third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/embeddedEnforcement/embedding_csp-header.html - Issue 2404373003: Experimental Feature: Allow-CSP-From header

Unified Diff: third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/embeddedEnforcement/embedding_csp-header.html

Issue 2404373003: Experimental Feature: Allow-CSP-From header (Closed)

Patch Set: Better format of ContentSecurityPolicyTest.ShouldEnforceEmbeddersPolicy Created 4 years, 2 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

« no previous file with comments | « third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/embeddedEnforcement/allow_csp_from-header.html ('k') | third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/resources/child-csp-test.js » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

Index: third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/embeddedEnforcement/embedding_csp-header.html

diff --git a/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/embeddedEnforcement/embedding_csp-header.html b/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/embeddedEnforcement/embedding_csp-header.html

index 7ed2e2d6a16931ff83edb33890d50b8c2c07daa9..45c36207266bdba3422bd4f0942d244fde3d7ea2 100644

--- a/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/embeddedEnforcement/embedding_csp-header.html

+++ b/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/embeddedEnforcement/embedding_csp-header.html

@@ -29,14 +29,14 @@

async_test(t => {

var i = document.createElement('iframe');

- i.csp = 'value';

+ i.csp = "script-src 'unsafe-inline'";

i.src = src;

window.addEventListener('message', t.step_func(e => {

if (e.source != i.contentWindow)

return;

assert_equals(src, e.data['src']);

- assert_equals('value', e.data['embedding_csp']);

+ assert_equals("script-src 'unsafe-inline'", e.data['embedding_csp']);

t.done();

}));

@@ -45,31 +45,31 @@

async_test(t => {

var i = document.createElement('iframe');

- i.csp = 'value';

+ i.csp = "script-src 'unsafe-inline'";

i.src = src;

document.body.appendChild(i);

- i.contentWindow.location = new_src;

+ i.contentWindow.location = new_src + "?csp=" + i.csp;

window.addEventListener('message', t.step_func(e => {

if (e.source != i.contentWindow || new_src != e.data['src'])

return;

- assert_equals('value', e.data['embedding_csp']);

+ assert_equals("script-src 'unsafe-inline'", e.data['embedding_csp']);

t.done();

}));

}, "Set Embedding-CSP Header on change of window's location.");

async_test(t => {

var i = document.createElement('iframe');

- i.csp = 'value';

+ i.csp = "script-src 'unsafe-inline'";

i.src = src;

document.body.appendChild(i);

- i.csp = 'value 2';

- i.src = new_src;

+ i.csp = "default-src 'unsafe-inline'";

+ i.src = new_src + "?csp=" + i.csp;

window.addEventListener('message', t.step_func(e => {

if (e.source != i.contentWindow || new_src != e.data['src'])

return;

- assert_equals('value 2', e.data['embedding_csp']);

+ assert_equals("default-src 'unsafe-inline'", e.data['embedding_csp']);

t.done();

}));

}, "Set Embedding-CSP Header on change of src attribute on iframe.");

@@ -77,8 +77,8 @@

async_test(t => {

var i = document.createElement('iframe');

- i.csp = 'value';

- redirect_url = 'http://localhost:8000/security/contentSecurityPolicy/resources/get-embedding-csp-header.php';

+ i.csp = "script-src 'unsafe-inline'";

+ redirect_url = 'http://127.0.0.1:8000/security/contentSecurityPolicy/resources/get-embedding-csp-header.php';

i.src = generateRedirect(redirect_url);

document.body.appendChild(i);

@@ -87,26 +87,26 @@

return;

}

assert_equals(src, e.data['src']);

- assert_equals('value', e.data['embedding_csp']);

+ assert_equals("script-src 'unsafe-inline'", e.data['embedding_csp']);

t.done();

}));

}, "Set Embedding-CSP Header on redirect in <iframe>.");

async_test(t => {

var i = document.createElement('iframe');

- i.csp = 'value';

- redirect_url = 'http://localhost:8000/security/contentSecurityPolicy/resources/get-embedding-csp-header.php';

+ i.csp = "script-src 'unsafe-inline'";

+ redirect_url = 'http://127.0.0.1:8000/security/contentSecurityPolicy/resources/get-embedding-csp-header.php';

i.src = generateRedirect(redirect_url);

document.body.appendChild(i);

- redirect_url = 'http://localhost:8000/security/contentSecurityPolicy/resources/get-embedding-csp-header-and-respond.php';

+ redirect_url = 'http://127.0.0.1:8000/security/contentSecurityPolicy/resources/get-embedding-csp-header-and-respond.php';

new_redirect = generateRedirect(redirect_url);

- i.csp = 'value 2';

+ i.csp = "default-src 'unsafe-inline'";

i.src = new_redirect;

window.addEventListener('message', t.step_func(e => {

if (e.source != i.contentWindow || new_src != e.data['src'])

return;

- assert_equals('value 2', e.data['embedding_csp']);

+ assert_equals("default-src 'unsafe-inline'", e.data['embedding_csp']);

t.done();

}));

}, "Set Embedding-CSP Header on change of csp attribte and redirect.");