diff options
author | janekptacijarabaci <janekptacijarabaci@seznam.cz> | 2017-08-25 09:18:29 +0200 |
---|---|---|
committer | wolfbeast <mcwerewolf@gmail.com> | 2018-02-22 11:15:23 +0100 |
commit | 62d535967977ea64884e4418d78f1dc245e682e1 (patch) | |
tree | 0b2bc214e7f77ac74a646987d6b22d18e2cdee9f /dom/security/test/csp/test_ignore_xfo.html | |
parent | 6f96569b4499be07c210ca6c38739bbbc7ebdee7 (diff) | |
download | UXP-62d535967977ea64884e4418d78f1dc245e682e1.tar UXP-62d535967977ea64884e4418d78f1dc245e682e1.tar.gz UXP-62d535967977ea64884e4418d78f1dc245e682e1.tar.lz UXP-62d535967977ea64884e4418d78f1dc245e682e1.tar.xz UXP-62d535967977ea64884e4418d78f1dc245e682e1.zip |
CSP 2 - ignore (x-)frame-options if CSP with frame-ancestors directive exists
Diffstat (limited to 'dom/security/test/csp/test_ignore_xfo.html')
-rw-r--r-- | dom/security/test/csp/test_ignore_xfo.html | 59 |
1 files changed, 59 insertions, 0 deletions
diff --git a/dom/security/test/csp/test_ignore_xfo.html b/dom/security/test/csp/test_ignore_xfo.html new file mode 100644 index 000000000..fb3aadc6c --- /dev/null +++ b/dom/security/test/csp/test_ignore_xfo.html @@ -0,0 +1,59 @@ +<!DOCTYPE HTML> +<html> +<head> + <title>Bug 1024557: Ignore x-frame-options if CSP with frame-ancestors exists</title> + <!-- Including SimpleTest.js so we can use waitForExplicitFinish !--> + <script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script> + <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" /> +</head> +<body> +<iframe style="width:100%;" id="csp_testframe"></iframe> +<iframe style="width:100%;" id="csp_ro_testframe"></iframe> + +<script class="testbody" type="text/javascript"> + +/* + * We load two frames using: + * x-frame-options: deny + * where the first frame uses a csp and the second a csp_ro including frame-ancestors. + * We make sure that xfo is ignored for regular csp but not for csp_ro. + */ + +SimpleTest.waitForExplicitFinish(); + +var testcounter = 0; +function checkFinished() { + testcounter++; + if (testcounter < 2) { + return; + } + SimpleTest.finish(); +} + +// 1) test XFO with CSP +var csp_testframe = document.getElementById("csp_testframe"); +csp_testframe.onload = function() { + var msg = csp_testframe.contentWindow.document.getElementById("cspmessage"); + is(msg.innerHTML, "Ignoring XFO because of CSP", "Loading frame with with XFO and CSP"); + checkFinished(); +} +csp_testframe.onerror = function() { + ok(false, "sanity: should not fire onerror for csp_testframe"); +} +csp_testframe.src = "file_ignore_xfo.html"; + +// 2) test XFO with CSP_RO +var csp_ro_testframe = document.getElementById("csp_ro_testframe"); +csp_ro_testframe.onload = function() { + var msg = csp_ro_testframe.contentWindow.document.getElementById("cspmessage"); + is(msg, null, "Blocking frame with with XFO and CSP_RO"); + checkFinished(); +} +csp_ro_testframe.onerror = function() { + ok(false, "sanity: should not fire onerror for csp_ro_testframe"); +} +csp_ro_testframe.src = "file_ro_ignore_xfo.html"; + +</script> +</body> +</html> |