Add WPT for CSP frame-src 'self' on sandboxed embedder #26609
Merged
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
The Content-Security-Policy keyword 'self' in a source expression is a
placeholder for allowing sources with the same origin as the
document. Even if the document is sandboxed (i.e. has a unique opaque
origin), the keyword 'self' should match the document URL's origin.
This test checks that a document with CSPs:
Content-Security-Policy: sandbox; frame-src 'self'
can still embed a frame delivered by the same document URL's origin.
Bug: 1151323
Change-Id: Icba5fb8a15bca30ab807ca81ae97152122efb292
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2552593
Commit-Queue: Antonio Sartori <antoniosartori@chromium.org>
Reviewed-by: Arthur Sonzogni <arthursonzogni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#830203}