Google Git
Sign in
chromium / chromium / src / 69cc847f5802c6d871836695d5f984db682af776 / . / third_party / WebKit / LayoutTests / http / tests / security / contentSecurityPolicy / embeddedEnforcement / embedding_csp-header.html
blob: 45c36207266bdba3422bd4f0942d244fde3d7ea2 [file] [log] [blame]
<!DOCTYPE html>
<html>
<head>
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
</head>
<body>
<script>
src = '../resources/get-embedding-csp-header.php';
new_src = '../resources/get-embedding-csp-header-and-respond.php';
function generateRedirect(url) {
return '/security/resources/redir.php?url=' + url;
}
async_test(t => {
var i = document.createElement('iframe');
i.src = src;
window.addEventListener('message', t.step_func(e => {
if (e.source != i.contentWindow)
return;
assert_equals(src, e.data['src']);
assert_equals(null, e.data['embedding_csp']);
t.done();
}));
document.body.appendChild(i);
}, "Embedding_CSP is not sent if csp attribute is not set on <iframe>.");
async_test(t => {
var i = document.createElement('iframe');
i.csp = "script-src 'unsafe-inline'";
i.src = src;
window.addEventListener('message', t.step_func(e => {
if (e.source != i.contentWindow)
return;
assert_equals(src, e.data['src']);
assert_equals("script-src 'unsafe-inline'", e.data['embedding_csp']);
t.done();
}));
document.body.appendChild(i);
}, "<iframe csp> sends an Embedding-CSP request header.");
async_test(t => {
var i = document.createElement('iframe');
i.csp = "script-src 'unsafe-inline'";
i.src = src;
document.body.appendChild(i);
i.contentWindow.location = new_src + "?csp=" + i.csp;
window.addEventListener('message', t.step_func(e => {
if (e.source != i.contentWindow || new_src != e.data['src'])
return;
assert_equals("script-src 'unsafe-inline'", e.data['embedding_csp']);
t.done();
}));
}, "Set Embedding-CSP Header on change of window's location.");
async_test(t => {
var i = document.createElement('iframe');
i.csp = "script-src 'unsafe-inline'";
i.src = src;
document.body.appendChild(i);
i.csp = "default-src 'unsafe-inline'";
i.src = new_src + "?csp=" + i.csp;
window.addEventListener('message', t.step_func(e => {
if (e.source != i.contentWindow || new_src != e.data['src'])
return;
assert_equals("default-src 'unsafe-inline'", e.data['embedding_csp']);
t.done();
}));
}, "Set Embedding-CSP Header on change of src attribute on iframe.");
async_test(t => {
var i = document.createElement('iframe');
i.csp = "script-src 'unsafe-inline'";
redirect_url = 'http://127.0.0.1:8000/security/contentSecurityPolicy/resources/get-embedding-csp-header.php';
i.src = generateRedirect(redirect_url);
document.body.appendChild(i);
window.addEventListener('message', t.step_func(e => {
if (e.source != i.contentWindow) {
return;
}
assert_equals(src, e.data['src']);
assert_equals("script-src 'unsafe-inline'", e.data['embedding_csp']);
t.done();
}));
}, "Set Embedding-CSP Header on redirect in <iframe>.");
async_test(t => {
var i = document.createElement('iframe');
i.csp = "script-src 'unsafe-inline'";
redirect_url = 'http://127.0.0.1:8000/security/contentSecurityPolicy/resources/get-embedding-csp-header.php';
i.src = generateRedirect(redirect_url);
document.body.appendChild(i);
redirect_url = 'http://127.0.0.1:8000/security/contentSecurityPolicy/resources/get-embedding-csp-header-and-respond.php';
new_redirect = generateRedirect(redirect_url);
i.csp = "default-src 'unsafe-inline'";
i.src = new_redirect;
window.addEventListener('message', t.step_func(e => {
if (e.source != i.contentWindow || new_src != e.data['src'])
return;
assert_equals("default-src 'unsafe-inline'", e.data['embedding_csp']);
t.done();
}));
}, "Set Embedding-CSP Header on change of csp attribte and redirect.");
</script>
</body>
</html>