| <!DOCTYPE html> |
| <html> |
| <head> |
| <title>Test advertised required document policy</title> |
| <script src="/resources/testharness.js"></script> |
| <script src="/resources/testharnessreport.js"></script> </head> |
| <body> |
| <h1>Test advertised required document policy</h1> |
| <script> |
| // The top-level document has a document policy, but not a required document |
| // policy. A request for a document in a frame should not include a |
| // `Sec-Required-Document-Policy` header, unless that frame requires it |
| // explicitly through the `policy` attribute. |
| |
| callbacks = {}; |
| |
| window.addEventListener('message', ev => { |
| var id = ev.data.id; |
| if (id && callbacks[id]) { |
| callbacks[id](ev.data.requiredPolicy || null); |
| } |
| }); |
| |
| async_test(t => { |
| var iframe = document.createElement('iframe'); |
| iframe.src = "/document-policy/echo-policy.py?id=1"; |
| callbacks["1"] = t.step_func_done(result => { |
| assert_equals(result, null); |
| }); |
| document.body.appendChild(iframe); |
| }, "Top-level document's policy should not affect child frame requests"); |
| |
| async_test(t => { |
| var iframe = document.createElement('iframe'); |
| iframe.src = "/document-policy/echo-policy.py?id=2"; |
| iframe.policy = "font-display-late-swap=?0"; |
| callbacks["2"] = t.step_func_done(result => { |
| assert_equals(result, "font-display-late-swap=?0"); |
| }); |
| document.body.appendChild(iframe); |
| }, "Child frame can have a required policy independent of the parent document."); |
| |
| async_test(t => { |
| var iframe = document.createElement('iframe'); |
| iframe.src = "/document-policy/echo-policy.py?id=3"; |
| iframe.policy = "lossless-images-max-bpp=4"; |
| callbacks["3"] = t.step_func_done(result => { |
| assert_equals(result, "lossless-images-max-bpp=4.0"); |
| }); |
| document.body.appendChild(iframe); |
| }, "Child frame can have a required policy which is less strict than the parent document's policy."); |
| </script> |
| </body> |
| </html> |