<!DOCTYPE html>
<meta http-equiv="Content-Security-Policy" content="img-src 'self' https: https://*:*">
<meta http-equiv="Content-Security-Policy" content="frame-src 'none'">
<title>Test Content-Security-Policy fenced-frame-src falling back to frame-src</title>
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
<script src="resources/utils.js"></script>
<script src="/common/utils.js"></script>
<body>
<script>
const key = token();
window.addEventListener('securitypolicyviolation', function(e) {
// Write to the server even though the listener is in the same file in the
// test below.
writeValueToServer(key, e.violatedDirective + ";" + e.blockedURI);
});
promise_test(async () => {
attachFencedFrame(generateURL(
"resources/csp-frame-src-blocked-inner.html",
[key]));
const result = await nextValueFromServer(key);
const expected_blocked_uri = generateURL(
"resources/csp-frame-src-blocked-inner.html", [key]).toString();
assert_equals(result, "fenced-frame-src;" + expected_blocked_uri,
"The fenced frame is blocked because of CSP violation");
}, "csp-frame-src-blocked");
promise_test(async () => {
assert_false(navigator.canLoadAdAuctionFencedFrame());
}, "frame-src none is taken into account with navigator.canLoadAdAuctionFencedFrame");
</script>
</body>