tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

multiple.html (2646B)

      1 <!DOCTYPE html>
      2 <meta charset="utf-8">
      3 <title>X-Frame-Options headers sent multiple times</title>
      4 
      5 <!--
      6  This test is creating and navigating >90 iframes. This can exceed the
      7  "short" timeout".
      8 -->
      9 <meta name="timeout" content="long">
     10 
     11 <script src="/resources/testharness.js"></script>
     12 <script src="/resources/testharnessreport.js"></script>
     13 <script src="support/helper.sub.js"></script>
     14 
     15 <body>
     16 <script>
     17 "use strict";
     18 
     19 xfo_simple_tests({
     20  headerValue: `SAMEORIGIN`,
     21  headerValue2: `SAMEORIGIN`,
     22  sameOriginAllowed: true,
     23  crossOriginAllowed: false
     24 });
     25 
     26 xfo_simple_tests({
     27  headerValue: `SAMEORIGIN`,
     28  headerValue2: `sameOrigin`,
     29  sameOriginAllowed: true,
     30  crossOriginAllowed: false
     31 });
     32 
     33 xfo_simple_tests({
     34  headerValue: `SAMEORIGIN`,
     35  headerValue2: `DENY`,
     36  sameOriginAllowed: false,
     37  crossOriginAllowed: false
     38 });
     39 
     40 xfo_simple_tests({
     41  headerValue: `SAMEORIGIN`,
     42  headerValue2: `INVALID`,
     43  sameOriginAllowed: false,
     44  crossOriginAllowed: false
     45 });
     46 
     47 xfo_simple_tests({
     48  headerValue: `SAMEORIGIN`,
     49  headerValue2: `ALLOWALL`, // same as INVALID
     50  sameOriginAllowed: false,
     51  crossOriginAllowed: false
     52 });
     53 
     54 xfo_simple_tests({
     55  headerValue: `SAMEORIGIN`,
     56  headerValue2: `"DENY"`, // same as INVALID
     57  sameOriginAllowed: false,
     58  crossOriginAllowed: false
     59 });
     60 
     61 xfo_simple_tests({
     62  headerValue: `SAMEORIGIN`,
     63  headerValue2: ``, // same as INVALID
     64  sameOriginAllowed: false,
     65  crossOriginAllowed: false
     66 });
     67 
     68 xfo_simple_tests({
     69  headerValue: `DENY`,
     70  headerValue2: `DENY`,
     71  sameOriginAllowed: false,
     72  crossOriginAllowed: false
     73 });
     74 
     75 xfo_simple_tests({
     76  headerValue: `DENY`,
     77  headerValue2: `INVALID`,
     78  sameOriginAllowed: false,
     79  crossOriginAllowed: false
     80 });
     81 
     82 xfo_simple_tests({
     83  headerValue: `DENY`,
     84  headerValue2: `ALLOWALL`, // same as INVALID
     85  sameOriginAllowed: false,
     86  crossOriginAllowed: false
     87 });
     88 
     89 xfo_simple_tests({
     90  headerValue: `DENY`,
     91  headerValue2: `"SAMEORIGIN"`, // same as INVALID
     92  sameOriginAllowed: false,
     93  crossOriginAllowed: false
     94 });
     95 
     96 xfo_simple_tests({
     97  headerValue: `ALLOWALL`,
     98  headerValue2: `INVALID`,
     99  sameOriginAllowed: false,
    100  crossOriginAllowed: false
    101 });
    102 
    103 xfo_simple_tests({
    104  headerValue: `ALLOWALL`,
    105  headerValue2: ``,
    106  sameOriginAllowed: false,
    107  crossOriginAllowed: false
    108 });
    109 
    110 xfo_simple_tests({
    111  headerValue: `allowAll`,
    112  headerValue2: `INVALID`,
    113  sameOriginAllowed: false,
    114  crossOriginAllowed: false
    115 });
    116 
    117 xfo_simple_tests({
    118  headerValue: `INVALID`,
    119  headerValue2: `INVALID`,
    120  sameOriginAllowed: true,
    121  crossOriginAllowed: true
    122 });
    123 
    124 xfo_simple_tests({
    125  headerValue: `INVALID`,
    126  headerValue2: ``,
    127  sameOriginAllowed: true,
    128  crossOriginAllowed: true
    129 });
    130 
    131 </script>