OLD | NEW |
(Empty) | |
| 1 <!DOCTYPE html> |
| 2 <html> |
| 3 <head> |
| 4 <script src="/resources/testharness.js"></script> |
| 5 <script src="/resources/testharnessreport.js"></script> |
| 6 <script src="/security/contentSecurityPolicy/resources/child-csp-test.js"></
script> |
| 7 </head> |
| 8 <body> |
| 9 <script> |
| 10 async_test(t => { |
| 11 url = generateUrlWithCSP(CROSS_ORIGIN, ""); |
| 12 injectIframeWithCSP(url, EXPECT_LOAD, "", t, "0"); |
| 13 }, "If there is no required csp, the page should load."); |
| 14 |
| 15 async_test(t => { |
| 16 required_csp = "frame-src http://c.com:*"; |
| 17 url = generateUrlWithCSP(CROSS_ORIGIN, ""); |
| 18 injectIframeWithCSP(url, EXPECT_BLOCK, required_csp, t, "1"); |
| 19 }, "Iframe with empty CSP should be blocked."); |
| 20 |
| 21 async_test(t => { |
| 22 required_csp = "frame-src http://c.com:443 http://b.com:80"; |
| 23 returned_csp = "frame-src http://b.com:80 http://c.com:443"; |
| 24 url = generateUrlWithCSP(CROSS_ORIGIN, returned_csp); |
| 25 injectIframeWithCSP(url, EXPECT_LOAD, required_csp, t, "2"); |
| 26 }, "Iframe with matching CSP should load."); |
| 27 |
| 28 async_test(t => { |
| 29 required_csp = "frame-src http://c.com:443 http://b.com:80 http://c.co
m:* http://a.com"; |
| 30 returned_csp = "frame-src http://b.com:80 http://c.com:443"; |
| 31 url = generateUrlWithCSP(CROSS_ORIGIN, returned_csp); |
| 32 injectIframeWithCSP(url, EXPECT_LOAD, required_csp, t, "3"); |
| 33 }, "Iframe with more restricting CSP should load."); |
| 34 |
| 35 async_test(t => { |
| 36 required_csp = "frame-src http://b.com:80"; |
| 37 returned_csp = "frame-src http://b.com:80 http://c.com:443"; |
| 38 url = generateUrlWithCSP(CROSS_ORIGIN, returned_csp); |
| 39 injectIframeWithCSP(url, EXPECT_BLOCK, required_csp, t, "4"); |
| 40 }, "Iframe with less restricting CSP should be blocked."); |
| 41 |
| 42 async_test(t => { |
| 43 required_csp = "frame-src http://a.com:80"; |
| 44 returned_csp = "frame-src http://b.com:80 http://c.com:443"; |
| 45 url = generateUrlWithCSP(CROSS_ORIGIN, returned_csp); |
| 46 injectIframeWithCSP(url, EXPECT_BLOCK, required_csp, t, "5"); |
| 47 }, "Iframe with a different CSP should be blocked."); |
| 48 |
| 49 async_test(t => { |
| 50 required_csp = "frame-src http://c.com:443 http://b.com"; |
| 51 returned_csp = "frame-src http://b.com:80 http://c.com:443"; |
| 52 url = generateUrlWithCSP(CROSS_ORIGIN, returned_csp); |
| 53 injectIframeWithCSP(url, EXPECT_LOAD, required_csp, t, "6"); |
| 54 }, "Iframe with a matching and more restrictive ports should load."); |
| 55 </script> |
| 56 </body> |
| 57 </html> |
OLD | NEW |