Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(122)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/embeddedEnforcement/subsumption_algorithm-general.html

Issue 2526473005: Part 4.1: Is policy list subsumed under subsuming policy? (Closed)
Patch Set: Rebasing on master Created 4 years ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « no previous file | third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/embeddedEnforcement/subsumption_algorithm-protocols-paths.html » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
(Empty)
1 <!DOCTYPE html>
2 <html>
3 <head>
4 <script src="/resources/testharness.js"></script>
5 <script src="/resources/testharnessreport.js"></script>
6 <script src="/security/contentSecurityPolicy/resources/child-csp-test.js"></ script>
7 </head>
8 <body>
9 <script>
10 async_test(t => {
11 url = generateUrlWithCSP(CROSS_ORIGIN, "");
12 injectIframeWithCSP(url, EXPECT_LOAD, "", t, "0");
13 }, "If there is no required csp, the page should load.");
14
15 async_test(t => {
16 required_csp = "frame-src http://c.com:*";
17 url = generateUrlWithCSP(CROSS_ORIGIN, "");
18 injectIframeWithCSP(url, EXPECT_BLOCK, required_csp, t, "1");
19 }, "Iframe with empty CSP should be blocked.");
20
21 async_test(t => {
22 required_csp = "frame-src http://c.com:443 http://b.com:80";
23 returned_csp = "frame-src http://b.com:80 http://c.com:443";
24 url = generateUrlWithCSP(CROSS_ORIGIN, returned_csp);
25 injectIframeWithCSP(url, EXPECT_LOAD, required_csp, t, "2");
26 }, "Iframe with matching CSP should load.");
27
28 async_test(t => {
29 required_csp = "frame-src http://c.com:443 http://b.com:80 http://c.co m:* http://a.com";
30 returned_csp = "frame-src http://b.com:80 http://c.com:443";
31 url = generateUrlWithCSP(CROSS_ORIGIN, returned_csp);
32 injectIframeWithCSP(url, EXPECT_LOAD, required_csp, t, "3");
33 }, "Iframe with more restricting CSP should load.");
34
35 async_test(t => {
36 required_csp = "frame-src http://b.com:80";
37 returned_csp = "frame-src http://b.com:80 http://c.com:443";
38 url = generateUrlWithCSP(CROSS_ORIGIN, returned_csp);
39 injectIframeWithCSP(url, EXPECT_BLOCK, required_csp, t, "4");
40 }, "Iframe with less restricting CSP should be blocked.");
41
42 async_test(t => {
43 required_csp = "frame-src http://a.com:80";
44 returned_csp = "frame-src http://b.com:80 http://c.com:443";
45 url = generateUrlWithCSP(CROSS_ORIGIN, returned_csp);
46 injectIframeWithCSP(url, EXPECT_BLOCK, required_csp, t, "5");
47 }, "Iframe with a different CSP should be blocked.");
48
49 async_test(t => {
50 required_csp = "frame-src http://c.com:443 http://b.com";
51 returned_csp = "frame-src http://b.com:80 http://c.com:443";
52 url = generateUrlWithCSP(CROSS_ORIGIN, returned_csp);
53 injectIframeWithCSP(url, EXPECT_LOAD, required_csp, t, "6");
54 }, "Iframe with a matching and more restrictive ports should load.");
55 </script>
56 </body>
57 </html>
OLDNEW
« no previous file with comments | « no previous file | third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/embeddedEnforcement/subsumption_algorithm-protocols-paths.html » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698