OLD | NEW |
(Empty) | |
| 1 var CROSS_ORIGIN_URL = "http://localhost:8000/security/contentSecurityPolicy/res
ources/respond-with-allow-csp-from-header.php"; |
| 2 var SAME_ORIGIN_URL = "http://127.0.0.1:8000/security/contentSecurityPolicy/reso
urces/respond-with-allow-csp-from-header.php"; |
| 3 |
| 4 var EXPECT_BLOCK = true; |
| 5 var EXPECT_LOAD = false; |
| 6 |
| 7 var CROSS_ORIGIN = true; |
| 8 var SAME_ORIGIN = false; |
| 9 |
| 10 function injectIframeWithCSP(url, shouldBlock, csp, t, urlId) { |
| 11 var i = document.createElement('iframe'); |
| 12 i.src = url + "&id=" + urlId; |
| 13 i.csp = csp; |
| 14 |
| 15 var loaded = {}; |
| 16 window.addEventListener("message", function (e) { |
| 17 if (e.source != i.contentWindow) |
| 18 return; |
| 19 if (e.data["loaded"]) |
| 20 loaded[e.data["id"]] = true; |
| 21 }); |
| 22 |
| 23 if (shouldBlock) { |
| 24 window.onmessage = t.unreached_func('No message should be sent from the
frame.'); |
| 25 i.onload = t.step_func(function () { |
| 26 // Delay the check until after the postMessage has a chance to execu
te. |
| 27 setTimeout(t.step_func_done(function () { |
| 28 assert_equals(loaded[urlId], undefined); |
| 29 }), 1); |
| 30 }); |
| 31 } else { |
| 32 document.addEventListener("securitypolicyviolation", |
| 33 t.unreached_func("There should not be any violations.")); |
| 34 i.onload = t.step_func(function () { |
| 35 // Delay the check until after the postMessage has a chance to execu
te. |
| 36 setTimeout(t.step_func_done(function () { |
| 37 assert_true(loaded[urlId]); |
| 38 }), 1); |
| 39 }); |
| 40 } |
| 41 document.body.appendChild(i); |
| 42 } |
| 43 function generateUrlWithAllowCSPFrom(useCrossOrigin, allowCspFrom) { |
| 44 var url = useCrossOrigin ? CROSS_ORIGIN_URL : SAME_ORIGIN_URL; |
| 45 return url + "?allow_csp_from=" + allowCspFrom; |
| 46 } |
OLD | NEW |