csp-allowed-transparent.https.html (1344B)
1 <!DOCTYPE html> 2 <title>Test transparent fenced frame navigations with allowed CSP</title> 3 <script src="/resources/testharness.js"></script> 4 <script src="/resources/testharnessreport.js"></script> 5 <script src="/common/utils.js"></script> 6 <script src="resources/utils.js"></script> 7 <script src="/common/get-host-info.sub.js"></script> 8 <script src="/common/dispatcher/dispatcher.js"></script> 9 10 <body> 11 <script> 12 const allowedCSPs = [ 13 "*", 14 "https://*:*", 15 get_host_info().HTTPS_ORIGIN, 16 'https://' + get_host_info().ORIGINAL_HOST + ":*" 17 ]; 18 allowedCSPs.forEach((csp) => { 19 promise_test(async() => { 20 const iframe = setupCSP(csp); 21 const key = token(); 22 23 await iframe.execute(async (key) => { 24 window.addEventListener('securitypolicyviolation', function(e) { 25 // Write to the server even though the listener is in the same file in 26 // the test below. 27 writeValueToServer(key, e.violatedDirective + ";" + e.blockedURI); 28 }, {once: true}); 29 30 const url = generateURL("/fenced-frame/resources/embeddee.html", [key]); 31 attachFencedFrame(url); 32 }, [key]); 33 34 const result = await nextValueFromServer(key); 35 assert_equals(result, "PASS", 36 "The fenced frame should load for CSP fenced-frame-src " + csp); 37 }, "Fenced frame loaded for CSP fenced-frame-src " + csp); 38 }); 39 </script> 40 </body>