ad9ced85dd7b68e42ee89cd709f6cc222f4dcd7f
[WebKit-https.git] / LayoutTests / http / tests / security / contentSecurityPolicy / resources / frame-ancestors-test.js
1 var SAME_ORIGIN = true;
2 var CROSS_ORIGIN = false;
3
4 var EXPECT_BLOCK = true;
5 var EXPECT_LOAD = false;
6
7 var SAMEORIGIN_ORIGIN = "http://127.0.0.1:8000";
8 var CROSSORIGIN_ORIGIN = "http://localhost:8080";
9
10 if (window.testRunner) {
11     testRunner.dumpAsText();
12     testRunner.dumpChildFramesAsText();
13     testRunner.waitUntilDone();
14 }
15
16 function done() {
17     if (window.testRunner)
18         testRunner.notifyDone();
19 }
20
21 window.addEventListener("message", function (e) {
22     if (window.parent != window) {
23         window.parent.postMessage(e.data, "*");
24         return;
25     }
26     done();
27 });
28
29 function injectNestedIframe(policy, parent, child, expectation) {
30     var iframe = document.createElement("iframe");
31
32     var url = "/security/contentSecurityPolicy/resources/frame-in-frame.pl?"
33               + "policy=" + policy
34               + "&parent=" + parent
35               + "&child=" + child
36               + "&expectation=" + expectation;
37     url = (parent == "same" ? SAMEORIGIN_ORIGIN : CROSSORIGIN_ORIGIN) + url;
38
39     iframe.src = url;
40     document.body.appendChild(iframe);
41 }
42
43 function injectIFrame(policy, sameOrigin) {
44     var iframe = document.createElement("iframe");
45     iframe.addEventListener("load", handleFrameEvent);
46     iframe.addEventListener("error", handleFrameEvent);
47
48     var url = "/security/contentSecurityPolicy/resources/frame-ancestors.pl?policy=" + policy;
49     if (!sameOrigin)
50         url = CROSSORIGIN_ORIGIN + url;
51
52     iframe.src = url;
53     document.body.appendChild(iframe);
54 }
55
56 function handleFrameEvent(event) {
57     if (window.parent != window) {
58         window.parent.postMessage(null, '*');
59         return;
60     }
61     done();
62 }
63
64 function crossOriginFrameShouldBeBlocked(policy) {
65     window.onload = function () {
66         injectIFrame(policy, CROSS_ORIGIN, EXPECT_BLOCK);
67     };
68 }
69
70 function crossOriginFrameShouldBeAllowed(policy) {
71     window.onload = function () {
72         injectIFrame(policy, CROSS_ORIGIN, EXPECT_LOAD);
73     };
74 }
75
76 function sameOriginFrameShouldBeBlocked(policy) {
77     window.onload = function () {
78         injectIFrame(policy, SAME_ORIGIN, EXPECT_BLOCK);
79     };
80 }
81
82 function sameOriginFrameShouldBeAllowed(policy) {
83     window.onload = function () {
84         injectIFrame(policy, SAME_ORIGIN, EXPECT_LOAD);
85     };
86 }
87
88 function testNestedIFrame(policy, parent, child, expectation) {
89     window.onload = function () {
90         injectNestedIframe(policy, parent == SAME_ORIGIN ? "same" : "cross", child == SAME_ORIGIN ? "same" : "cross", expectation == EXPECT_LOAD ? "Allowed" : "Blocked");
91     };
92 }