document-policy.html (1843B)
1 <!DOCTYPE html> 2 <html> 3 <head> 4 <title>Test advertised required document policy</title> 5 <script src="/resources/testharness.js"></script> 6 <script src="/resources/testharnessreport.js"></script> </head> 7 <body> 8 <h1>Test advertised required document policy</h1> 9 <script> 10 // The top-level document has a document policy, but not a required document 11 // policy. A request for a document in a frame should not include a 12 // `Sec-Required-Document-Policy` header, unless that frame requires it 13 // explicitly through the `policy` attribute. 14 15 callbacks = {}; 16 17 window.addEventListener('message', ev => { 18 var id = ev.data.id; 19 if (id && callbacks[id]) { 20 callbacks[id](ev.data.requiredPolicy || null); 21 } 22 }); 23 24 async_test(t => { 25 var iframe = document.createElement('iframe'); 26 iframe.src = "/document-policy/echo-policy.py?id=1"; 27 callbacks["1"] = t.step_func_done(result => { 28 assert_equals(result, null); 29 }); 30 document.body.appendChild(iframe); 31 }, "Top-level document's policy should not affect child frame requests"); 32 33 async_test(t => { 34 var iframe = document.createElement('iframe'); 35 iframe.src = "/document-policy/echo-policy.py?id=2"; 36 iframe.policy = "force-load-at-top"; 37 callbacks["2"] = t.step_func_done(result => { 38 assert_equals(result, "force-load-at-top"); 39 }); 40 document.body.appendChild(iframe); 41 }, "Child frame can have a required policy independent of the parent document."); 42 43 async_test(t => { 44 var iframe = document.createElement('iframe'); 45 iframe.src = "/document-policy/echo-policy.py?id=3"; 46 iframe.policy = "sync-xhr"; 47 callbacks["3"] = t.step_func_done(result => { 48 assert_equals(result, "sync-xhr"); 49 }); 50 document.body.appendChild(iframe); 51 }, "Child frame can have a required policy which is less strict than the parent document's policy."); 52 </script> 53 </body> 54 </html>