| OLD | NEW |
| 1 A 'frame-ancestors' CSP directive with a URL matching this origin should allow r
endering. | 1 CONSOLE ERROR: Refused to frame 'http://127.0.0.1:8000/security/contentSecurityP
olicy/resources/alert-fail.html' because it violates the following Content Secur
ity Policy directive: "child-src 'none'". |
| 2 | 2 |
| 3 Frames should be governed by 'child-src'. |
| 4 |
| 3 On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE
". | 5 On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE
". |
| 4 | 6 |
| 5 | 7 |
| 6 IFrame load event fired: the IFrame is cross-origin (or was blocked). | 8 IFrame load event fired: the IFrame is cross-origin (or was blocked). |
| 7 PASS The IFrame should have been blocked (or cross-origin). It was. | 9 PASS The IFrame should have been blocked (or cross-origin). It was. |
| 8 PASS successfullyParsed is true | 10 PASS successfullyParsed is true |
| 9 | 11 |
| 10 TEST COMPLETE | 12 TEST COMPLETE |
| 11 | 13 |
| 12 | |
| 13 -------- | |
| 14 Frame: '<!--framePath //<!--frame0-->-->' | |
| 15 -------- | |
| 16 This is an IFrame sending a Content Security Policy header containing "frame-anc
estors http://127.0.0.1:8000". | |
| OLD | NEW |