chromium/third_party/blink/web_tests/external/wpt/content-security-policy/frame-src/frame-src-cross-origin-same-document-navigation.window.js

// META: script=/common/get-host-info.sub.js
// META: script=/common/utils.js
// META: script=/common/dispatcher/dispatcher.js

// Regression test for https://crbug.com/1262203
//
// A cross-origin document initiates a same-document navigation. This navigation
// is subject to CSP:frame-src 'none', but this doesn't apply, since it's a
// same-document navigation. This test checks this doesn't lead to a crash.

promise_test(async test => {
  const child_token = token();
  const child = new RemoteContext(child_token);
  const iframe = document.createElement("iframe");
  iframe.src = remoteExecutorUrl(child_token, {
    host: get_host_info().REMOTE_HOST
  });
  document.body.appendChild(iframe);

  // Install a promise waiting for a same-document navigation to happen in the
  // child.
  await child.execute_script(() => {
    window.sameDocumentNavigation = new Promise(resolve => {
      window.addEventListener("popstate", resolve);
    });
  });

  // Append a new CSP, disallowing new iframe navigations.
  const meta = document.createElement("meta");
  meta.httpEquiv = "Content-Security-Policy";
  meta.content = "frame-src 'none'";
  document.head.appendChild(meta);

  document.addEventListener(
      "securitypolicyviolation",
      test.unreached_func("same-document navigations aren't subject to CSP"));

  // Create a same-document navigation, inititated cross-origin in the iframe.
  // It must not be blocked by the CSP above.
  iframe.src += "#foo";

  // Make sure the navigation succeeded and was indeed a same-document one:
  await child.execute_script(() => sameDocumentNavigation);
  assert_equals(await child.execute_script(() => location.href), iframe.src);
})