Index: LayoutTests/http/tests/security/XFrameOptions/x-frame-options-ancestors-same-origin-deny-expected.txt |
diff --git a/LayoutTests/http/tests/security/XFrameOptions/x-frame-options-ancestors-same-origin-deny-expected.txt b/LayoutTests/http/tests/security/XFrameOptions/x-frame-options-ancestors-same-origin-deny-expected.txt |
new file mode 100644 |
index 0000000000000000000000000000000000000000..429d1b0080d78762e5af4f21c1ace95b2e2493b3 |
--- /dev/null |
+++ b/LayoutTests/http/tests/security/XFrameOptions/x-frame-options-ancestors-same-origin-deny-expected.txt |
@@ -0,0 +1,22 @@ |
+http://localhost:8000/security/XFrameOptions/resources/x-frame-options-parent-same-origin-ancestor.html - willSendRequest <NSURLRequest URL http://localhost:8000/security/XFrameOptions/resources/x-frame-options-parent-same-origin-ancestor.html, main document URL http://127.0.0.1:8000/security/XFrameOptions/x-frame-options-ancestors-same-origin-deny.html, http method GET> redirectResponse (null) |
+http://localhost:8000/security/XFrameOptions/resources/x-frame-options-parent-same-origin-ancestor.html - didReceiveResponse <NSURLResponse http://localhost:8000/security/XFrameOptions/resources/x-frame-options-parent-same-origin-ancestor.html, http status code 200> |
+http://localhost:8000/security/XFrameOptions/resources/x-frame-options-parent-same-origin-ancestor.html - didFinishLoading |
+http://127.0.0.1:8000/security/XFrameOptions/resources/x-frame-options-parent-same-origin-deny.cgi - willSendRequest <NSURLRequest URL http://127.0.0.1:8000/security/XFrameOptions/resources/x-frame-options-parent-same-origin-deny.cgi, main document URL http://127.0.0.1:8000/security/XFrameOptions/x-frame-options-ancestors-same-origin-deny.html, http method GET> redirectResponse (null) |
+CONSOLE MESSAGE: Refused to display 'http://127.0.0.1:8000/security/XFrameOptions/resources/x-frame-options-parent-same-origin-deny.cgi' in a frame because it set 'X-Frame-Options' to 'sameorigin'. |
+This tests verifies that 'X-Frame-Options: SAMEORIGIN' blocks sameorigin.com -> crossorigin.com -> sameorigin.com ancestor chains. |
+ |
+There should be content in the iframe below, but not in its child frame. |
+ |
+ |
+ |
+-------- |
+Frame: '<!--framePath //<!--frame0-->-->' |
+-------- |
+The inner frame should not render any content, as this frame is cross-origin. |
+ |
+ |
+ |
+-------- |
+Frame: '<!--framePath //<!--frame0-->/<!--frame0-->-->' |
+-------- |
+ |