iframe-x-frame-options-deny.h2.window.js (1267B)
1 // META: script=/common/utils.js 2 // META: script=resources/early-hints-helpers.sub.js 3 4 promise_test(async (t) => { 5 const iframe = document.createElement("iframe"); 6 7 const resource_url = SAME_ORIGIN_RESOURCES_URL + "/empty.js?" + token(); 8 const params = new URLSearchParams(); 9 params.set("resource-url", resource_url); 10 params.set("token", token()); 11 params.set("x-frame-options", "DENY"); 12 const iframe_url = SAME_ORIGIN_RESOURCES_URL + "/html-with-early-hints.h2.py?" + params.toString(); 13 14 iframe.src = iframe_url; 15 document.body.appendChild(iframe); 16 // Make sure the iframe didn't load. See https://github.com/whatwg/html/issues/125 for why a 17 // timeout is used here. Long term all network error handling should be similar and have a 18 // reliable event. 19 assert_equals(iframe.contentDocument.body.localName, "body"); 20 await t.step_wait(() => iframe.contentDocument === null); 21 22 // Fetch the hinted resource and make sure it's not preloaded. 23 await fetchScript(resource_url); 24 const entries = performance.getEntriesByName(resource_url); 25 assert_equals(entries.length, 1); 26 assert_not_equals(entries[0].transferSize, 0); 27 }, "Early hints for an iframe that violates X-Frame-Options should be ignored.");