csp-frame-src-blocked.https.html (1376B)
1 <!DOCTYPE html> 2 <meta http-equiv="Content-Security-Policy" content="img-src 'self' https: https://*:*"> 3 <meta http-equiv="Content-Security-Policy" content="frame-src 'none'"> 4 <title>Test Content-Security-Policy fenced-frame-src falling back to frame-src</title> 5 <script src="/resources/testharness.js"></script> 6 <script src="/resources/testharnessreport.js"></script> 7 <script src="resources/utils.js"></script> 8 <script src="/common/utils.js"></script> 9 10 <body> 11 <script> 12 const key = token(); 13 14 window.addEventListener('securitypolicyviolation', function(e) { 15 // Write to the server even though the listener is in the same file in the 16 // test below. 17 writeValueToServer(key, e.violatedDirective + ";" + e.blockedURI); 18 }); 19 20 promise_test(async () => { 21 attachFencedFrame(generateURL( 22 "resources/csp-frame-src-blocked-inner.html", 23 [key])); 24 const result = await nextValueFromServer(key); 25 26 const expected_blocked_uri = generateURL( 27 "resources/csp-frame-src-blocked-inner.html", [key]).toString(); 28 assert_equals(result, "fenced-frame-src;" + expected_blocked_uri, 29 "The fenced frame is blocked because of CSP violation"); 30 }, "csp-frame-src-blocked"); 31 32 promise_test(async () => { 33 assert_false(navigator.canLoadAdAuctionFencedFrame()); 34 }, "frame-src none is taken into account with navigator.canLoadAdAuctionFencedFrame"); 35 </script> 36 </body>