diff options
Diffstat (limited to 'testing/web-platform/tests/content-security-policy/frame-ancestors')
17 files changed, 422 insertions, 0 deletions
diff --git a/testing/web-platform/tests/content-security-policy/frame-ancestors/deep-allows-none.sub.html b/testing/web-platform/tests/content-security-policy/frame-ancestors/deep-allows-none.sub.html new file mode 100644 index 000000000..1926007d3 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/frame-ancestors/deep-allows-none.sub.html @@ -0,0 +1,37 @@ +<!DOCTYPE html> +<html> +<head> + <title>single-frame-self-allowed</title> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="../support/logTest.sub.js?logs=[]"></script> + <script src='../support/alertAssert.sub.js?alerts=["PASS"]'></script> + <!-- enforcing policy: +connect-src 'self' 'none'; script-src 'self' 'unsafe-inline'; frame-src 'self'; +--> + <script> + function onMessage(event) { + if(event.data == "start test") { + startTest(); + } else { + alert_assert(event.data); + } + } + + window.addEventListener( + "message", + onMessage, + false); + + function startTest() { + window.frames['frame1'].frames['deepframe'].postMessage("hello deep frame", "*"); + } + function done() { alert_assert("PASS"); } + setTimeout(done(), 1); + </script> +</head> +<body> + <iframe src='http://{{host}}:{{ports[http][0]}}/content-security-policy/frame-ancestors/intermediate-reporting-frame-allows-self.sub.html?subframe=http://{{host}}:{{ports[http][0]}}/content-security-policy/frame-ancestors/reporting-frame-allows-none.html' name="frame1"></iframe> + <div id="log"></div> +</body> +</html> diff --git a/testing/web-platform/tests/content-security-policy/frame-ancestors/intermediate-reporting-frame-allows-self.sub.html b/testing/web-platform/tests/content-security-policy/frame-ancestors/intermediate-reporting-frame-allows-self.sub.html new file mode 100644 index 000000000..6b9c91c93 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/frame-ancestors/intermediate-reporting-frame-allows-self.sub.html @@ -0,0 +1,21 @@ +<!DOCTYPE html> +<html> +<body> + <p>Reporting Frame...</p> + <script> + function onMessage(event) { + var p = document.createElement(p); + p.textContent = event.data; + document.body.appendChild(p); + window.parent.postMessage(event.data, "*"); + } + + window.addEventListener( + "message", + onMessage, + false + ); + </script> + <iframe src='{{GET[subframe]}}' name="deepframe"></iframe> +</body> +</html>
\ No newline at end of file diff --git a/testing/web-platform/tests/content-security-policy/frame-ancestors/intermediate-reporting-frame-allows-self.sub.html.headers b/testing/web-platform/tests/content-security-policy/frame-ancestors/intermediate-reporting-frame-allows-self.sub.html.headers new file mode 100644 index 000000000..f0eb936b3 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/frame-ancestors/intermediate-reporting-frame-allows-self.sub.html.headers @@ -0,0 +1,5 @@ +Expires: Mon, 26 Jul 1997 05:00:00 GMT +Cache-Control: no-store, no-cache, must-revalidate +Cache-Control: post-check=0, pre-check=0, false +Pragma: no-cache +Content-Security-Policy: frame-ancestors 'self' diff --git a/testing/web-platform/tests/content-security-policy/frame-ancestors/intermediate-reporting-frame-allows-star.sub.html b/testing/web-platform/tests/content-security-policy/frame-ancestors/intermediate-reporting-frame-allows-star.sub.html new file mode 100644 index 000000000..d51e0d532 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/frame-ancestors/intermediate-reporting-frame-allows-star.sub.html @@ -0,0 +1,20 @@ +<!DOCTYPE html> +<html> +<body> + <p>Reporting Frame...</p> + <script> + function onMessage(event) { + var p = document.createElement(p); + p.textContent = event.data; + document.body.appendChild(p); + window.parent.postMessage(event.data, "*"); + } + window.addEventListener( + "message", + onMessage, + false + ); + </script> + <iframe src='{{GET[subframe]}}' name="deepframe"></iframe> +</body> +</html>
\ No newline at end of file diff --git a/testing/web-platform/tests/content-security-policy/frame-ancestors/intermediate-reporting-frame-allows-star.sub.html.headers b/testing/web-platform/tests/content-security-policy/frame-ancestors/intermediate-reporting-frame-allows-star.sub.html.headers new file mode 100644 index 000000000..734aa227f --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/frame-ancestors/intermediate-reporting-frame-allows-star.sub.html.headers @@ -0,0 +1,5 @@ +Expires: Mon, 26 Jul 1997 05:00:00 GMT +Cache-Control: no-store, no-cache, must-revalidate +Cache-Control: post-check=0, pre-check=0, false +Pragma: no-cache +Content-Security-Policy: frame-ancestors * diff --git a/testing/web-platform/tests/content-security-policy/frame-ancestors/multiple-frames-meta-ignored.sub.html b/testing/web-platform/tests/content-security-policy/frame-ancestors/multiple-frames-meta-ignored.sub.html new file mode 100644 index 000000000..47bb0244b --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/frame-ancestors/multiple-frames-meta-ignored.sub.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<html> +<head> + <title>multiple-frames-self-allowed</title> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="../support/logTest.sub.js?logs=[]"></script> + <script src='../support/alertAssert.sub.js?alerts=["hello frame1","hello frame2"]'></script> + <!-- enforcing policy: +connect-src 'self' 'none'; script-src 'self' 'unsafe-inline'; frame-src 'self'; +--> + <script> + var startTestCtr = 0; + function onMessage(event) { + if(event.data == "start test") { + startTestCtr++; + if(startTestCtr == 2) { + startTest(); + } + } else { + alert_assert(event.data); + } + } + + window.addEventListener( + "message", + onMessage, + false); + + function startTest() { + window.frames['frame1'].postMessage("hello frame1", "*"); + window.frames['frame2'].postMessage("hello frame2", "*"); + } + </script> +</head> +<body> + <iframe src='http://{{host}}:{{ports[http][0]}}/content-security-policy/frame-ancestors/reporting-frame-allows-self.html' name="frame1"></iframe> + <iframe src='http://{{host}}:{{ports[http][0]}}/content-security-policy/frame-ancestors/reporting-frame-allows-none-meta.html' name="frame2"></iframe> + <div id="log"></div> +</body> +</html> diff --git a/testing/web-platform/tests/content-security-policy/frame-ancestors/multiple-frames-one-blocked.sub.html b/testing/web-platform/tests/content-security-policy/frame-ancestors/multiple-frames-one-blocked.sub.html new file mode 100644 index 000000000..3857a173c --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/frame-ancestors/multiple-frames-one-blocked.sub.html @@ -0,0 +1,37 @@ +<!DOCTYPE html> +<html> +<head> + <title>multiple-frames-self-allowed</title> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="../support/logTest.sub.js?logs=[]"></script> + <script src='../support/alertAssert.sub.js?alerts=["hello frame2"]'></script> + <!-- enforcing policy: +connect-src 'self' 'none'; script-src 'self' 'unsafe-inline'; frame-src 'self'; +--> + <script> + function onMessage(event) { + if(event.data == "start test") { + startTest(); + } else { + alert_assert(event.data); + } + } + + window.addEventListener( + "message", + onMessage, + false); + + function startTest() { + window.frames['frame1'].postMessage("hello frame1", "*"); + window.frames['frame2'].postMessage("hello frame2", "*"); + } + </script> +</head> +<body> + <iframe src='http://{{host}}:{{ports[http][0]}}/content-security-policy/frame-ancestors/reporting-frame-allows-none.html' name="frame1"></iframe> + <iframe src='http://{{host}}:{{ports[http][0]}}/content-security-policy/frame-ancestors/reporting-frame-allows-self.html' name="frame2"></iframe> + <div id="log"></div> +</body> +</html> diff --git a/testing/web-platform/tests/content-security-policy/frame-ancestors/multiple-frames-self-allowed.sub.html b/testing/web-platform/tests/content-security-policy/frame-ancestors/multiple-frames-self-allowed.sub.html new file mode 100644 index 000000000..485b6eb0f --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/frame-ancestors/multiple-frames-self-allowed.sub.html @@ -0,0 +1,39 @@ +<!DOCTYPE html> +<html> +<head> + <title>multiple-frames-self-allowed</title> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="../support/logTest.sub.js?logs=[]"></script> + <script src='../support/alertAssert.sub.js?alerts=["hello frame1","hello frame2"]'></script> + <!-- enforcing policy: +connect-src 'self' 'none'; script-src 'self' 'unsafe-inline'; frame-src 'self'; +--> + <script> + var startTestCtr = 0; + function onMessage(event) { + if(event.data == "start test") { + startTestCtr++; + if(startTestCtr == 2) { + startTest(); + } + } else { + alert_assert(event.data); + } + } + window.addEventListener( + "message", + onMessage, + false); + function startTest() { + window.frames['frame1'].postMessage("hello frame1", "*"); + window.frames['frame2'].postMessage("hello frame2", "*"); + } + </script> +</head> +<body> + <iframe src='http://{{host}}:{{ports[http][0]}}/content-security-policy/frame-ancestors/reporting-frame-allows-self.html' name="frame1"></iframe> + <iframe src='http://{{host}}:{{ports[http][0]}}/content-security-policy/frame-ancestors/reporting-frame-allows-self.html' name="frame2"></iframe> + <div id="log"></div> +</body> +</html> diff --git a/testing/web-platform/tests/content-security-policy/frame-ancestors/nested-traversing-allowed.sub.html b/testing/web-platform/tests/content-security-policy/frame-ancestors/nested-traversing-allowed.sub.html new file mode 100644 index 000000000..a49049d13 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/frame-ancestors/nested-traversing-allowed.sub.html @@ -0,0 +1,33 @@ +<!DOCTYPE html> +<html> +<head> + <title>single-frame-self-allowed</title> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="../support/logTest.sub.js?logs=[]"></script> + <script src='../support/alertAssert.sub.js?alerts=["hello deep frame"]'></script> + <!-- enforcing policy: +connect-src 'self' 'none'; script-src 'self' 'unsafe-inline'; frame-src 'self'; +--> + <script> + function onMessage(event) { + if(event.data == "start test") { + startTest(); + } else { + alert_assert(event.data); + } + } + window.addEventListener( + "message", + onMessage, + false); + function startTest() { + window.frames['frame1'].frames['deepframe'].postMessage("hello deep frame", "*"); + } + </script> +</head> +<body> + <iframe src='http://{{host}}:{{ports[http][0]}}/content-security-policy/frame-ancestors/intermediate-reporting-frame-allows-self.sub.html?subframe=http://{{host}}:{{ports[http][0]}}/content-security-policy/frame-ancestors/reporting-frame-allows-self.html' name="frame1"></iframe> + <div id="log"></div> +</body> +</html> diff --git a/testing/web-platform/tests/content-security-policy/frame-ancestors/nested-traversing-banned-top-is-self.sub.html b/testing/web-platform/tests/content-security-policy/frame-ancestors/nested-traversing-banned-top-is-self.sub.html new file mode 100644 index 000000000..ced262fd7 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/frame-ancestors/nested-traversing-banned-top-is-self.sub.html @@ -0,0 +1,35 @@ +<!DOCTYPE html> +<html> +<head> + <title>single-frame-self-allowed</title> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="../support/logTest.sub.js?logs=[]"></script> + <script src='../support/alertAssert.sub.js?alerts=["PASS"]'></script> + <!-- enforcing policy: +connect-src 'self' 'none'; script-src 'self' 'unsafe-inline'; frame-src 'self'; +--> + <script> + function onMessage(event) { + if(event.data == "start test") { + startTest(); + } else { + alert_assert(event.data); + } + } + window.addEventListener( + "message", + onMessage, + false); + function startTest() { + window.frames['frame1'].frames['deepframe'].postMessage("hello deep frame", "*"); + } + function done() { alert_assert("PASS"); } + setTimeout(done(), 1); + </script> +</head> +<body> + <iframe src='http://www1.{{host}}:{{ports[http][0]}}/content-security-policy/frame-ancestors/intermediate-reporting-frame-allows-star.sub.html?subframe=http://{{host}}:{{ports[http][0]}}/content-security-policy/frame-ancestors/reporting-frame-allows-self.html' name="frame1"></iframe> + <div id="log"></div> +</body> +</html> diff --git a/testing/web-platform/tests/content-security-policy/frame-ancestors/nested-traversing-banned.sub.html b/testing/web-platform/tests/content-security-policy/frame-ancestors/nested-traversing-banned.sub.html new file mode 100644 index 000000000..e58f0ba8d --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/frame-ancestors/nested-traversing-banned.sub.html @@ -0,0 +1,37 @@ +<!DOCTYPE html> +<html> +<head> + <title>single-frame-self-allowed</title> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="../support/logTest.sub.js?logs=[]"></script> + <script src='../support/alertAssert.sub.js?alerts=["PASS"]'></script> + <!-- enforcing policy: +connect-src 'self' 'none'; script-src 'self' 'unsafe-inline'; frame-src 'self'; +--> + <script> + function onMessage(event) { + if(event.data == "start test") { + startTest(); + } else { + alert_assert(event.data); + } + } + + window.addEventListener( + "message", + onMessage, + false); + + function startTest() { + window.frames['frame1'].frames['deepframe'].postMessage("hello deep frame", "*"); + } + function done() { alert_assert("PASS"); } + setTimeout(done(), 1); + </script> +</head> +<body> + <iframe src='http://{{host}}:{{ports[http][0]}}/content-security-policy/frame-ancestors/intermediate-reporting-frame-allows-self.sub.html?subframe=http://www1.{{host}}:{{ports[http][0]}}/content-security-policy/frame-ancestors/reporting-frame-allows-self.html' name="frame1"></iframe> + <div id="log"></div> +</body> +</html> diff --git a/testing/web-platform/tests/content-security-policy/frame-ancestors/reporting-frame-allows-none-meta.html b/testing/web-platform/tests/content-security-policy/frame-ancestors/reporting-frame-allows-none-meta.html new file mode 100644 index 000000000..c0d079f01 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/frame-ancestors/reporting-frame-allows-none-meta.html @@ -0,0 +1,23 @@ +<!DOCTYPE html> +<html> +<head> + <meta http-equiv="Content-Security-Policy" content="frame-ancestors 'none'"> +</head> +<body> + <p>Reporting Frame...</p> + <script> + function onMessage(event) { + var p = document.createElement(p); + p.textContent = event.data; + document.body.appendChild(p); + window.parent.postMessage(event.data, "*"); + } + window.addEventListener( + "message", + onMessage, + false + ); + window.parent.postMessage("start test", "*"); + </script> +</body> +</html>
\ No newline at end of file diff --git a/testing/web-platform/tests/content-security-policy/frame-ancestors/reporting-frame-allows-none.html b/testing/web-platform/tests/content-security-policy/frame-ancestors/reporting-frame-allows-none.html new file mode 100644 index 000000000..e38d99a6c --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/frame-ancestors/reporting-frame-allows-none.html @@ -0,0 +1,22 @@ +<!DOCTYPE html> +<html> +<body> + <p>Reporting Frame...</p> + <script> + function onMessage(event) { + var p = document.createElement(p); + p.textContent = event.data; + document.body.appendChild(p); + window.parent.postMessage(event.data, "*"); + } + + window.addEventListener( + "message", + onMessage, + false + ); + + window.parent.postMessage("start test", "*"); + </script> +</body> +</html>
\ No newline at end of file diff --git a/testing/web-platform/tests/content-security-policy/frame-ancestors/reporting-frame-allows-none.html.headers b/testing/web-platform/tests/content-security-policy/frame-ancestors/reporting-frame-allows-none.html.headers new file mode 100644 index 000000000..18bfb8156 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/frame-ancestors/reporting-frame-allows-none.html.headers @@ -0,0 +1,5 @@ +Expires: Mon, 26 Jul 1997 05:00:00 GMT +Cache-Control: no-store, no-cache, must-revalidate +Cache-Control: post-check=0, pre-check=0, false +Pragma: no-cache +Content-Security-Policy: frame-ancestors 'none' diff --git a/testing/web-platform/tests/content-security-policy/frame-ancestors/reporting-frame-allows-self.html b/testing/web-platform/tests/content-security-policy/frame-ancestors/reporting-frame-allows-self.html new file mode 100644 index 000000000..7c1186e77 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/frame-ancestors/reporting-frame-allows-self.html @@ -0,0 +1,22 @@ +<!DOCTYPE html> +<html> +<body> + <p>Reporting Frame...</p> + <script> + function onMessage(event) { + var p = document.createElement(p); + p.textContent = event.data; + document.body.appendChild(p); + window.parent.postMessage(event.data, "*"); + } + + window.addEventListener( + "message", + onMessage, + false + ); + + window.parent.postMessage("start test", "*"); + </script> +</body> +</html>
\ No newline at end of file diff --git a/testing/web-platform/tests/content-security-policy/frame-ancestors/reporting-frame-allows-self.html.headers b/testing/web-platform/tests/content-security-policy/frame-ancestors/reporting-frame-allows-self.html.headers new file mode 100644 index 000000000..f0eb936b3 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/frame-ancestors/reporting-frame-allows-self.html.headers @@ -0,0 +1,5 @@ +Expires: Mon, 26 Jul 1997 05:00:00 GMT +Cache-Control: no-store, no-cache, must-revalidate +Cache-Control: post-check=0, pre-check=0, false +Pragma: no-cache +Content-Security-Policy: frame-ancestors 'self' diff --git a/testing/web-platform/tests/content-security-policy/frame-ancestors/single-frame-self-allowed.sub.html b/testing/web-platform/tests/content-security-policy/frame-ancestors/single-frame-self-allowed.sub.html new file mode 100644 index 000000000..3a9b4552e --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/frame-ancestors/single-frame-self-allowed.sub.html @@ -0,0 +1,35 @@ +<!DOCTYPE html> +<html> +<head> + <title>single-frame-self-allowed</title> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="../support/logTest.sub.js?logs=[]"></script> + <script src='../support/alertAssert.sub.js?alerts=["hello frame1"]'></script> + <!-- enforcing policy: +connect-src 'self' 'none'; script-src 'self' 'unsafe-inline'; frame-src 'self'; +--> + <script> + function onMessage(event) { + if(event.data == "start test") { + startTest(); + } else { + alert_assert(event.data); + } + } + + window.addEventListener( + "message", + onMessage, + false); + + function startTest() { + window.frames['frame1'].postMessage("hello frame1", "*"); + } + </script> +</head> +<body> + <iframe src='http://{{host}}:{{ports[http][0]}}/content-security-policy/frame-ancestors/reporting-frame-allows-self.html' name="frame1"></iframe> + <div id="log"></div> +</body> +</html> |