Content - 8ef583106c08dec4f34769b68196961f3e012db5 - c7296cb/x-frame-options/deny.sub.html

visit type:

Tip revision: c5e2e61d4173a01e1b56881c5e18edb7730e1ac5 authored by Rouslan Solomakhin on 26 March 2018, 16:27:36 UTC
Replace 'enabledMethods' array into 'method' string.

Tip revision: c5e2e61

deny.sub.html

<!DOCTYPE html>
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
<script src="./support/helper.js"></script>
<body>
<script>
  async_test(t => {
    var i = document.createElement('iframe');
    i.src = "./support/xfo.py?value=DENY";

    assert_no_message_from(i, t);

    i.onload = t.step_func_done(_ => {
      assert_throws("SecurityError", function () { return i.contentDocument; });
      i.remove();
    });

    document.body.appendChild(i);
  }, "`XFO: DENY` blocks same-origin framing.");

  async_test(t => {
    var i = document.createElement('iframe');
    i.src = "http://{{domains[www]}}:{{ports[http][0]}}/x-frame-options/support/xfo.py?value=DENY";

    assert_no_message_from(i, t);

    i.onload = t.step_func_done(_ => {
      assert_throws("SecurityError", function () { return i.contentDocument; });
      i.remove();
    });

    document.body.appendChild(i);
  }, "`XFO: DENY` blocks cross-origin framing.");
</script>

Browse the archive

https://github.com/web-platform-tests/wpt