Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(7)

Unified Diff: third_party/WebKit/LayoutTests/external/wpt/content-security-policy/embedded-enforcement/embedding_csp-header.html

Issue 2704543002: Import wpt@3bd204d7e86fd81e98e63f4ce59b95d98bad1c54 (Closed)
Patch Set: Created 3 years, 10 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
Index: third_party/WebKit/LayoutTests/external/wpt/content-security-policy/embedded-enforcement/embedding_csp-header.html
diff --git a/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/embedded-enforcement/embedding_csp-header.html b/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/embedded-enforcement/embedding_csp-header.html
new file mode 100644
index 0000000000000000000000000000000000000000..424233a3ad8266145166f0d0c9f9094eb32e66bd
--- /dev/null
+++ b/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/embedded-enforcement/embedding_csp-header.html
@@ -0,0 +1,78 @@
+<!DOCTYPE html>
+<html>
+<head>
+<title>Embedded Enforcement: Embedding-CSP header.</title>
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="support/testharness-helper.sub.js"></script>
+</head>
+<body>
+ <script>
+ var tests = [
+ { "name": "Embedding-CSP is not sent if `csp` attribute is not set on <iframe>.",
+ "csp": null,
+ "expected": null },
+ { "name": "Send Embedding-CSP when `csp` attribute of <iframe> is not empty.",
+ "csp": "script-src 'unsafe-inline'",
+ "expected": "script-src 'unsafe-inline'" },
+ { "name": "Send Embedding-CSP Header on change of `src` attribute on iframe.",
+ "csp": "script-src 'unsafe-inline'",
+ "expected": "script-src 'unsafe-inline'" },
+ { "name": "Wrong value of `csp` should not trigger sending Embedding-CSP Header.",
+ "csp": "completely wrong csp",
+ "expected": null},
+ ];
+
+ tests.forEach(test => {
+ async_test(t => {
+ var url = generateURLString(Host.SAME_ORIGIN, PolicyHeader.EMBEDDING_CSP);
+ assert_embedding_csp(t, url, test.csp, test.expected);
+ }, "Test same origin: " + test.name);
+
+ async_test(t => {
+ var url = generateURLString(Host.SAME_ORIGIN, PolicyHeader.EMBEDDING_CSP);
+ var redirect_url = generateRedirect(Host.SAME_ORIGIN, url);
+ assert_embedding_csp(t, redirect_url, test.csp, test.expected);
+ }, "Test same origin redirect: " + test.name);
+
+ async_test(t => {
+ var url = generateURLString(Host.SAME_ORIGIN, PolicyHeader.EMBEDDING_CSP);
+ var redirect_url = generateRedirect(Host.CROSS_ORIGIN, url);
+ assert_embedding_csp(t, redirect_url, test.csp, test.expected);
+ }, "Test cross origin redirect: " + test.name);
+
+ async_test(t => {
+ var url = generateURLString(Host.CROSS_ORIGIN, PolicyHeader.EMBEDDING_CSP);
+ var redirect_url = generateRedirect(Host.CROSS_ORIGIN, url);
+ assert_embedding_csp(t, redirect_url, test.csp, test.expected);
+ }, "Test cross origin redirect of cross origin iframe: " + test.name);
+
+ async_test(t => {
+ var i = document.createElement('iframe');
+ if (test.csp)
+ i.csp = test.csp;
+ i.src = generateURLString(Host.SAME_ORIGIN, PolicyHeader.EMBEDDING_CSP);
+ var loaded = false;
+
+ window.addEventListener('message', t.step_func(e => {
+ if (e.source != i.contentWindow || !('embedding_csp' in e.data))
+ return;
+ if (!loaded) {
+ assert_equals(test.expected, e.data['embedding_csp']);
+ loaded = true;
+ i.csp = "default-src 'unsafe-inline'";
+ i.src = generateURLString(Host.CROSS_ORIGIN, PolicyHeader.EMBEDDING_CSP);
+ } else {
+ // Once iframe has loaded, check that on change of `src` attribute
+ // Embedding-CSP value is based on latest `csp` attribute value.
+ assert_equals("default-src 'unsafe-inline'", e.data['embedding_csp']);
+ t.done();
+ }
+ }));
+
+ document.body.appendChild(i);
+ }, "Test Embedding-CSP value on `csp` change: " + test.name);
+ });
+ </script>
+</body>
+</html>

Powered by Google App Engine
This is Rietveld 408576698