1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
content / test / data / frame-src-self-and-b.html [blame]
<!DOCTYPE html>
<html>
<head>
<title>This page should only allow subframes from the same origin or b.com</title>
</head>
<body>
This page should only allow subframes from the same origin or from b.com,
because its CSP headers specify frame-src 'self' and 'b.com'.
<iframe src="/cross-site/b.com/title2.html"></iframe>
<iframe srcdoc="
<html>
<head>
<title>subtitle1</title>
</head>
<body>
<iframe src='/cross-site/b.com/title2.html'></iframe>
</body>
</html>"></iframe>
</body>
</html>