frame-ancestors-star-allow-crossorigin.html (603B)
1 <!DOCTYPE html> 2 <html> 3 <head> 4 <script src="/resources/testharness.js"></script> 5 <script src="/resources/testharnessreport.js"></script> 6 <script src="support/frame-ancestors-test.sub.js"></script> 7 </head> 8 <body> 9 <script> 10 test = async_test("A 'frame-ancestors' CSP directive with '*' should allow rendering."); 11 12 // Note that we can't distinguish blocked URLs from allowed cross-origin URLs due to the same-origin policy. This test passes if no console message declares that the frame was blocked. 13 crossOriginFrameShouldBeBlocked("*"); 14 </script> 15 </body> 16 </html>