1 var SAME_ORIGIN = true;
2 var CROSS_ORIGIN = false;
4 var EXPECT_BLOCK = true;
5 var EXPECT_LOAD = false;
7 var SAMEORIGIN_ORIGIN = "http://127.0.0.1:8000";
8 var CROSSORIGIN_ORIGIN = "http://localhost:8080";
10 if (window.testRunner) {
11 testRunner.dumpAsText();
12 testRunner.dumpChildFramesAsText();
13 testRunner.waitUntilDone();
17 if (window.testRunner)
18 testRunner.notifyDone();
21 window.addEventListener("message", function (e) {
22 if (window.parent != window) {
23 window.parent.postMessage(e.data, "*");
29 function injectNestedIframe(policy, parent, child, expectation) {
30 var iframe = document.createElement("iframe");
32 var url = "/security/contentSecurityPolicy/resources/frame-in-frame.pl?"
36 + "&expectation=" + expectation;
37 url = (parent == "same" ? SAMEORIGIN_ORIGIN : CROSSORIGIN_ORIGIN) + url;
40 document.body.appendChild(iframe);
43 function injectIFrame(policy, sameOrigin) {
44 var iframe = document.createElement("iframe");
45 iframe.addEventListener("load", handleFrameEvent);
46 iframe.addEventListener("error", handleFrameEvent);
48 var url = "/security/contentSecurityPolicy/resources/frame-ancestors.pl?policy=" + policy;
50 url = CROSSORIGIN_ORIGIN + url;
53 document.body.appendChild(iframe);
56 function handleFrameEvent(event) {
57 if (window.parent != window) {
58 window.parent.postMessage(null, '*');
64 function crossOriginFrameShouldBeBlocked(policy) {
65 window.onload = function () {
66 injectIFrame(policy, CROSS_ORIGIN, EXPECT_BLOCK);
70 function crossOriginFrameShouldBeAllowed(policy) {
71 window.onload = function () {
72 injectIFrame(policy, CROSS_ORIGIN, EXPECT_LOAD);
76 function sameOriginFrameShouldBeBlocked(policy) {
77 window.onload = function () {
78 injectIFrame(policy, SAME_ORIGIN, EXPECT_BLOCK);
82 function sameOriginFrameShouldBeAllowed(policy) {
83 window.onload = function () {
84 injectIFrame(policy, SAME_ORIGIN, EXPECT_LOAD);
88 function testNestedIFrame(policy, parent, child, expectation) {
89 window.onload = function () {
90 injectNestedIframe(policy, parent == SAME_ORIGIN ? "same" : "cross", child == SAME_ORIGIN ? "same" : "cross", expectation == EXPECT_LOAD ? "Allowed" : "Blocked");