invalid.html (1270B)
1 <!DOCTYPE html> 2 <meta charset="utf-8"> 3 <title>X-Frame-Options invalid values</title> 4 <script src="/resources/testharness.js"></script> 5 <script src="/resources/testharnessreport.js"></script> 6 <script src="./support/helper.sub.js"></script> 7 8 <body> 9 <script> 10 "use strict"; 11 12 xfo_simple_tests({ 13 headerValue: `INVALID`, 14 sameOriginAllowed: true, 15 crossOriginAllowed: true 16 }); 17 18 xfo_simple_tests({ 19 headerValue: `ALLOW-FROM https://example.com/`, 20 sameOriginAllowed: true, 21 crossOriginAllowed: true 22 }); 23 24 xfo_simple_tests({ 25 headerValue: `ALLOW-FROM=https://example.com/`, 26 sameOriginAllowed: true, 27 crossOriginAllowed: true 28 }); 29 30 xfo_simple_tests({ 31 headerValue: `ALLOWALL`, 32 sameOriginAllowed: true, 33 crossOriginAllowed: true 34 }); 35 36 xfo_simple_tests({ 37 headerValue: `"DENY"`, 38 sameOriginAllowed: true, 39 crossOriginAllowed: true 40 }); 41 42 xfo_simple_tests({ 43 headerValue: `DE NY`, 44 sameOriginAllowed: true, 45 crossOriginAllowed: true 46 }); 47 48 xfo_simple_tests({ 49 headerValue: `"SAMEORIGIN"`, 50 sameOriginAllowed: true, 51 crossOriginAllowed: true 52 }); 53 54 xfo_simple_tests({ 55 headerValue: `"SAMEORIGIN,DENY"`, 56 sameOriginAllowed: true, 57 crossOriginAllowed: true 58 }); 59 60 xfo_simple_tests({ 61 headerValue: ``, 62 sameOriginAllowed: true, 63 crossOriginAllowed: true 64 }); 65 </script>