| <!DOCTYPE html> |
| <html> |
| <head> |
| <script src="resources/multiple-iframe-test.js"></script> |
| <script> |
| var tests = [ |
| ['no', 'script-src localhost', 'resources/redir.php?url=http://localhost:8000/security/contentSecurityPolicy/resources/script.js'], |
| ['no', 'script-src 127.0.0.1', 'resources/redir.php?url=http://localhost:8000/security/contentSecurityPolicy/resources/script.js'] |
| ]; |
| </script> |
| </head> |
| <body onload='test()'> |
| <p>Loads an iframe which in turns tries to load an external script. The request for the script is redirected to 'localhost'. The iframe has a content security policy disabling external scripts from hosts other than 'localhost'. So the script should be allowed to run.</p> |
| </body> |
| </html> |