Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(376)

Unified Diff: content/test/data/frame-src-self-and-b.html

Issue 1957783002: Replicate Content-Security-Policy into remote frame proxies. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: s/title.html/title1.html/ Created 4 years, 7 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
Index: content/test/data/frame-src-self-and-b.html
diff --git a/content/test/data/frame-src-self-and-b.html b/content/test/data/frame-src-self-and-b.html
new file mode 100644
index 0000000000000000000000000000000000000000..8d335c2e4a1903de47aeb191a8c5f0f644fa0fbf
--- /dev/null
+++ b/content/test/data/frame-src-self-and-b.html
@@ -0,0 +1,21 @@
+<!DOCTYPE html>
+<html>
+<head>
+<title>This page should only allow subframes from the same origin or b.com</title>
+</head>
+<body>
+This page should only allow subframes from the same origin or from b.com,
+because its CSP headers specify frame-src 'self' and 'b.com'.
+<iframe src="/cross-site/b.com/title2.html"></iframe>
+<iframe srcdoc="
+ <html>
+ <head>
+ <title>subtitle1</title>
+ </head>
+ <body>
+ <iframe src='/cross-site/b.com/title2.html'></iframe>
+ </body>
+ </html>"></iframe>
+</body>
+</html>
+

Powered by Google App Engine
This is Rietveld 408576698