Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(795)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/resources/child-csp-test.js

Issue 2404373003: Experimental Feature: Allow-CSP-From header (Closed)
Patch Set: Adding console message, moving to testharness tests, adding CSPTest Created 4 years, 2 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/embeddedEnforcement/allow_csp_from-header.html ('K') | « third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/embeddedEnforcement/embedding_csp-header.html ('k') | third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/resources/respond-with-allow-csp-from-header.php » ('j') | third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicyTest.cpp » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
(Empty)
1 var CROSS_ORIGIN_URL = "http://localhost:8000/security/contentSecurityPolicy/res ources/respond-with-allow-csp-from-header.php";
2 var SAME_ORIGIN_URL = "http://127.0.0.1:8000/security/contentSecurityPolicy/reso urces/respond-with-allow-csp-from-header.php";
3
4 var EXPECT_BLOCK = true;
5 var EXPECT_LOAD = false;
6
7 var CROSS_ORIGIN = true;
8 var SAME_ORIGIN = false;
9
10 function injectIframeWithCSP(url, shouldBlock, csp, t, urlId) {
11 var i = document.createElement('iframe');
12 i.src = url + "&id=" + urlId;
13 i.csp = csp;
14
15 if (shouldBlock) {
16 window.onmessage = t.unreached_func('No message should be sent from the frame.');
17 i.onload = iframeLoaded(shouldBlock, t);
18 } else {
19 document.addEventListener("securitypolicyviolation",
20 t.unreached_func("There should not be any violations."));
21 window.onerror = t.unreached_func("Error should not be triggered.");
Mike West 2016/10/17 14:54:28 Why `window.onerror`?
22 window.addEventListener('message', t.step_func(e => {
23 if (e.source != i.contentWindow || e.data["loaded"] != true)
24 return;
25 assert_equals(urlId, e.data["id"]);
26 t.done();
27 }));
28 }
29 document.body.appendChild(i);
30 }
31
32 function iframeLoaded(expectBlock, t) {
33 return function(ev) {
34 var blocked = true;
35 try {
36 console.log("IFrame load event fired: the IFrame's location is '" + ev.target.contentWindow.location.href + "'.");
Mike West 2016/10/17 14:54:28 This is always going to throw for cross-origin fra
37 blocked = false;
38 } catch (ex) {
39 blocked = true;
40 }
41 assert_equals(expectBlock, blocked);
42 t.done();
43 };
44 }
45
46 function urlWithAlloCspFrom(useCrossOrigin, allowCspFrom) {
Mike West 2016/10/17 14:54:28 Nit: Perhaps `generateUrlWith...` for clarity?
47 var url = useCrossOrigin ? CROSS_ORIGIN_URL : SAME_ORIGIN_URL;
48 return url + "?allow_csp_from=" + allowCspFrom;
49 }
OLDNEW
« third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/embeddedEnforcement/allow_csp_from-header.html ('K') | « third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/embeddedEnforcement/embedding_csp-header.html ('k') | third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/resources/respond-with-allow-csp-from-header.php » ('j') | third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicyTest.cpp » ('J')

Powered by Google App Engine
This is Rietveld 408576698