frame-src-sandboxed-allowed.html (914B)
1 <!DOCTYPE html> 2 <html> 3 <head> 4 <title>Frame-src: 'self' matches even if the parent's origin is unique.</title> 5 <script src="/resources/testharness.js"></script> 6 <script src="/resources/testharnessreport.js"></script> 7 </head> 8 <body> 9 <script> 10 var t = async_test('SubframeLoaded'); 11 12 window.addEventListener('securitypolicyviolation', t.step_func(function(e) { 13 if (e.violatedDirective === "frame-src") { 14 assert_unreached('unexpected securitypolicyviolation'); 15 t.done(); 16 } 17 })); 18 19 window.addEventListener("message", t.step_func(function(event) { 20 assert_equals(event.data, "PASS", 'unexpected message: ' + event.data); 21 t.done(); 22 })); 23 24 f = document.createElement("iframe"); 25 f.src = "/content-security-policy/support/postmessage-pass.html"; 26 document.body.appendChild(f); 27 </script> 28 </body> 29 </html>