| CONSOLE MESSAGE: Refused to load http://localhost:8080/security/contentSecurityPolicy/resources/frame-ancestors.pl?policy=%27none%27 because it does not appear in the frame-ancestors directive of the Content Security Policy. |
| A 'frame-ancestors' CSP directive with a value 'none' should block rendering in nested frames. This test PASSED if you do not see any content in the inner-most nested iframe below. Otherwise, it FAILED. |
| |
| |
| |
| -------- |
| Frame: '<!--frame1-->' |
| -------- |
| Testing a cross-origin child with a policy of "'none'" nested in a same-origin parent. |
| |
| |
| |
| -------- |
| Frame: '<!--frame2-->' |
| -------- |
| |