iframe-coep-disallow.h2.html (1448B)
1 <!DOCTYPE html> 2 <head> 3 <meta charset="utf-8"> 4 <script src="/common/utils.js"></script> 5 <script src="/resources/testharness.js"></script> 6 <script src="/resources/testharnessreport.js"></script> 7 <script src="resources/early-hints-helpers.sub.js"></script> 8 </head> 9 <body> 10 <script> 11 promise_test(async (t) => { 12 const iframe = document.createElement("iframe"); 13 14 const resource_url = CROSS_ORIGIN_RESOURCES_URL + "/empty.js?" + token(); 15 const params = new URLSearchParams(); 16 params.set("resource-url", resource_url); 17 params.set("token", token()); 18 const iframe_url = CROSS_ORIGIN_RESOURCES_URL + "/html-with-early-hints.h2.py?" + params.toString(); 19 20 iframe.src = iframe_url; 21 document.body.appendChild(iframe); 22 // Make sure the iframe didn't load. See https://github.com/whatwg/html/issues/125 for why a 23 // timeout is used here. Long term all network error handling should be similar and have a 24 // reliable event. 25 assert_equals(iframe.contentDocument.body.localName, "body"); 26 await t.step_wait(() => iframe.contentDocument === null); 27 28 // Fetch the hinted resource and make sure it's not preloaded. 29 await fetchScript(resource_url); 30 const entries = performance.getEntriesByName(resource_url); 31 assert_equals(entries.length, 1); 32 assert_not_equals(entries[0].transferSize, 0); 33 }, "Early hints for an iframe that violates Cross-Origin-Embedder-Policy should be ignored."); 34 </script> 35 </body>