blob: c5ab3501bfd87273a7c0dd5864192258c41450c4 [file] [log] [blame]
<?php
$allow_csp_from = isset($_GET['allow_csp_from']) ? $_GET['allow_csp_from'] : null;
if ($allow_csp_from)
header('Allow-CSP-From: ' . $allow_csp_from, false);
$allow_csp_from_2 = isset($_GET['allow_csp_from_2']) ? $_GET['allow_csp_from_2'] : null;
if ($allow_csp_from_2)
header('Allow-CSP-From: ' . $allow_csp_from_2, false);
?>
<!DOCTYPE html>
<html>
<head>
<title>This page enforces embedder's policies</title>
</head>
<body>
Hello World.
<iframe src="/cross-site/b.com/title2.html"></iframe>
<img src="green250x50.png" />
<script> alert("Hello from iframe");</script>
<script> window.top.postMessage('loaded', '*'); </script>
</body>
</html>