| <!DOCTYPE html> |
| <html> |
| <head> |
| <script src="/resources/testharness.js"></script> |
| <script src="/resources/testharnessreport.js"></script> |
| </head> |
| <body> |
| <script> |
| async_test(function (t) { |
| var i = document.createElement('iframe'); |
| i.src = "support/frame-ancestors-and-x-frame-options.sub.html?policy='self'&xfo=DENY"; |
| i.onload = t.step_func_done(function () { |
| assert_equals(i.contentWindow.origin, window.origin, "The same-origin page loaded."); |
| }); |
| document.body.appendChild(i); |
| }, "A 'frame-ancestors' CSP directive overrides an 'x-frame-options' header which would block the page."); |
| |
| async_test(function (t) { |
| var i = document.createElement('iframe'); |
| i.src = "support/frame-ancestors-and-x-frame-options.sub.html?policy=other-origin.com&xfo=SAMEORIGIN"; |
| i.onload = t.step_func_done(function () { |
| assert_equals(i.contentDocument, null); |
| }); |
| document.body.appendChild(i); |
| }, "A 'frame-ancestors' CSP directive overrides an 'x-frame-options' header which would allow the page."); |
| </script> |
| </body> |
| </html> |