1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
|
<!doctype html>
<meta charset=utf-8>
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
<script src="/common/get-host-info.sub.js"></script>
<script src="/common/utils.js"></script>
<div id=log></div>
<script>
const origins = get_host_info();
[
{
"origin": origins.HTTPS_ORIGIN,
"crossOrigin": origins.HTTPS_REMOTE_ORIGIN
},
{
"origin": origins.HTTPS_REMOTE_ORIGIN,
"crossOrigin": origins.HTTPS_NOTSAMESITE_ORIGIN
},
{
"origin": origins.HTTPS_NOTSAMESITE_ORIGIN,
"crossOrigin": origins.HTTPS_ORIGIN
}
].forEach(({ origin, crossOrigin }) => {
["subframe", "navigate", "popup"].forEach(variant => {
async_test(t => {
const id = token();
const frame = document.createElement("iframe");
t.add_cleanup(() => { frame.remove(); });
const path = new URL("resources/blob-url-factory.html", window.location).pathname;
frame.src = `${origin}${path}?id=${id}&variant=${variant}&crossOrigin=${crossOrigin}`;
window.addEventListener("message", t.step_func(({ data }) => {
if (data.id !== id) {
return;
}
assert_equals(data.origin, origin);
assert_true(data.sameOriginNoCORPSuccess, "Same-origin without CORP did not succeed");
assert_true(data.crossOriginNoCORPFailure, "Cross-origin without CORP did not fail");
t.done();
}));
document.body.append(frame);
}, `Cross-Origin-Embedder-Policy and blob: URL from ${origin} in subframe via ${variant}`);
});
});
</script>
|
