OLD | NEW |
1 <!DOCTYPE html> | 1 <!DOCTYPE html> |
2 <html> | 2 <html> |
3 <head> | 3 <head> |
4 <title>Embedded Enforcement: Embedding-CSP header.</title> | 4 <title>Embedded Enforcement: Required-CSP header.</title> |
5 <script src="/resources/testharness.js"></script> | 5 <script src="/resources/testharness.js"></script> |
6 <script src="/resources/testharnessreport.js"></script> | 6 <script src="/resources/testharnessreport.js"></script> |
7 <script src="support/testharness-helper.sub.js"></script> | 7 <script src="support/testharness-helper.sub.js"></script> |
8 </head> | 8 </head> |
9 <body> | 9 <body> |
10 <script> | 10 <script> |
11 // When this test starts passing please merge with embedding_csp-header.html | 11 // When this test starts passing please merge with required_csp-header.html |
12 var tests = [ | 12 var tests = [ |
13 { "name": "Wrong value of `csp` should not trigger sending Embedding-CSP H
eader.", | 13 { "name": "Wrong value of `csp` should not trigger sending Required-CSP He
ader.", |
14 "csp": "completely wrong csp", | 14 "csp": "completely wrong csp", |
15 "expected": null}, | 15 "expected": null}, |
16 ]; | 16 ]; |
17 | 17 |
18 tests.forEach(test => { | 18 tests.forEach(test => { |
19 async_test(t => { | 19 async_test(t => { |
20 var url = generateURLString(Host.SAME_ORIGIN, PolicyHeader.EMBEDDING_CSP
); | 20 var url = generateURLString(Host.SAME_ORIGIN, PolicyHeader.REQUIRED_CSP)
; |
21 assert_embedding_csp(t, url, test.csp, test.expected); | 21 assert_required_csp(t, url, test.csp, test.expected); |
22 }, "Test same origin: " + test.name); | 22 }, "Test same origin: " + test.name); |
23 | 23 |
24 async_test(t => { | 24 async_test(t => { |
25 var url = generateURLString(Host.SAME_ORIGIN, PolicyHeader.EMBEDDING_CSP
); | 25 var url = generateURLString(Host.SAME_ORIGIN, PolicyHeader.REQUIRED_CSP)
; |
26 var redirect_url = generateRedirect(Host.SAME_ORIGIN, url); | 26 var redirect_url = generateRedirect(Host.SAME_ORIGIN, url); |
27 assert_embedding_csp(t, redirect_url, test.csp, test.expected); | 27 assert_required_csp(t, redirect_url, test.csp, test.expected); |
28 }, "Test same origin redirect: " + test.name); | 28 }, "Test same origin redirect: " + test.name); |
29 | 29 |
30 async_test(t => { | 30 async_test(t => { |
31 var url = generateURLString(Host.SAME_ORIGIN, PolicyHeader.EMBEDDING_CSP
); | 31 var url = generateURLString(Host.SAME_ORIGIN, PolicyHeader.REQUIRED_CSP)
; |
32 var redirect_url = generateRedirect(Host.CROSS_ORIGIN, url); | 32 var redirect_url = generateRedirect(Host.CROSS_ORIGIN, url); |
33 assert_embedding_csp(t, redirect_url, test.csp, test.expected); | 33 assert_required_csp(t, redirect_url, test.csp, test.expected); |
34 }, "Test cross origin redirect: " + test.name); | 34 }, "Test cross origin redirect: " + test.name); |
35 | 35 |
36 async_test(t => { | 36 async_test(t => { |
37 var url = generateURLString(Host.CROSS_ORIGIN, PolicyHeader.EMBEDDING_CS
P); | 37 var url = generateURLString(Host.CROSS_ORIGIN, PolicyHeader.REQUIRED_CSP
); |
38 var redirect_url = generateRedirect(Host.CROSS_ORIGIN, url); | 38 var redirect_url = generateRedirect(Host.CROSS_ORIGIN, url); |
39 assert_embedding_csp(t, redirect_url, test.csp, test.expected); | 39 assert_required_csp(t, redirect_url, test.csp, test.expected); |
40 }, "Test cross origin redirect of cross origin iframe: " + test.name); | 40 }, "Test cross origin redirect of cross origin iframe: " + test.name); |
41 | 41 |
42 async_test(t => { | 42 async_test(t => { |
43 var i = document.createElement('iframe'); | 43 var i = document.createElement('iframe'); |
44 if (test.csp) | 44 if (test.csp) |
45 i.csp = test.csp; | 45 i.csp = test.csp; |
46 i.src = generateURLString(Host.SAME_ORIGIN, PolicyHeader.EMBEDDING_CSP); | 46 i.src = generateURLString(Host.SAME_ORIGIN, PolicyHeader.REQUIRED_CSP); |
47 var loaded = false; | 47 var loaded = false; |
48 | 48 |
49 window.addEventListener('message', t.step_func(e => { | 49 window.addEventListener('message', t.step_func(e => { |
50 if (e.source != i.contentWindow || !('embedding_csp' in e.data)) | 50 if (e.source != i.contentWindow || !('required_csp' in e.data)) |
51 return; | 51 return; |
52 if (!loaded) { | 52 if (!loaded) { |
53 assert_equals(test.expected, e.data['embedding_csp']); | 53 assert_equals(test.expected, e.data['required_csp']); |
54 loaded = true; | 54 loaded = true; |
55 i.csp = "default-src 'unsafe-inline'"; | 55 i.csp = "default-src 'unsafe-inline'"; |
56 i.src = generateURLString(Host.CROSS_ORIGIN, PolicyHeader.EMBEDDING_
CSP); | 56 i.src = generateURLString(Host.CROSS_ORIGIN, PolicyHeader.REQUIRED_C
SP); |
57 } else { | 57 } else { |
58 // Once iframe has loaded, check that on change of `src` attribute | 58 // Once iframe has loaded, check that on change of `src` attribute |
59 // Embedding-CSP value is based on latest `csp` attribute value. | 59 // Required-CSP value is based on latest `csp` attribute value. |
60 assert_equals("default-src 'unsafe-inline'", e.data['embedding_csp']
); | 60 assert_equals("default-src 'unsafe-inline'", e.data['required_csp'])
; |
61 t.done(); | 61 t.done(); |
62 } | 62 } |
63 })); | 63 })); |
64 | 64 |
65 document.body.appendChild(i); | 65 document.body.appendChild(i); |
66 }, "Test Embedding-CSP value on `csp` change: " + test.name); | 66 }, "Test Required-CSP value on `csp` change: " + test.name); |
67 }); | 67 }); |
68 </script> | 68 </script> |
69 </body> | 69 </body> |
70 </html> | 70 </html> |
OLD | NEW |