| OLD | NEW |
|---|
| 1 <!DOCTYPE html> | 1 <!DOCTYPE html> |
| 2 <html> | 2 <html> |
| 3 <head> | 3 <head> |
| 4 <title>Embedded Enforcement: Embedding-CSP header.</title> | 4 <title>Embedded Enforcement: Required-CSP header.</title> |
| 5 <script src="/resources/testharness.js"></script> | 5 <script src="/resources/testharness.js"></script> |
| 6 <script src="/resources/testharnessreport.js"></script> | 6 <script src="/resources/testharnessreport.js"></script> |
| 7 <script src="support/testharness-helper.sub.js"></script> | 7 <script src="support/testharness-helper.sub.js"></script> |
| 8 </head> | 8 </head> |
| 9 <body> | 9 <body> |
| 10 <script> | 10 <script> |
| 11 // When this test starts passing please merge with embedding_csp-header.html | 11 // When this test starts passing please merge with required_csp-header.html |
| 12 var tests = [ | 12 var tests = [ |
| 13 { "name": "Wrong value of `csp` should not trigger sending Embedding-CSP H
eader.", | 13 { "name": "Wrong value of `csp` should not trigger sending Required-CSP He
ader.", |
| 14 "csp": "completely wrong csp", | 14 "csp": "completely wrong csp", |
| 15 "expected": null}, | 15 "expected": null}, |
| 16 ]; | 16 ]; |
| 17 | 17 |
| 18 tests.forEach(test => { | 18 tests.forEach(test => { |
| 19 async_test(t => { | 19 async_test(t => { |
| 20 var url = generateURLString(Host.SAME_ORIGIN, PolicyHeader.EMBEDDING_CSP
); | 20 var url = generateURLString(Host.SAME_ORIGIN, PolicyHeader.REQUIRED_CSP)
; |
| 21 assert_embedding_csp(t, url, test.csp, test.expected); | 21 assert_required_csp(t, url, test.csp, test.expected); |
| 22 }, "Test same origin: " + test.name); | 22 }, "Test same origin: " + test.name); |
| 23 | 23 |
| 24 async_test(t => { | 24 async_test(t => { |
| 25 var url = generateURLString(Host.SAME_ORIGIN, PolicyHeader.EMBEDDING_CSP
); | 25 var url = generateURLString(Host.SAME_ORIGIN, PolicyHeader.REQUIRED_CSP)
; |
| 26 var redirect_url = generateRedirect(Host.SAME_ORIGIN, url); | 26 var redirect_url = generateRedirect(Host.SAME_ORIGIN, url); |
| 27 assert_embedding_csp(t, redirect_url, test.csp, test.expected); | 27 assert_required_csp(t, redirect_url, test.csp, test.expected); |
| 28 }, "Test same origin redirect: " + test.name); | 28 }, "Test same origin redirect: " + test.name); |
| 29 | 29 |
| 30 async_test(t => { | 30 async_test(t => { |
| 31 var url = generateURLString(Host.SAME_ORIGIN, PolicyHeader.EMBEDDING_CSP
); | 31 var url = generateURLString(Host.SAME_ORIGIN, PolicyHeader.REQUIRED_CSP)
; |
| 32 var redirect_url = generateRedirect(Host.CROSS_ORIGIN, url); | 32 var redirect_url = generateRedirect(Host.CROSS_ORIGIN, url); |
| 33 assert_embedding_csp(t, redirect_url, test.csp, test.expected); | 33 assert_required_csp(t, redirect_url, test.csp, test.expected); |
| 34 }, "Test cross origin redirect: " + test.name); | 34 }, "Test cross origin redirect: " + test.name); |
| 35 | 35 |
| 36 async_test(t => { | 36 async_test(t => { |
| 37 var url = generateURLString(Host.CROSS_ORIGIN, PolicyHeader.EMBEDDING_CS
P); | 37 var url = generateURLString(Host.CROSS_ORIGIN, PolicyHeader.REQUIRED_CSP
); |
| 38 var redirect_url = generateRedirect(Host.CROSS_ORIGIN, url); | 38 var redirect_url = generateRedirect(Host.CROSS_ORIGIN, url); |
| 39 assert_embedding_csp(t, redirect_url, test.csp, test.expected); | 39 assert_required_csp(t, redirect_url, test.csp, test.expected); |
| 40 }, "Test cross origin redirect of cross origin iframe: " + test.name); | 40 }, "Test cross origin redirect of cross origin iframe: " + test.name); |
| 41 | 41 |
| 42 async_test(t => { | 42 async_test(t => { |
| 43 var i = document.createElement('iframe'); | 43 var i = document.createElement('iframe'); |
| 44 if (test.csp) | 44 if (test.csp) |
| 45 i.csp = test.csp; | 45 i.csp = test.csp; |
| 46 i.src = generateURLString(Host.SAME_ORIGIN, PolicyHeader.EMBEDDING_CSP); | 46 i.src = generateURLString(Host.SAME_ORIGIN, PolicyHeader.REQUIRED_CSP); |
| 47 var loaded = false; | 47 var loaded = false; |
| 48 | 48 |
| 49 window.addEventListener('message', t.step_func(e => { | 49 window.addEventListener('message', t.step_func(e => { |
| 50 if (e.source != i.contentWindow || !('embedding_csp' in e.data)) | 50 if (e.source != i.contentWindow || !('required_csp' in e.data)) |
| 51 return; | 51 return; |
| 52 if (!loaded) { | 52 if (!loaded) { |
| 53 assert_equals(test.expected, e.data['embedding_csp']); | 53 assert_equals(test.expected, e.data['required_csp']); |
| 54 loaded = true; | 54 loaded = true; |
| 55 i.csp = "default-src 'unsafe-inline'"; | 55 i.csp = "default-src 'unsafe-inline'"; |
| 56 i.src = generateURLString(Host.CROSS_ORIGIN, PolicyHeader.EMBEDDING_
CSP); | 56 i.src = generateURLString(Host.CROSS_ORIGIN, PolicyHeader.REQUIRED_C
SP); |
| 57 } else { | 57 } else { |
| 58 // Once iframe has loaded, check that on change of `src` attribute | 58 // Once iframe has loaded, check that on change of `src` attribute |
| 59 // Embedding-CSP value is based on latest `csp` attribute value. | 59 // Required-CSP value is based on latest `csp` attribute value. |
| 60 assert_equals("default-src 'unsafe-inline'", e.data['embedding_csp']
); | 60 assert_equals("default-src 'unsafe-inline'", e.data['required_csp'])
; |
| 61 t.done(); | 61 t.done(); |
| 62 } | 62 } |
| 63 })); | 63 })); |
| 64 | 64 |
| 65 document.body.appendChild(i); | 65 document.body.appendChild(i); |
| 66 }, "Test Embedding-CSP value on `csp` change: " + test.name); | 66 }, "Test Required-CSP value on `csp` change: " + test.name); |
| 67 }); | 67 }); |
| 68 </script> | 68 </script> |
| 69 </body> | 69 </body> |
| 70 </html> | 70 </html> |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2892903002:
Renamed `embedding-csp` HTTP request header to `required-csp`. (Closed)
