| http://localhost:8000/security/XFrameOptions/resources/x-frame-options-multiple-headers-sameorigin.cgi - willSendRequest <NSURLRequest URL http://localhost:8000/security/XFrameOptions/resources/x-frame-options-multiple-headers-sameorigin.cgi, main document URL http://127.0.0.1:8000/security/XFrameOptions/x-frame-options-multiple-headers-sameorigin-deny.html, http method GET> redirectResponse (null) |
| http://127.0.0.1:8000/security/XFrameOptions/x-frame-options-multiple-headers-sameorigin-deny.html - didFinishLoading |
| CONSOLE MESSAGE: Refused to display 'http://localhost:8000/security/XFrameOptions/resources/x-frame-options-multiple-headers-sameorigin.cgi' in a frame because it set 'X-Frame-Options' to 'SAMEORIGIN, SAMEORIGIN'. |
| CONSOLE MESSAGE: SecurityError: Sandbox access violation: Blocked a frame at "http://127.0.0.1:8000" from accessing a cross-origin frame. The frame being accessed is sandboxed and lacks the "allow-same-origin" flag. |
| CONSOLE MESSAGE: PASS: Could not read contentWindow.location.href |
| http://localhost:8000/security/XFrameOptions/resources/x-frame-options-multiple-headers-sameorigin.cgi - didFailLoadingWithError: <NSError domain NSURLErrorDomain, code -999, failing URL "http://localhost:8000/security/XFrameOptions/resources/x-frame-options-multiple-headers-sameorigin.cgi"> |
| The frame below should not load, proving that 'sameorigin, sameorigin' === 'sameorigin'. |
| |
| |
| |
| -------- |
| Frame: '<!--frame1-->' |
| -------- |
| |