Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(359)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/resources/child-csp-test.js

Issue 2404373003: Experimental Feature: Allow-CSP-From header (Closed)
Patch Set: Better format of ContentSecurityPolicyTest.ShouldEnforceEmbeddersPolicy Created 4 years, 2 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/embeddedEnforcement/embedding_csp-header.html ('k') | third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/resources/respond-with-allow-csp-from-header.php » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/resources/child-csp-test.js
diff --git a/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/resources/child-csp-test.js b/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/resources/child-csp-test.js
new file mode 100644
index 0000000000000000000000000000000000000000..77f8228d9027d4364fa537468ec1592648fbc95c
--- /dev/null
+++ b/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/resources/child-csp-test.js
@@ -0,0 +1,46 @@
+var CROSS_ORIGIN_URL = "http://localhost:8000/security/contentSecurityPolicy/resources/respond-with-allow-csp-from-header.php";
+var SAME_ORIGIN_URL = "http://127.0.0.1:8000/security/contentSecurityPolicy/resources/respond-with-allow-csp-from-header.php";
+
+var EXPECT_BLOCK = true;
+var EXPECT_LOAD = false;
+
+var CROSS_ORIGIN = true;
+var SAME_ORIGIN = false;
+
+function injectIframeWithCSP(url, shouldBlock, csp, t, urlId) {
+ var i = document.createElement('iframe');
+ i.src = url + "&id=" + urlId;
+ i.csp = csp;
+
+ var loaded = {};
+ window.addEventListener("message", function (e) {
+ if (e.source != i.contentWindow)
+ return;
+ if (e.data["loaded"])
+ loaded[e.data["id"]] = true;
+ });
+
+ if (shouldBlock) {
+ window.onmessage = t.unreached_func('No message should be sent from the frame.');
+ i.onload = t.step_func(function () {
+ // Delay the check until after the postMessage has a chance to execute.
+ setTimeout(t.step_func_done(function () {
+ assert_equals(loaded[urlId], undefined);
+ }), 1);
+ });
+ } else {
+ document.addEventListener("securitypolicyviolation",
+ t.unreached_func("There should not be any violations."));
+ i.onload = t.step_func(function () {
+ // Delay the check until after the postMessage has a chance to execute.
+ setTimeout(t.step_func_done(function () {
+ assert_true(loaded[urlId]);
+ }), 1);
+ });
+ }
+ document.body.appendChild(i);
+}
+function generateUrlWithAllowCSPFrom(useCrossOrigin, allowCspFrom) {
+ var url = useCrossOrigin ? CROSS_ORIGIN_URL : SAME_ORIGIN_URL;
+ return url + "?allow_csp_from=" + allowCspFrom;
+}
« no previous file with comments | « third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/embeddedEnforcement/embedding_csp-header.html ('k') | third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/resources/respond-with-allow-csp-from-header.php » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698