Experimental Feature: Allow-CSP-From header

third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/embeddedEnforcement/embedding_csp-header.html

Index: third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/embeddedEnforcement/embedding_csp-header.html
diff --git a/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/embeddedEnforcement/embedding_csp-header.html b/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/embeddedEnforcement/embedding_csp-header.html
index 7ed2e2d6a16931ff83edb33890d50b8c2c07daa9..45c36207266bdba3422bd4f0942d244fde3d7ea2 100644
--- a/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/embeddedEnforcement/embedding_csp-header.html
+++ b/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/embeddedEnforcement/embedding_csp-header.html
@@ -29,14 +29,14 @@
 
       async_test(t => {
         var i = document.createElement('iframe');
-        i.csp = 'value';
+        i.csp = "script-src 'unsafe-inline'";
         i.src = src;
 
         window.addEventListener('message', t.step_func(e => {
           if (e.source != i.contentWindow)
               return;
           assert_equals(src, e.data['src']);
-          assert_equals('value', e.data['embedding_csp']);
+          assert_equals("script-src 'unsafe-inline'", e.data['embedding_csp']);
           t.done();
         }));
 
@@ -45,31 +45,31 @@
 
       async_test(t => {
         var i = document.createElement('iframe');
-        i.csp = 'value';
+        i.csp = "script-src 'unsafe-inline'";
         i.src = src;
         document.body.appendChild(i);
 
-        i.contentWindow.location = new_src;
+        i.contentWindow.location = new_src + "?csp=" + i.csp;
         window.addEventListener('message', t.step_func(e => {
           if (e.source != i.contentWindow || new_src != e.data['src'])
               return;
-          assert_equals('value', e.data['embedding_csp']);
+          assert_equals("script-src 'unsafe-inline'", e.data['embedding_csp']);
           t.done();
         }));
       }, "Set Embedding-CSP Header on change of window's location.");
 
       async_test(t => {
         var i = document.createElement('iframe');
-        i.csp = 'value';
+        i.csp = "script-src 'unsafe-inline'";
         i.src = src;
         document.body.appendChild(i);
 
-        i.csp = 'value 2';
-        i.src = new_src;
+        i.csp = "default-src 'unsafe-inline'";
+        i.src = new_src + "?csp=" + i.csp;
         window.addEventListener('message', t.step_func(e => {
           if (e.source != i.contentWindow || new_src != e.data['src'])
               return;
-          assert_equals('value 2', e.data['embedding_csp']);
+          assert_equals("default-src 'unsafe-inline'", e.data['embedding_csp']);
           t.done();
         }));
       }, "Set Embedding-CSP Header on change of src attribute on iframe.");
@@ -77,8 +77,8 @@
 
       async_test(t => {
         var i = document.createElement('iframe');
-        i.csp = 'value';
-        redirect_url = 'http://localhost:8000/security/contentSecurityPolicy/resources/get-embedding-csp-header.php';
+        i.csp = "script-src 'unsafe-inline'";
+        redirect_url = 'http://127.0.0.1:8000/security/contentSecurityPolicy/resources/get-embedding-csp-header.php';
         i.src = generateRedirect(redirect_url);
         document.body.appendChild(i);
 
@@ -87,26 +87,26 @@
             return;
           }
           assert_equals(src, e.data['src']);
-          assert_equals('value', e.data['embedding_csp']);
+          assert_equals("script-src 'unsafe-inline'", e.data['embedding_csp']);
           t.done();
         }));
       }, "Set Embedding-CSP Header on redirect in <iframe>.");
 
       async_test(t => {
         var i = document.createElement('iframe');
-        i.csp = 'value';
-        redirect_url = 'http://localhost:8000/security/contentSecurityPolicy/resources/get-embedding-csp-header.php';
+        i.csp = "script-src 'unsafe-inline'";
+        redirect_url = 'http://127.0.0.1:8000/security/contentSecurityPolicy/resources/get-embedding-csp-header.php';
         i.src = generateRedirect(redirect_url);
         document.body.appendChild(i);
 
-        redirect_url = 'http://localhost:8000/security/contentSecurityPolicy/resources/get-embedding-csp-header-and-respond.php';
+        redirect_url = 'http://127.0.0.1:8000/security/contentSecurityPolicy/resources/get-embedding-csp-header-and-respond.php';
         new_redirect = generateRedirect(redirect_url);
-        i.csp = 'value 2';
+        i.csp = "default-src 'unsafe-inline'";
         i.src = new_redirect;
         window.addEventListener('message', t.step_func(e => {
           if (e.source != i.contentWindow || new_src != e.data['src'])
               return;
-          assert_equals('value 2', e.data['embedding_csp']);
+          assert_equals("default-src 'unsafe-inline'", e.data['embedding_csp']);
           t.done();
         }));
       }, "Set Embedding-CSP Header on change of csp attribte and redirect.");