frame-ancestors-nested-cross-in-same-star-allow.html (686B)
1 <!DOCTYPE html> 2 <html> 3 <head> 4 <meta name="timeout" content="long"> 5 <script src="/resources/testharness.js"></script> 6 <script src="/resources/testharnessreport.js"></script> 7 <script src="support/frame-ancestors-test.sub.js"></script> 8 </head> 9 <body> 10 <script> 11 test = async_test("A 'frame-ancestors' CSP directive with a value '*' should render in nested frames."); 12 13 // Note that we can't distinguish blocked URLs from allowed cross-origin URLs due to the same-origin policy. This test passes if no console message declares that the frame was blocked. 14 testNestedIFrame("*", SAME_ORIGIN, CROSS_ORIGIN, EXPECT_BLOCK); 15 </script> 16 </body> 17 </html>