Codebase Browser
chromium
Go to App

chromium/third_party/blink/web_tests/external/wpt/html/cross-origin-embedder-policy/header-parsing.https.html 

<!DOCTYPE html>
<html>
  <meta charset="utf-8">
  <meta name="timeout" content="long">
  <script src="/resources/testharness.js"></script>
  <script src="/resources/testharnessreport.js"></script>
<body>
<script>
'use strict';
function createIframe(t, values) {
  const parent = document.createElement('iframe');
  const child = document.createElement('iframe');
  const params = values.map((value) => {
    const percentEncodedValue = typeof value === "object" ? value.percentEncoded : encodeURIComponent(value);
    return `value=${percentEncodedValue}`;
  });
  parent.setAttribute('src', `resources/empty-coep.py?${params.join("&")}`);
  document.body.appendChild(parent);
  t.add_cleanup(() => parent.remove());

  return new Promise((resolve, reject) => {
      parent.onload = resolve;
      parent.onerror = () =>
        reject(new Error(`failed to load from ${parent.src}`));
    })
    .then(() => {
        child.setAttribute('src', '/common/blank.html');
        parent.contentDocument.body.appendChild(child);
        return new Promise((resolve) => {
            child.onload = resolve;
            child.onerror = () =>
              reject(new Error(`failed to load from ${child.src}`));
          });
      })
    .then(() => child);
}

[
  [],
  [''],
  ['jibberish'],
  [{ percentEncoded: 'require%FFcorp' }], // non-ASCII byte
  ['require-corp;'],
  ['\u000brequire-corp\u000b'], // vertical tab
  ['\u000crequire-corp\u000c'], // form feed
  ['\u000drequire-corp\u000d'], // carriage return
  ['Require-corp'],
  ['"require-corp"'], // HTTP structured header "string" item
  [':cmVxdWlyZS1jb3Jw:'], // HTTP structured header "byte sequence" item
  ['require-corp;\tfoo=bar'],
  ['require-corp require-corp'],
  ['require-corp,require-corp'],
  ['require-corp', 'require-corp'],
  ['', 'require-corp'],
  ['require-corp', ''],
].forEach((values) => {
  promise_test((t) => {
    return createIframe(t, values)
      .then((child) => {
          assert_not_equals(child.contentDocument, null);
        });
  }, 'navigation allowed for ' + JSON.stringify(values));
});

[
  ['require-corp'],
  [' require-corp '],
  ['\trequire-corp\t'], // leading and trailing OWS is not part of the field-value per HTTP
  [' \trequire-corp'],
  ['require-corp\t '],
  ['require-corp; foo=bar'],
  ['require-corp;require-corp'],
  ['require-corp; report-to="data:', '"'], // `require-corp; report-to="data:, "`

].forEach((values) => {
  promise_test((t) => {
    return createIframe(t, values)
      .then((child) => {
          assert_equals(child.contentDocument, null);
        });
  }, 'navigation blocked for ' + JSON.stringify(values));
});
</script>
</body>
</html>