Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(16)

Unified Diff: third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/embeddedEnforcement/embedding_csp-header.html

Issue 2372563002: Adding Embedding-CSP HTTP header (Closed)
Patch Set: Separating into two functions Created 4 years, 2 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
Index: third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/embeddedEnforcement/embedding_csp-header.html
diff --git a/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/embeddedEnforcement/embedding_csp-header.html b/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/embeddedEnforcement/embedding_csp-header.html
new file mode 100644
index 0000000000000000000000000000000000000000..de618211956bae3fba0a16a05acceb00cc593255
--- /dev/null
+++ b/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/embeddedEnforcement/embedding_csp-header.html
@@ -0,0 +1,112 @@
+<!DOCTYPE html>
+<html>
+<head>
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+</head>
+<body>
+ <script>
+ src = '../resources/get-embedding-csp-header.php';
+ new_src = '../resources/get-embedding-csp-header-and-respond.php';
+
+ async_test(t => {
+ var i = document.createElement('iframe');
+ i.src = src;
+
+ window.addEventListener('message', t.step_func(e => {
+ if (e.source != i.contentWindow)
+ return;
+ assert_equals(src, e.data['src']);
+ assert_equals('null', e.data['embedding_csp']);
+ t.done();
+ }));
+
+ document.body.appendChild(i);
+ }, "Embedding_CSP is not sent if csp attribute is not set on <iframe>.");
+
+ async_test(t => {
+ var i = document.createElement('iframe');
+ i.csp = 'value';
+ i.src = src;
+
+ window.addEventListener('message', t.step_func(e => {
+ if (e.source != i.contentWindow)
+ return;
+ assert_equals(src, e.data['src']);
+ assert_equals('value', e.data['embedding_csp']);
+ t.done();
+ }));
+
+ document.body.appendChild(i);
+ }, "<iframe csp> sends an Embedding-CSP request header.");
+
+ async_test(t => {
+ var i = document.createElement('iframe');
+ i.csp = 'value';
+ i.src = src;
+ document.body.appendChild(i);
+
+ i.contentWindow.location = new_src;
+ window.addEventListener('message', t.step_func(e => {
+ if (e.source != i.contentWindow || new_src != e.data['src'])
+ return;
+ assert_equals('value', e.data['embedding_csp']);
+ t.done();
+ }));
+ }, "Set Embedding-CSP Header on change of window's location.");
+
+ async_test(t => {
+ var i = document.createElement('iframe');
+ i.csp = 'value';
+ i.src = src;
+ document.body.appendChild(i);
+
+ i.csp = 'value 2';
+ i.src = new_src;
+ window.addEventListener('message', t.step_func(e => {
+ if (e.source != i.contentWindow || new_src != e.data['src'])
+ return;
+ assert_equals('value 2', e.data['embedding_csp']);
+ t.done();
+ }));
+ }, "Set Embedding-CSP Header on change of src attribute on iframe.");
+
+
+ async_test(t => {
+ var i = document.createElement('iframe');
+ i.csp = 'value';
+ redirect_url = 'http://localhost:8000/security/contentSecurityPolicy/resources/get-embedding-csp-header.php';
+ i.src = '../../resources/redir.php?url=' + redirect_url;
Mike West 2016/10/06 08:00:50 Since you do this a few times, it's probably worth
+ document.body.appendChild(i);
+
+ window.addEventListener('message', t.step_func(e => {
+ if (e.source != i.contentWindow) {
+ return;
+ }
+ assert_equals(src, e.data['src']);
+ assert_equals('value', e.data['embedding_csp']);
+ t.done();
+ }));
+ }, "Set Embedding-CSP Header on redirect in <iframe>.");
+
+ async_test(t => {
+ var i = document.createElement('iframe');
+ i.csp = 'value';
+ redirect_url = 'http://localhost:8000/security/contentSecurityPolicy/resources/get-embedding-csp-header.php';
+ i.src = '../../resources/redir.php?url=' + redirect_url;
+ document.body.appendChild(i);
+
+ redirect_url = 'http://localhost:8000/security/contentSecurityPolicy/resources/get-embedding-csp-header-and-respond.php';
+ new_redirect = '../../resources/redir.php?url=' + redirect_url;
+ i.csp = 'value 2';
+ i.src = new_redirect;
+ window.addEventListener('message', t.step_func(e => {
+ if (e.source != i.contentWindow || new_src != e.data['src'])
+ return;
+ assert_equals('value 2', e.data['embedding_csp']);
+ t.done();
+ }));
+ }, "Set Embedding-CSP Header on change of csp attribte and redirect.");
+ </script>
+</body>
+</html>

Powered by Google App Engine
This is Rietveld 408576698