From 661fdfc1017204880ee22de112a0483d5156b277 Mon Sep 17 00:00:00 2001
From: Yutaka Hirano <yhirano@chromium.org>
Date: Wed, 27 May 2020 13:14:06 +0900
Subject: [PATCH] COEP shouldn't take effect in data URL frames.

Related to https://github.com/whatwg/html/issues/4930.
---
 html/cross-origin-embedder-policy/data.https.html | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/html/cross-origin-embedder-policy/data.https.html b/html/cross-origin-embedder-policy/data.https.html
index f2878dfc549172..5f4ffb2f307c70 100644
--- a/html/cross-origin-embedder-policy/data.https.html
+++ b/html/cross-origin-embedder-policy/data.https.html
@@ -10,7 +10,8 @@
     assert_equals(data.id, "");
     assert_equals(data.origin, "null");
     assert_false(data.sameOriginNoCORPSuccess); // This is effectively a no-op for this test
-    assert_true(data.crossOriginNoCORPFailure, "Cross-origin without CORP did not fail");
+    // data URLs are not trustworthy, so COEP shouldn't take effect.
+    assert_false(data.crossOriginNoCORPFailure, "COEP took effect unexpectedly");
   }));
   const frame = document.createElement("iframe");
   t.add_cleanup(() => frame.remove());