OLD | NEW |
1 <!DOCTYPE html> | 1 <!DOCTYPE html> |
2 <html> | 2 <html> |
3 <head> | 3 <head> |
4 <script src="/resources/testharness.js"></script> | 4 <script src="/resources/testharness.js"></script> |
5 <script src="/resources/testharnessreport.js"></script> | 5 <script src="/resources/testharnessreport.js"></script> |
6 </head> | 6 </head> |
7 <body> | 7 <body> |
8 <script> | 8 <script> |
9 src = '../resources/get-embedding-csp-header.php'; | 9 src = '../resources/get-embedding-csp-header.php'; |
10 new_src = '../resources/get-embedding-csp-header-and-respond.php'; | 10 new_src = '../resources/get-embedding-csp-header-and-respond.php'; |
(...skipping 11 matching lines...) Expand all Loading... |
22 assert_equals(src, e.data['src']); | 22 assert_equals(src, e.data['src']); |
23 assert_equals(null, e.data['embedding_csp']); | 23 assert_equals(null, e.data['embedding_csp']); |
24 t.done(); | 24 t.done(); |
25 })); | 25 })); |
26 | 26 |
27 document.body.appendChild(i); | 27 document.body.appendChild(i); |
28 }, "Embedding_CSP is not sent if csp attribute is not set on <iframe>."); | 28 }, "Embedding_CSP is not sent if csp attribute is not set on <iframe>."); |
29 | 29 |
30 async_test(t => { | 30 async_test(t => { |
31 var i = document.createElement('iframe'); | 31 var i = document.createElement('iframe'); |
32 i.csp = 'value'; | 32 i.csp = "script-src 'unsafe-inline'"; |
33 i.src = src; | 33 i.src = src; |
34 | 34 |
35 window.addEventListener('message', t.step_func(e => { | 35 window.addEventListener('message', t.step_func(e => { |
36 if (e.source != i.contentWindow) | 36 if (e.source != i.contentWindow) |
37 return; | 37 return; |
38 assert_equals(src, e.data['src']); | 38 assert_equals(src, e.data['src']); |
39 assert_equals('value', e.data['embedding_csp']); | 39 assert_equals("script-src 'unsafe-inline'", e.data['embedding_csp']); |
40 t.done(); | 40 t.done(); |
41 })); | 41 })); |
42 | 42 |
43 document.body.appendChild(i); | 43 document.body.appendChild(i); |
44 }, "<iframe csp> sends an Embedding-CSP request header."); | 44 }, "<iframe csp> sends an Embedding-CSP request header."); |
45 | 45 |
46 async_test(t => { | 46 async_test(t => { |
47 var i = document.createElement('iframe'); | 47 var i = document.createElement('iframe'); |
48 i.csp = 'value'; | 48 i.csp = "script-src 'unsafe-inline'"; |
49 i.src = src; | 49 i.src = src; |
50 document.body.appendChild(i); | 50 document.body.appendChild(i); |
51 | 51 |
52 i.contentWindow.location = new_src; | 52 i.contentWindow.location = new_src + "?csp=" + i.csp; |
53 window.addEventListener('message', t.step_func(e => { | 53 window.addEventListener('message', t.step_func(e => { |
54 if (e.source != i.contentWindow || new_src != e.data['src']) | 54 if (e.source != i.contentWindow || new_src != e.data['src']) |
55 return; | 55 return; |
56 assert_equals('value', e.data['embedding_csp']); | 56 assert_equals("script-src 'unsafe-inline'", e.data['embedding_csp']); |
57 t.done(); | 57 t.done(); |
58 })); | 58 })); |
59 }, "Set Embedding-CSP Header on change of window's location."); | 59 }, "Set Embedding-CSP Header on change of window's location."); |
60 | 60 |
61 async_test(t => { | 61 async_test(t => { |
62 var i = document.createElement('iframe'); | 62 var i = document.createElement('iframe'); |
63 i.csp = 'value'; | 63 i.csp = "script-src 'unsafe-inline'"; |
64 i.src = src; | 64 i.src = src; |
65 document.body.appendChild(i); | 65 document.body.appendChild(i); |
66 | 66 |
67 i.csp = 'value 2'; | 67 i.csp = "default-src 'unsafe-inline'"; |
68 i.src = new_src; | 68 i.src = new_src + "?csp=" + i.csp; |
69 window.addEventListener('message', t.step_func(e => { | 69 window.addEventListener('message', t.step_func(e => { |
70 if (e.source != i.contentWindow || new_src != e.data['src']) | 70 if (e.source != i.contentWindow || new_src != e.data['src']) |
71 return; | 71 return; |
72 assert_equals('value 2', e.data['embedding_csp']); | 72 assert_equals("default-src 'unsafe-inline'", e.data['embedding_csp']); |
73 t.done(); | 73 t.done(); |
74 })); | 74 })); |
75 }, "Set Embedding-CSP Header on change of src attribute on iframe."); | 75 }, "Set Embedding-CSP Header on change of src attribute on iframe."); |
76 | 76 |
77 | 77 |
78 async_test(t => { | 78 async_test(t => { |
79 var i = document.createElement('iframe'); | 79 var i = document.createElement('iframe'); |
80 i.csp = 'value'; | 80 i.csp = "script-src 'unsafe-inline'"; |
81 redirect_url = 'http://localhost:8000/security/contentSecurityPolicy/res
ources/get-embedding-csp-header.php'; | 81 redirect_url = 'http://127.0.0.1:8000/security/contentSecurityPolicy/res
ources/get-embedding-csp-header.php'; |
82 i.src = generateRedirect(redirect_url); | 82 i.src = generateRedirect(redirect_url); |
83 document.body.appendChild(i); | 83 document.body.appendChild(i); |
84 | 84 |
85 window.addEventListener('message', t.step_func(e => { | 85 window.addEventListener('message', t.step_func(e => { |
86 if (e.source != i.contentWindow) { | 86 if (e.source != i.contentWindow) { |
87 return; | 87 return; |
88 } | 88 } |
89 assert_equals(src, e.data['src']); | 89 assert_equals(src, e.data['src']); |
90 assert_equals('value', e.data['embedding_csp']); | 90 assert_equals("script-src 'unsafe-inline'", e.data['embedding_csp']); |
91 t.done(); | 91 t.done(); |
92 })); | 92 })); |
93 }, "Set Embedding-CSP Header on redirect in <iframe>."); | 93 }, "Set Embedding-CSP Header on redirect in <iframe>."); |
94 | 94 |
95 async_test(t => { | 95 async_test(t => { |
96 var i = document.createElement('iframe'); | 96 var i = document.createElement('iframe'); |
97 i.csp = 'value'; | 97 i.csp = "script-src 'unsafe-inline'"; |
98 redirect_url = 'http://localhost:8000/security/contentSecurityPolicy/res
ources/get-embedding-csp-header.php'; | 98 redirect_url = 'http://127.0.0.1:8000/security/contentSecurityPolicy/res
ources/get-embedding-csp-header.php'; |
99 i.src = generateRedirect(redirect_url); | 99 i.src = generateRedirect(redirect_url); |
100 document.body.appendChild(i); | 100 document.body.appendChild(i); |
101 | 101 |
102 redirect_url = 'http://localhost:8000/security/contentSecurityPolicy/res
ources/get-embedding-csp-header-and-respond.php'; | 102 redirect_url = 'http://127.0.0.1:8000/security/contentSecurityPolicy/res
ources/get-embedding-csp-header-and-respond.php'; |
103 new_redirect = generateRedirect(redirect_url); | 103 new_redirect = generateRedirect(redirect_url); |
104 i.csp = 'value 2'; | 104 i.csp = "default-src 'unsafe-inline'"; |
105 i.src = new_redirect; | 105 i.src = new_redirect; |
106 window.addEventListener('message', t.step_func(e => { | 106 window.addEventListener('message', t.step_func(e => { |
107 if (e.source != i.contentWindow || new_src != e.data['src']) | 107 if (e.source != i.contentWindow || new_src != e.data['src']) |
108 return; | 108 return; |
109 assert_equals('value 2', e.data['embedding_csp']); | 109 assert_equals("default-src 'unsafe-inline'", e.data['embedding_csp']); |
110 t.done(); | 110 t.done(); |
111 })); | 111 })); |
112 }, "Set Embedding-CSP Header on change of csp attribte and redirect."); | 112 }, "Set Embedding-CSP Header on change of csp attribte and redirect."); |
113 </script> | 113 </script> |
114 </body> | 114 </body> |
115 </html> | 115 </html> |
OLD | NEW |