required-csp-header-cascade.html

Enable keyboard shortcuts

This test has a WPT meta file that expects 9 subtest issues.
This WPT test may be referenced by the following Test IDs:
- /content-security-policy/embedded-enforcement/required-csp-header-cascade.html - WPT Dashboard Interop Dashboard

<!DOCTYPE html>

<html>

<head>

<title>Embedded Enforcement: Sec-Required-CSP header.</title>

  <script src="/resources/testharness.js"></script>

  <script src="/resources/testharnessreport.js"></script>

  <script src="support/testharness-helper.sub.js"></script>

</head>

<body>

  <script>

    var tests = [

      { "name": "Test same policy for both iframes",

        "csp1": "script-src 'unsafe-inline';",

        "csp2": "script-src 'unsafe-inline';",

        "expected1": "script-src 'unsafe-inline';",

        "expected2": "script-src 'unsafe-inline';"},

      { "name": "Test more restrictive policy on second iframe",

        "csp1": "script-src 'unsafe-inline';",

        "csp2": "script-src 'unsafe-inline'; style-src 'self';",

        "expected1": "script-src 'unsafe-inline';",

        "expected2": "script-src 'unsafe-inline'; style-src 'self';"},

      { "name": "Test less restrictive policy on second iframe",

        "csp1": "script-src 'unsafe-inline'; style-src 'self';",

        "csp2": "script-src 'unsafe-inline';",

        "expected1": "script-src 'unsafe-inline'; style-src 'self';",

        "expected2": "script-src 'unsafe-inline'; style-src 'self';"},

      { "name": "Test no policy on second iframe",

        "csp1": "script-src 'unsafe-inline'; style-src 'self';",

        "csp2": "",

        "expected1": "script-src 'unsafe-inline'; style-src 'self';",

        "expected2": "script-src 'unsafe-inline'; style-src 'self';"},

      { "name": "Test no policy on first iframe",

        "csp1": "",

        "csp2": "script-src 'unsafe-inline'; style-src 'self';",

        "expected1": null,

        "expected2": "script-src 'unsafe-inline'; style-src 'self';"},

      { "name": "Test invalid policy on first iframe (bad directive name)",

        "csp1": "default-src http://example.com; i//nvalid-policy-name http://example.com",

        "csp2": "script-src 'unsafe-inline'; style-src 'self';",

        "expected1": null,

        "expected2": "script-src 'unsafe-inline'; style-src 'self';"},

      { "name": "Test invalid policy on first iframe (report directive)",

        "csp1": "script-src 'unsafe-inline'; report-uri resources/dummy-report.php",

        "csp2": "script-src 'unsafe-inline'; style-src 'self';",

        "expected1": null,

        "expected2": "script-src 'unsafe-inline'; style-src 'self';"},

      { "name": "Test invalid policy on second iframe (bad directive name)",

        "csp1": "script-src 'unsafe-inline'; style-src 'self';",

        "csp2": "default-src http://example.com; i//nvalid-policy-name http://example.com",

        "expected1": "script-src 'unsafe-inline'; style-src 'self';",

        "expected2": "script-src 'unsafe-inline'; style-src 'self';"},

      { "name": "Test invalid policy on second iframe (report directive)",

        "csp1": "script-src 'unsafe-inline'; style-src 'self';",

        "csp2": "script-src 'unsafe-inline'; report-uri resources/dummy-report.php",

        "expected1": "script-src 'unsafe-inline'; style-src 'self';",

        "expected2": "script-src 'unsafe-inline'; style-src 'self';"},

];

    tests.forEach(test => {

      async_test(t =>  {

        var url = generateURLStringWithSecondIframeParams(Host.SAME_ORIGIN, PolicyHeader.REQUIRED_CSP, test.csp2);

        assert_required_csp(t, url, test.csp1, [test.expected1, test.expected2]);

      }, "Test same origin: " + test.name);

});

  </script>

</body>

</html>