Index: third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/cascade/cross-origin-with-own-policy.html |
diff --git a/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/cascade/cross-origin-with-own-policy.html b/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/cascade/cross-origin-with-own-policy.html |
new file mode 100644 |
index 0000000000000000000000000000000000000000..192a80e36f2687a5dc31b53623d04e685f348a6f |
--- /dev/null |
+++ b/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/cascade/cross-origin-with-own-policy.html |
@@ -0,0 +1,38 @@ |
+<!DOCTYPE html> |
+<html> |
+<head> |
+ <script src="/resources/testharness.js"></script> |
+ <script src="/resources/testharnessreport.js"></script> |
+ <script src="/security/contentSecurityPolicy/resources/cascade-helper.js"></script> |
+ <meta http-equiv="content-security-policy" content="img-src http://127.0.0.1:8000 http://example.test:8000"> |
+</head> |
+<body> |
+<script> |
+ async_test(t => { |
+ assert_allowed_image_in_document(t, document, "http://example.test:8000/resources/square.png?img-in-top-level"); |
+ }, "Image loaded in top-level blocked."); |
+ |
+ async_test(t => { |
+ var frame = document.createElement("iframe"); |
+ |
+ window.addEventListener("message", t.step_func(e => { |
+ if (e.source != frame.contentWindow) |
+ return; |
+ |
+ assert_equals(e.data, "blocked"); |
+ t.done(); |
+ })); |
+ |
+ frame.src = "data:text/html," + |
+ "<meta http-equiv='content-security-policy' content='img-src http://127.0.0.1:8000'>" + |
+ "<script>" + |
+ " var i = document.createElement('img');" + |
+ " i.onload = _ => top.postMessage('loaded', '*');" + |
+ " i.onerror = _ => top.postMessage('blocked', '*');" + |
+ " i.src = 'http://example.test:8000/resources/square.png?data-frame'" + |
+ "</scr" + "ipt>"; |
+ document.body.appendChild(frame); |
+ }, "Image loaded via data: frame blocked."); |
+</script> |
+</body> |
+</html> |