Index: third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/resources/respond-with-allow-csp-from-multiple-headers.php |
diff --git a/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/resources/respond-with-allow-csp-from-multiple-headers.php b/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/resources/respond-with-allow-csp-from-multiple-headers.php |
new file mode 100644 |
index 0000000000000000000000000000000000000000..c5ab3501bfd87273a7c0dd5864192258c41450c4 |
--- /dev/null |
+++ b/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/resources/respond-with-allow-csp-from-multiple-headers.php |
@@ -0,0 +1,21 @@ |
+<?php |
+ $allow_csp_from = isset($_GET['allow_csp_from']) ? $_GET['allow_csp_from'] : null; |
+ if ($allow_csp_from) |
+ header('Allow-CSP-From: ' . $allow_csp_from, false); |
+ $allow_csp_from_2 = isset($_GET['allow_csp_from_2']) ? $_GET['allow_csp_from_2'] : null; |
+ if ($allow_csp_from_2) |
+ header('Allow-CSP-From: ' . $allow_csp_from_2, false); |
+?> |
+<!DOCTYPE html> |
+<html> |
+<head> |
+ <title>This page enforces embedder's policies</title> |
+</head> |
+<body> |
+ Hello World. |
+ <iframe src="/cross-site/b.com/title2.html"></iframe> |
+ <img src="green250x50.png" /> |
+ <script> alert("Hello from iframe");</script> |
+ <script> window.top.postMessage('loaded', '*'); </script> |
+</body> |
+</html> |