OLD | NEW |
(Empty) | |
| 1 http://localhost:8000/security/XFrameOptions/resources/x-frame-options-parent-sa
me-origin-ancestor.html - willSendRequest <NSURLRequest URL http://localhost:800
0/security/XFrameOptions/resources/x-frame-options-parent-same-origin-ancestor.h
tml, main document URL http://127.0.0.1:8000/security/XFrameOptions/x-frame-opti
ons-ancestors-same-origin-deny.html, http method GET> redirectResponse (null) |
| 2 http://localhost:8000/security/XFrameOptions/resources/x-frame-options-parent-sa
me-origin-ancestor.html - didReceiveResponse <NSURLResponse http://localhost:800
0/security/XFrameOptions/resources/x-frame-options-parent-same-origin-ancestor.h
tml, http status code 200> |
| 3 http://localhost:8000/security/XFrameOptions/resources/x-frame-options-parent-sa
me-origin-ancestor.html - didFinishLoading |
| 4 http://127.0.0.1:8000/security/XFrameOptions/resources/x-frame-options-parent-sa
me-origin-deny.cgi - willSendRequest <NSURLRequest URL http://127.0.0.1:8000/sec
urity/XFrameOptions/resources/x-frame-options-parent-same-origin-deny.cgi, main
document URL http://127.0.0.1:8000/security/XFrameOptions/x-frame-options-ancest
ors-same-origin-deny.html, http method GET> redirectResponse (null) |
| 5 CONSOLE MESSAGE: Refused to display 'http://127.0.0.1:8000/security/XFrameOption
s/resources/x-frame-options-parent-same-origin-deny.cgi' in a frame because it s
et 'X-Frame-Options' to 'sameorigin'. |
| 6 This tests verifies that 'X-Frame-Options: SAMEORIGIN' blocks sameorigin.com ->
crossorigin.com -> sameorigin.com ancestor chains. |
| 7 |
| 8 There should be content in the iframe below, but not in its child frame. |
| 9 |
| 10 |
| 11 |
| 12 -------- |
| 13 Frame: '<!--framePath //<!--frame0-->-->' |
| 14 -------- |
| 15 The inner frame should not render any content, as this frame is cross-origin. |
| 16 |
| 17 |
| 18 |
| 19 -------- |
| 20 Frame: '<!--framePath //<!--frame0-->/<!--frame0-->-->' |
| 21 -------- |
| 22 |
OLD | NEW |