sameorigin.sub.html (1594B)
1 <!DOCTYPE html> 2 <meta charset="utf-8"> 3 <title>X-Frame-Options variations of SAMEORIGIN</title> 4 <script src="/resources/testharness.js"></script> 5 <script src="/resources/testharnessreport.js"></script> 6 <script src="./support/helper.sub.js"></script> 7 8 <body> 9 <script> 10 "use strict"; 11 12 xfo_simple_tests({ 13 headerValue: `SAMEORIGIN`, 14 sameOriginAllowed: true, 15 crossOriginAllowed: false 16 }); 17 18 xfo_simple_tests({ 19 headerValue: `sameOriGin`, 20 sameOriginAllowed: true, 21 crossOriginAllowed: false 22 }); 23 24 xfo_simple_tests({ 25 headerValue: ` SAMEORIGIN `, 26 sameOriginAllowed: true, 27 crossOriginAllowed: false 28 }); 29 30 xfo_test({ 31 url: `./support/nested.py?origin=http://{{host}}:{{ports[http][0]}}&value=SAMEORIGIN&loadShouldSucceed=true`, 32 check: "loaded message", 33 message: `SAMEORIGIN allows same-origin nested in same-origin framing` 34 }); 35 36 xfo_test({ 37 url: `./support/nested.py?origin=http://{{domains[www]}}:{{ports[http][0]}}&value=SAMEORIGIN`, 38 check: "failed message", 39 message: `SAMEORIGIN blocks cross-origin nested in same-origin framing` 40 }); 41 42 xfo_test({ 43 url: `http://{{domains[www]}}:{{ports[http][0]}}/x-frame-options/support/nested.py?origin=http://{{host}}:{{ports[http][0]}}&value=SAMEORIGIN`, 44 check: "failed message", 45 message: `SAMEORIGIN blocks same-origin nested in cross-origin framing` 46 }); 47 48 xfo_test({ 49 url: `http://{{domains[www]}}:{{ports[http][0]}}/x-frame-options/support/nested.py?origin=http://{{domains[www]}}:{{ports[http][0]}}&value=SAMEORIGIN`, 50 check: "failed message", 51 message: `SAMEORIGIN blocks cross-origin nested in cross-origin framing` 52 }); 53 </script>