed.html b/testing/web-platform/tests/content-security-policy/navigate-to/link-click-allowed.html
new file mode 100644
index 0000000000..977b85dfb2
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/navigate-to/link-click-allowed.html
@@ -0,0 +1,16 @@
+<!DOCTYPE html>
+
+<head>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+</head>
+
+<body>
+<script>
+  var t = async_test("Test that the child iframe navigation is allowed");
+  window.onmessage = t.step_func_done(function(e) {
+    assert_equals(e.data.result, 'success');
+  });
+</script>
+<iframe src="support/link_click_navigation.sub.html?csp=navigate-to%20%27self%27&target=post_message_to_frame_owner.html">
+</body>
\ No newline at end of file
diff --git a/testing/web-platform/tests/content-security-policy/navigate-to/link-click-blocked.sub.html b/testing/web-platform/tests/content-security-policy/navigate-to/link-click-blocked.sub.html
new file mode 100644
index 0000000000..29686fcaef
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/navigate-to/link-click-blocked.sub.html
@@ -0,0 +1,19 @@
+<!DOCTYPE html>
+
+<head>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+</head>
+
+<body>
+<script>
+  var t = async_test("Test that the child iframe navigation is not allowed");
+  window.onmessage = t.step_func_done(function(e) {
+    assert_equals(e.data.result, 'fail');
+    assert_equals(e.data.violatedDirective, 'navigate-to');
+  });
+</script>
+<iframe src="support/link_click_navigation.sub.html?csp=navigate-to%20%27none%27&report_id={{$id:uuid()}}&target=post_message_to_frame_owner.html"></iframe>
+
+<script async defer src='../support/checkReport.sub.js?reportField=violated-directive&reportValue=navigate-to%20%27self%27&reportID={{$id}}'></script>
+</body>
\ No newline at end of file
diff --git a/testing/web-platform/tests/content-security-policy/navigate-to/link-click-cross-origin-allowed.sub.html b/testing/web-platform/tests/content-security-policy/navigate-to/link-click-cross-origin-allowed.sub.html
new file mode 100644
index 0000000000..4381bcb08d
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/navigate-to/link-click-cross-origin-allowed.sub.html
@@ -0,0 +1,16 @@
+<!DOCTYPE html>
+
+<head>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+</head>
+
+<body>
+<script>
+  var t = async_test("Test that the child iframe navigation is allowed");
+  window.onmessage = t.step_func_done(function(e) {
+    assert_equals(e.data.result, 'success');
+  });
+</script>
+<iframe src="support/link_click_navigation.sub.html?csp=navigate-to%20http%3A%2F%2F{{domains[www1]}}:{{ports[http][0]}}&target=http%3A%2F%2F{{domains[www1]}}:{{ports[http][0]}}%2Fcontent-security-policy%2Fnavigate-to%2Fsupport%2Fpost_message_to_frame_owner.html">
+</body>
\ No newline at end of file
diff --git a/testing/web-platform/tests/content-security-policy/navigate-to/link-click-cross-origin-blocked.sub.html b/testing/web-platform/tests/content-security-policy/navigate-to/link-click-cross-origin-blocked.sub.html
new file mode 100644
index 0000000000..f2b106c577
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/navigate-to/link-click-cross-origin-blocked.sub.html
@@ -0,0 +1,20 @@
+<!DOCTYPE html>
+
+<head>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+</head>
+
+<body>
+<script>
+  var t = async_test("Test that the child iframe navigation is not allowed");
+  window.onmessage = t.step_func_done(function(e) {
+    assert_equals(e.data.result, 'fail');
+    assert_equals(e.data.violatedDirective, 'navigate-to');
+  });
+</script>
+
+<iframe src="support/link_click_navigation.sub.html?csp=navigate-to%20%27self%27&report_id={{$id:uuid()}}&target=http%3A%2F%2F{{domains[www1]}}:{{ports[http][0]}}%2Fcontent-security-policy%2Fnavigate-to%2Fsupport%2Fpost_message_to_frame_owner.html"></iframe>
+
+<script async defer src='../support/checkReport.sub.js?reportField=violated-directive&reportValue=navigate-to%20%27self%27&reportID={{$id}}'></script>
+</body>
\ No newline at end of file
diff --git a/testing/web-platform/tests/content-security-policy/navigate-to/link-click-redirected-allowed.html b/testing/web-platform/tests/content-security-policy/navigate-to/link-click-redirected-allowed.html
new file mode 100644
index 0000000000..87dea95b1d
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/navigate-to/link-click-redirected-allowed.html
@@ -0,0 +1,16 @@
+<!DOCTYPE html>
+
+<head>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+</head>
+
+<body>
+<script>
+  var t = async_test("Test that the child iframe navigation is allowed");
+  window.onmessage = t.step_func_done(function(e) {
+    assert_equals(e.data.result, 'success');
+  });
+</script>
+<iframe src="support/link_click_navigation.sub.html?csp=navigate-to%20%27self%27&target=redirect_to_post_message_to_frame_owner.py">
+</body>
\ No newline at end of file
diff --git a/testing/web-platform/tests/content-security-policy/navigate-to/link-click-redirected-blocked.sub.html b/testing/web-platform/tests/content-security-policy/navigate-to/link-click-redirected-blocked.sub.html
new file mode 100644
index 0000000000..9b9205a526
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/navigate-to/link-click-redirected-blocked.sub.html
@@ -0,0 +1,19 @@
+<!DOCTYPE html>
+
+<head>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+</head>
+
+<body>
+<script>
+  var t = async_test("Test that the child iframe navigation is not allowed");
+  window.onmessage = t.step_func_done(function(e) {
+    assert_equals(e.data.result, 'fail');
+    assert_equals(e.data.violatedDirective, 'navigate-to');
+  });
+</script>
+<iframe src="support/link_click_navigation.sub.html?csp=navigate-to%20%27self%27&report_id={{$id:uuid()}}&target=redirect_to_post_message_to_frame_owner.py%3Flocation%3Dhttp%3A%2F%2F{{domains[www1]}}%3A{{ports[http][0]}}%2Fcontent-security-policy%2Fnavigate-to%2Fsupport%2Fpost_message_to_frame_owner.html"></iframe>
+
+<script async defer src='../support/checkReport.sub.js?reportField=violated-directive&reportValue=navigate-to%20%27self%27&reportID={{$id}}'></script>
+</body>
\ No newline at end of file
diff --git a/testing/web-platform/tests/content-security-policy/navigate-to/meta-refresh-allowed.html b/testing/web-platform/tests/content-security-policy/navigate-to/meta-refresh-allowed.html
new file mode 100644
index 0000000000..eeaefc496e
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/navigate-to/meta-refresh-allowed.html
@@ -0,0 +1,16 @@
+<!DOCTYPE html>
+
+<head>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+</head>
+
+<body>
+<script>
+  var t = async_test("Test that the child iframe navigation is allowed");
+  window.onmessage = t.step_func_done(function(e) {
+    assert_equals(e.data.result, 'success');
+  });
+</script>
+<iframe src="support/meta_refresh_navigation.sub.html?csp=navigate-to%20%27self%27&target=post_message_to_frame_owner.html">
+</body>
\ No newline at end of file
diff --git a/testing/web-platform/tests/content-security-policy/navigate-to/meta-refresh-blocked.sub.html b/testing/web-platform/tests/content-security-policy/navigate-to/meta-refresh-blocked.sub.html
new file mode 100644
index 0000000000..1292c9ba5f
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/navigate-to/meta-refresh-blocked.sub.html
@@ -0,0 +1,20 @@
+<!DOCTYPE html>
+
+<head>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+</head>
+
+<body>
+<script>
+  var t = async_test("Test that the child iframe navigation is not allowed");
+  window.onmessage = t.step_func_done(function(e) {
+    assert_equals(e.data.result, 'fail');
+    assert_equals(e.data.violatedDirective, 'navigate-to');
+  });
+</script>
+
+<iframe src="support/meta_refresh_navigation.sub.html?csp=navigate-to%20%27none%27&report_id={{$id:uuid()}}&target=post_message_to_frame_owner.html"></iframe>
+
+<script async defer src='../support/checkReport.sub.js?reportField=violated-directive&reportValue=navigate-to%20%27none%27&reportID={{$id}}'></script>
+</body>
\ No newline at end of file
diff --git a/testing/web-platform/tests/content-security-policy/navigate-to/meta-refresh-cross-origin-allowed.sub.html b/testing/web-platform/tests/content-security-policy/navigate-to/meta-refresh-cross-origin-allowed.sub.html
new file mode 100644
index 0000000000..39e887eaad
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/navigate-to/meta-refresh-cross-origin-allowed.sub.html
@@ -0,0 +1,16 @@
+<!DOCTYPE html>
+
+<head>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+</head>
+
+<body>
+<script>
+  var t = async_test("Test that the child iframe navigation is allowed");
+  window.onmessage = t.step_func_done(function(e) {
+    assert_equals(e.data.result, 'success');
+  });
+</script>
+<iframe src="support/meta_refresh_navigation.sub.html?csp=navigate-to%20http%3A%2F%2F{{domains[www1]}}:{{ports[http][0]}}&target=http%3A%2F%2F{{domains[www1]}}:{{ports[http][0]}}%2Fcontent-security-policy%2Fnavigate-to%2Fsupport%2Fpost_message_to_frame_owner.html">
+</body>
\ No newline at end of file
diff --git a/testing/web-platform/tests/content-security-policy/navigate-to/meta-refresh-cross-origin-blocked.sub.html b/testing/web-platform/tests/content-security-policy/navigate-to/meta-refresh-cross-origin-blocked.sub.html
new file mode 100644
index 0000000000..d7ccd33620
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/navigate-to/meta-refresh-cross-origin-blocked.sub.html
@@ -0,0 +1,20 @@
+<!DOCTYPE html>
+
+<head>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+</head>
+
+<body>
+<script>
+  var t = async_test("Test that the child iframe navigation is not allowed");
+  window.onmessage = t.step_func_done(function(e) {
+    assert_equals(e.data.result, 'fail');
+    assert_equals(e.data.violatedDirective, 'navigate-to');
+  });
+</script>
+
+<iframe src="support/meta_refresh_navigation.sub.html?csp=navigate-to%20%27self%27&report_id={{$id:uuid()}}&target=http%3A%2F%2F{{domains[www1]}}:{{ports[http][0]}}%2Fcontent-security-policy%2Fnavigate-to%2Fsupport%2Fpost_message_to_frame_owner.html"></iframe>
+
+<script async defer src='../support/checkReport.sub.js?reportField=violated-directive&reportValue=navigate-to%20%27self%27&reportID={{$id}}'></script>
+</body>
\ No newline at end of file
diff --git a/testing/web-platform/tests/content-security-policy/navigate-to/meta-refresh-redirected-allowed.html b/testing/web-platform/tests/content-security-policy/navigate-to/meta-refresh-redirected-allowed.html
new file mode 100644
index 0000000000..de756bce8b
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/navigate-to/meta-refresh-redirected-allowed.html
@@ -0,0 +1,16 @@
+<!DOCTYPE html>
+
+<head>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+</head>
+
+<body>
+<script>
+  var t = async_test("Test that the child iframe navigation is allowed");
+  window.onmessage = t.step_func_done(function(e) {
+    assert_equals(e.data.result, 'success');
+  });
+</script>
+<iframe src="support/meta_refresh_navigation.sub.html?csp=navigate-to%20%27self%27&target=redirect_to_post_message_to_frame_owner.py">
+</body>
\ No newline at end of file
diff --git a/testing/web-platform/tests/content-security-policy/navigate-to/meta-refresh-redirected-blocked.sub.html b/testing/web-platform/tests/content-security-policy/navigate-to/meta-refresh-redirected-blocked.sub.html
new file mode 100644
index 0000000000..0734473ee6
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/navigate-to/meta-refresh-redirected-blocked.sub.html
@@ -0,0 +1,20 @@
+<!DOCTYPE html>
+
+<head>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+</head>
+
+<body>
+<script>
+  var t = async_test("Test that the child iframe navigation is not allowed");
+  window.onmessage = t.step_func_done(function(e) {
+    assert_equals(e.data.result, 'fail');
+    assert_equals(e.data.violatedDirective, 'navigate-to');
+  });
+</script>
+
+<iframe src="support/meta_refresh_navigation.sub.html?csp=navigate-to%20%27self%27&report_id={{$id:uuid()}}&target=redirect_to_post_message_to_frame_owner.py%3Flocation%3Dhttp%3A%2F%2F{{domains[www1]}}%3A{{ports[http][0]}}%2Fcontent-security-policy%2Fnavigate-to%2Fsupport%2Fpost_message_to_frame_owner.html"></iframe>
+
+<script async defer src='../support/checkReport.sub.js?reportField=violated-directive&reportValue=navigate-to%20%27self%27&reportID={{$id}}'></script>
+</body>
\ No newline at end of file
diff --git a/testing/web-platform/tests/content-security-policy/navigate-to/parent-navigates-child-allowed.html b/testing/web-platform/tests/content-security-policy/navigate-to/parent-navigates-child-allowed.html
new file mode 100644
index 0000000000..47a661157c
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/navigate-to/parent-navigates-child-allowed.html
@@ -0,0 +1,26 @@
+<!DOCTYPE html>
+
+<head>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+</head>
+
+<body>
+<script>
+  var t = async_test("Test that the parent can navigate the child because the relevant policy belongs to the navigation initiator (in this case the parent, which has the policy `navigate-to 'self'`)");
+  window.onmessage = t.step_func_done(function(e) {
+    assert_equals(e.data.result, 'success');
+  });
+  window.addEventListener('securitypolicyviolation', t.unreached_func("Should not have triggered a policy violation"));
+
+  var i = document.createElement('iframe');
+  var src_changed = false;
+  i.onload = function() {
+    if (src_changed) return;
+    src_changed = true;
+    i.src = "support/post_message_to_frame_owner.html";
+  }
+  i.src = "support/wait_for_navigation.html?csp=navigate-to%20%none%27";
+  document.body.appendChild(i);
+</script>
+</body>
diff --git a/testing/web-platform/tests/content-security-policy/navigate-to/parent-navigates-child-allowed.html.headers b/testing/web-platform/tests/content-security-policy/navigate-to/parent-navigates-child-allowed.html.headers
new file mode 100644
index 0000000000..9cb770bcc1
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/navigate-to/parent-navigates-child-allowed.html.headers
@@ -0,0 +1,4 @@
+Expires: Mon, 26 Jul 1997 05:00:00 GMT
+Cache-Control: no-store, no-cache, must-revalidate
+Pragma: no-cache
+Content-Security-Policy: navigate-to 'self'
diff --git a/testing/web-platform/tests/content-security-policy/navigate-to/parent-navigates-child-blocked.html b/testing/web-platform/tests/content-security-policy/navigate-to/parent-navigates-child-blocked.html
new file mode 100644
index 0000000000..c662da95fa
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/navigate-to/parent-navigates-child-blocked.html
@@ -0,0 +1,28 @@
+<!DOCTYPE html>
+
+<head>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+</head>
+
+<body>
+<script>
+  var t = async_test("Test that the parent can't navigate the child because the relevant policy belongs to the navigation initiator (in this case the parent, which has the policy `navigate-to support/wait_for_navigation.html;`)");
+  window.onmessage = t.unreached_func("Should not have received a message as the navigation should not have been successful");
+  window.addEventListener('securitypolicyviolation', t.step_func_done(function(e) {
+    assert_equals(e.violatedDirective, 'navigate-to');
+  }));
+
+  var i = document.createElement('iframe');
+  var src_changed = false;
+  i.onload = function() {
+    if (src_changed) return;
+    src_changed = true;
+    i.src = "support/post_message_to_frame_owner.html";
+  }
+  i.src = "support/wait_for_navigation.html?csp=navigate-to%20%27self%27";
+  document.body.appendChild(i);
+</script>
+
+<script async defer src='../support/checkReport.sub.js?reportField=violated-directive&reportValue=navigate-to%20support%2Fwait_for_navigation.html'></script>
+</body>
diff --git a/testing/web-platform/tests/content-security-policy/navigate-to/parent-navigates-child-blocked.html.sub.headers b/testing/web-platform/tests/content-security-policy/navigate-to/parent-navigates-child-blocked.html.sub.headers
new file mode 100644
index 0000000000..36238fa78a
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/navigate-to/parent-navigates-child-blocked.html.sub.headers
@@ -0,0 +1,5 @@
+Expires: Mon, 26 Jul 1997 05:00:00 GMT
+Cache-Control: no-store, no-cache, must-revalidate
+Pragma: no-cache
+Set-Cookie: parent-navigates-child-blocked={{$id:uuid()}}; Path=/content-security-policy/navigate-to/
+Content-Security-Policy: navigate-to support/wait_for_navigation.html; report-uri /reporting/resources/report.py?op=put&reportID={{$id}}
diff --git a/testing/web-platform/tests/content-security-policy/navigate-to/spv-only-sent-to-initiator.sub.html b/testing/web-platform/tests/content-security-policy/navigate-to/spv-only-sent-to-initiator.sub.html
new file mode 100644
index 0000000000..a09057e715
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/navigate-to/spv-only-sent-to-initiator.sub.html
@@ -0,0 +1,48 @@
+<!DOCTYPE html>
+
+<head>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+</head>
+<body>
+<!-- This tests that a navigation initiator that has been replaced by the time
+     the navigation it initiates is blocked, will not receive the SPV event.
+
+     An iframe will navigate another iframe and the navigate itself.
+     The second iframe's navigation response will be delayed by the server but will
+     eventually be blocked by the CSP of the first iframe.
+     By the time this happens the first iframe should be an entirely different
+     document and it should not receive a SPV event -->
+<script>
+  var t = async_test("Test that no spv event is raised");
+  window.onmessage = t.step_func(function(e) {
+    if (e.data == "end_test") t.done();
+    else assert_unreached("Should not have raised a spv event");
+  });
+
+  var frames_loaded_count = 0;
+  var frame_loaded = function() {
+    if (++frames_loaded_count == 2) {
+      // both child frame have loaded we can start the
+      // test now, send a message to iframe1 so it knows to start
+      document.getElementById('iframe1').contentWindow.postMessage('start_test', '*');
+    }
+  }
+  var i1 = document.createElement('iframe');
+  i1.src = "support/spv-test-iframe1.sub.html?report_id={{$id:uuid()}}";
+  i1.id = "iframe1";
+  i1.name = "iframe1";
+  i1.onload = frame_loaded;
+  document.body.appendChild(i1);
+
+  var i2 = document.createElement('iframe');
+  i2.src = "support/spv-test-iframe2.sub.html";
+  i2.id = "iframe2";
+  i2.name = "iframe2";
+  i2.onload = frame_loaded;
+  document.body.appendChild(i2);
+</script>
+
+<script async defer src='../support/checkReport.sub.js?reportExists=false&reportID={{$id}}'></script>
+
+</body>
diff --git a/testing/web-platform/tests/content-security-policy/navigate-to/support/delayed_frame.py b/testing/web-platform/tests/content-security-policy/navigate-to/support/delayed_frame.py
new file mode 100644
index 0000000000..06bcb9b680
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/navigate-to/support/delayed_frame.py
@@ -0,0 +1,12 @@
+import time
+def main(request, response):
+    time.sleep(1)
+    headers = [(b"Content-Type", b"text/html")]
+    return headers, u'''
+<!DOCTYPE html>
+<head>
+</head>
+<body>
+    DELAYED FRAME
+</body
+'''
diff --git a/testing/web-platform/tests/content-security-policy/navigate-to/support/form_action_navigation.sub.html b/testing/web-platform/tests/content-security-policy/navigate-to/support/form_action_navigation.sub.html
new file mode 100644
index 0000000000..a4121944ea
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/navigate-to/support/form_action_navigation.sub.html
@@ -0,0 +1,33 @@
+<!DOCTYPE html>
+<head>
+  <script src="/resources/testharness.js"></script>
+  <script src="/resources/testharnessreport.js"></script>
+
+  <script>
+    window.addEventListener('securitypolicyviolation', function(e) {
+      top.postMessage({result: 'fail', violatedDirective: e.violatedDirective}, '*');
+    });
+  </script>
+</head>
+
+<body>
+<form action='{{GET[action]}}' target='_self' id='form'>
+  <input type="text" name="dummy">
+  <div id="form-div"></div>
+</form>
+
+<script>
+ try {
+  url = new URL("{{GET[action]}}", location.href);
+  for (var p of url.searchParams) {
+    var elem = document.createElement('input');
+    elem.type = 'text';
+    elem.name = p[0];
+    elem.value = p[1];
+    document.getElementById('form-div').appendChild(elem);
+  }
+ } catch(ex) {}
+
+ document.getElementById('form').submit();
+</script>
+</body>
\ No newline at end of file
diff --git a/testing/web-platform/tests/content-security-policy/navigate-to/support/form_action_navigation.sub.html.sub.headers b/testing/web-platform/tests/content-security-policy/navigate-to/support/form_action_navigation.sub.html.sub.headers
new file mode 100644
index 0000000000..a42cfe2d95
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/navigate-to/support/form_action_navigation.sub.html.sub.headers
@@ -0,0 +1,4 @@
+Expires: Mon, 26 Jul 1997 05:00:00 GMT
+Cache-Control: no-store, no-cache, must-revalidate
+Pragma: no-cache
+Content-Security-Policy: {{GET[csp]}}; report-uri /reporting/resources/report.py?op=put&reportID={{GET[report_id]}}
diff --git a/testing/web-platform/tests/content-security-policy/navigate-to/support/href_location_navigation.sub.html b/testing/web-platform/tests/content-security-policy/navigate-to/support/href_location_navigation.sub.html
new file mode 100644
index 0000000000..15b1365cc2
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/navigate-to/support/href_location_navigation.sub.html
@@ -0,0 +1,17 @@
+<!DOCTYPE html>
+<head>
+  <script src="/resources/testharness.js"></script>
+  <script src="/resources/testharnessreport.js"></script>
+</head>
+
+<body>
+<script>
+  window.addEventListener('securitypolicyviolation', function(e) {
+    opener.postMessage({result: 'fail', violatedDirective: e.violatedDirective}, '*');
+  });
+
+  try {
+    location.href = "{{GET[target]}}";
+  } catch(ex) {}
+</script>
+</body>
\ No newline at end of file
diff --git a/testing/web-platform/tests/content-security-policy/navigate-to/support/href_location_navigation.sub.html.sub.headers b/testing/web-platform/tests/content-security-policy/navigate-to/support/href_location_navigation.sub.html.sub.headers
new file mode 100644
index 0000000000..a42cfe2d95
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/navigate-to/support/href_location_navigation.sub.html.sub.headers
@@ -0,0 +1,4 @@
+Expires: Mon, 26 Jul 1997 05:00:00 GMT
+Cache-Control: no-store, no-cache, must-revalidate
+Pragma: no-cache
+Content-Security-Policy: {{GET[csp]}}; report-uri /reporting/resources/report.py?op=put&reportID={{GET[report_id]}}
diff --git a/testing/web-platform/tests/content-security-policy/navigate-to/support/link_click_navigation.sub.html b/testing/web-platform/tests/content-security-policy/navigate-to/support/link_click_navigation.sub.html
new file mode 100644
index 0000000000..2434271211
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/navigate-to/support/link_click_navigation.sub.html
@@ -0,0 +1,16 @@
+<!DOCTYPE html>
+<head>
+  <script src="/resources/testharness.js"></script>
+  <script src="/resources/testharnessreport.js"></script>
+</head>
+
+<body>
+<a href="{{GET[target]}}" id="link">dummy link</a>
+<script>
+  window.addEventListener('securitypolicyviolation', function(e) {
+    top.postMessage({result: 'fail', violatedDirective: e.violatedDirective}, '*');
+  });
+
+  document.getElementById('link').click();
+</script>
+</body>
\ No newline at end of file
diff --git a/testing/web-platform/tests/content-security-policy/navigate-to/support/link_click_navigation.sub.html.sub.headers b/testing/web-platform/tests/content-security-policy/navigate-to/support/link_click_navigation.sub.html.sub.headers
new file mode 100644
index 0000000000..a42cfe2d95
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/navigate-to/support/link_click_navigation.sub.html.sub.headers
@@ -0,0 +1,4 @@
+Expires: Mon, 26 Jul 1997 05:00:00 GMT
+Cache-Control: no-store, no-cache, must-revalidate
+Pragma: no-cache
+Content-Security-Policy: {{GET[csp]}}; report-uri /reporting/resources/report.py?op=put&reportID={{GET[report_id]}}
diff --git a/testing/web-platform/tests/content-security-policy/navigate-to/support/meta_refresh_navigation.sub.html b/testing/web-platform/tests/content-security-policy/navigate-to/support/meta_refresh_navigation.sub.html
new file mode 100644
index 0000000000..64bae27fed
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/navigate-to/support/meta_refresh_navigation.sub.html
@@ -0,0 +1,16 @@
+<!DOCTYPE html>
+<head>
+  <script src="/resources/testharness.js"></script>
+  <script src="/resources/testharnessreport.js"></script>
+
+  <script>
+    window.addEventListener('securitypolicyviolation', function(e) {
+      top.postMessage({result: 'fail', violatedDirective: e.violatedDirective}, '*');
+    });
+  </script>
+
+  <meta http-equiv="refresh" content="0; url={{GET[target]}}">
+</head>
+
+<body>
+</body>
\ No newline at end of file
diff --git a/testing/web-platform/tests/content-security-policy/navigate-to/support/meta_refresh_navigation.sub.html.sub.headers b/testing/web-platform/tests/content-security-policy/navigate-to/support/meta_refresh_navigation.sub.html.sub.headers
new file mode 100644
index 0000000000..a42cfe2d95
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/navigate-to/support/meta_refresh_navigation.sub.html.sub.headers
@@ -0,0 +1,4 @@
+Expires: Mon, 26 Jul 1997 05:00:00 GMT
+Cache-Control: no-store, no-cache, must-revalidate
+Pragma: no-cache
+Content-Security-Policy: {{GET[csp]}}; report-uri /reporting/resources/report.py?op=put&reportID={{GET[report_id]}}
diff --git a/testing/web-platform/tests/content-security-policy/navigate-to/support/navigate_parent.sub.html b/testing/web-platform/tests/content-security-policy/navigate-to/support/navigate_parent.sub.html
new file mode 100644
index 0000000000..a84c9c64ca
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/navigate-to/support/navigate_parent.sub.html
@@ -0,0 +1,18 @@
+<!DOCTYPE html>
+<head>
+  <script src="/resources/testharness.js"></script>
+  <script src="/resources/testharnessreport.js"></script>
+
+  <script>
+    window.addEventListener('securitypolicyviolation', function(e) {
+      top.postMessage({result: 'fail', violatedDirective: e.violatedDirective}, '*');
+    });
+  </script>
+</head>
+
+<body>
+<a href="post_message_to_frame_owner.html" id="link" target="_parent">dummy link</a>
+<script>
+  document.getElementById('link').click();
+</script>
+</body>
\ No newline at end of file
diff --git a/testing/web-platform/tests/content-security-policy/navigate-to/support/navigate_parent.sub.html.sub.headers b/testing/web-platform/tests/content-security-policy/navigate-to/support/navigate_parent.sub.html.sub.headers
new file mode 100644
index 0000000000..a42cfe2d95
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/navigate-to/support/navigate_parent.sub.html.sub.headers
@@ -0,0 +1,4 @@
+Expires: Mon, 26 Jul 1997 05:00:00 GMT
+Cache-Control: no-store, no-cache, must-revalidate
+Pragma: no-cache
+Content-Security-Policy: {{GET[csp]}}; report-uri /reporting/resources/report.py?op=put&reportID={{GET[report_id]}}
diff --git a/testing/web-platform/tests/content-security-policy/navigate-to/support/post_message_to_frame_owner.html b/testing/web-platform/tests/content-security-policy/navigate-to/support/post_message_to_frame_owner.html
new file mode 100644
index 0000000000..c25e49d146
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/navigate-to/support/post_message_to_frame_owner.html
@@ -0,0 +1,6 @@
+<script>
+  if (window.opener)
+    window.opener.postMessage({result: 'success'}, '*');
+  else
+    top.postMessage({result: 'success'}, '*');
+</script>
\ No newline at end of file
diff --git a/testing/web-platform/tests/content-security-policy/navigate-to/support/redirect_to_post_message_to_frame_owner.py b/testing/web-platform/tests/content-security-policy/navigate-to/support/redirect_to_post_message_to_frame_owner.py
new file mode 100644
index 0000000000..0f6f6eca7b
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/navigate-to/support/redirect_to_post_message_to_frame_owner.py
@@ -0,0 +1,6 @@
+def main(request, response):
+    response.status = 302
+    if b"location" in request.GET:
+        response.headers.set(b"Location", request.GET[b"location"])
+    else:
+        response.headers.set(b"Location", b"post_message_to_frame_owner.html")
diff --git a/testing/web-platform/tests/content-security-policy/navigate-to/support/spv-test-iframe1.sub.html b/testing/web-platform/tests/content-security-policy/navigate-to/support/spv-test-iframe1.sub.html
new file mode 100644
index 0000000000..9e26c02be3
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/navigate-to/support/spv-test-iframe1.sub.html
@@ -0,0 +1,19 @@
+<!DOCTYPE html>
+<head>
+  <script>
+    window.onmessage = function(e) {
+      if (e.data == "start_test") {
+        document.getElementById('link').click();
+        location.href = "{{location[server]}}/content-security-policy/navigate-to/support/spv-test-iframe3.sub.html";
+      }
+    }
+    window.addEventListener('securitypolicyviolation', function(e) {
+      top.postMessage({iframe: 'iframe1', violatedDirective: e.violatedDirective}, '*');
+    });
+  </script>
+</head>
+
+<body>
+  <a href="{{location[server]}}/content-security-policy/navigate-to/support/delayed_frame.py" id="link" target="iframe2">dummy link</a>
+  IFRAME 1
+</body>
diff --git a/testing/web-platform/tests/content-security-policy/navigate-to/support/spv-test-iframe1.sub.html.sub.headers b/testing/web-platform/tests/content-security-policy/navigate-to/support/spv-test-iframe1.sub.html.sub.headers
new file mode 100644
index 0000000000..9d83b92d96
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/navigate-to/support/spv-test-iframe1.sub.html.sub.headers
@@ -0,0 +1,4 @@
+Expires: Mon, 26 Jul 1997 05:00:00 GMT
+Cache-Control: no-store, no-cache, must-revalidate
+Pragma: no-cache
+Content-Security-Policy: navigate-to {{location[server]}}/content-security-policy/navigate-to/support/spv-test-iframe3.sub.html 'unsafe-allow-redirects'; report-uri /reporting/resources/report.py?op=put&reportID={{GET[report_id]}}
diff --git a/testing/web-platform/tests/content-security-policy/navigate-to/support/spv-test-iframe2.sub.html b/testing/web-platform/tests/content-security-policy/navigate-to/support/spv-test-iframe2.sub.html
new file mode 100644
index 0000000000..1329683c88
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/navigate-to/support/spv-test-iframe2.sub.html
@@ -0,0 +1,14 @@
+<!DOCTYPE html>
+<head>
+</head>
+<body>
+  <script>
+    window.addEventListener('securitypolicyviolation', function(e) {
+      top.postMessage({iframe: 'iframe1', violatedDirective: e.violatedDirective}, '*');
+    });
+    setTimeout(function() {
+      top.postMessage("end_test", "*");
+    }, 4000);
+  </script>
+  IFRAME 2
+</body>
diff --git a/testing/web-platform/tests/content-security-policy/navigate-to/support/spv-test-iframe3.sub.html b/testing/web-platform/tests/content-security-policy/navigate-to/support/spv-test-iframe3.sub.html
new file mode 100644
index 0000000000..09dbf6863d
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/navigate-to/support/spv-test-iframe3.sub.html
@@ -0,0 +1,12 @@
+<!DOCTYPE html>
+<head>
+  <script>
+    window.addEventListener('securitypolicyviolation', function(e) {
+      top.postMessage({iframe: 'iframe3', violatedDirective: e.violatedDirective}, '*');
+    });
+  </script>
+</head>
+
+<body>
+  IFRAME 3
+</body>
diff --git a/testing/web-platform/tests/content-security-policy/navigate-to/support/wait_for_navigation.html b/testing/web-platform/tests/content-security-policy/navigate-to/support/wait_for_navigation.html
new file mode 100644
index 0000000000..2450ff1c0a
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/navigate-to/support/wait_for_navigation.html
@@ -0,0 +1,14 @@
+<!DOCTYPE html>
+<head>
+  <script src="/resources/testharness.js"></script>
+  <script src="/resources/testharnessreport.js"></script>
+
+  <script>
+    window.addEventListener('securitypolicyviolation', function(e) {
+      top.postMessage({result: 'fail', violatedDirective: e.violatedDirective}, '*');
+    });
+  </script>
+</head>
+
+<body>
+</body>
\ No newline at end of file
diff --git a/testing/web-platform/tests/content-security-policy/navigate-to/support/wait_for_navigation.html.sub.headers b/testing/web-platform/tests/content-security-policy/navigate-to/support/wait_for_navigation.html.sub.headers
new file mode 100644
index 0000000000..d3c635b9a0
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/navigate-to/support/wait_for_navigation.html.sub.headers
@@ -0,0 +1,4 @@
+Expires: Mon, 26 Jul 1997 05:00:00 GMT
+Cache-Control: no-store, no-cache, must-revalidate
+Pragma: no-cache
+Content-Security-Policy: {{GET[csp]}}
diff --git a/testing/web-platform/tests/content-security-policy/navigate-to/unsafe-allow-redirects/allowed-end-of-chain-because-of-same-origin.sub.html b/testing/web-platform/tests/content-security-policy/navigate-to/unsafe-allow-redirects/allowed-end-of-chain-because-of-same-origin.sub.html
new file mode 100644
index 0000000000..192477296b
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/navigate-to/unsafe-allow-redirects/allowed-end-of-chain-because-of-same-origin.sub.html
@@ -0,0 +1,29 @@
+<!DOCTYPE html>
+
+<head>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+</head>
+
+<body>
+<script>
+  var t = async_test("Test that the child iframe navigation is allowed");
+  window.onmessage = t.step_func_done(function(e) {
+    assert_equals(e.data.result, 'success');
+  });
+
+  // the iframe will navigate to:
+  //    [www2]/..../redirect.py (which is not in the navigate-to source list) which will in turn navigate to
+  //    [www1]/..../post_message_to_frame_owner.html which is not exactly in
+  // the list but the check should be reduced to an origin check since there has been a redirect.
+  // Because of 'unsafe-allow-redirects' only the second one is checked since the first is a redirect
+
+  var i = document.createElement('iframe');
+  i.src = "../support/link_click_navigation.sub.html" +
+    "?csp=" + encodeURIComponent("navigate-to {{location[scheme]}}://{{domains[www1]}}:{{location[port]}}/some-path/ 'unsafe-allow-redirects'") +
+    "&target=" + encodeURIComponent("{{location[scheme]}}://{{domains[www2]}}:{{location[port]}}/common/redirect.py?location=" +
+                                     encodeURIComponent("{{location[scheme]}}://{{domains[www1]}}:{{location[port]}}/content-security-policy/navigate-to/support/post_message_to_frame_owner.html"));
+  document.body.appendChild(i);
+</script>
+
+</body>
diff --git a/testing/web-platform/tests/content-security-policy/navigate-to/unsafe-allow-redirects/allowed-end-of-chain.sub.html b/testing/web-platform/tests/content-security-policy/navigate-to/unsafe-allow-redirects/allowed-end-of-chain.sub.html
new file mode 100644
index 0000000000..74fe8f2e7a
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/navigate-to/unsafe-allow-redirects/allowed-end-of-chain.sub.html
@@ -0,0 +1,28 @@
+<!DOCTYPE html>
+
+<head>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+</head>
+
+<body>
+<script>
+  var t = async_test("Test that the child iframe navigation is allowed");
+  window.onmessage = t.step_func_done(function(e) {
+    assert_equals(e.data.result, 'success');
+  });
+
+  // the iframe will navigate to:
+  //    [www2]/..../redirect.py (which is not in the navigate-to source list) which will in turn navigate to
+  //    [www1]/..../post_message_to_frame_owner.html which is in the list
+  // because of 'unsafe-allow-redirects' only the second one is checked since the first is a redirect
+
+  var i = document.createElement('iframe');
+  i.src = "../support/link_click_navigation.sub.html" +
+    "?csp=" + encodeURIComponent("navigate-to {{location[scheme]}}://{{domains[www1]}}:{{location[port]}} 'unsafe-allow-redirects'") +
+    "&target=" + encodeURIComponent("{{location[scheme]}}://{{domains[www2]}}:{{location[port]}}/common/redirect.py?location=" +
+                                     encodeURIComponent("{{location[scheme]}}://{{domains[www1]}}:{{location[port]}}/content-security-policy/navigate-to/support/post_message_to_frame_owner.html"));
+  document.body.appendChild(i);
+</script>
+
+</body>
diff --git a/testing/web-platform/tests/content-security-policy/navigate-to/unsafe-allow-redirects/blocked-end-of-chain.sub.html b/testing/web-platform/tests/content-security-policy/navigate-to/unsafe-allow-redirects/blocked-end-of-chain.sub.html
new file mode 100644
index 0000000000..86e54b3d93
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/navigate-to/unsafe-allow-redirects/blocked-end-of-chain.sub.html
@@ -0,0 +1,29 @@
+<!DOCTYPE html>
+
+<head>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+</head>
+
+<body>
+<script>
+  var t = async_test("Test that the child iframe navigation is blocked");
+  window.onmessage = t.step_func_done(function(e) {
+    assert_equals(e.data.result, 'fail');
+    assert_equals(e.data.violatedDirective, 'navigate-to');
+  });
+
+  // the iframe will navigate to:
+  //    [www2]/..../redirect.py (which is not in the navigate-to source list) which will in turn navigate to
+  //    [www2]/..../post_message_to_frame_owner.html which is also not in the list
+  // because of 'unsafe-allow-redirects' only the second one is checked since the first is a redirect
+
+  var i = document.createElement('iframe');
+  i.src = "../support/link_click_navigation.sub.html" +
+    "?csp=" + encodeURIComponent("navigate-to {{location[scheme]}}://{{domains[www1]}}:{{location[port]}} 'unsafe-allow-redirects'") +
+    "&target=" + encodeURIComponent("{{location[scheme]}}://{{domains[www2]}}:{{location[port]}}/common/redirect.py?location=" +
+                                     encodeURIComponent("{{location[scheme]}}://{{domains[www2]}}:{{location[port]}}/content-security-policy/navigate-to/support/post_message_to_frame_owner.html"));
+  document.body.appendChild(i);
+</script>
+
+</body>