-
Notifications
You must be signed in to change notification settings - Fork 54
/
frame-ancestors-overrides-xfo.html
28 lines (27 loc) · 1.18 KB
/
frame-ancestors-overrides-xfo.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
<!DOCTYPE html>
<html>
<head>
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
</head>
<body>
<script>
async_test(function (t) {
var i = document.createElement('iframe');
i.src = "support/frame-ancestors-and-x-frame-options.sub.html?policy='self'&xfo=DENY";
i.onload = t.step_func_done(function () {
assert_equals(i.contentWindow.origin, window.origin, "The same-origin page loaded.");
});
document.body.appendChild(i);
}, "A 'frame-ancestors' CSP directive overrides an 'x-frame-options' header which would block the page.");
async_test(function (t) {
var i = document.createElement('iframe');
i.src = "support/frame-ancestors-and-x-frame-options.sub.html?policy=other-origin.com&xfo=SAMEORIGIN";
i.onload = t.step_func_done(function () {
assert_equals(i.contentDocument, null);
});
document.body.appendChild(i);
}, "A 'frame-ancestors' CSP directive overrides an 'x-frame-options' header which would allow the page.");
</script>
</body>
</html>