Google Git
Sign in
chromium / external / w3c / web-platform-tests / eb8b11ea03fedefc1a577cc95a2dad31e118a89b / . / x-frame-options / multiple.html
blob: 13c9cf3a375086e39a914438899fd51e58b63ade [file] [log] [blame]
Domenic Denicola29c58c02020-08-18 16:34:52[diff] [blame]1<!DOCTYPE html>
2<meta charset="utf-8">
3<title>X-Frame-Options headers sent multiple times</title>
Antonio Sartori8ed684e2021-03-25 10:39:16[diff] [blame]4
5<!--
6 This test is creating and navigating >90 iframes. This can exceed the
7 "short" timeout".
8-->
9<meta name="timeout" content="long">
10
Domenic Denicola29c58c02020-08-18 16:34:52[diff] [blame]11<script src="/resources/testharness.js"></script>
12<script src="/resources/testharnessreport.js"></script>
13<script src="support/helper.sub.js"></script>
14
15<body>
16<script>
17"use strict";
18
19xfo_simple_tests({
20 headerValue: `SAMEORIGIN`,
21 headerValue2: `SAMEORIGIN`,
22 sameOriginAllowed: true,
23 crossOriginAllowed: false
24});
25
26xfo_simple_tests({
27 headerValue: `SAMEORIGIN`,
28 headerValue2: `sameOrigin`,
29 sameOriginAllowed: true,
30 crossOriginAllowed: false
31});
32
33xfo_simple_tests({
34 headerValue: `SAMEORIGIN`,
35 headerValue2: `DENY`,
36 sameOriginAllowed: false,
37 crossOriginAllowed: false
38});
39
40xfo_simple_tests({
41 headerValue: `SAMEORIGIN`,
42 headerValue2: `INVALID`,
43 sameOriginAllowed: false,
44 crossOriginAllowed: false
45});
46
47xfo_simple_tests({
48 headerValue: `SAMEORIGIN`,
49 headerValue2: `ALLOWALL`, // same as INVALID
50 sameOriginAllowed: false,
51 crossOriginAllowed: false
52});
53
54xfo_simple_tests({
55 headerValue: `SAMEORIGIN`,
56 headerValue2: `"DENY"`, // same as INVALID
57 sameOriginAllowed: false,
58 crossOriginAllowed: false
59});
60
61xfo_simple_tests({
62 headerValue: `SAMEORIGIN`,
63 headerValue2: ``, // same as INVALID
64 sameOriginAllowed: false,
65 crossOriginAllowed: false
66});
67
68xfo_simple_tests({
69 headerValue: `DENY`,
70 headerValue2: `DENY`,
71 sameOriginAllowed: false,
72 crossOriginAllowed: false
73});
74
75xfo_simple_tests({
76 headerValue: `DENY`,
77 headerValue2: `INVALID`,
78 sameOriginAllowed: false,
79 crossOriginAllowed: false
80});
81
82xfo_simple_tests({
83 headerValue: `DENY`,
84 headerValue2: `ALLOWALL`, // same as INVALID
85 sameOriginAllowed: false,
86 crossOriginAllowed: false
87});
88
89xfo_simple_tests({
90 headerValue: `DENY`,
91 headerValue2: `"SAMEORIGIN"`, // same as INVALID
92 sameOriginAllowed: false,
93 crossOriginAllowed: false
94});
95
96xfo_simple_tests({
97 headerValue: `ALLOWALL`,
98 headerValue2: `INVALID`,
99 sameOriginAllowed: false,
100 crossOriginAllowed: false
101});
102
103xfo_simple_tests({
104 headerValue: `ALLOWALL`,
105 headerValue2: ``,
106 sameOriginAllowed: false,
107 crossOriginAllowed: false
108});
109
110xfo_simple_tests({
111 headerValue: `allowAll`,
112 headerValue2: `INVALID`,
113 sameOriginAllowed: false,
114 crossOriginAllowed: false
115});
116
117xfo_simple_tests({
118 headerValue: `INVALID`,
119 headerValue2: `INVALID`,
120 sameOriginAllowed: true,
121 crossOriginAllowed: true
122});
123
124xfo_simple_tests({
125 headerValue: `INVALID`,
126 headerValue2: ``,
127 sameOriginAllowed: true,
128 crossOriginAllowed: true
129});
130
131</script>