frame-src-cross-origin-same-document-navigation.window.js (1693B)
1 // META: script=/common/get-host-info.sub.js 2 // META: script=/common/utils.js 3 // META: script=/common/dispatcher/dispatcher.js 4 5 // Regression test for https://crbug.com/1262203 6 // 7 // A cross-origin document initiates a same-document navigation. This navigation 8 // is subject to CSP:frame-src 'none', but this doesn't apply, since it's a 9 // same-document navigation. This test checks this doesn't lead to a crash. 10 11 promise_test(async test => { 12 const child_token = token(); 13 const child = new RemoteContext(child_token); 14 const iframe = document.createElement("iframe"); 15 iframe.src = remoteExecutorUrl(child_token, { 16 host: get_host_info().REMOTE_HOST 17 }); 18 document.body.appendChild(iframe); 19 20 // Install a promise waiting for a same-document navigation to happen in the 21 // child. 22 await child.execute_script(() => { 23 window.sameDocumentNavigation = new Promise(resolve => { 24 window.addEventListener("popstate", resolve); 25 }); 26 }); 27 28 // Append a new CSP, disallowing new iframe navigations. 29 const meta = document.createElement("meta"); 30 meta.httpEquiv = "Content-Security-Policy"; 31 meta.content = "frame-src 'none'"; 32 document.head.appendChild(meta); 33 34 document.addEventListener( 35 "securitypolicyviolation", 36 test.unreached_func("same-document navigations aren't subject to CSP")); 37 38 // Create a same-document navigation, inititated cross-origin in the iframe. 39 // It must not be blocked by the CSP above. 40 iframe.src += "#foo"; 41 42 // Make sure the navigation succeeded and was indeed a same-document one: 43 await child.execute_script(() => sameDocumentNavigation); 44 assert_equals(await child.execute_script(() => location.href), iframe.src); 45 })