Index: content/test/data/frame-src-self-and-b.html |
diff --git a/content/test/data/frame-src-self-and-b.html b/content/test/data/frame-src-self-and-b.html |
new file mode 100644 |
index 0000000000000000000000000000000000000000..8d335c2e4a1903de47aeb191a8c5f0f644fa0fbf |
--- /dev/null |
+++ b/content/test/data/frame-src-self-and-b.html |
@@ -0,0 +1,21 @@ |
+<!DOCTYPE html> |
+<html> |
+<head> |
+<title>This page should only allow subframes from the same origin or b.com</title> |
+</head> |
+<body> |
+This page should only allow subframes from the same origin or from b.com, |
+because its CSP headers specify frame-src 'self' and 'b.com'. |
+<iframe src="/cross-site/b.com/title2.html"></iframe> |
+<iframe srcdoc=" |
+ <html> |
+ <head> |
+ <title>subtitle1</title> |
+ </head> |
+ <body> |
+ <iframe src='/cross-site/b.com/title2.html'></iframe> |
+ </body> |
+ </html>"></iframe> |
+</body> |
+</html> |
+ |