third_party/WebKit/LayoutTests/http/tests/security/XFrameOptions/x-frame-options-multiple-headers-sameorigin-deny.html

   1 <!DOCTYPE html>
   2 <html>
   3 <head>
   4     <script>
   5         if (window.testRunner) {
   6             testRunner.dumpAsText();
   7             testRunner.dumpChildFramesAsText();
   8             testRunner.dumpResourceLoadCallbacks();
   9             testRunner.waitUntilDone();
  10         }
  11
  12         function checkIfDone() {
  13             try {
  14                 var url = document.querySelector('iframe').contentWindow.location.href;
  15                 console.log("FAIL: Could read contentWindow.location.href");
  16             } catch (e) {
  17                 console.log("PASS: Access to contentWindow.location.href threw an exception.");
  18             }
  19
  20             testRunner.notifyDone();
  21         }
  22     </script>
  23 </head>
  24 <body>
  25     <p>The frame below should not load, proving that 'sameorigin, sameorigin' === 'sameorigin'.</p>
  26     <iframe style="width:500px; height:500px" src="http://localhost:8000/security/XFrameOptions/resources/x-frame-options-multiple-headers-sameorigin.cgi" onload="checkIfDone()"></iframe>
  27 </body>
  28 </html>