tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

feature-policy-nested-header-policy-disallowed-for-all.https.sub.html (2358B)

      1 <!DOCTYPE html>
      2 <meta name="timeout" content="long">
      3 <body>
      4  <script src=/resources/testharness.js></script>
      5  <script src=/resources/testharnessreport.js></script>
      6  <script src=/feature-policy/resources/featurepolicy.js></script>
      7  <script>
      8  /*
      9  fullscreen is disabled at the top-level document, therefore disabled
     10  everywhere throughout inheritance.
     11  */
     12  'use strict';
     13  const same_origin = 'https://{{domains[]}}:{{ports[https][0]}}';
     14  const cross_origin = 'https://{{domains[www]}}:{{ports[https][0]}}';
     15  const same_origin_src = '/feature-policy/resources/feature-policy-nested-subframe-policy.https.sub.html';
     16  const cross_origin_src = cross_origin + same_origin_src;
     17  const policies = ['*', '\'self\'', '\'none\''];
     18 
     19  for (var i = 0; i < policies.length; i++) {
     20    /* ------------------------------------------
     21       |  top-level document                    |
     22       |  ------------------------------------  |
     23       |  |  same-origin iframe              |  |
     24       |  |  ------------------------------  |  |
     25       |  |  |  local and remote iframes  |  |  |
     26       |  |  ------------------------------  |  |
     27       |  ------------------------------------  |
     28       ------------------------------------------ */
     29    test_subframe_header_policy('fullscreen', policies[i], same_origin_src,
     30        {local_all: false, local_self: false, local_none: false,
     31        remote_all: false, remote_self: false, remote_none: false},
     32        'Test nested header policy with local iframe on policy "fullscreen '
     33          + policies[i] + '".');
     34 
     35    /* -------------------------------------------
     36       |  top-level document                     |
     37       |  -------------------------------------  |
     38       |  |  cross-origin iframe              |  |
     39       |  |  -------------------------------  |  |
     40       |  |  |  local and remote iframes   |  |  |
     41       |  |  -------------------------------  |  |
     42       |  -------------------------------------  |
     43       ------------------------------------------- */
     44    test_subframe_header_policy('fullscreen', policies[i], cross_origin_src,
     45        {local_all: false, local_self: false, local_none: false,
     46        remote_all: false, remote_self: false, remote_none: false},
     47        'Test nested header policy with remote iframe on policy "fullscreen '
     48          + policies[i] + '".');
     49 }
     50  </script>
     51 </body>