| <!DOCTYPE html> |
| <html> |
| <head> |
| <title>Test advertised required document policy</title> |
| <script src="/resources/testharness.js"></script> |
| <script src="/resources/testharnessreport.js"></script> </head> |
| <body> |
| <h1>Test advertised required document policy</h1> |
| <script> |
| // The top-level document does not have any document-policy-related headers. |
| // A request for a document in a frame should not include a |
| // `Sec-Required-Document-Policy` header, unless that frame requires it |
| // explicitly through the `policy` attribute. |
| |
| callbacks = {}; |
| |
| window.addEventListener('message', ev => { |
| var id = ev.data.id; |
| if (id && callbacks[id]) { |
| callbacks[id](ev.data.requiredPolicy || null); |
| } |
| }); |
| |
| async_test(t => { |
| var iframe = document.createElement('iframe'); |
| iframe.src = "/document-policy/echo-policy.py?id=1"; |
| callbacks["1"] = t.step_func_done(result => { |
| assert_equals(result, null); |
| }); |
| document.body.appendChild(iframe); |
| }, "Child frame should have no required policy by default."); |
| |
| async_test(t => { |
| var iframe = document.createElement('iframe'); |
| iframe.src = "/document-policy/echo-policy.py?id=2"; |
| iframe.policy = "font-display-late-swap=?0"; |
| callbacks["2"] = t.step_func_done(result => { |
| assert_equals(result, "font-display-late-swap=?0"); |
| }); |
| document.body.appendChild(iframe); |
| }, "Child frame can have an explicit required policy."); |
| </script> |
| </body> |
| </html> |