frame-src-same-document-meta.sub.html (1981B)
1 <script src="/resources/testharness.js"></script> 2 <script src="/resources/testharnessreport.js"></script> 3 <html> 4 <body></body> 5 <script> 6 promise_test(async test => { 7 // 1. Load an iframe (not blocked). 8 let iframe = document.createElement("iframe"); 9 { 10 iframe.name = "theiframe"; 11 iframe.src = 12 "http://www1.{{host}}:{{ports[http][0]}}/content-security-policy/frame-src/support/frame.html?0"; 13 let iframeLoaded = new Promise(resolve => { iframe.onload = resolve }); 14 document.body.appendChild(iframe); 15 await iframeLoaded; 16 } 17 18 // 2. Start blocking iframes using CSP frame-src 'none'. 19 { 20 let meta = document.createElement('meta'); 21 meta.httpEquiv = "Content-Security-Policy"; 22 meta.content = "frame-src 'none'"; 23 document.getElementsByTagName('head')[0].appendChild(meta); 24 } 25 26 // 3. Blocked same-document navigation using iframe.src. 27 { 28 let violation = new Promise(resolve => { 29 window.addEventListener('securitypolicyviolation', () => resolve()); 30 }); 31 iframe.src = 32 "http://www1.{{host}}:{{ports[http][0]}}/content-security-policy/frame-src/support/frame.html?1"; 33 await violation; 34 } 35 36 // 4. Blocked same-document navigation using window.open. 37 { 38 let violation = new Promise(resolve => { 39 window.addEventListener('securitypolicyviolation', resolve); 40 }); 41 window.open( 42 "http://www1.{{host}}:{{ports[http][0]}}/content-security-policy/frame-src/support/frame.html?2", 43 "theiframe"); 44 await violation; 45 } 46 47 // 5. Regression test for https://crbug.com/1018385. The browser should 48 // not crash while displaying the error page. 49 await new Promise(resolve => window.setTimeout(resolve, 1000)); 50 }, "Same-document navigations in an iframe blocked by CSP frame-src dynamically using the <meta> tag"); 51 </script> 52 </html>