OLD | NEW |
1 <!DOCTYPE html> | 1 <!DOCTYPE html> |
2 <html> | 2 <html> |
3 <head> | 3 <head> |
4 <script src="/resources/testharness.js"></script> | 4 <script src="/resources/testharness.js"></script> |
5 <script src="/resources/testharnessreport.js"></script> | 5 <script src="/resources/testharnessreport.js"></script> |
6 </head> | 6 </head> |
7 <body> | 7 <body> |
8 <script> | 8 <script> |
9 src = '../resources/get-embedding-csp-header.php'; | 9 src = '../resources/get-embedding-csp-header.php'; |
10 new_src = '../resources/get-embedding-csp-header-and-respond.php'; | 10 new_src = '../resources/get-embedding-csp-header-and-respond.php'; |
(...skipping 31 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
42 | 42 |
43 document.body.appendChild(i); | 43 document.body.appendChild(i); |
44 }, "<iframe csp> sends an Embedding-CSP request header."); | 44 }, "<iframe csp> sends an Embedding-CSP request header."); |
45 | 45 |
46 async_test(t => { | 46 async_test(t => { |
47 var i = document.createElement('iframe'); | 47 var i = document.createElement('iframe'); |
48 i.csp = "script-src 'unsafe-inline'"; | 48 i.csp = "script-src 'unsafe-inline'"; |
49 i.src = src; | 49 i.src = src; |
50 document.body.appendChild(i); | 50 document.body.appendChild(i); |
51 | 51 |
52 i.contentWindow.location = new_src + "?csp=" + i.csp; | 52 i.onload = function() { |
53 window.addEventListener('message', t.step_func(e => { | 53 i.contentWindow.location = new_src + "?csp=" + i.csp; |
54 if (e.source != i.contentWindow || new_src != e.data['src']) | 54 window.addEventListener('message', t.step_func(e => { |
55 return; | 55 if (e.source != i.contentWindow || new_src != e.data['src']) |
56 assert_equals("script-src 'unsafe-inline'", e.data['embedding_csp']); | 56 return; |
57 t.done(); | 57 assert_equals("script-src 'unsafe-inline'", e.data['embedding_csp'])
; |
58 })); | 58 t.done(); |
| 59 })); |
| 60 } |
59 }, "Set Embedding-CSP Header on change of window's location."); | 61 }, "Set Embedding-CSP Header on change of window's location."); |
60 | 62 |
61 async_test(t => { | 63 async_test(t => { |
62 var i = document.createElement('iframe'); | 64 var i = document.createElement('iframe'); |
63 i.csp = "script-src 'unsafe-inline'"; | 65 i.csp = "script-src 'unsafe-inline'"; |
64 i.src = src; | 66 i.src = src; |
65 document.body.appendChild(i); | 67 document.body.appendChild(i); |
66 | 68 |
67 i.csp = "default-src 'unsafe-inline'"; | 69 i.csp = "default-src 'unsafe-inline'"; |
68 i.src = new_src + "?csp=" + i.csp; | 70 i.src = new_src + "?csp=" + i.csp; |
(...skipping 36 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
105 i.src = new_redirect; | 107 i.src = new_redirect; |
106 window.addEventListener('message', t.step_func(e => { | 108 window.addEventListener('message', t.step_func(e => { |
107 if (e.source != i.contentWindow || new_src != e.data['src']) | 109 if (e.source != i.contentWindow || new_src != e.data['src']) |
108 return; | 110 return; |
109 assert_equals("default-src 'unsafe-inline'", e.data['embedding_csp']); | 111 assert_equals("default-src 'unsafe-inline'", e.data['embedding_csp']); |
110 t.done(); | 112 t.done(); |
111 })); | 113 })); |
112 }, "Set Embedding-CSP Header on change of csp attribte and redirect."); | 114 }, "Set Embedding-CSP Header on change of csp attribte and redirect."); |
113 </script> | 115 </script> |
114 </body> | 116 </body> |
115 </html> | 117 </html> |
OLD | NEW |