Index: third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/embeddedEnforcement/allow_csp_header-same-origin.html |
diff --git a/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/embeddedEnforcement/allow_csp_header-same-origin.html b/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/embeddedEnforcement/allow_csp_header-same-origin.html |
new file mode 100644 |
index 0000000000000000000000000000000000000000..539e31d2c72f8beb2fa06d95840d976cf7a81c63 |
--- /dev/null |
+++ b/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/embeddedEnforcement/allow_csp_header-same-origin.html |
@@ -0,0 +1,13 @@ |
+<head> |
+ <script src="/js-test-resources/js-test.js"></script> |
+ <script src="/security/contentSecurityPolicy/resources/child-src-test.js"></script> |
+</head> |
+<body> |
+ <script> |
+ description("Same origin iframes are Allowed and required CSP is appended to the list of response's CSP list."); |
+ csp = "img-src 'none'; script-src 'unsafe-inline';"; |
+ url = "http://127.0.0.1:8000/security/contentSecurityPolicy/resources/respond-with-allow-csp-from-header.php"; |
+ injectFrameWithCSP(url, csp, EXPECT_LOAD, SAME_ORIGIN); |
Mike West
2016/10/14 09:08:20
We'll also need to test that the policy was applie
|
+ </script> |
+</body> |
+</html> |