OLD | NEW |
(Empty) | |
| 1 <?php |
| 2 $allow_csp_from = isset($_GET['allow_csp_from']) ? $_GET['allow_csp_from'] :
null; |
| 3 if ($allow_csp_from) |
| 4 header('Allow-CSP-From: ' . $allow_csp_from, false); |
| 5 $allow_csp_from_2 = isset($_GET['allow_csp_from_2']) ? $_GET['allow_csp_from
_2'] : null; |
| 6 if ($allow_csp_from_2) |
| 7 header('Allow-CSP-From: ' . $allow_csp_from_2, false); |
| 8 ?> |
| 9 <!DOCTYPE html> |
| 10 <html> |
| 11 <head> |
| 12 <title>This page enforces embedder's policies</title> |
| 13 </head> |
| 14 <body> |
| 15 Hello World. |
| 16 <iframe src="/cross-site/b.com/title2.html"></iframe> |
| 17 <img src="green250x50.png" /> |
| 18 <script> alert("Hello from iframe");</script> |
| 19 <script> window.top.postMessage('loaded', '*'); </script> |
| 20 </body> |
| 21 </html> |
OLD | NEW |