OLD | NEW |
| (Empty) |
1 <!DOCTYPE html> | |
2 <html> | |
3 <head> | |
4 <title>Embedded Enforcement: Embedding-CSP header.</title> | |
5 <script src="/resources/testharness.js"></script> | |
6 <script src="/resources/testharnessreport.js"></script> | |
7 <script src="support/testharness-helper.sub.js"></script> | |
8 </head> | |
9 <body> | |
10 <script> | |
11 // When this test starts passing please merge with embedding_csp-header.html | |
12 var tests = [ | |
13 { "name": "Wrong value of `csp` should not trigger sending Embedding-CSP H
eader.", | |
14 "csp": "completely wrong csp", | |
15 "expected": null}, | |
16 ]; | |
17 | |
18 tests.forEach(test => { | |
19 async_test(t => { | |
20 var url = generateURLString(Host.SAME_ORIGIN, PolicyHeader.EMBEDDING_CSP
); | |
21 assert_embedding_csp(t, url, test.csp, test.expected); | |
22 }, "Test same origin: " + test.name); | |
23 | |
24 async_test(t => { | |
25 var url = generateURLString(Host.SAME_ORIGIN, PolicyHeader.EMBEDDING_CSP
); | |
26 var redirect_url = generateRedirect(Host.SAME_ORIGIN, url); | |
27 assert_embedding_csp(t, redirect_url, test.csp, test.expected); | |
28 }, "Test same origin redirect: " + test.name); | |
29 | |
30 async_test(t => { | |
31 var url = generateURLString(Host.SAME_ORIGIN, PolicyHeader.EMBEDDING_CSP
); | |
32 var redirect_url = generateRedirect(Host.CROSS_ORIGIN, url); | |
33 assert_embedding_csp(t, redirect_url, test.csp, test.expected); | |
34 }, "Test cross origin redirect: " + test.name); | |
35 | |
36 async_test(t => { | |
37 var url = generateURLString(Host.CROSS_ORIGIN, PolicyHeader.EMBEDDING_CS
P); | |
38 var redirect_url = generateRedirect(Host.CROSS_ORIGIN, url); | |
39 assert_embedding_csp(t, redirect_url, test.csp, test.expected); | |
40 }, "Test cross origin redirect of cross origin iframe: " + test.name); | |
41 | |
42 async_test(t => { | |
43 var i = document.createElement('iframe'); | |
44 if (test.csp) | |
45 i.csp = test.csp; | |
46 i.src = generateURLString(Host.SAME_ORIGIN, PolicyHeader.EMBEDDING_CSP); | |
47 var loaded = false; | |
48 | |
49 window.addEventListener('message', t.step_func(e => { | |
50 if (e.source != i.contentWindow || !('embedding_csp' in e.data)) | |
51 return; | |
52 if (!loaded) { | |
53 assert_equals(test.expected, e.data['embedding_csp']); | |
54 loaded = true; | |
55 i.csp = "default-src 'unsafe-inline'"; | |
56 i.src = generateURLString(Host.CROSS_ORIGIN, PolicyHeader.EMBEDDING_
CSP); | |
57 } else { | |
58 // Once iframe has loaded, check that on change of `src` attribute | |
59 // Embedding-CSP value is based on latest `csp` attribute value. | |
60 assert_equals("default-src 'unsafe-inline'", e.data['embedding_csp']
); | |
61 t.done(); | |
62 } | |
63 })); | |
64 | |
65 document.body.appendChild(i); | |
66 }, "Test Embedding-CSP value on `csp` change: " + test.name); | |
67 }); | |
68 </script> | |
69 </body> | |
70 </html> | |
OLD | NEW |