Revision 58ee169367245c6fe5edc01177eac68f76c12f4a authored by Yutaka Hirano on 27 April 2018, 07:15:59 UTC, committed by Anne van Kesteren on 27 April 2018, 07:15:59 UTC
See https://github.com/whatwg/fetch/pull/685, https://github.com/whatwg/html/pull/3592, and discussion in https://github.com/w3c/ServiceWorker/issues/1167.
1 parent cb736aa
deny.sub.html
<!DOCTYPE html>
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
<script src="./support/helper.js"></script>
<body>
<script>
async_test(t => {
var i = document.createElement('iframe');
i.src = "./support/xfo.py?value=DENY";
assert_no_message_from(i, t);
i.onload = t.step_func_done(_ => {
assert_equals(i.contentDocument, null);
i.remove();
});
document.body.appendChild(i);
}, "`XFO: DENY` blocks same-origin framing.");
async_test(t => {
var i = document.createElement('iframe');
i.src = "http://{{domains[www]}}:{{ports[http][0]}}/x-frame-options/support/xfo.py?value=DENY";
assert_no_message_from(i, t);
i.onload = t.step_func_done(_ => {
assert_equals(i.contentDocument, null);
i.remove();
});
document.body.appendChild(i);
}, "`XFO: DENY` blocks cross-origin framing.");
</script>
Computing file changes ...