A more permissive child-src should not relax restrictions from a less- permissive frame-src. Directives still combine for least privilege, even when one obsoletes another.
Harness status: OK
Found 1 tests
Result | Test Name | Message | ||||
---|---|---|---|---|---|---|
Pass | Expecting logs: ["PASS IFrame #1 generated a load event.", "violated-directive=frame-src"] | Asserts run
|