chromium/src/third_party/blink/web_tests/external/wpt/x-frame-options/deny.html - manifest_repos/chromium_src - Git at Google

 <!DOCTYPE html>
 <meta charset="utf-8">
 <title>X-Frame-Options variations of DENY</title>
 <script src="/resources/testharness.js"></script>
 <script src="/resources/testharnessreport.js"></script>
 <script src="./support/helper.sub.js"></script>

 <body>
 <script>
 "use strict";

 xfo_simple_tests({
   headerValue: `DENY`,
   sameOriginAllowed: false,
   crossOriginAllowed: false
 });

 xfo_simple_tests({
   headerValue: `denY`,
   sameOriginAllowed: false,
   crossOriginAllowed: false
 });

 xfo_simple_tests({
   headerValue: `  DENY `,
   sameOriginAllowed: false,
   crossOriginAllowed: false
 });

 xfo_simple_tests({
   headerValue: `DENY`,
   cspValue: `default-src 'self'`,
   sameOriginAllowed: false,
   crossOriginAllowed: false
 });

 xfo_simple_tests({
   headerValue: `DENY`,
   cspValue: `frame-ancestors 'self'`,
   sameOriginAllowed: true,
   crossOriginAllowed: false
 });
 </script>
	<!DOCTYPE html>
	<meta charset="utf-8">
	<title>X-Frame-Options variations of DENY</title>
	<script src="/resources/testharness.js"></script>
	<script src="/resources/testharnessreport.js"></script>
	<script src="./support/helper.sub.js"></script>

	<body>
	<script>
	"use strict";

	xfo_simple_tests({
	headerValue: `DENY`,
	sameOriginAllowed: false,
	crossOriginAllowed: false
	});

	xfo_simple_tests({
	headerValue: `denY`,
	sameOriginAllowed: false,
	crossOriginAllowed: false
	});

	xfo_simple_tests({
	headerValue: ` DENY `,
	sameOriginAllowed: false,
	crossOriginAllowed: false
	});

	xfo_simple_tests({
	headerValue: `DENY`,
	cspValue: `default-src 'self'`,
	sameOriginAllowed: false,
	crossOriginAllowed: false
	});

	xfo_simple_tests({
	headerValue: `DENY`,
	cspValue: `frame-ancestors 'self'`,
	sameOriginAllowed: true,
	crossOriginAllowed: false
	});
	</script>