| Index: chrome/test/data/extensions/api_test/sandboxed_pages_csp/sandboxed.html
|
| diff --git a/chrome/test/data/extensions/api_test/sandboxed_pages_csp/sandboxed.html b/chrome/test/data/extensions/api_test/sandboxed_pages_csp/sandboxed.html
|
| index 3bcce5e24898716bf2d47834c141f5bba4f2eb09..ac13d0bb80ef380059c4aa4d3e6e7f6a3084ceea 100644
|
| --- a/chrome/test/data/extensions/api_test/sandboxed_pages_csp/sandboxed.html
|
| +++ b/chrome/test/data/extensions/api_test/sandboxed_pages_csp/sandboxed.html
|
| @@ -2,19 +2,6 @@
|
|
|
| <script>
|
| // We're not served with the extension default CSP, we can use inline script.
|
| -
|
| -var sendResponse = function(msg) {
|
| - var mainWindow = window.opener || window.top;
|
| - mainWindow.postMessage(msg, '*');
|
| -};
|
| -
|
| -var remote_frame_loaded = false;
|
| -window.addEventListener('securitypolicyviolation', function(e) {
|
| - if (remote_frame_loaded)
|
| - sendResponse('succeeded');
|
| - else
|
| - sendResponse('failed');
|
| -});
|
|
|
| var loadFrameExpectResponse = function(iframe, url) {
|
| var identifier = performance.now();
|
| @@ -38,15 +25,22 @@
|
|
|
| var runTestAndRespond = function(localUrl, remoteUrl) {
|
| var iframe = document.createElement('iframe');
|
| + var sendResponse = function(msg) {
|
| + var mainWindow = window.opener || window.top;
|
| + mainWindow.postMessage(msg, '*');
|
| + };
|
|
|
| // First load local resource in |iframe|, expect the local frame to respond.
|
| loadFrameExpectResponse(iframe, localUrl).then(function() {
|
| - // Then load remote resource in |iframe|, expect the navigation to be
|
| - // blocked by the Content-Security-Policy.
|
| - // Rely on the SecurityPolicyViolationEvent to detect that the frame has
|
| - // been blocked.
|
| - remote_frame_loaded = true;
|
| - iframe.src = remoteUrl;
|
| + // Then try to load remote resource on the same iframe element. The remote
|
| + // resource will fail to load but we'd get an iframe.onload event and the
|
| + // local frame will still be there. Therefore, expect the local frame to
|
| + // respond again.
|
| + return loadFrameExpectResponse(iframe, remoteUrl);
|
| + }).then(function() {
|
| + sendResponse('succeeded');
|
| + }).catch(function(err) {
|
| + sendResponse('failed');
|
| });
|
| document.body.appendChild(iframe);
|
| };
|
|
|
Chromium Code Reviews
Issue 2756913002:
Revert of PlzNavigate: Enforce 'frame-src' CSP on the browser. (Closed)
