blob: 254d2bf4bc22e7b1e38c3024f1da9c898b6e4198 [file] [log] [blame]
<!DOCTYPE html>
<html>
<head>
<script src="resources/multiple-iframe-test.js"></script>
<script>
var tests = [
['no', 'script-src localhost', '/resources/redirect.php?url=http://localhost:8000/security/contentSecurityPolicy/resources/script.js'],
['no', 'script-src 127.0.0.1', '/resources/redirect.php?url=http://localhost:8000/security/contentSecurityPolicy/resources/script.js']
];
</script>
</head>
<body onload='test()'>
<p>Loads an iframe which in turns tries to load an external script. The request for the script is redirected to 'localhost'. The iframe has a content security policy disabling external scripts from hosts other than 'localhost'. So the script should be allowed to run.</p>
</body>
</html>