'navigate-to' directive tests
PR: https://github.com/w3c/webappsec-csp/pull/290
Bug: 805886
Change-Id: I5bdda65c7e70e729b33a3647135fee6453e97e66
Reviewed-on: https://chromium-review.googlesource.com/934181
Commit-Queue: Andy Paicu <andypaicu@chromium.org>
Reviewed-by: Mike West <mkwst@chromium.org>
Cr-Commit-Position: refs/heads/master@{#541769}diff --git a/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/anchor-navigation-always-allowed.html b/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/anchor-navigation-always-allowed.html
new file mode 100644
index 0000000..1cf01a7
--- /dev/null
+++ b/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/anchor-navigation-always-allowed.html
@@ -0,0 +1,23 @@
+<!DOCTYPE html>
+
+<head>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+</head>
+
+<body>
+
+<a name="anchor"></a>
+
+<script>
+ var t = async_test("Test that anchor navigation is allowed regardless of the `navigate-to` directive");
+
+ window.addEventListener('securitypolicyviolation', t.unreached_func("Should not have triggered any violation"));
+
+ try {
+ window.location.hash = "anchor";
+ t.done();
+ } catch(ex) {}
+</script>
+
+</body>
\ No newline at end of file
diff --git a/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/anchor-navigation-always-allowed.html.headers b/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/anchor-navigation-always-allowed.html.headers
new file mode 100644
index 0000000..739a2ce
--- /dev/null
+++ b/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/anchor-navigation-always-allowed.html.headers
@@ -0,0 +1,4 @@
+Expires: Mon, 26 Jul 1997 05:00:00 GMT
+Cache-Control: no-store, no-cache, must-revalidate
+Pragma: no-cache
+Content-Security-Policy: navigate-to 'none'
diff --git a/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/child-navigates-parent-allowed.html b/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/child-navigates-parent-allowed.html
new file mode 100644
index 0000000..3848c2f
--- /dev/null
+++ b/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/child-navigates-parent-allowed.html
@@ -0,0 +1,18 @@
+<!DOCTYPE html>
+
+<head>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+</head>
+
+<body>
+<script>
+ var t = async_test("Test that the child can navigate the parent because the relevant policy belongs to the navigation initiator (in this case the child)");
+ window.onmessage = t.step_func_done(function(e) {
+ assert_equals(e.data.result, 'success');
+ });
+</script>
+
+<iframe srcdoc="<iframe src='support/navigate_parent.sub.html?csp=navigate-to%20%27self%27'>">
+
+</body>
\ No newline at end of file
diff --git a/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/child-navigates-parent-allowed.html.headers b/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/child-navigates-parent-allowed.html.headers
new file mode 100644
index 0000000..7d5e85e
--- /dev/null
+++ b/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/child-navigates-parent-allowed.html.headers
@@ -0,0 +1,4 @@
+Expires: Mon, 26 Jul 1997 05:00:00 GMT
+Cache-Control: no-store, no-cache, must-revalidate
+Pragma: no-cache
+Content-Security-Policy: navigate-to support/navigate_parent.sub.html
diff --git a/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/child-navigates-parent-blocked-expected.txt b/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/child-navigates-parent-blocked-expected.txt
new file mode 100644
index 0000000..1a4d1706
--- /dev/null
+++ b/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/child-navigates-parent-blocked-expected.txt
@@ -0,0 +1,4 @@
+This is a testharness.js-based test.
+FAIL Test that the child can't navigate the parent because the relevant policy belongs to the navigation initiator (in this case the child) assert_equals: expected "fail" but got "success"
+Harness: the test ran to completion.
+
diff --git a/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/child-navigates-parent-blocked.html b/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/child-navigates-parent-blocked.html
new file mode 100644
index 0000000..a5bea3ff
--- /dev/null
+++ b/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/child-navigates-parent-blocked.html
@@ -0,0 +1,19 @@
+<!DOCTYPE html>
+
+<head>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+</head>
+
+<body>
+<script>
+ var t = async_test("Test that the child can't navigate the parent because the relevant policy belongs to the navigation initiator (in this case the child)");
+ window.onmessage = t.step_func_done(function(e) {
+ assert_equals(e.data.result, 'fail');
+ assert_equals(e.data.violatedDirective, 'navigate-to');
+ });
+</script>
+
+<iframe srcdoc="<iframe src='support/navigate_parent.sub.html?csp=navigate-to%20%27none%27'>">
+
+</body>
\ No newline at end of file
diff --git a/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/child-navigates-parent-blocked.html.headers b/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/child-navigates-parent-blocked.html.headers
new file mode 100644
index 0000000..9cb770b
--- /dev/null
+++ b/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/child-navigates-parent-blocked.html.headers
@@ -0,0 +1,4 @@
+Expires: Mon, 26 Jul 1997 05:00:00 GMT
+Cache-Control: no-store, no-cache, must-revalidate
+Pragma: no-cache
+Content-Security-Policy: navigate-to 'self'
diff --git a/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/form-action/form-action-allows-navigate-to-allows.html b/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/form-action/form-action-allows-navigate-to-allows.html
new file mode 100644
index 0000000..452b88182
--- /dev/null
+++ b/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/form-action/form-action-allows-navigate-to-allows.html
@@ -0,0 +1,16 @@
+<!DOCTYPE html>
+
+<head>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+</head>
+
+<body>
+<script>
+ var t = async_test("Test that form-action overrides navigate-to when present.");
+ window.onmessage = t.step_func_done(function(e) {
+ assert_equals(e.data.result, 'success');
+ });
+</script>
+<iframe src="../support/form_action_navigation.sub.html?csp=navigate-to%20%27self%27%3B%20form-action%20%27self%27%3B&action=post_message_to_frame_owner.html">
+</body>
\ No newline at end of file
diff --git a/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/form-action/form-action-allows-navigate-to-blocks.html b/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/form-action/form-action-allows-navigate-to-blocks.html
new file mode 100644
index 0000000..44dcc51
--- /dev/null
+++ b/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/form-action/form-action-allows-navigate-to-blocks.html
@@ -0,0 +1,16 @@
+<!DOCTYPE html>
+
+<head>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+</head>
+
+<body>
+<script>
+ var t = async_test("Test that form-action overrides navigate-to when present.");
+ window.onmessage = t.step_func_done(function(e) {
+ assert_equals(e.data.result, 'success');
+ });
+</script>
+<iframe src="../support/form_action_navigation.sub.html?csp=navigate-to%20%27none%27%3B%20form-action%20%27self%27%3B&action=post_message_to_frame_owner.html">
+</body>
\ No newline at end of file
diff --git a/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/form-action/form-action-blocks-navigate-to-allows.html b/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/form-action/form-action-blocks-navigate-to-allows.html
new file mode 100644
index 0000000..5e6557d
--- /dev/null
+++ b/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/form-action/form-action-blocks-navigate-to-allows.html
@@ -0,0 +1,17 @@
+<!DOCTYPE html>
+
+<head>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+</head>
+
+<body>
+<script>
+ var t = async_test("Test that form-action overrides navigate-to when present.");
+ window.onmessage = t.step_func_done(function(e) {
+ assert_equals(e.data.result, 'fail');
+ assert_equals(e.data.violatedDirective, 'form-action');
+ });
+</script>
+<iframe src="../support/form_action_navigation.sub.html?csp=navigate-to%20%27self%27%3B%20form-action%20%27none%27%3B&action=post_message_to_frame_owner.html">
+</body>
\ No newline at end of file
diff --git a/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/form-action/form-action-blocks-navigate-to-blocks.html b/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/form-action/form-action-blocks-navigate-to-blocks.html
new file mode 100644
index 0000000..9f9c803d
--- /dev/null
+++ b/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/form-action/form-action-blocks-navigate-to-blocks.html
@@ -0,0 +1,17 @@
+<!DOCTYPE html>
+
+<head>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+</head>
+
+<body>
+<script>
+ var t = async_test("Test that form-action overrides navigate-to when present.");
+ window.onmessage = t.step_func_done(function(e) {
+ assert_equals(e.data.result, 'fail');
+ assert_equals(e.data.violatedDirective, 'form-action');
+ });
+</script>
+<iframe src="../support/form_action_navigation.sub.html?csp=navigate-to%20%27none%27%3B%20form-action%20%27none%27%3B&action=post_message_to_frame_owner.html">
+</body>
\ No newline at end of file
diff --git a/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/form-allowed.html b/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/form-allowed.html
new file mode 100644
index 0000000..c1a88b27
--- /dev/null
+++ b/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/form-allowed.html
@@ -0,0 +1,16 @@
+<!DOCTYPE html>
+
+<head>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+</head>
+
+<body>
+<script>
+ var t = async_test("Test that the child iframe navigation is allowed");
+ window.onmessage = t.step_func_done(function(e) {
+ assert_equals(e.data.result, 'success');
+ });
+</script>
+<iframe src="support/form_action_navigation.sub.html?csp=navigate-to%20%27self%27&action=post_message_to_frame_owner.html">
+</body>
\ No newline at end of file
diff --git a/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/form-blocked-expected.txt b/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/form-blocked-expected.txt
new file mode 100644
index 0000000..cf4f79d
--- /dev/null
+++ b/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/form-blocked-expected.txt
@@ -0,0 +1,4 @@
+This is a testharness.js-based test.
+FAIL Test that the child iframe navigation is blocked assert_equals: expected "fail" but got "success"
+Harness: the test ran to completion.
+
diff --git a/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/form-blocked.html b/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/form-blocked.html
new file mode 100644
index 0000000..233db53
--- /dev/null
+++ b/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/form-blocked.html
@@ -0,0 +1,17 @@
+<!DOCTYPE html>
+
+<head>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+</head>
+
+<body>
+<script>
+ var t = async_test("Test that the child iframe navigation is blocked");
+ window.onmessage = t.step_func_done(function(e) {
+ assert_equals(e.data.result, 'fail');
+ assert_equals(e.data.violatedDirective, 'navigate-to');
+ });
+</script>
+<iframe src="support/form_action_navigation.sub.html?csp=navigate-to%20%27none%27&action=post_message_to_frame_owner.html">
+</body>
\ No newline at end of file
diff --git a/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/form-cross-origin-allowed.sub.html b/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/form-cross-origin-allowed.sub.html
new file mode 100644
index 0000000..a082786
--- /dev/null
+++ b/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/form-cross-origin-allowed.sub.html
@@ -0,0 +1,16 @@
+<!DOCTYPE html>
+
+<head>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+</head>
+
+<body>
+<script>
+ var t = async_test("Test that the child iframe navigation is allowed");
+ window.onmessage = t.step_func_done(function(e) {
+ assert_equals(e.data.result, 'success');
+ });
+</script>
+<iframe src="support/form_action_navigation.sub.html?csp=navigate-to%20http%3A%2F%2F{{domains[www1]}}:{{ports[http][0]}}&action=http%3A%2F%2F{{domains[www1]}}:{{ports[http][0]}}%2Fcontent-security-policy%2Fnavigate-to%2Fsupport%2Fpost_message_to_frame_owner.html">
+</body>
\ No newline at end of file
diff --git a/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/form-cross-origin-blocked.sub-expected.txt b/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/form-cross-origin-blocked.sub-expected.txt
new file mode 100644
index 0000000..cf4f79d
--- /dev/null
+++ b/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/form-cross-origin-blocked.sub-expected.txt
@@ -0,0 +1,4 @@
+This is a testharness.js-based test.
+FAIL Test that the child iframe navigation is blocked assert_equals: expected "fail" but got "success"
+Harness: the test ran to completion.
+
diff --git a/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/form-cross-origin-blocked.sub.html b/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/form-cross-origin-blocked.sub.html
new file mode 100644
index 0000000..e8e653c
--- /dev/null
+++ b/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/form-cross-origin-blocked.sub.html
@@ -0,0 +1,17 @@
+<!DOCTYPE html>
+
+<head>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+</head>
+
+<body>
+<script>
+ var t = async_test("Test that the child iframe navigation is blocked");
+ window.onmessage = t.step_func_done(function(e) {
+ assert_equals(e.data.result, 'fail');
+ assert_equals(e.data.violatedDirective, 'navigate-to');
+ });
+</script>
+<iframe src="support/form_action_navigation.sub.html?csp=navigate-to%20%27self%27&action=http%3A%2F%2F{{domains[www1]}}:{{ports[http][0]}}%2Fcontent-security-policy%2Fnavigate-to%2Fsupport%2Fpost_message_to_frame_owner.html">
+</body>
\ No newline at end of file
diff --git a/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/form-redirected-allowed.html b/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/form-redirected-allowed.html
new file mode 100644
index 0000000..7612d206
--- /dev/null
+++ b/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/form-redirected-allowed.html
@@ -0,0 +1,16 @@
+<!DOCTYPE html>
+
+<head>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+</head>
+
+<body>
+<script>
+ var t = async_test("Test that the child iframe navigation is allowed");
+ window.onmessage = t.step_func_done(function(e) {
+ assert_equals(e.data.result, 'success');
+ });
+</script>
+<iframe src="support/form_action_navigation.sub.html?csp=navigate-to%20%27self%27&action=redirect_to_post_message_to_frame_owner.py">
+</body>
\ No newline at end of file
diff --git a/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/form-redirected-blocked.sub-expected.txt b/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/form-redirected-blocked.sub-expected.txt
new file mode 100644
index 0000000..cf4f79d
--- /dev/null
+++ b/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/form-redirected-blocked.sub-expected.txt
@@ -0,0 +1,4 @@
+This is a testharness.js-based test.
+FAIL Test that the child iframe navigation is blocked assert_equals: expected "fail" but got "success"
+Harness: the test ran to completion.
+
diff --git a/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/form-redirected-blocked.sub.html b/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/form-redirected-blocked.sub.html
new file mode 100644
index 0000000..6f4e1ac8
--- /dev/null
+++ b/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/form-redirected-blocked.sub.html
@@ -0,0 +1,17 @@
+<!DOCTYPE html>
+
+<head>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+</head>
+
+<body>
+<script>
+ var t = async_test("Test that the child iframe navigation is blocked");
+ window.onmessage = t.step_func_done(function(e) {
+ assert_equals(e.data.result, 'fail');
+ assert_equals(e.data.violatedDirective, 'navigate-to');
+ });
+</script>
+<iframe src="support/form_action_navigation.sub.html?csp=navigate-to%20{{location[server]}}/content-security-policy/navigate-to/support/redirect_to_post_message_to_frame_owner.py&action=redirect_to_post_message_to_frame_owner.py">
+</body>
\ No newline at end of file
diff --git a/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/href-location-allowed.html b/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/href-location-allowed.html
new file mode 100644
index 0000000..e8896c8d
--- /dev/null
+++ b/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/href-location-allowed.html
@@ -0,0 +1,18 @@
+<!DOCTYPE html>
+
+<head>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+</head>
+
+<body>
+<script>
+ var t = async_test("Test that the child iframe navigation is allowed");
+ window.onmessage = t.step_func_done(function(e) {
+ assert_equals(e.data.result, 'success');
+ });
+
+ window.open("support/href_location_navigation.sub.html?csp=navigate-to%20%27self%27&target=post_message_to_frame_owner.html", "_blank");
+</script>
+
+</body>
\ No newline at end of file
diff --git a/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/href-location-blocked-expected.txt b/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/href-location-blocked-expected.txt
new file mode 100644
index 0000000..cf4f79d
--- /dev/null
+++ b/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/href-location-blocked-expected.txt
@@ -0,0 +1,4 @@
+This is a testharness.js-based test.
+FAIL Test that the child iframe navigation is blocked assert_equals: expected "fail" but got "success"
+Harness: the test ran to completion.
+
diff --git a/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/href-location-blocked.html b/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/href-location-blocked.html
new file mode 100644
index 0000000..50947848
--- /dev/null
+++ b/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/href-location-blocked.html
@@ -0,0 +1,19 @@
+<!DOCTYPE html>
+
+<head>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+</head>
+
+<body>
+<script>
+ var t = async_test("Test that the child iframe navigation is blocked");
+ window.onmessage = t.step_func_done(function(e) {
+ assert_equals(e.data.result, 'fail');
+ assert_equals(e.data.violatedDirective, 'navigate-to');
+ });
+
+ window.open("support/href_location_navigation.sub.html?csp=navigate-to%20%27none%27&target=post_message_to_frame_owner.html", "_blank");
+</script>
+
+</body>
\ No newline at end of file
diff --git a/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/href-location-cross-origin-allowed.sub.html b/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/href-location-cross-origin-allowed.sub.html
new file mode 100644
index 0000000..0009b6c
--- /dev/null
+++ b/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/href-location-cross-origin-allowed.sub.html
@@ -0,0 +1,18 @@
+<!DOCTYPE html>
+
+<head>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+</head>
+
+<body>
+<script>
+ var t = async_test("Test that the child iframe navigation is allowed");
+ window.onmessage = t.step_func_done(function(e) {
+ assert_equals(e.data.result, 'success');
+ });
+
+ window.open("support/href_location_navigation.sub.html?csp=navigate-to%20http%3A%2F%2F{{domains[www1]}}:{{ports[http][0]}}&target=http%3A%2F%2F{{domains[www1]}}:{{ports[http][0]}}%2Fcontent-security-policy%2Fnavigate-to%2Fsupport%2Fpost_message_to_frame_owner.html", "_blank");
+</script>
+
+</body>
\ No newline at end of file
diff --git a/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/href-location-cross-origin-blocked.sub-expected.txt b/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/href-location-cross-origin-blocked.sub-expected.txt
new file mode 100644
index 0000000..cf4f79d
--- /dev/null
+++ b/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/href-location-cross-origin-blocked.sub-expected.txt
@@ -0,0 +1,4 @@
+This is a testharness.js-based test.
+FAIL Test that the child iframe navigation is blocked assert_equals: expected "fail" but got "success"
+Harness: the test ran to completion.
+
diff --git a/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/href-location-cross-origin-blocked.sub.html b/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/href-location-cross-origin-blocked.sub.html
new file mode 100644
index 0000000..ef0d787
--- /dev/null
+++ b/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/href-location-cross-origin-blocked.sub.html
@@ -0,0 +1,19 @@
+<!DOCTYPE html>
+
+<head>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+</head>
+
+<body>
+<script>
+ var t = async_test("Test that the child iframe navigation is blocked");
+ window.onmessage = t.step_func_done(function(e) {
+ assert_equals(e.data.result, 'fail');
+ assert_equals(e.data.violatedDirective, 'navigate-to');
+ });
+
+ window.open("support/href_location_navigation.sub.html?csp=navigate-to%20%27self%27&target=http%3A%2F%2F{{domains[www1]}}:{{ports[http][0]}}%2Fcontent-security-policy%2Fnavigate-to%2Fsupport%2Fpost_message_to_frame_owner.html", "_blank");
+</script>
+
+</body>
\ No newline at end of file
diff --git a/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/href-location-redirected-allowed.html b/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/href-location-redirected-allowed.html
new file mode 100644
index 0000000..4f535bf3
--- /dev/null
+++ b/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/href-location-redirected-allowed.html
@@ -0,0 +1,18 @@
+<!DOCTYPE html>
+
+<head>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+</head>
+
+<body>
+<script>
+ var t = async_test("Test that the child iframe navigation is allowed");
+ window.onmessage = t.step_func_done(function(e) {
+ assert_equals(e.data.result, 'success');
+ });
+
+ window.open("support/href_location_navigation.sub.html?csp=navigate-to%20%27self%27&target=redirect_to_post_message_to_frame_owner.py", "_blank");
+</script>
+
+</body>
\ No newline at end of file
diff --git a/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/href-location-redirected-blocked.sub-expected.txt b/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/href-location-redirected-blocked.sub-expected.txt
new file mode 100644
index 0000000..cf4f79d
--- /dev/null
+++ b/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/href-location-redirected-blocked.sub-expected.txt
@@ -0,0 +1,4 @@
+This is a testharness.js-based test.
+FAIL Test that the child iframe navigation is blocked assert_equals: expected "fail" but got "success"
+Harness: the test ran to completion.
+
diff --git a/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/href-location-redirected-blocked.sub.html b/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/href-location-redirected-blocked.sub.html
new file mode 100644
index 0000000..8a0047d
--- /dev/null
+++ b/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/href-location-redirected-blocked.sub.html
@@ -0,0 +1,19 @@
+<!DOCTYPE html>
+
+<head>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+</head>
+
+<body>
+<script>
+ var t = async_test("Test that the child iframe navigation is blocked");
+ window.onmessage = t.step_func_done(function(e) {
+ assert_equals(e.data.result, 'fail');
+ assert_equals(e.data.violatedDirective, 'navigate-to');
+ });
+
+ window.open("support/href_location_navigation.sub.html?csp=navigate-to%20{{location[server]}}/content-security-policy/navigate-to/support/redirect_to_post_message_to_frame_owner.py&target=redirect_to_post_message_to_frame_owner.py", "_blank");
+</script>
+
+</body>
\ No newline at end of file
diff --git a/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/link-click-allowed.html b/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/link-click-allowed.html
new file mode 100644
index 0000000..977b85d
--- /dev/null
+++ b/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/link-click-allowed.html
@@ -0,0 +1,16 @@
+<!DOCTYPE html>
+
+<head>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+</head>
+
+<body>
+<script>
+ var t = async_test("Test that the child iframe navigation is allowed");
+ window.onmessage = t.step_func_done(function(e) {
+ assert_equals(e.data.result, 'success');
+ });
+</script>
+<iframe src="support/link_click_navigation.sub.html?csp=navigate-to%20%27self%27&target=post_message_to_frame_owner.html">
+</body>
\ No newline at end of file
diff --git a/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/link-click-blocked-expected.txt b/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/link-click-blocked-expected.txt
new file mode 100644
index 0000000..cf4f79d
--- /dev/null
+++ b/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/link-click-blocked-expected.txt
@@ -0,0 +1,4 @@
+This is a testharness.js-based test.
+FAIL Test that the child iframe navigation is blocked assert_equals: expected "fail" but got "success"
+Harness: the test ran to completion.
+
diff --git a/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/link-click-blocked.html b/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/link-click-blocked.html
new file mode 100644
index 0000000..6817da2
--- /dev/null
+++ b/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/link-click-blocked.html
@@ -0,0 +1,17 @@
+<!DOCTYPE html>
+
+<head>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+</head>
+
+<body>
+<script>
+ var t = async_test("Test that the child iframe navigation is blocked");
+ window.onmessage = t.step_func_done(function(e) {
+ assert_equals(e.data.result, 'fail');
+ assert_equals(e.data.violatedDirective, 'navigate-to');
+ });
+</script>
+<iframe src="support/link_click_navigation.sub.html?csp=navigate-to%20%27none%27&target=post_message_to_frame_owner.html">
+</body>
\ No newline at end of file
diff --git a/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/link-click-cross-origin-allowed.sub.html b/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/link-click-cross-origin-allowed.sub.html
new file mode 100644
index 0000000..4381bcb
--- /dev/null
+++ b/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/link-click-cross-origin-allowed.sub.html
@@ -0,0 +1,16 @@
+<!DOCTYPE html>
+
+<head>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+</head>
+
+<body>
+<script>
+ var t = async_test("Test that the child iframe navigation is allowed");
+ window.onmessage = t.step_func_done(function(e) {
+ assert_equals(e.data.result, 'success');
+ });
+</script>
+<iframe src="support/link_click_navigation.sub.html?csp=navigate-to%20http%3A%2F%2F{{domains[www1]}}:{{ports[http][0]}}&target=http%3A%2F%2F{{domains[www1]}}:{{ports[http][0]}}%2Fcontent-security-policy%2Fnavigate-to%2Fsupport%2Fpost_message_to_frame_owner.html">
+</body>
\ No newline at end of file
diff --git a/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/link-click-cross-origin-blocked.sub-expected.txt b/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/link-click-cross-origin-blocked.sub-expected.txt
new file mode 100644
index 0000000..cf4f79d
--- /dev/null
+++ b/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/link-click-cross-origin-blocked.sub-expected.txt
@@ -0,0 +1,4 @@
+This is a testharness.js-based test.
+FAIL Test that the child iframe navigation is blocked assert_equals: expected "fail" but got "success"
+Harness: the test ran to completion.
+
diff --git a/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/link-click-cross-origin-blocked.sub.html b/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/link-click-cross-origin-blocked.sub.html
new file mode 100644
index 0000000..1041506e
--- /dev/null
+++ b/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/link-click-cross-origin-blocked.sub.html
@@ -0,0 +1,17 @@
+<!DOCTYPE html>
+
+<head>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+</head>
+
+<body>
+<script>
+ var t = async_test("Test that the child iframe navigation is blocked");
+ window.onmessage = t.step_func_done(function(e) {
+ assert_equals(e.data.result, 'fail');
+ assert_equals(e.data.violatedDirective, 'navigate-to');
+ });
+</script>
+<iframe src="support/link_click_navigation.sub.html?csp=navigate-to%20%27self%27&target=http%3A%2F%2F{{domains[www1]}}:{{ports[http][0]}}%2Fcontent-security-policy%2Fnavigate-to%2Fsupport%2Fpost_message_to_frame_owner.html">
+</body>
\ No newline at end of file
diff --git a/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/link-click-redirected-allowed.html b/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/link-click-redirected-allowed.html
new file mode 100644
index 0000000..87dea95
--- /dev/null
+++ b/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/link-click-redirected-allowed.html
@@ -0,0 +1,16 @@
+<!DOCTYPE html>
+
+<head>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+</head>
+
+<body>
+<script>
+ var t = async_test("Test that the child iframe navigation is allowed");
+ window.onmessage = t.step_func_done(function(e) {
+ assert_equals(e.data.result, 'success');
+ });
+</script>
+<iframe src="support/link_click_navigation.sub.html?csp=navigate-to%20%27self%27&target=redirect_to_post_message_to_frame_owner.py">
+</body>
\ No newline at end of file
diff --git a/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/link-click-redirected-blocked.sub-expected.txt b/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/link-click-redirected-blocked.sub-expected.txt
new file mode 100644
index 0000000..cf4f79d
--- /dev/null
+++ b/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/link-click-redirected-blocked.sub-expected.txt
@@ -0,0 +1,4 @@
+This is a testharness.js-based test.
+FAIL Test that the child iframe navigation is blocked assert_equals: expected "fail" but got "success"
+Harness: the test ran to completion.
+
diff --git a/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/link-click-redirected-blocked.sub.html b/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/link-click-redirected-blocked.sub.html
new file mode 100644
index 0000000..f0bf4df
--- /dev/null
+++ b/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/link-click-redirected-blocked.sub.html
@@ -0,0 +1,17 @@
+<!DOCTYPE html>
+
+<head>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+</head>
+
+<body>
+<script>
+ var t = async_test("Test that the child iframe navigation is blocked");
+ window.onmessage = t.step_func_done(function(e) {
+ assert_equals(e.data.result, 'fail');
+ assert_equals(e.data.violatedDirective, 'navigate-to');
+ });
+</script>
+<iframe src="support/link_click_navigation.sub.html?csp=navigate-to%20{{location[server]}}/content-security-policy/navigate-to/support/redirect_to_post_message_to_frame_owner.py&target=redirect_to_post_message_to_frame_owner.py">
+</body>
\ No newline at end of file
diff --git a/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/meta-refresh-allowed.html b/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/meta-refresh-allowed.html
new file mode 100644
index 0000000..eeaefc4
--- /dev/null
+++ b/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/meta-refresh-allowed.html
@@ -0,0 +1,16 @@
+<!DOCTYPE html>
+
+<head>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+</head>
+
+<body>
+<script>
+ var t = async_test("Test that the child iframe navigation is allowed");
+ window.onmessage = t.step_func_done(function(e) {
+ assert_equals(e.data.result, 'success');
+ });
+</script>
+<iframe src="support/meta_refresh_navigation.sub.html?csp=navigate-to%20%27self%27&target=post_message_to_frame_owner.html">
+</body>
\ No newline at end of file
diff --git a/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/meta-refresh-blocked-expected.txt b/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/meta-refresh-blocked-expected.txt
new file mode 100644
index 0000000..cf4f79d
--- /dev/null
+++ b/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/meta-refresh-blocked-expected.txt
@@ -0,0 +1,4 @@
+This is a testharness.js-based test.
+FAIL Test that the child iframe navigation is blocked assert_equals: expected "fail" but got "success"
+Harness: the test ran to completion.
+
diff --git a/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/meta-refresh-blocked.html b/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/meta-refresh-blocked.html
new file mode 100644
index 0000000..7acf68dd
--- /dev/null
+++ b/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/meta-refresh-blocked.html
@@ -0,0 +1,17 @@
+<!DOCTYPE html>
+
+<head>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+</head>
+
+<body>
+<script>
+ var t = async_test("Test that the child iframe navigation is blocked");
+ window.onmessage = t.step_func_done(function(e) {
+ assert_equals(e.data.result, 'fail');
+ assert_equals(e.data.violatedDirective, 'navigate-to');
+ });
+</script>
+<iframe src="support/meta_refresh_navigation.sub.html?csp=navigate-to%20%27none%27&target=post_message_to_frame_owner.html">
+</body>
\ No newline at end of file
diff --git a/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/meta-refresh-cross-origin-allowed.sub.html b/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/meta-refresh-cross-origin-allowed.sub.html
new file mode 100644
index 0000000..39e887e
--- /dev/null
+++ b/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/meta-refresh-cross-origin-allowed.sub.html
@@ -0,0 +1,16 @@
+<!DOCTYPE html>
+
+<head>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+</head>
+
+<body>
+<script>
+ var t = async_test("Test that the child iframe navigation is allowed");
+ window.onmessage = t.step_func_done(function(e) {
+ assert_equals(e.data.result, 'success');
+ });
+</script>
+<iframe src="support/meta_refresh_navigation.sub.html?csp=navigate-to%20http%3A%2F%2F{{domains[www1]}}:{{ports[http][0]}}&target=http%3A%2F%2F{{domains[www1]}}:{{ports[http][0]}}%2Fcontent-security-policy%2Fnavigate-to%2Fsupport%2Fpost_message_to_frame_owner.html">
+</body>
\ No newline at end of file
diff --git a/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/meta-refresh-cross-origin-blocked.sub-expected.txt b/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/meta-refresh-cross-origin-blocked.sub-expected.txt
new file mode 100644
index 0000000..cf4f79d
--- /dev/null
+++ b/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/meta-refresh-cross-origin-blocked.sub-expected.txt
@@ -0,0 +1,4 @@
+This is a testharness.js-based test.
+FAIL Test that the child iframe navigation is blocked assert_equals: expected "fail" but got "success"
+Harness: the test ran to completion.
+
diff --git a/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/meta-refresh-cross-origin-blocked.sub.html b/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/meta-refresh-cross-origin-blocked.sub.html
new file mode 100644
index 0000000..627744e
--- /dev/null
+++ b/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/meta-refresh-cross-origin-blocked.sub.html
@@ -0,0 +1,17 @@
+<!DOCTYPE html>
+
+<head>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+</head>
+
+<body>
+<script>
+ var t = async_test("Test that the child iframe navigation is blocked");
+ window.onmessage = t.step_func_done(function(e) {
+ assert_equals(e.data.result, 'fail');
+ assert_equals(e.data.violatedDirective, 'navigate-to');
+ });
+</script>
+<iframe src="support/meta_refresh_navigation.sub.html?csp=navigate-to%20%27self%27&target=http%3A%2F%2F{{domains[www1]}}:{{ports[http][0]}}%2Fcontent-security-policy%2Fnavigate-to%2Fsupport%2Fpost_message_to_frame_owner.html">
+</body>
\ No newline at end of file
diff --git a/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/meta-refresh-redirected-allowed.html b/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/meta-refresh-redirected-allowed.html
new file mode 100644
index 0000000..de756bc
--- /dev/null
+++ b/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/meta-refresh-redirected-allowed.html
@@ -0,0 +1,16 @@
+<!DOCTYPE html>
+
+<head>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+</head>
+
+<body>
+<script>
+ var t = async_test("Test that the child iframe navigation is allowed");
+ window.onmessage = t.step_func_done(function(e) {
+ assert_equals(e.data.result, 'success');
+ });
+</script>
+<iframe src="support/meta_refresh_navigation.sub.html?csp=navigate-to%20%27self%27&target=redirect_to_post_message_to_frame_owner.py">
+</body>
\ No newline at end of file
diff --git a/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/meta-refresh-redirected-blocked.sub-expected.txt b/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/meta-refresh-redirected-blocked.sub-expected.txt
new file mode 100644
index 0000000..cf4f79d
--- /dev/null
+++ b/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/meta-refresh-redirected-blocked.sub-expected.txt
@@ -0,0 +1,4 @@
+This is a testharness.js-based test.
+FAIL Test that the child iframe navigation is blocked assert_equals: expected "fail" but got "success"
+Harness: the test ran to completion.
+
diff --git a/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/meta-refresh-redirected-blocked.sub.html b/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/meta-refresh-redirected-blocked.sub.html
new file mode 100644
index 0000000..598600f
--- /dev/null
+++ b/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/meta-refresh-redirected-blocked.sub.html
@@ -0,0 +1,17 @@
+<!DOCTYPE html>
+
+<head>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+</head>
+
+<body>
+<script>
+ var t = async_test("Test that the child iframe navigation is blocked");
+ window.onmessage = t.step_func_done(function(e) {
+ assert_equals(e.data.result, 'fail');
+ assert_equals(e.data.violatedDirective, 'navigate-to');
+ });
+</script>
+<iframe src="support/meta_refresh_navigation.sub.html?csp=navigate-to%20{{location[server]}}/content-security-policy/navigate-to/support/redirect_to_post_message_to_frame_owner.py&target=redirect_to_post_message_to_frame_owner.py">
+</body>
\ No newline at end of file
diff --git a/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/parent-navigates-child-allowed.html b/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/parent-navigates-child-allowed.html
new file mode 100644
index 0000000..e5455ce
--- /dev/null
+++ b/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/parent-navigates-child-allowed.html
@@ -0,0 +1,26 @@
+<!DOCTYPE html>
+
+<head>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+</head>
+
+<body>
+<script>
+ var t = async_test("Test that the parent can navigate the child because the relevant policy belongs to the navigation initiator (in this case the parent)");
+ window.onmessage = t.step_func_done(function(e) {
+ assert_equals(e.data.result, 'success');
+ });
+ window.addEventListener('securitypolicyviolation', t.unreached_func("Should not have triggered a policy violation"));
+
+ var i = document.createElement('iframe');
+ var src_changed = false;
+ i.onload = function() {
+ if (src_changed) return;
+ src_changed = true;
+ i.src = "support/post_message_to_frame_owner.html";
+ }
+ i.src = "support/wait_for_navigation.html?csp=navigate-to%20%none%27";
+ document.body.appendChild(i);
+</script>
+</body>
\ No newline at end of file
diff --git a/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/parent-navigates-child-allowed.html.headers b/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/parent-navigates-child-allowed.html.headers
new file mode 100644
index 0000000..9cb770b
--- /dev/null
+++ b/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/parent-navigates-child-allowed.html.headers
@@ -0,0 +1,4 @@
+Expires: Mon, 26 Jul 1997 05:00:00 GMT
+Cache-Control: no-store, no-cache, must-revalidate
+Pragma: no-cache
+Content-Security-Policy: navigate-to 'self'
diff --git a/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/parent-navigates-child-blocked-expected.txt b/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/parent-navigates-child-blocked-expected.txt
new file mode 100644
index 0000000..7a7b264
--- /dev/null
+++ b/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/parent-navigates-child-blocked-expected.txt
@@ -0,0 +1,4 @@
+This is a testharness.js-based test.
+FAIL Test that the parent can't navigate the child because the relevant policy belongs to the navigation initiator (in this case the parent) assert_unreached: Should not have received a message from the child Reached unreachable code
+Harness: the test ran to completion.
+
diff --git a/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/parent-navigates-child-blocked.html b/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/parent-navigates-child-blocked.html
new file mode 100644
index 0000000..8353d39
--- /dev/null
+++ b/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/parent-navigates-child-blocked.html
@@ -0,0 +1,26 @@
+<!DOCTYPE html>
+
+<head>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+</head>
+
+<body>
+<script>
+ var t = async_test("Test that the parent can't navigate the child because the relevant policy belongs to the navigation initiator (in this case the parent)");
+ window.addEventListener('securitypolicyviolation', t.step_func_done(function(e) {
+ assert_equals(e.violatedDirective, 'navigate-to');
+ }));
+ window.onmessage = t.unreached_func("Should not have received a message from the child");
+
+ var i = document.createElement('iframe');
+ var src_changed = false;
+ i.onload = function() {
+ if (src_changed) return;
+ src_changed = true;
+ i.src = "support/post_message_to_frame_owner.html";
+ }
+ i.src = "support/wait_for_navigation.html?csp=navigate-to%20%self%27";
+ document.body.appendChild(i);
+</script>
+</body>
\ No newline at end of file
diff --git a/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/parent-navigates-child-blocked.html.headers b/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/parent-navigates-child-blocked.html.headers
new file mode 100644
index 0000000..c2b8cd3
--- /dev/null
+++ b/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/parent-navigates-child-blocked.html.headers
@@ -0,0 +1,4 @@
+Expires: Mon, 26 Jul 1997 05:00:00 GMT
+Cache-Control: no-store, no-cache, must-revalidate
+Pragma: no-cache
+Content-Security-Policy: navigate-to support/wait_for_navigation.html
diff --git a/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/support/form_action_navigation.sub.html b/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/support/form_action_navigation.sub.html
new file mode 100644
index 0000000..be5be01
--- /dev/null
+++ b/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/support/form_action_navigation.sub.html
@@ -0,0 +1,21 @@
+<!DOCTYPE html>
+<head>
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+
+ <script>
+ window.addEventListener('securitypolicyviolation', function(e) {
+ top.postMessage({result: 'fail', violatedDirective: e.violatedDirective}, '*');
+ });
+ </script>
+</head>
+
+<body>
+<form action='{{GET[action]}}' target='_self' id='form'>
+ <input type="text" name="dummy">
+</form>
+
+<script>
+ document.getElementById('form').submit();
+</script>
+</body>
\ No newline at end of file
diff --git a/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/support/form_action_navigation.sub.html.sub.headers b/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/support/form_action_navigation.sub.html.sub.headers
new file mode 100644
index 0000000..d3c635b
--- /dev/null
+++ b/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/support/form_action_navigation.sub.html.sub.headers
@@ -0,0 +1,4 @@
+Expires: Mon, 26 Jul 1997 05:00:00 GMT
+Cache-Control: no-store, no-cache, must-revalidate
+Pragma: no-cache
+Content-Security-Policy: {{GET[csp]}}
diff --git a/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/support/href_location_navigation.sub.html b/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/support/href_location_navigation.sub.html
new file mode 100644
index 0000000..2e8fad6d
--- /dev/null
+++ b/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/support/href_location_navigation.sub.html
@@ -0,0 +1,19 @@
+<!DOCTYPE html>
+<head>
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+
+ <script>
+ window.addEventListener('securitypolicyviolation', function(e) {
+ window.opener.postMessage({result: 'fail', violatedDirective: e.violatedDirective}, '*');
+ });
+ </script>
+</head>
+
+<body>
+<script>
+ try {
+ location.href = "{{GET[target]}}";
+ } catch(ex) {}
+</script>
+</body>
\ No newline at end of file
diff --git a/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/support/href_location_navigation.sub.html.sub.headers b/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/support/href_location_navigation.sub.html.sub.headers
new file mode 100644
index 0000000..d3c635b
--- /dev/null
+++ b/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/support/href_location_navigation.sub.html.sub.headers
@@ -0,0 +1,4 @@
+Expires: Mon, 26 Jul 1997 05:00:00 GMT
+Cache-Control: no-store, no-cache, must-revalidate
+Pragma: no-cache
+Content-Security-Policy: {{GET[csp]}}
diff --git a/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/support/link_click_navigation.sub.html b/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/support/link_click_navigation.sub.html
new file mode 100644
index 0000000..2469ed6
--- /dev/null
+++ b/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/support/link_click_navigation.sub.html
@@ -0,0 +1,18 @@
+<!DOCTYPE html>
+<head>
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+
+ <script>
+ window.addEventListener('securitypolicyviolation', function(e) {
+ top.postMessage({result: 'fail', violatedDirective: e.violatedDirective}, '*');
+ });
+ </script>
+</head>
+
+<body>
+<a href="{{GET[target]}}" id="link">dummy link</a>
+<script>
+ document.getElementById('link').click();
+</script>
+</body>
\ No newline at end of file
diff --git a/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/support/link_click_navigation.sub.html.sub.headers b/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/support/link_click_navigation.sub.html.sub.headers
new file mode 100644
index 0000000..d3c635b
--- /dev/null
+++ b/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/support/link_click_navigation.sub.html.sub.headers
@@ -0,0 +1,4 @@
+Expires: Mon, 26 Jul 1997 05:00:00 GMT
+Cache-Control: no-store, no-cache, must-revalidate
+Pragma: no-cache
+Content-Security-Policy: {{GET[csp]}}
diff --git a/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/support/meta_refresh_navigation.sub.html b/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/support/meta_refresh_navigation.sub.html
new file mode 100644
index 0000000..3a841410
--- /dev/null
+++ b/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/support/meta_refresh_navigation.sub.html
@@ -0,0 +1,16 @@
+<!DOCTYPE html>
+<head>
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+
+ <script>
+ window.addEventListener('securitypolicyviolation', function(e) {
+ top.postMessage({result: 'fail', violatedDirective: e.violatedDirective}, '*');
+ });
+ </script>
+
+ <meta http-equiv="refresh" content="1; url={{GET[target]}}">
+</head>
+
+<body>
+</body>
\ No newline at end of file
diff --git a/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/support/meta_refresh_navigation.sub.html.sub.headers b/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/support/meta_refresh_navigation.sub.html.sub.headers
new file mode 100644
index 0000000..d3c635b
--- /dev/null
+++ b/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/support/meta_refresh_navigation.sub.html.sub.headers
@@ -0,0 +1,4 @@
+Expires: Mon, 26 Jul 1997 05:00:00 GMT
+Cache-Control: no-store, no-cache, must-revalidate
+Pragma: no-cache
+Content-Security-Policy: {{GET[csp]}}
diff --git a/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/support/navigate_parent.sub.html b/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/support/navigate_parent.sub.html
new file mode 100644
index 0000000..a84c9c6
--- /dev/null
+++ b/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/support/navigate_parent.sub.html
@@ -0,0 +1,18 @@
+<!DOCTYPE html>
+<head>
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+
+ <script>
+ window.addEventListener('securitypolicyviolation', function(e) {
+ top.postMessage({result: 'fail', violatedDirective: e.violatedDirective}, '*');
+ });
+ </script>
+</head>
+
+<body>
+<a href="post_message_to_frame_owner.html" id="link" target="_parent">dummy link</a>
+<script>
+ document.getElementById('link').click();
+</script>
+</body>
\ No newline at end of file
diff --git a/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/support/navigate_parent.sub.html.sub.headers b/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/support/navigate_parent.sub.html.sub.headers
new file mode 100644
index 0000000..d3c635b
--- /dev/null
+++ b/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/support/navigate_parent.sub.html.sub.headers
@@ -0,0 +1,4 @@
+Expires: Mon, 26 Jul 1997 05:00:00 GMT
+Cache-Control: no-store, no-cache, must-revalidate
+Pragma: no-cache
+Content-Security-Policy: {{GET[csp]}}
diff --git a/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/support/post_message_to_frame_owner.html b/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/support/post_message_to_frame_owner.html
new file mode 100644
index 0000000..c25e49d
--- /dev/null
+++ b/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/support/post_message_to_frame_owner.html
@@ -0,0 +1,6 @@
+<script>
+ if (window.opener)
+ window.opener.postMessage({result: 'success'}, '*');
+ else
+ top.postMessage({result: 'success'}, '*');
+</script>
\ No newline at end of file
diff --git a/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/support/redirect_to_post_message_to_frame_owner.py b/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/support/redirect_to_post_message_to_frame_owner.py
new file mode 100644
index 0000000..77e725b
--- /dev/null
+++ b/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/support/redirect_to_post_message_to_frame_owner.py
@@ -0,0 +1,3 @@
+def main(request, response):
+ response.status = 302
+ response.headers.set("Location", "post_message_to_frame_owner.html")
\ No newline at end of file
diff --git a/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/support/wait_for_navigation.html b/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/support/wait_for_navigation.html
new file mode 100644
index 0000000..2450ff1
--- /dev/null
+++ b/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/support/wait_for_navigation.html
@@ -0,0 +1,14 @@
+<!DOCTYPE html>
+<head>
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+
+ <script>
+ window.addEventListener('securitypolicyviolation', function(e) {
+ top.postMessage({result: 'fail', violatedDirective: e.violatedDirective}, '*');
+ });
+ </script>
+</head>
+
+<body>
+</body>
\ No newline at end of file
diff --git a/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/support/wait_for_navigation.html.sub.headers b/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/support/wait_for_navigation.html.sub.headers
new file mode 100644
index 0000000..d3c635b
--- /dev/null
+++ b/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/support/wait_for_navigation.html.sub.headers
@@ -0,0 +1,4 @@
+Expires: Mon, 26 Jul 1997 05:00:00 GMT
+Cache-Control: no-store, no-cache, must-revalidate
+Pragma: no-cache
+Content-Security-Policy: {{GET[csp]}}
