| <!DOCTYPE html> |
| <meta http-equiv="Content-Security-Policy" content="img-src 'self' https: https://*:*"> |
| <meta http-equiv="Content-Security-Policy" content="frame-src 'none'"> |
| <title>Test Content-Security-Policy fenced-frame-src falling back to frame-src</title> |
| <script src="/resources/testharness.js"></script> |
| <script src="/resources/testharnessreport.js"></script> |
| <script src="resources/utils.js"></script> |
| <script src="/common/utils.js"></script> |
| |
| <body> |
| <script> |
| const key = token(); |
| |
| window.addEventListener('securitypolicyviolation', function(e) { |
| // Write to the server even though the listener is in the same file in the |
| // test below. |
| writeValueToServer(key, e.violatedDirective + ";" + e.blockedURI); |
| }); |
| |
| promise_test(async () => { |
| attachFencedFrame(generateURL( |
| "resources/csp-frame-src-blocked-inner.html", |
| [key])); |
| const result = await nextValueFromServer(key); |
| |
| const expected_blocked_uri = generateURL( |
| "resources/csp-frame-src-blocked-inner.html", [key]).toString(); |
| assert_equals(result, "fenced-frame-src;" + expected_blocked_uri, |
| "The fenced frame is blocked because of CSP violation"); |
| }, "csp-frame-src-blocked"); |
| |
| promise_test(async () => { |
| assert_false(navigator.canLoadAdAuctionFencedFrame()); |
| }, "frame-src none is taken into account with navigator.canLoadAdAuctionFencedFrame"); |
| </script> |
| </body> |
