Update frame-ancestor directive to match Content Security Policy Level 3
[WebKit-https.git] / LayoutTests / http / tests / security / contentSecurityPolicy / resources / frame-ancestors-test.js
1 var SAME_ORIGIN = true;
2 var CROSS_ORIGIN = false;
3
4 var EXPECT_BLOCK = true;
5 var EXPECT_LOAD = false;
6
7 var SAMEORIGIN_ORIGIN = "http://127.0.0.1:8000";
8 var CROSSORIGIN_ORIGIN = "http://localhost:8080";
9
10 if (window.testRunner) {
11     testRunner.dumpAsText();
12     testRunner.dumpChildFramesAsText();
13     testRunner.waitUntilDone();
14 }
15
16 function done() {
17     if (window.testRunner)
18         testRunner.notifyDone();
19 }
20
21 window.addEventListener("message", function (e) {
22     if (window.parent != window) {
23         window.parent.postMessage(e.data, "*");
24         return;
25     }
26     done();
27 });
28
29 function injectNestedIframe(policy, parent, child, expectation, sandboxPolicy) {
30     var iframe = document.createElement("iframe");
31
32     var url = "/security/contentSecurityPolicy/resources/frame-in-frame.pl?"
33               + "policy=" + policy
34               + "&parent=" + parent
35               + "&child=" + child
36               + "&expectation=" + expectation;
37     url = (parent == "same" ? SAMEORIGIN_ORIGIN : CROSSORIGIN_ORIGIN) + url;
38
39     if (sandboxPolicy !== undefined)
40         iframe.sandbox = sandboxPolicy;
41
42     iframe.src = url;
43     document.body.appendChild(iframe);
44 }
45
46 function injectIFrame(policy, sameOrigin) {
47     var iframe = document.createElement("iframe");
48     iframe.addEventListener("load", handleFrameEvent);
49     iframe.addEventListener("error", handleFrameEvent);
50
51     var url = "/security/contentSecurityPolicy/resources/frame-ancestors.pl?policy=" + policy;
52     if (!sameOrigin)
53         url = CROSSORIGIN_ORIGIN + url;
54
55     iframe.src = url;
56     document.body.appendChild(iframe);
57 }
58
59 function handleFrameEvent(event) {
60     if (window.parent != window) {
61         window.parent.postMessage(null, '*');
62         return;
63     }
64     done();
65 }
66
67 function crossOriginFrameShouldBeBlocked(policy) {
68     window.onload = function () {
69         injectIFrame(policy, CROSS_ORIGIN, EXPECT_BLOCK);
70     };
71 }
72
73 function crossOriginFrameShouldBeAllowed(policy) {
74     window.onload = function () {
75         injectIFrame(policy, CROSS_ORIGIN, EXPECT_LOAD);
76     };
77 }
78
79 function sameOriginFrameShouldBeBlocked(policy) {
80     window.onload = function () {
81         injectIFrame(policy, SAME_ORIGIN, EXPECT_BLOCK);
82     };
83 }
84
85 function sameOriginFrameShouldBeAllowed(policy) {
86     window.onload = function () {
87         injectIFrame(policy, SAME_ORIGIN, EXPECT_LOAD);
88     };
89 }
90
91 function testNestedIFrame(policy, parent, child, expectation, sandboxPolicy) {
92     window.onload = function () {
93         injectNestedIframe(policy, parent == SAME_ORIGIN ? "same" : "cross", child == SAME_ORIGIN ? "same" : "cross", expectation == EXPECT_LOAD ? "Allowed" : "Blocked", sandboxPolicy);
94     };
95 }