LayoutTests/http/tests/security/contentSecurityPolicy/resources/frame-ancestors-test.js

   1 var SAME_ORIGIN = true;
   2 var CROSS_ORIGIN = false;
   3
   4 var EXPECT_BLOCK = true;
   5 var EXPECT_LOAD = false;
   6
   7 var SAMEORIGIN_ORIGIN = "http://127.0.0.1:8000";
   8 var CROSSORIGIN_ORIGIN = "http://localhost:8080";
   9
  10 if (window.testRunner) {
  11     testRunner.dumpAsText();
  12     testRunner.dumpChildFramesAsText();
  13     testRunner.waitUntilDone();
  14 }
  15
  16 function done() {
  17     if (window.testRunner)
  18         testRunner.notifyDone();
  19 }
  20
  21 window.addEventListener("message", function (e) {
  22     if (window.parent != window) {
  23         window.parent.postMessage(e.data, "*");
  24         return;
  25     }
  26     done();
  27 });
  28
  29 function injectNestedIframe(policy, parent, child, expectation) {
  30     var iframe = document.createElement("iframe");
  31
  32     var url = "/security/contentSecurityPolicy/resources/frame-in-frame.pl?"
  33               + "policy=" + policy
  34               + "&parent=" + parent
  35               + "&child=" + child
  36               + "&expectation=" + expectation;
  37     url = (parent == "same" ? SAMEORIGIN_ORIGIN : CROSSORIGIN_ORIGIN) + url;
  38
  39     iframe.src = url;
  40     document.body.appendChild(iframe);
  41 }
  42
  43 function injectIFrame(policy, sameOrigin) {
  44     var iframe = document.createElement("iframe");
  45     iframe.addEventListener("load", handleFrameEvent);
  46     iframe.addEventListener("error", handleFrameEvent);
  47
  48     var url = "/security/contentSecurityPolicy/resources/frame-ancestors.pl?policy=" + policy;
  49     if (!sameOrigin)
  50         url = CROSSORIGIN_ORIGIN + url;
  51
  52     iframe.src = url;
  53     document.body.appendChild(iframe);
  54 }
  55
  56 function handleFrameEvent(event) {
  57     if (window.parent != window) {
  58         window.parent.postMessage(null, '*');
  59         return;
  60     }
  61     done();
  62 }
  63
  64 function crossOriginFrameShouldBeBlocked(policy) {
  65     window.onload = function () {
  66         injectIFrame(policy, CROSS_ORIGIN, EXPECT_BLOCK);
  67     };
  68 }
  69
  70 function crossOriginFrameShouldBeAllowed(policy) {
  71     window.onload = function () {
  72         injectIFrame(policy, CROSS_ORIGIN, EXPECT_LOAD);
  73     };
  74 }
  75
  76 function sameOriginFrameShouldBeBlocked(policy) {
  77     window.onload = function () {
  78         injectIFrame(policy, SAME_ORIGIN, EXPECT_BLOCK);
  79     };
  80 }
  81
  82 function sameOriginFrameShouldBeAllowed(policy) {
  83     window.onload = function () {
  84         injectIFrame(policy, SAME_ORIGIN, EXPECT_LOAD);
  85     };
  86 }
  87
  88 function testNestedIFrame(policy, parent, child, expectation) {
  89     window.onload = function () {
  90         injectNestedIframe(policy, parent == SAME_ORIGIN ? "same" : "cross", child == SAME_ORIGIN ? "same" : "cross", expectation == EXPECT_LOAD ? "Allowed" : "Blocked");
  91     };
  92 }