blob: 13d9e79667f2d43a8c12817bb374a72a0116b33a (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
|
<!doctype html>
<title>Tests that portals respect the frame-src</title>
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
<body>
</body>
<script>
async_test(function(t) {
assert_implements("HTMLPortalElement" in self);
var w = window.open("resources/frame-src.sub.html?frame_src_policy=%27none%27");
w.onload = function() {
w.document.addEventListener("securitypolicyviolation",
t.step_func_done(function(e) {
assert_equals("frame-src", e.violatedDirective);
}));
var portal = w.document.createElement("portal");
portal.src = new URL("/portals/resources/simple-portal.html", location.href);
portal.onmessage = t.unreached_func("Portal should not load.");
w.document.body.appendChild(portal);
}
}, "Tests that a portal can't be loaded when it violates frame-src");
async_test(function(t) {
assert_implements("HTMLPortalElement" in self);
var w = window.open(`resources/frame-src.sub.html?frame_src_policy=http://{{hosts[][www]}}:{{ports[http][0]}}`);
w.onload = function() {
w.document.onsecuritypolicyviolation = t.unreached_func("Portal should load.");
var portal = w.document.createElement("portal");
portal.src = new URL("http://{{hosts[][www]}}:{{ports[http][0]}}/portals/resources/simple-portal.html", location.href);
portal.onmessage = t.step_func_done();
w.document.body.appendChild(portal);
}
}, "Tests that a portal can be loaded when the origin matches the frame-src CSP header.");
async_test(function(t) {
assert_implements("HTMLPortalElement" in self);
var w = window.open(`resources/frame-src.sub.html?frame_src_policy=http://{{hosts[][www]}}:{{ports[http][0]}}`);
w.onload = function() {
var portal = w.document.createElement("portal");
portal.src = new URL("http://{{hosts[alt][www]}}:{{ports[http][0]}}/portals/resources/simple-portal.html", location.href);
w.document.onsecuritypolicyviolation = t.step_func(function(e) {
w.document.onsecuritypolicyviolation = null;
assert_equals("frame-src", e.violatedDirective);
portal.src = new URL("http://{{hosts[][www]}}:{{ports[http][0]}}/portals/resources/simple-portal.html", location.href);
portal.onmessage = t.step_func_done();
});
w.document.body.appendChild(portal);
}
}, "Tests that a portal will fail to load on an origin different than the one specified in the frame-src CSP, but that it can be loaded when the origin matches the frame-src CSP.");
</script>
|
