| <!DOCTYPE html> |
| <title>Test opaque fenced frame navigations with allowed CSP</title> |
| <script src="/resources/testharness.js"></script> |
| <script src="/resources/testharnessreport.js"></script> |
| <script src="/common/utils.js"></script> |
| <script src="resources/utils.js"></script> |
| <script src="/common/dispatcher/dispatcher.js"></script> |
| |
| <body> |
| <script> |
| const allowedCSPs = [ |
| "*", |
| "https:", |
| "https://*:*" |
| ]; |
| allowedCSPs.forEach((csp) => { |
| for (const resolve_to_config of [true, false]) { |
| promise_test(async() => { |
| const iframe = setupCSP(csp); |
| const key = token(); |
| |
| await iframe.execute(async (key, resolve_to_config) => { |
| window.addEventListener('securitypolicyviolation', function(e) { |
| // Write to the server even though the listener is in the same file in |
| // the test below. |
| writeValueToServer(key, e.violatedDirective + ";" + e.blockedURI); |
| }, {once: true}); |
| |
| attachFencedFrame(await runSelectURL( |
| "/fenced-frame/resources/embeddee.html", [key], resolve_to_config)); |
| }, [key, resolve_to_config]); |
| |
| const result = await nextValueFromServer(key); |
| assert_equals(result, "PASS", |
| "The fenced frame should load for CSP fenced-frame-src " + csp); |
| }, "Fenced frame loaded for CSP fenced-frame-src " + csp + " using " + |
| (resolve_to_config ? "config" : "urn:uuid")); |
| |
| } |
| promise_test(async() => { |
| const iframe = setupCSP(csp); |
| await iframe.execute(() => { |
| assert_true(navigator.canLoadAdAuctionFencedFrame()); |
| }); |
| }, "Opaque-ads can load API returns true for " + csp); |
| }); |
| </script> |
| </body> |