<!DOCTYPE html> | |
<html> | |
<head> | |
<title>This page should only allow subframes from the same origin or b.com</title> | |
</head> | |
<body> | |
This page should only allow subframes from the same origin or from b.com, | |
because its CSP headers specify frame-src 'self' and 'b.com'. | |
<iframe src="/cross-site/b.com/title2.html"></iframe> | |
<iframe srcdoc=" | |
<html> | |
<head> | |
<title>subtitle1</title> | |
</head> | |
<body> | |
<iframe src='/cross-site/b.com/title2.html'></iframe> | |
</body> | |
</html>"></iframe> | |
</body> | |
</html> | |