chromium/third_party/blink/web_tests/external/wpt/fenced-frame/csp-frame-src-blocked.https.html

<!DOCTYPE html>
<meta http-equiv="Content-Security-Policy" content="img-src 'self' https: https://*:*">
<meta http-equiv="Content-Security-Policy" content="frame-src 'none'">
<title>Test Content-Security-Policy fenced-frame-src falling back to frame-src</title>
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
<script src="resources/utils.js"></script>
<script src="/common/utils.js"></script>

<body>
<script>
const key = token();

window.addEventListener('securitypolicyviolation', function(e) {
  // Write to the server even though the listener is in the same file in the
  // test below.
  writeValueToServer(key, e.violatedDirective + ";" + e.blockedURI);
});

promise_test(async () => {
  attachFencedFrame(generateURL(
      "resources/csp-frame-src-blocked-inner.html",
      [key]));
  const result = await nextValueFromServer(key);

  const expected_blocked_uri = generateURL(
      "resources/csp-frame-src-blocked-inner.html", [key]).toString();
  assert_equals(result, "fenced-frame-src;" + expected_blocked_uri,
                "The fenced frame is blocked because of CSP violation");
}, "csp-frame-src-blocked");

promise_test(async () => {
  assert_false(navigator.canLoadAdAuctionFencedFrame());
}, "frame-src none is taken into account with navigator.canLoadAdAuctionFencedFrame");
</script>
</body>