| <!DOCTYPE html> |
| <html> |
| <head> |
| <title>Frame-src: 'self' matches even if the parent's origin is unique.</title> |
| <script src="/resources/testharness.js"></script> |
| <script src="/resources/testharnessreport.js"></script> |
| </head> |
| <body> |
| <script> |
| var t = async_test('SubframeLoaded'); |
| |
| window.addEventListener('securitypolicyviolation', t.step_func(function(e) { |
| if (e.violatedDirective === "frame-src") { |
| assert_unreached('unexpected securitypolicyviolation'); |
| t.done(); |
| } |
| })); |
| |
| window.addEventListener("message", t.step_func(function(event) { |
| assert_equals(event.data, "PASS", 'unexpected message: ' + event.data); |
| t.done(); |
| })); |
| |
| f = document.createElement("iframe"); |
| f.src = "/content-security-policy/support/postmessage-pass.html"; |
| document.body.appendChild(f); |
| </script> |
| </body> |
| </html> |