| A 'frame-ancestors' CSP directive with a URL value should block or allow rendering in nested frames as appropriate. |
| |
| On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE". |
| |
| |
| Note that we can't distinguish blocked URLs from allowed cross-origin URLs due to the same-origin policy. This test passes if no console message declares that the frame was blocked. |
| PASS The inner IFrame passed. |
| PASS successfullyParsed is true |
| |
| TEST COMPLETE |
| |
| |
| -------- |
| Frame: '<!--framePath //<!--frame0-->-->' |
| -------- |
| Testing a cross-origin child with a policy of "http://127.0.0.1:8000 http://localhost:8080" nested in a same-origin parent. |
| |
| On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE". |
| |
| |
| IFrame load event fired: the IFrame is cross-origin (or was blocked). |
| PASS The IFrame should have been blocked (or cross-origin). It was. |
| |
| |
| -------- |
| Frame: '<!--framePath //<!--frame0-->/<!--frame0-->-->' |
| -------- |
| This is an IFrame sending a Content Security Policy header containing "frame-ancestors http://127.0.0.1:8000 http://localhost:8080". |