43 lines
873 B
HTML
43 lines
873 B
HTML
<!DOCTYPE html>
|
|
<meta charset="utf-8">
|
|
<title>X-Frame-Options variations of DENY</title>
|
|
<script src="/resources/testharness.js"></script>
|
|
<script src="/resources/testharnessreport.js"></script>
|
|
<script src="./support/helper.sub.js"></script>
|
|
|
|
<body>
|
|
<script>
|
|
"use strict";
|
|
|
|
xfo_simple_tests({
|
|
headerValue: `DENY`,
|
|
sameOriginAllowed: false,
|
|
crossOriginAllowed: false
|
|
});
|
|
|
|
xfo_simple_tests({
|
|
headerValue: `denY`,
|
|
sameOriginAllowed: false,
|
|
crossOriginAllowed: false
|
|
});
|
|
|
|
xfo_simple_tests({
|
|
headerValue: ` DENY `,
|
|
sameOriginAllowed: false,
|
|
crossOriginAllowed: false
|
|
});
|
|
|
|
xfo_simple_tests({
|
|
headerValue: `DENY`,
|
|
cspValue: `default-src 'self'`,
|
|
sameOriginAllowed: false,
|
|
crossOriginAllowed: false
|
|
});
|
|
|
|
xfo_simple_tests({
|
|
headerValue: `DENY`,
|
|
cspValue: `frame-ancestors 'self'`,
|
|
sameOriginAllowed: true,
|
|
crossOriginAllowed: false
|
|
});
|
|
</script>
|