third_party/WebKit/LayoutTests/http/tests/security/upgrade-insecure-requests/iframe-upgrade-csp.https.html - Issue 2068443002: Revert of Move 'frame-src' CSP checks into FrameFetchContext.

Side by Side Diff

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Side by Side Diff: third_party/WebKit/LayoutTests/http/tests/security/upgrade-insecure-requests/iframe-upgrade-csp.https.html

Issue 2068443002: Revert of Move 'frame-src' CSP checks into FrameFetchContext. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: run revert on local machine to resolve conflicts Created 4 years, 6 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

« no previous file with comments | « third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/frame-src-child-frame-navigates-to-blocked-origin-expected.txt ('k') | third_party/WebKit/Source/core/loader/DocumentLoader.h » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

OLD	NEW
	(Empty)
1 <!DOCTYPE html>

2 <head>

3 <title>Upgrade Insecure Requests: IFrames.</title>

4 <script src="/resources/testharness.js"></script>

5 <script src="/resources/testharnessreport.js"></script>

6 <meta http-equiv="Content-Security-Policy" content="upgrade-insecure-requests">

7 <meta http-equiv="Content-Security-Policy" content="frame-src https:">

8 </head>

9 <body>

10 <script>

11 async_test(t => {

12 var i = document.createElement('iframe');

13

14 // This is a bit of a hack. UPGRADE doesn't upgrade the port number, so we

15 // specify this non-existent URL ('http' over port 8443). If UPGRADE doesn't

16 // work, it won't load.

17 i.src = "http://127.0.0.1:8443/security/resources/post-origin-to-parent.html ";

18

19 window.addEventListener('message', t.step_func(e => {

20 if (e.source == i.contentWindow) {

21 assert_equals("https://127.0.0.1:8443", e.data.origin);

22 t.done();

23 }

24 }));

25 document.body.appendChild(i);

26 }, "Same-host frames are upgraded, and do not violate CSP.");

27

28 async_test(t => {

29 var i = document.createElement('iframe');

30

31 // This is a bit of a hack. UPGRADE doesn't upgrade the port number, so we

32 // specify this non-existent URL ('http' over port 8443). If UPGRADE doesn't

33 // work, it won't load.

34 i.src = "http://example.test:8443/security/resources/post-origin-to-parent.h tml";

35

36 window.addEventListener('message', t.step_func(e => {

37 if (e.source == i.contentWindow) {

38 assert_equals("https://example.test:8443", e.data.origin);

39 t.done();

40 }

41 }));

42 document.body.appendChild(i);

43 }, "Cross-host frames are upgraded, and do not violate CSP.");

44

45 </script>

46 </body>

OLD	NEW