third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/embeddedEnforcement/embedding_csp-header.html - Issue 2404373003: Experimental Feature: Allow-CSP-From header

Side by Side Diff: third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/embeddedEnforcement/embedding_csp-header.html

Issue 2404373003: Experimental Feature: Allow-CSP-From header (Closed)

Patch Set: Better format of ContentSecurityPolicyTest.ShouldEnforceEmbeddersPolicy Created 4 years, 2 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

« no previous file with comments | « third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/embeddedEnforcement/allow_csp_from-header.html ('k') | third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/resources/child-csp-test.js » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

OLD	NEW
1 <!DOCTYPE html>	1 <!DOCTYPE html>

2 <html>	2 <html>

3 <head>	3 <head>

4 <script src="/resources/testharness.js"></script>	4 <script src="/resources/testharness.js"></script>

5 <script src="/resources/testharnessreport.js"></script>	5 <script src="/resources/testharnessreport.js"></script>

6 </head>	6 </head>

7 <body>	7 <body>

8 <script>	8 <script>

9 src = '../resources/get-embedding-csp-header.php';	9 src = '../resources/get-embedding-csp-header.php';

10 new_src = '../resources/get-embedding-csp-header-and-respond.php';	10 new_src = '../resources/get-embedding-csp-header-and-respond.php';

(...skipping 11 matching lines...) Expand all Loading...
22 assert_equals(src, e.data['src']);	22 assert_equals(src, e.data['src']);

23 assert_equals(null, e.data['embedding_csp']);	23 assert_equals(null, e.data['embedding_csp']);

24 t.done();	24 t.done();

25 }));	25 }));

26	26

27 document.body.appendChild(i);	27 document.body.appendChild(i);

28 }, "Embedding_CSP is not sent if csp attribute is not set on <iframe>.");	28 }, "Embedding_CSP is not sent if csp attribute is not set on <iframe>.");

29	29

30 async_test(t => {	30 async_test(t => {

31 var i = document.createElement('iframe');	31 var i = document.createElement('iframe');

32 i.csp = 'value';	32 i.csp = "script-src 'unsafe-inline'";

33 i.src = src;	33 i.src = src;

34	34

35 window.addEventListener('message', t.step_func(e => {	35 window.addEventListener('message', t.step_func(e => {

36 if (e.source != i.contentWindow)	36 if (e.source != i.contentWindow)

37 return;	37 return;

38 assert_equals(src, e.data['src']);	38 assert_equals(src, e.data['src']);

39 assert_equals('value', e.data['embedding_csp']);	39 assert_equals("script-src 'unsafe-inline'", e.data['embedding_csp']);

40 t.done();	40 t.done();

41 }));	41 }));

42	42

43 document.body.appendChild(i);	43 document.body.appendChild(i);

44 }, "<iframe csp> sends an Embedding-CSP request header.");	44 }, "<iframe csp> sends an Embedding-CSP request header.");

45	45

46 async_test(t => {	46 async_test(t => {

47 var i = document.createElement('iframe');	47 var i = document.createElement('iframe');

48 i.csp = 'value';	48 i.csp = "script-src 'unsafe-inline'";

49 i.src = src;	49 i.src = src;

50 document.body.appendChild(i);	50 document.body.appendChild(i);

51	51

52 i.contentWindow.location = new_src;	52 i.contentWindow.location = new_src + "?csp=" + i.csp;

53 window.addEventListener('message', t.step_func(e => {	53 window.addEventListener('message', t.step_func(e => {

54 if (e.source != i.contentWindow \|\| new_src != e.data['src'])	54 if (e.source != i.contentWindow \|\| new_src != e.data['src'])

55 return;	55 return;

56 assert_equals('value', e.data['embedding_csp']);	56 assert_equals("script-src 'unsafe-inline'", e.data['embedding_csp']);

57 t.done();	57 t.done();

58 }));	58 }));

59 }, "Set Embedding-CSP Header on change of window's location.");	59 }, "Set Embedding-CSP Header on change of window's location.");

60	60

61 async_test(t => {	61 async_test(t => {

62 var i = document.createElement('iframe');	62 var i = document.createElement('iframe');

63 i.csp = 'value';	63 i.csp = "script-src 'unsafe-inline'";

64 i.src = src;	64 i.src = src;

65 document.body.appendChild(i);	65 document.body.appendChild(i);

66	66

67 i.csp = 'value 2';	67 i.csp = "default-src 'unsafe-inline'";

68 i.src = new_src;	68 i.src = new_src + "?csp=" + i.csp;

69 window.addEventListener('message', t.step_func(e => {	69 window.addEventListener('message', t.step_func(e => {

70 if (e.source != i.contentWindow \|\| new_src != e.data['src'])	70 if (e.source != i.contentWindow \|\| new_src != e.data['src'])

71 return;	71 return;

72 assert_equals('value 2', e.data['embedding_csp']);	72 assert_equals("default-src 'unsafe-inline'", e.data['embedding_csp']);

73 t.done();	73 t.done();

74 }));	74 }));

75 }, "Set Embedding-CSP Header on change of src attribute on iframe.");	75 }, "Set Embedding-CSP Header on change of src attribute on iframe.");

76	76

77	77

78 async_test(t => {	78 async_test(t => {

79 var i = document.createElement('iframe');	79 var i = document.createElement('iframe');

80 i.csp = 'value';	80 i.csp = "script-src 'unsafe-inline'";

81 redirect_url = 'http://localhost:8000/security/contentSecurityPolicy/res ources/get-embedding-csp-header.php';	81 redirect_url = 'http://127.0.0.1:8000/security/contentSecurityPolicy/res ources/get-embedding-csp-header.php';

82 i.src = generateRedirect(redirect_url);	82 i.src = generateRedirect(redirect_url);

83 document.body.appendChild(i);	83 document.body.appendChild(i);

84	84

85 window.addEventListener('message', t.step_func(e => {	85 window.addEventListener('message', t.step_func(e => {

86 if (e.source != i.contentWindow) {	86 if (e.source != i.contentWindow) {

87 return;	87 return;

88 }	88 }

89 assert_equals(src, e.data['src']);	89 assert_equals(src, e.data['src']);

90 assert_equals('value', e.data['embedding_csp']);	90 assert_equals("script-src 'unsafe-inline'", e.data['embedding_csp']);

91 t.done();	91 t.done();

92 }));	92 }));

93 }, "Set Embedding-CSP Header on redirect in <iframe>.");	93 }, "Set Embedding-CSP Header on redirect in <iframe>.");

94	94

95 async_test(t => {	95 async_test(t => {

96 var i = document.createElement('iframe');	96 var i = document.createElement('iframe');

97 i.csp = 'value';	97 i.csp = "script-src 'unsafe-inline'";

98 redirect_url = 'http://localhost:8000/security/contentSecurityPolicy/res ources/get-embedding-csp-header.php';	98 redirect_url = 'http://127.0.0.1:8000/security/contentSecurityPolicy/res ources/get-embedding-csp-header.php';

99 i.src = generateRedirect(redirect_url);	99 i.src = generateRedirect(redirect_url);

100 document.body.appendChild(i);	100 document.body.appendChild(i);

101	101

102 redirect_url = 'http://localhost:8000/security/contentSecurityPolicy/res ources/get-embedding-csp-header-and-respond.php';	102 redirect_url = 'http://127.0.0.1:8000/security/contentSecurityPolicy/res ources/get-embedding-csp-header-and-respond.php';

103 new_redirect = generateRedirect(redirect_url);	103 new_redirect = generateRedirect(redirect_url);

104 i.csp = 'value 2';	104 i.csp = "default-src 'unsafe-inline'";

105 i.src = new_redirect;	105 i.src = new_redirect;

106 window.addEventListener('message', t.step_func(e => {	106 window.addEventListener('message', t.step_func(e => {

107 if (e.source != i.contentWindow \|\| new_src != e.data['src'])	107 if (e.source != i.contentWindow \|\| new_src != e.data['src'])

108 return;	108 return;

109 assert_equals('value 2', e.data['embedding_csp']);	109 assert_equals("default-src 'unsafe-inline'", e.data['embedding_csp']);

110 t.done();	110 t.done();

111 }));	111 }));

112 }, "Set Embedding-CSP Header on change of csp attribte and redirect.");	112 }, "Set Embedding-CSP Header on change of csp attribte and redirect.");

113 </script>	113 </script>

114 </body>	114 </body>

115 </html>	115 </html>

OLD	NEW