| <!DOCTYPE html> |
| <meta charset="utf-8"> |
| <title>X-Frame-Options invalid values</title> |
| <script src="/resources/testharness.js"></script> |
| <script src="/resources/testharnessreport.js"></script> |
| <script src="./support/helper.sub.js"></script> |
| |
| <body> |
| <script> |
| "use strict"; |
| |
| xfo_simple_tests({ |
| headerValue: `INVALID`, |
| sameOriginAllowed: true, |
| crossOriginAllowed: true |
| }); |
| |
| xfo_simple_tests({ |
| headerValue: `ALLOW-FROM https://example.com/`, |
| sameOriginAllowed: true, |
| crossOriginAllowed: true |
| }); |
| |
| xfo_simple_tests({ |
| headerValue: `ALLOW-FROM=https://example.com/`, |
| sameOriginAllowed: true, |
| crossOriginAllowed: true |
| }); |
| |
| xfo_simple_tests({ |
| headerValue: `ALLOWALL`, |
| sameOriginAllowed: true, |
| crossOriginAllowed: true |
| }); |
| |
| xfo_simple_tests({ |
| headerValue: `"DENY"`, |
| sameOriginAllowed: true, |
| crossOriginAllowed: true |
| }); |
| |
| xfo_simple_tests({ |
| headerValue: `"SAMEORIGIN"`, |
| sameOriginAllowed: true, |
| crossOriginAllowed: true |
| }); |
| |
| xfo_simple_tests({ |
| headerValue: `"SAMEORIGIN,DENY"`, |
| sameOriginAllowed: true, |
| crossOriginAllowed: true |
| }); |
| |
| xfo_simple_tests({ |
| headerValue: ``, |
| sameOriginAllowed: true, |
| crossOriginAllowed: true |
| }); |
| </script> |