no-document-policy.html (1419B)
1 <!DOCTYPE html> 2 <html> 3 <head> 4 <title>Test advertised required document policy</title> 5 <script src="/resources/testharness.js"></script> 6 <script src="/resources/testharnessreport.js"></script> </head> 7 <body> 8 <h1>Test advertised required document policy</h1> 9 <script> 10 // The top-level document does not have any document-policy-related headers. 11 // A request for a document in a frame should not include a 12 // `Sec-Required-Document-Policy` header, unless that frame requires it 13 // explicitly through the `policy` attribute. 14 15 callbacks = {}; 16 17 window.addEventListener('message', ev => { 18 var id = ev.data.id; 19 if (id && callbacks[id]) { 20 callbacks[id](ev.data.requiredPolicy || null); 21 } 22 }); 23 24 async_test(t => { 25 var iframe = document.createElement('iframe'); 26 iframe.src = "/document-policy/echo-policy.py?id=1"; 27 callbacks["1"] = t.step_func_done(result => { 28 assert_equals(result, null); 29 }); 30 document.body.appendChild(iframe); 31 }, "Child frame should have no required policy by default."); 32 33 async_test(t => { 34 var iframe = document.createElement('iframe'); 35 iframe.src = "/document-policy/echo-policy.py?id=2"; 36 iframe.policy = "force-load-at-top=?0"; 37 callbacks["2"] = t.step_func_done(result => { 38 assert_equals(result, "force-load-at-top=?0"); 39 }); 40 document.body.appendChild(iframe); 41 }, "Child frame can have an explicit required policy."); 42 </script> 43 </body> 44 </html>