report-frame-ancestors-no-parent-cookies.sub.html (1271B)
1 <!DOCTYPE html> 2 <html> 3 <head> 4 <title>Cookies are not sent on cross origin violation reports for 5 frame-ancestors violations, even if the report-uri is same-origin 6 with the embedder.</title> 7 <meta name="timeout" content="long"> 8 <script src="/resources/testharness.js"></script> 9 <script src="/resources/testharnessreport.js"></script> 10 </head> 11 <body> 12 <script> 13 fetch( 14 "/cookies/resources/set-cookie.py?name=cspViolationReportCookie1&path=" + 15 encodeURIComponent("/"), 16 {mode: 'no-cors', credentials: 'include'}) 17 .then(() => { 18 19 const iframe = document.createElement('iframe'); 20 const searchParams = new URLSearchParams(); 21 let reportId = "{{$id:uuid()}}"; 22 searchParams.set("reportID", reportId); 23 searchParams.set("reportUriBase", "http://{{host}}:{{ports[http][0]}}"); 24 iframe.src = "http://{{domains[www1]}}:{{ports[http][0]}}/" + 25 "content-security-policy/reporting/support/not-embeddable-frame.py?" + 26 searchParams.toString(); 27 document.body.appendChild(iframe); 28 }); 29 </script> 30 <script async defer src='../support/checkReport.sub.js?reportField=violated-directive&reportValue=frame-ancestors%20%27none%27&noCookies=true&reportID={{$id}}'></script> 31 32 </body> 33 </html>