third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/resources/child-csp-test.js - Issue 2404373003: Experimental Feature: Allow-CSP-From header - Code Review

Chromium Code Reviews

chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out

(355)

My Issues | Starred Open | Closed | All

Side by Side Diff: third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/resources/child-csp-test.js

Issue 2404373003: Experimental Feature: Allow-CSP-From header (Closed)

Patch Set: Better format of ContentSecurityPolicyTest.ShouldEnforceEmbeddersPolicy Created 4 years, 2 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

« no previous file with comments | « third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/embeddedEnforcement/embedding_csp-header.html ('k') | third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/resources/respond-with-allow-csp-from-header.php » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

OLD	NEW
(Empty)
	1 var CROSS_ORIGIN_URL = "http://localhost:8000/security/contentSecurityPolicy/res ources/respond-with-allow-csp-from-header.php";

	2 var SAME_ORIGIN_URL = "http://127.0.0.1:8000/security/contentSecurityPolicy/reso urces/respond-with-allow-csp-from-header.php";

	3

	4 var EXPECT_BLOCK = true;

	5 var EXPECT_LOAD = false;

	6

	7 var CROSS_ORIGIN = true;

	8 var SAME_ORIGIN = false;

	9

	10 function injectIframeWithCSP(url, shouldBlock, csp, t, urlId) {

	11 var i = document.createElement('iframe');

	12 i.src = url + "&id=" + urlId;

	13 i.csp = csp;

	14

	15 var loaded = {};

	16 window.addEventListener("message", function (e) {

	17 if (e.source != i.contentWindow)

	18 return;

	19 if (e.data["loaded"])

	20 loaded[e.data["id"]] = true;

	21 });

	22

	23 if (shouldBlock) {

	24 window.onmessage = t.unreached_func('No message should be sent from the frame.');

	25 i.onload = t.step_func(function () {

	26 // Delay the check until after the postMessage has a chance to execu te.

	27 setTimeout(t.step_func_done(function () {

	28 assert_equals(loaded[urlId], undefined);

	29 }), 1);

	30 });

	31 } else {

	32 document.addEventListener("securitypolicyviolation",

	33 t.unreached_func("There should not be any violations."));

	34 i.onload = t.step_func(function () {

	35 // Delay the check until after the postMessage has a chance to execu te.

	36 setTimeout(t.step_func_done(function () {

	37 assert_true(loaded[urlId]);

	38 }), 1);

	39 });

	40 }

	41 document.body.appendChild(i);

	42 }

	43 function generateUrlWithAllowCSPFrom(useCrossOrigin, allowCspFrom) {

	44 var url = useCrossOrigin ? CROSS_ORIGIN_URL : SAME_ORIGIN_URL;

	45 return url + "?allow_csp_from=" + allowCspFrom;

	46 }

OLD	NEW

« no previous file with comments | « third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/embeddedEnforcement/embedding_csp-header.html ('k') | third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/resources/respond-with-allow-csp-from-header.php » ('j') | no next file with comments »

Powered by Google App Engine

This is Rietveld 408576698