fenced-frame/cspee.https.html - external/w3c/web-platform-tests.git - Git at Google

 <!DOCTYPE html>
 <title>Test fenced frame in CSPEE</title>
 <script src="/resources/testharness.js"></script>
 <script src="/resources/testharnessreport.js"></script>
 <script src="/common/utils.js"></script>
 <script src="/common/dispatcher/dispatcher.js"></script>
 <script src="resources/utils.js"></script>

 <body>
 <script>
 promise_test(async(t) => {
   const iframe = attachIFrameContext({
     attributes: [["csp", "frame-src *"]],
     headers: [["Allow-CSP-From", "*"]]
   });
   t.step_timeout(() => t.done(), 1000);
   await iframe.execute(async (t) => {
     const fencedframe = attachFencedFrameContext({
       headers: [["Allow-CSP-From", "*"]]
     });
     await fencedframe.execute(() => {});
   });
   assert_unreached("fenced frame should not be loaded.");
 }, 'fenced frame should not be loaded in CSPEE');

 promise_test(async(t) => {
   const iframe_a = attachIFrameContext({
     attributes: [["csp", "frame-src *"]],
     headers: [["Allow-CSP-From", "*"]]
   });
   t.step_timeout(() => t.done(), 1000);
   await iframe_a.execute(async (t) => {
     const iframe_b = attachIFrameContext({headers: [["Allow-CSP-From", "*"]]});
     await iframe_b.execute(async (t) => {
       const fencedframe = attachFencedFrameContext({
         headers: [["Allow-CSP-From", "*"]]
       });
       await fencedframe.execute(() => {});
     });
   });
   assert_unreached("fenced frame should not be loaded.");
 }, 'fenced frame should not be loaded if any ancestor has CSPEE');

 promise_test(async(t) => {
   const iframe = attachIFrameContext({
     attributes: [["csp", "frame-src *"]],
     headers: [["Allow-CSP-From", "*"]]
   });
   await iframe.execute(async (t) => {
     assert_false(navigator.canLoadAdAuctionFencedFrame());
   });
 }, 'canLoadOpaqueURL considers CSPEE headers');

 promise_test(async(t) => {
   const iframe_a = attachIFrameContext({
     attributes: [["csp", "frame-src *"]],
     headers: [["Allow-CSP-From", "*"]]
   });
   await iframe_a.execute(async (t) => {
     const iframe_b = attachIFrameContext({headers: [["Allow-CSP-From", "*"]]});
     await iframe_b.execute(async (t) => {
       assert_false(navigator.canLoadAdAuctionFencedFrame());
     });
   });
 }, 'canLoadOpaqueURL considers CSPEE headers up the ancestor chain');

 promise_test(async(t) => {
   const iframe = attachIFrameContext();
   await iframe.execute(async (t) => {
     assert_true(navigator.canLoadAdAuctionFencedFrame());
   });
 }, 'canLoadOpaqueURL returns true if no CSPEE headers are present in iframe');
 </script>
 </body>
	<!DOCTYPE html>
	<title>Test fenced frame in CSPEE</title>
	<script src="/resources/testharness.js"></script>
	<script src="/resources/testharnessreport.js"></script>
	<script src="/common/utils.js"></script>
	<script src="/common/dispatcher/dispatcher.js"></script>
	<script src="resources/utils.js"></script>

	<body>
	<script>
	promise_test(async(t) => {
	const iframe = attachIFrameContext({
	attributes: [["csp", "frame-src *"]],
	headers: [["Allow-CSP-From", "*"]]
	});
	t.step_timeout(() => t.done(), 1000);
	await iframe.execute(async (t) => {
	const fencedframe = attachFencedFrameContext({
	headers: [["Allow-CSP-From", "*"]]
	});
	await fencedframe.execute(() => {});
	});
	assert_unreached("fenced frame should not be loaded.");
	}, 'fenced frame should not be loaded in CSPEE');

	promise_test(async(t) => {
	const iframe_a = attachIFrameContext({
	attributes: [["csp", "frame-src *"]],
	headers: [["Allow-CSP-From", "*"]]
	});
	t.step_timeout(() => t.done(), 1000);
	await iframe_a.execute(async (t) => {
	const iframe_b = attachIFrameContext({headers: [["Allow-CSP-From", "*"]]});
	await iframe_b.execute(async (t) => {
	const fencedframe = attachFencedFrameContext({
	headers: [["Allow-CSP-From", "*"]]
	});
	await fencedframe.execute(() => {});
	});
	});
	assert_unreached("fenced frame should not be loaded.");
	}, 'fenced frame should not be loaded if any ancestor has CSPEE');

	promise_test(async(t) => {
	const iframe = attachIFrameContext({
	attributes: [["csp", "frame-src *"]],
	headers: [["Allow-CSP-From", "*"]]
	});
	await iframe.execute(async (t) => {
	assert_false(navigator.canLoadAdAuctionFencedFrame());
	});
	}, 'canLoadOpaqueURL considers CSPEE headers');

	promise_test(async(t) => {
	const iframe_a = attachIFrameContext({
	attributes: [["csp", "frame-src *"]],
	headers: [["Allow-CSP-From", "*"]]
	});
	await iframe_a.execute(async (t) => {
	const iframe_b = attachIFrameContext({headers: [["Allow-CSP-From", "*"]]});
	await iframe_b.execute(async (t) => {
	assert_false(navigator.canLoadAdAuctionFencedFrame());
	});
	});
	}, 'canLoadOpaqueURL considers CSPEE headers up the ancestor chain');

	promise_test(async(t) => {
	const iframe = attachIFrameContext();
	await iframe.execute(async (t) => {
	assert_true(navigator.canLoadAdAuctionFencedFrame());
	});
	}, 'canLoadOpaqueURL returns true if no CSPEE headers are present in iframe');
	</script>
	</body>