<!DOCTYPE html>
<html>
<head>
<script src="resources/multiple-iframe-test.js"></script>
<script>
var tests = [
['no', 'script-src localhost', 'resources/redir.php?url=http://localhost:8000/security/contentSecurityPolicy/resources/script.js'],
['no', 'script-src 127.0.0.1', 'resources/redir.php?url=http://localhost:8000/security/contentSecurityPolicy/resources/script.js']
];
</script>
</head>
<body onload='test()'>
<p>Loads an iframe which in turns tries to load an external script. The request for the script is redirected to 'localhost'. The iframe has a content security policy disabling external scripts from hosts other than 'localhost'. So the script should be allowed to run.</p>
</body>
</html>
Codebase Browser
chromium