Index: third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/embeddedEnforcement/subsumption_algorithm-general.html |
diff --git a/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/embeddedEnforcement/subsumption_algorithm-general.html b/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/embeddedEnforcement/subsumption_algorithm-general.html |
new file mode 100644 |
index 0000000000000000000000000000000000000000..d05e23f79d10942920662b4b45705bf74f4d2d47 |
--- /dev/null |
+++ b/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/embeddedEnforcement/subsumption_algorithm-general.html |
@@ -0,0 +1,57 @@ |
+<!DOCTYPE html> |
+<html> |
+<head> |
+ <script src="/resources/testharness.js"></script> |
+ <script src="/resources/testharnessreport.js"></script> |
+ <script src="/security/contentSecurityPolicy/resources/child-csp-test.js"></script> |
+</head> |
+<body> |
+ <script> |
+ async_test(t => { |
+ url = generateUrlWithCSP(CROSS_ORIGIN, ""); |
+ injectIframeWithCSP(url, EXPECT_LOAD, "", t, "0"); |
+ }, "If there is no required csp, the page should load."); |
+ |
+ async_test(t => { |
+ required_csp = "frame-src http://c.com:*"; |
+ url = generateUrlWithCSP(CROSS_ORIGIN, ""); |
+ injectIframeWithCSP(url, EXPECT_BLOCK, required_csp, t, "1"); |
+ }, "Iframe with empty CSP should be blocked."); |
+ |
+ async_test(t => { |
+ required_csp = "frame-src http://c.com:443 http://b.com:80"; |
+ returned_csp = "frame-src http://b.com:80 http://c.com:443"; |
+ url = generateUrlWithCSP(CROSS_ORIGIN, returned_csp); |
+ injectIframeWithCSP(url, EXPECT_LOAD, required_csp, t, "2"); |
+ }, "Iframe with matching CSP should load."); |
+ |
+ async_test(t => { |
+ required_csp = "frame-src http://c.com:443 http://b.com:80 http://c.com:* http://a.com"; |
+ returned_csp = "frame-src http://b.com:80 http://c.com:443"; |
+ url = generateUrlWithCSP(CROSS_ORIGIN, returned_csp); |
+ injectIframeWithCSP(url, EXPECT_LOAD, required_csp, t, "3"); |
+ }, "Iframe with more restricting CSP should load."); |
+ |
+ async_test(t => { |
+ required_csp = "frame-src http://b.com:80"; |
+ returned_csp = "frame-src http://b.com:80 http://c.com:443"; |
+ url = generateUrlWithCSP(CROSS_ORIGIN, returned_csp); |
+ injectIframeWithCSP(url, EXPECT_BLOCK, required_csp, t, "4"); |
+ }, "Iframe with less restricting CSP should be blocked."); |
+ |
+ async_test(t => { |
+ required_csp = "frame-src http://a.com:80"; |
+ returned_csp = "frame-src http://b.com:80 http://c.com:443"; |
+ url = generateUrlWithCSP(CROSS_ORIGIN, returned_csp); |
+ injectIframeWithCSP(url, EXPECT_BLOCK, required_csp, t, "5"); |
+ }, "Iframe with a different CSP should be blocked."); |
+ |
+ async_test(t => { |
+ required_csp = "frame-src http://c.com:443 http://b.com"; |
+ returned_csp = "frame-src http://b.com:80 http://c.com:443"; |
+ url = generateUrlWithCSP(CROSS_ORIGIN, returned_csp); |
+ injectIframeWithCSP(url, EXPECT_LOAD, required_csp, t, "6"); |
+ }, "Iframe with a matching and more restrictive ports should load."); |
+ </script> |
+</body> |
+</html> |