Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(231)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: third_party/WebKit/LayoutTests/external/wpt/content-security-policy/embedded-enforcement/required_csp-header.html

Issue 2892903002: Renamed `embedding-csp` HTTP request header to `required-csp`. (Closed)
Patch Set: Created 3 years, 7 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « third_party/WebKit/LayoutTests/external/wpt/content-security-policy/embedded-enforcement/embedding_csp-header-invalid-format.html ('k') | third_party/WebKit/LayoutTests/external/wpt/content-security-policy/embedded-enforcement/required_csp-header-invalid-format.html » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 <!DOCTYPE html> 1 <!DOCTYPE html>
2 <html> 2 <html>
3 <head> 3 <head>
4 <title>Embedded Enforcement: Embedding-CSP header.</title> 4 <title>Embedded Enforcement: Required-CSP header.</title>
5 <script src="/resources/testharness.js"></script> 5 <script src="/resources/testharness.js"></script>
6 <script src="/resources/testharnessreport.js"></script> 6 <script src="/resources/testharnessreport.js"></script>
7 <script src="support/testharness-helper.sub.js"></script> 7 <script src="support/testharness-helper.sub.js"></script>
8 </head> 8 </head>
9 <body> 9 <body>
10 <script> 10 <script>
11 var tests = [ 11 var tests = [
12 { "name": "Embedding-CSP is not sent if `csp` attribute is not set on <ifr ame>.", 12 { "name": "Required-CSP is not sent if `csp` attribute is not set on <ifra me>.",
13 "csp": null, 13 "csp": null,
14 "expected": null }, 14 "expected": null },
15 { "name": "Send Embedding-CSP when `csp` attribute of <iframe> is not empt y.", 15 { "name": "Send Required-CSP when `csp` attribute of <iframe> is not empty .",
16 "csp": "script-src 'unsafe-inline'", 16 "csp": "script-src 'unsafe-inline'",
17 "expected": "script-src 'unsafe-inline'" }, 17 "expected": "script-src 'unsafe-inline'" },
18 { "name": "Send Embedding-CSP Header on change of `src` attribute on ifram e.", 18 { "name": "Send Required-CSP Header on change of `src` attribute on iframe .",
19 "csp": "script-src 'unsafe-inline'", 19 "csp": "script-src 'unsafe-inline'",
20 "expected": "script-src 'unsafe-inline'" }, 20 "expected": "script-src 'unsafe-inline'" },
21 ]; 21 ];
22 22
23 tests.forEach(test => { 23 tests.forEach(test => {
24 async_test(t => { 24 async_test(t => {
25 var url = generateURLString(Host.SAME_ORIGIN, PolicyHeader.EMBEDDING_CSP ); 25 var url = generateURLString(Host.SAME_ORIGIN, PolicyHeader.REQUIRED_CSP) ;
26 assert_embedding_csp(t, url, test.csp, test.expected); 26 assert_required_csp(t, url, test.csp, test.expected);
27 }, "Test same origin: " + test.name); 27 }, "Test same origin: " + test.name);
28 28
29 async_test(t => { 29 async_test(t => {
30 var url = generateURLString(Host.SAME_ORIGIN, PolicyHeader.EMBEDDING_CSP ); 30 var url = generateURLString(Host.SAME_ORIGIN, PolicyHeader.REQUIRED_CSP) ;
31 var redirect_url = generateRedirect(Host.SAME_ORIGIN, url); 31 var redirect_url = generateRedirect(Host.SAME_ORIGIN, url);
32 assert_embedding_csp(t, redirect_url, test.csp, test.expected); 32 assert_required_csp(t, redirect_url, test.csp, test.expected);
33 }, "Test same origin redirect: " + test.name); 33 }, "Test same origin redirect: " + test.name);
34 34
35 async_test(t => { 35 async_test(t => {
36 var url = generateURLString(Host.SAME_ORIGIN, PolicyHeader.EMBEDDING_CSP ); 36 var url = generateURLString(Host.SAME_ORIGIN, PolicyHeader.REQUIRED_CSP) ;
37 var redirect_url = generateRedirect(Host.CROSS_ORIGIN, url); 37 var redirect_url = generateRedirect(Host.CROSS_ORIGIN, url);
38 assert_embedding_csp(t, redirect_url, test.csp, test.expected); 38 assert_required_csp(t, redirect_url, test.csp, test.expected);
39 }, "Test cross origin redirect: " + test.name); 39 }, "Test cross origin redirect: " + test.name);
40 40
41 async_test(t => { 41 async_test(t => {
42 var url = generateURLString(Host.CROSS_ORIGIN, PolicyHeader.EMBEDDING_CS P); 42 var url = generateURLString(Host.CROSS_ORIGIN, PolicyHeader.REQUIRED_CSP );
43 var redirect_url = generateRedirect(Host.CROSS_ORIGIN, url); 43 var redirect_url = generateRedirect(Host.CROSS_ORIGIN, url);
44 assert_embedding_csp(t, redirect_url, test.csp, test.expected); 44 assert_required_csp(t, redirect_url, test.csp, test.expected);
45 }, "Test cross origin redirect of cross origin iframe: " + test.name); 45 }, "Test cross origin redirect of cross origin iframe: " + test.name);
46 46
47 async_test(t => { 47 async_test(t => {
48 var i = document.createElement('iframe'); 48 var i = document.createElement('iframe');
49 if (test.csp) 49 if (test.csp)
50 i.csp = test.csp; 50 i.csp = test.csp;
51 i.src = generateURLString(Host.SAME_ORIGIN, PolicyHeader.EMBEDDING_CSP); 51 i.src = generateURLString(Host.SAME_ORIGIN, PolicyHeader.REQUIRED_CSP);
52 var loaded = false; 52 var loaded = false;
53 53
54 window.addEventListener('message', t.step_func(e => { 54 window.addEventListener('message', t.step_func(e => {
55 if (e.source != i.contentWindow || !('embedding_csp' in e.data)) 55 if (e.source != i.contentWindow || !('required_csp' in e.data))
56 return; 56 return;
57 if (!loaded) { 57 if (!loaded) {
58 assert_equals(test.expected, e.data['embedding_csp']); 58 assert_equals(test.expected, e.data['required_csp']);
59 loaded = true; 59 loaded = true;
60 i.csp = "default-src 'unsafe-inline'"; 60 i.csp = "default-src 'unsafe-inline'";
61 i.src = generateURLString(Host.CROSS_ORIGIN, PolicyHeader.EMBEDDING_ CSP); 61 i.src = generateURLString(Host.CROSS_ORIGIN, PolicyHeader.REQUIRED_C SP);
62 } else { 62 } else {
63 // Once iframe has loaded, check that on change of `src` attribute 63 // Once iframe has loaded, check that on change of `src` attribute
64 // Embedding-CSP value is based on latest `csp` attribute value. 64 // Required-CSP value is based on latest `csp` attribute value.
65 assert_equals("default-src 'unsafe-inline'", e.data['embedding_csp'] ); 65 assert_equals("default-src 'unsafe-inline'", e.data['required_csp']) ;
66 t.done(); 66 t.done();
67 } 67 }
68 })); 68 }));
69 69
70 document.body.appendChild(i); 70 document.body.appendChild(i);
71 }, "Test Embedding-CSP value on `csp` change: " + test.name); 71 }, "Test Required-CSP value on `csp` change: " + test.name);
72 }); 72 });
73 </script> 73 </script>
74 </body> 74 </body>
75 </html> 75 </html>
OLDNEW
« no previous file with comments | « third_party/WebKit/LayoutTests/external/wpt/content-security-policy/embedded-enforcement/embedding_csp-header-invalid-format.html ('k') | third_party/WebKit/LayoutTests/external/wpt/content-security-policy/embedded-enforcement/required_csp-header-invalid-format.html » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698