| <!DOCTYPE html> | |
| <html> | |
| <head> | |
| <script src="../../resources/frame-ancestors-test.js"></script> | |
| </head> | |
| <body> | |
| <p>A 'frame-ancestors' CSP directive with a value '*' should render in nested frames. Note that we can't distinguish blocked URLs from allowed cross-origin URLs due to the same-origin policy. This test PASSED if no console message declares that the frame was blocked.</p> | |
| <script> | |
| testNestedIFrame("*", SAME_ORIGIN, CROSS_ORIGIN, EXPECT_BLOCK); | |
| </script> | |
| </body> | |
| </html> |