summaryrefslogtreecommitdiffstats
path: root/testing/web-platform/tests/content-security-policy/frame-ancestors
diff options
context:
space:
mode:
Diffstat (limited to 'testing/web-platform/tests/content-security-policy/frame-ancestors')
-rw-r--r--testing/web-platform/tests/content-security-policy/frame-ancestors/deep-allows-none.sub.html37
-rw-r--r--testing/web-platform/tests/content-security-policy/frame-ancestors/intermediate-reporting-frame-allows-self.sub.html21
-rw-r--r--testing/web-platform/tests/content-security-policy/frame-ancestors/intermediate-reporting-frame-allows-self.sub.html.headers5
-rw-r--r--testing/web-platform/tests/content-security-policy/frame-ancestors/intermediate-reporting-frame-allows-star.sub.html20
-rw-r--r--testing/web-platform/tests/content-security-policy/frame-ancestors/intermediate-reporting-frame-allows-star.sub.html.headers5
-rw-r--r--testing/web-platform/tests/content-security-policy/frame-ancestors/multiple-frames-meta-ignored.sub.html41
-rw-r--r--testing/web-platform/tests/content-security-policy/frame-ancestors/multiple-frames-one-blocked.sub.html37
-rw-r--r--testing/web-platform/tests/content-security-policy/frame-ancestors/multiple-frames-self-allowed.sub.html39
-rw-r--r--testing/web-platform/tests/content-security-policy/frame-ancestors/nested-traversing-allowed.sub.html33
-rw-r--r--testing/web-platform/tests/content-security-policy/frame-ancestors/nested-traversing-banned-top-is-self.sub.html35
-rw-r--r--testing/web-platform/tests/content-security-policy/frame-ancestors/nested-traversing-banned.sub.html37
-rw-r--r--testing/web-platform/tests/content-security-policy/frame-ancestors/reporting-frame-allows-none-meta.html23
-rw-r--r--testing/web-platform/tests/content-security-policy/frame-ancestors/reporting-frame-allows-none.html22
-rw-r--r--testing/web-platform/tests/content-security-policy/frame-ancestors/reporting-frame-allows-none.html.headers5
-rw-r--r--testing/web-platform/tests/content-security-policy/frame-ancestors/reporting-frame-allows-self.html22
-rw-r--r--testing/web-platform/tests/content-security-policy/frame-ancestors/reporting-frame-allows-self.html.headers5
-rw-r--r--testing/web-platform/tests/content-security-policy/frame-ancestors/single-frame-self-allowed.sub.html35
17 files changed, 422 insertions, 0 deletions
diff --git a/testing/web-platform/tests/content-security-policy/frame-ancestors/deep-allows-none.sub.html b/testing/web-platform/tests/content-security-policy/frame-ancestors/deep-allows-none.sub.html
new file mode 100644
index 000000000..1926007d3
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/frame-ancestors/deep-allows-none.sub.html
@@ -0,0 +1,37 @@
+<!DOCTYPE html>
+<html>
+<head>
+ <title>single-frame-self-allowed</title>
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="../support/logTest.sub.js?logs=[]"></script>
+ <script src='../support/alertAssert.sub.js?alerts=["PASS"]'></script>
+ <!-- enforcing policy:
+connect-src 'self' 'none'; script-src 'self' 'unsafe-inline'; frame-src 'self';
+-->
+ <script>
+ function onMessage(event) {
+ if(event.data == "start test") {
+ startTest();
+ } else {
+ alert_assert(event.data);
+ }
+ }
+
+ window.addEventListener(
+ "message",
+ onMessage,
+ false);
+
+ function startTest() {
+ window.frames['frame1'].frames['deepframe'].postMessage("hello deep frame", "*");
+ }
+ function done() { alert_assert("PASS"); }
+ setTimeout(done(), 1);
+ </script>
+</head>
+<body>
+ <iframe src='http://{{host}}:{{ports[http][0]}}/content-security-policy/frame-ancestors/intermediate-reporting-frame-allows-self.sub.html?subframe=http://{{host}}:{{ports[http][0]}}/content-security-policy/frame-ancestors/reporting-frame-allows-none.html' name="frame1"></iframe>
+ <div id="log"></div>
+</body>
+</html>
diff --git a/testing/web-platform/tests/content-security-policy/frame-ancestors/intermediate-reporting-frame-allows-self.sub.html b/testing/web-platform/tests/content-security-policy/frame-ancestors/intermediate-reporting-frame-allows-self.sub.html
new file mode 100644
index 000000000..6b9c91c93
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/frame-ancestors/intermediate-reporting-frame-allows-self.sub.html
@@ -0,0 +1,21 @@
+<!DOCTYPE html>
+<html>
+<body>
+ <p>Reporting Frame...</p>
+ <script>
+ function onMessage(event) {
+ var p = document.createElement(p);
+ p.textContent = event.data;
+ document.body.appendChild(p);
+ window.parent.postMessage(event.data, "*");
+ }
+
+ window.addEventListener(
+ "message",
+ onMessage,
+ false
+ );
+ </script>
+ <iframe src='{{GET[subframe]}}' name="deepframe"></iframe>
+</body>
+</html> \ No newline at end of file
diff --git a/testing/web-platform/tests/content-security-policy/frame-ancestors/intermediate-reporting-frame-allows-self.sub.html.headers b/testing/web-platform/tests/content-security-policy/frame-ancestors/intermediate-reporting-frame-allows-self.sub.html.headers
new file mode 100644
index 000000000..f0eb936b3
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/frame-ancestors/intermediate-reporting-frame-allows-self.sub.html.headers
@@ -0,0 +1,5 @@
+Expires: Mon, 26 Jul 1997 05:00:00 GMT
+Cache-Control: no-store, no-cache, must-revalidate
+Cache-Control: post-check=0, pre-check=0, false
+Pragma: no-cache
+Content-Security-Policy: frame-ancestors 'self'
diff --git a/testing/web-platform/tests/content-security-policy/frame-ancestors/intermediate-reporting-frame-allows-star.sub.html b/testing/web-platform/tests/content-security-policy/frame-ancestors/intermediate-reporting-frame-allows-star.sub.html
new file mode 100644
index 000000000..d51e0d532
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/frame-ancestors/intermediate-reporting-frame-allows-star.sub.html
@@ -0,0 +1,20 @@
+<!DOCTYPE html>
+<html>
+<body>
+ <p>Reporting Frame...</p>
+ <script>
+ function onMessage(event) {
+ var p = document.createElement(p);
+ p.textContent = event.data;
+ document.body.appendChild(p);
+ window.parent.postMessage(event.data, "*");
+ }
+ window.addEventListener(
+ "message",
+ onMessage,
+ false
+ );
+ </script>
+ <iframe src='{{GET[subframe]}}' name="deepframe"></iframe>
+</body>
+</html> \ No newline at end of file
diff --git a/testing/web-platform/tests/content-security-policy/frame-ancestors/intermediate-reporting-frame-allows-star.sub.html.headers b/testing/web-platform/tests/content-security-policy/frame-ancestors/intermediate-reporting-frame-allows-star.sub.html.headers
new file mode 100644
index 000000000..734aa227f
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/frame-ancestors/intermediate-reporting-frame-allows-star.sub.html.headers
@@ -0,0 +1,5 @@
+Expires: Mon, 26 Jul 1997 05:00:00 GMT
+Cache-Control: no-store, no-cache, must-revalidate
+Cache-Control: post-check=0, pre-check=0, false
+Pragma: no-cache
+Content-Security-Policy: frame-ancestors *
diff --git a/testing/web-platform/tests/content-security-policy/frame-ancestors/multiple-frames-meta-ignored.sub.html b/testing/web-platform/tests/content-security-policy/frame-ancestors/multiple-frames-meta-ignored.sub.html
new file mode 100644
index 000000000..47bb0244b
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/frame-ancestors/multiple-frames-meta-ignored.sub.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<html>
+<head>
+ <title>multiple-frames-self-allowed</title>
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="../support/logTest.sub.js?logs=[]"></script>
+ <script src='../support/alertAssert.sub.js?alerts=["hello frame1","hello frame2"]'></script>
+ <!-- enforcing policy:
+connect-src 'self' 'none'; script-src 'self' 'unsafe-inline'; frame-src 'self';
+-->
+ <script>
+ var startTestCtr = 0;
+ function onMessage(event) {
+ if(event.data == "start test") {
+ startTestCtr++;
+ if(startTestCtr == 2) {
+ startTest();
+ }
+ } else {
+ alert_assert(event.data);
+ }
+ }
+
+ window.addEventListener(
+ "message",
+ onMessage,
+ false);
+
+ function startTest() {
+ window.frames['frame1'].postMessage("hello frame1", "*");
+ window.frames['frame2'].postMessage("hello frame2", "*");
+ }
+ </script>
+</head>
+<body>
+ <iframe src='http://{{host}}:{{ports[http][0]}}/content-security-policy/frame-ancestors/reporting-frame-allows-self.html' name="frame1"></iframe>
+ <iframe src='http://{{host}}:{{ports[http][0]}}/content-security-policy/frame-ancestors/reporting-frame-allows-none-meta.html' name="frame2"></iframe>
+ <div id="log"></div>
+</body>
+</html>
diff --git a/testing/web-platform/tests/content-security-policy/frame-ancestors/multiple-frames-one-blocked.sub.html b/testing/web-platform/tests/content-security-policy/frame-ancestors/multiple-frames-one-blocked.sub.html
new file mode 100644
index 000000000..3857a173c
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/frame-ancestors/multiple-frames-one-blocked.sub.html
@@ -0,0 +1,37 @@
+<!DOCTYPE html>
+<html>
+<head>
+ <title>multiple-frames-self-allowed</title>
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="../support/logTest.sub.js?logs=[]"></script>
+ <script src='../support/alertAssert.sub.js?alerts=["hello frame2"]'></script>
+ <!-- enforcing policy:
+connect-src 'self' 'none'; script-src 'self' 'unsafe-inline'; frame-src 'self';
+-->
+ <script>
+ function onMessage(event) {
+ if(event.data == "start test") {
+ startTest();
+ } else {
+ alert_assert(event.data);
+ }
+ }
+
+ window.addEventListener(
+ "message",
+ onMessage,
+ false);
+
+ function startTest() {
+ window.frames['frame1'].postMessage("hello frame1", "*");
+ window.frames['frame2'].postMessage("hello frame2", "*");
+ }
+ </script>
+</head>
+<body>
+ <iframe src='http://{{host}}:{{ports[http][0]}}/content-security-policy/frame-ancestors/reporting-frame-allows-none.html' name="frame1"></iframe>
+ <iframe src='http://{{host}}:{{ports[http][0]}}/content-security-policy/frame-ancestors/reporting-frame-allows-self.html' name="frame2"></iframe>
+ <div id="log"></div>
+</body>
+</html>
diff --git a/testing/web-platform/tests/content-security-policy/frame-ancestors/multiple-frames-self-allowed.sub.html b/testing/web-platform/tests/content-security-policy/frame-ancestors/multiple-frames-self-allowed.sub.html
new file mode 100644
index 000000000..485b6eb0f
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/frame-ancestors/multiple-frames-self-allowed.sub.html
@@ -0,0 +1,39 @@
+<!DOCTYPE html>
+<html>
+<head>
+ <title>multiple-frames-self-allowed</title>
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="../support/logTest.sub.js?logs=[]"></script>
+ <script src='../support/alertAssert.sub.js?alerts=["hello frame1","hello frame2"]'></script>
+ <!-- enforcing policy:
+connect-src 'self' 'none'; script-src 'self' 'unsafe-inline'; frame-src 'self';
+-->
+ <script>
+ var startTestCtr = 0;
+ function onMessage(event) {
+ if(event.data == "start test") {
+ startTestCtr++;
+ if(startTestCtr == 2) {
+ startTest();
+ }
+ } else {
+ alert_assert(event.data);
+ }
+ }
+ window.addEventListener(
+ "message",
+ onMessage,
+ false);
+ function startTest() {
+ window.frames['frame1'].postMessage("hello frame1", "*");
+ window.frames['frame2'].postMessage("hello frame2", "*");
+ }
+ </script>
+</head>
+<body>
+ <iframe src='http://{{host}}:{{ports[http][0]}}/content-security-policy/frame-ancestors/reporting-frame-allows-self.html' name="frame1"></iframe>
+ <iframe src='http://{{host}}:{{ports[http][0]}}/content-security-policy/frame-ancestors/reporting-frame-allows-self.html' name="frame2"></iframe>
+ <div id="log"></div>
+</body>
+</html>
diff --git a/testing/web-platform/tests/content-security-policy/frame-ancestors/nested-traversing-allowed.sub.html b/testing/web-platform/tests/content-security-policy/frame-ancestors/nested-traversing-allowed.sub.html
new file mode 100644
index 000000000..a49049d13
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/frame-ancestors/nested-traversing-allowed.sub.html
@@ -0,0 +1,33 @@
+<!DOCTYPE html>
+<html>
+<head>
+ <title>single-frame-self-allowed</title>
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="../support/logTest.sub.js?logs=[]"></script>
+ <script src='../support/alertAssert.sub.js?alerts=["hello deep frame"]'></script>
+ <!-- enforcing policy:
+connect-src 'self' 'none'; script-src 'self' 'unsafe-inline'; frame-src 'self';
+-->
+ <script>
+ function onMessage(event) {
+ if(event.data == "start test") {
+ startTest();
+ } else {
+ alert_assert(event.data);
+ }
+ }
+ window.addEventListener(
+ "message",
+ onMessage,
+ false);
+ function startTest() {
+ window.frames['frame1'].frames['deepframe'].postMessage("hello deep frame", "*");
+ }
+ </script>
+</head>
+<body>
+ <iframe src='http://{{host}}:{{ports[http][0]}}/content-security-policy/frame-ancestors/intermediate-reporting-frame-allows-self.sub.html?subframe=http://{{host}}:{{ports[http][0]}}/content-security-policy/frame-ancestors/reporting-frame-allows-self.html' name="frame1"></iframe>
+ <div id="log"></div>
+</body>
+</html>
diff --git a/testing/web-platform/tests/content-security-policy/frame-ancestors/nested-traversing-banned-top-is-self.sub.html b/testing/web-platform/tests/content-security-policy/frame-ancestors/nested-traversing-banned-top-is-self.sub.html
new file mode 100644
index 000000000..ced262fd7
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/frame-ancestors/nested-traversing-banned-top-is-self.sub.html
@@ -0,0 +1,35 @@
+<!DOCTYPE html>
+<html>
+<head>
+ <title>single-frame-self-allowed</title>
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="../support/logTest.sub.js?logs=[]"></script>
+ <script src='../support/alertAssert.sub.js?alerts=["PASS"]'></script>
+ <!-- enforcing policy:
+connect-src 'self' 'none'; script-src 'self' 'unsafe-inline'; frame-src 'self';
+-->
+ <script>
+ function onMessage(event) {
+ if(event.data == "start test") {
+ startTest();
+ } else {
+ alert_assert(event.data);
+ }
+ }
+ window.addEventListener(
+ "message",
+ onMessage,
+ false);
+ function startTest() {
+ window.frames['frame1'].frames['deepframe'].postMessage("hello deep frame", "*");
+ }
+ function done() { alert_assert("PASS"); }
+ setTimeout(done(), 1);
+ </script>
+</head>
+<body>
+ <iframe src='http://www1.{{host}}:{{ports[http][0]}}/content-security-policy/frame-ancestors/intermediate-reporting-frame-allows-star.sub.html?subframe=http://{{host}}:{{ports[http][0]}}/content-security-policy/frame-ancestors/reporting-frame-allows-self.html' name="frame1"></iframe>
+ <div id="log"></div>
+</body>
+</html>
diff --git a/testing/web-platform/tests/content-security-policy/frame-ancestors/nested-traversing-banned.sub.html b/testing/web-platform/tests/content-security-policy/frame-ancestors/nested-traversing-banned.sub.html
new file mode 100644
index 000000000..e58f0ba8d
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/frame-ancestors/nested-traversing-banned.sub.html
@@ -0,0 +1,37 @@
+<!DOCTYPE html>
+<html>
+<head>
+ <title>single-frame-self-allowed</title>
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="../support/logTest.sub.js?logs=[]"></script>
+ <script src='../support/alertAssert.sub.js?alerts=["PASS"]'></script>
+ <!-- enforcing policy:
+connect-src 'self' 'none'; script-src 'self' 'unsafe-inline'; frame-src 'self';
+-->
+ <script>
+ function onMessage(event) {
+ if(event.data == "start test") {
+ startTest();
+ } else {
+ alert_assert(event.data);
+ }
+ }
+
+ window.addEventListener(
+ "message",
+ onMessage,
+ false);
+
+ function startTest() {
+ window.frames['frame1'].frames['deepframe'].postMessage("hello deep frame", "*");
+ }
+ function done() { alert_assert("PASS"); }
+ setTimeout(done(), 1);
+ </script>
+</head>
+<body>
+ <iframe src='http://{{host}}:{{ports[http][0]}}/content-security-policy/frame-ancestors/intermediate-reporting-frame-allows-self.sub.html?subframe=http://www1.{{host}}:{{ports[http][0]}}/content-security-policy/frame-ancestors/reporting-frame-allows-self.html' name="frame1"></iframe>
+ <div id="log"></div>
+</body>
+</html>
diff --git a/testing/web-platform/tests/content-security-policy/frame-ancestors/reporting-frame-allows-none-meta.html b/testing/web-platform/tests/content-security-policy/frame-ancestors/reporting-frame-allows-none-meta.html
new file mode 100644
index 000000000..c0d079f01
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/frame-ancestors/reporting-frame-allows-none-meta.html
@@ -0,0 +1,23 @@
+<!DOCTYPE html>
+<html>
+<head>
+ <meta http-equiv="Content-Security-Policy" content="frame-ancestors 'none'">
+</head>
+<body>
+ <p>Reporting Frame...</p>
+ <script>
+ function onMessage(event) {
+ var p = document.createElement(p);
+ p.textContent = event.data;
+ document.body.appendChild(p);
+ window.parent.postMessage(event.data, "*");
+ }
+ window.addEventListener(
+ "message",
+ onMessage,
+ false
+ );
+ window.parent.postMessage("start test", "*");
+ </script>
+</body>
+</html> \ No newline at end of file
diff --git a/testing/web-platform/tests/content-security-policy/frame-ancestors/reporting-frame-allows-none.html b/testing/web-platform/tests/content-security-policy/frame-ancestors/reporting-frame-allows-none.html
new file mode 100644
index 000000000..e38d99a6c
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/frame-ancestors/reporting-frame-allows-none.html
@@ -0,0 +1,22 @@
+<!DOCTYPE html>
+<html>
+<body>
+ <p>Reporting Frame...</p>
+ <script>
+ function onMessage(event) {
+ var p = document.createElement(p);
+ p.textContent = event.data;
+ document.body.appendChild(p);
+ window.parent.postMessage(event.data, "*");
+ }
+
+ window.addEventListener(
+ "message",
+ onMessage,
+ false
+ );
+
+ window.parent.postMessage("start test", "*");
+ </script>
+</body>
+</html> \ No newline at end of file
diff --git a/testing/web-platform/tests/content-security-policy/frame-ancestors/reporting-frame-allows-none.html.headers b/testing/web-platform/tests/content-security-policy/frame-ancestors/reporting-frame-allows-none.html.headers
new file mode 100644
index 000000000..18bfb8156
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/frame-ancestors/reporting-frame-allows-none.html.headers
@@ -0,0 +1,5 @@
+Expires: Mon, 26 Jul 1997 05:00:00 GMT
+Cache-Control: no-store, no-cache, must-revalidate
+Cache-Control: post-check=0, pre-check=0, false
+Pragma: no-cache
+Content-Security-Policy: frame-ancestors 'none'
diff --git a/testing/web-platform/tests/content-security-policy/frame-ancestors/reporting-frame-allows-self.html b/testing/web-platform/tests/content-security-policy/frame-ancestors/reporting-frame-allows-self.html
new file mode 100644
index 000000000..7c1186e77
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/frame-ancestors/reporting-frame-allows-self.html
@@ -0,0 +1,22 @@
+<!DOCTYPE html>
+<html>
+<body>
+ <p>Reporting Frame...</p>
+ <script>
+ function onMessage(event) {
+ var p = document.createElement(p);
+ p.textContent = event.data;
+ document.body.appendChild(p);
+ window.parent.postMessage(event.data, "*");
+ }
+
+ window.addEventListener(
+ "message",
+ onMessage,
+ false
+ );
+
+ window.parent.postMessage("start test", "*");
+ </script>
+</body>
+</html> \ No newline at end of file
diff --git a/testing/web-platform/tests/content-security-policy/frame-ancestors/reporting-frame-allows-self.html.headers b/testing/web-platform/tests/content-security-policy/frame-ancestors/reporting-frame-allows-self.html.headers
new file mode 100644
index 000000000..f0eb936b3
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/frame-ancestors/reporting-frame-allows-self.html.headers
@@ -0,0 +1,5 @@
+Expires: Mon, 26 Jul 1997 05:00:00 GMT
+Cache-Control: no-store, no-cache, must-revalidate
+Cache-Control: post-check=0, pre-check=0, false
+Pragma: no-cache
+Content-Security-Policy: frame-ancestors 'self'
diff --git a/testing/web-platform/tests/content-security-policy/frame-ancestors/single-frame-self-allowed.sub.html b/testing/web-platform/tests/content-security-policy/frame-ancestors/single-frame-self-allowed.sub.html
new file mode 100644
index 000000000..3a9b4552e
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/frame-ancestors/single-frame-self-allowed.sub.html
@@ -0,0 +1,35 @@
+<!DOCTYPE html>
+<html>
+<head>
+ <title>single-frame-self-allowed</title>
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="../support/logTest.sub.js?logs=[]"></script>
+ <script src='../support/alertAssert.sub.js?alerts=["hello frame1"]'></script>
+ <!-- enforcing policy:
+connect-src 'self' 'none'; script-src 'self' 'unsafe-inline'; frame-src 'self';
+-->
+ <script>
+ function onMessage(event) {
+ if(event.data == "start test") {
+ startTest();
+ } else {
+ alert_assert(event.data);
+ }
+ }
+
+ window.addEventListener(
+ "message",
+ onMessage,
+ false);
+
+ function startTest() {
+ window.frames['frame1'].postMessage("hello frame1", "*");
+ }
+ </script>
+</head>
+<body>
+ <iframe src='http://{{host}}:{{ports[http][0]}}/content-security-policy/frame-ancestors/reporting-frame-allows-self.html' name="frame1"></iframe>
+ <div id="log"></div>
+</body>
+</html>