diff --git a/html/cross-origin-opener-policy/coop-csp-sandbox-navigate.https.html b/html/cross-origin-opener-policy/coop-csp-sandbox-navigate.https.html
new file mode 100644
index 00000000000000..bd3a55a2d8fdb0
--- /dev/null
+++ b/html/cross-origin-opener-policy/coop-csp-sandbox-navigate.https.html
@@ -0,0 +1,39 @@
+
+
+
diff --git a/html/cross-origin-opener-policy/coop-csp-sandbox.https.html b/html/cross-origin-opener-policy/coop-csp-sandbox.https.html
new file mode 100644
index 00000000000000..259d484df2cbf7
--- /dev/null
+++ b/html/cross-origin-opener-policy/coop-csp-sandbox.https.html
@@ -0,0 +1,24 @@
+
+
CSP sandboxed Cross-Origin-Opener-Policy popup should result in a network error
+
+
+
+
+
diff --git a/html/cross-origin-opener-policy/resources/common.js b/html/cross-origin-opener-policy/resources/common.js
index 5a1744cd9ceaa4..18656cd9e6e1e9 100644
--- a/html/cross-origin-opener-policy/resources/common.js
+++ b/html/cross-origin-opener-policy/resources/common.js
@@ -102,3 +102,17 @@ function run_coop_test_iframe (documentTitle, iframe_origin, popup_origin, popup
document.body.append(frame);
}, `${documentTitle} with ${iframe_origin.name} iframe opening popup a ${popup_origin.name} with COOP: ${format_value(popup_coop)}`);
}
+
+// Wait until the page is fully loaded before navigating
+// so that it creates a history entry properly.
+function fullyLoaded() {
+ return new Promise((resolve, reject) => {
+ addEventListener('load', () => {
+ requestAnimationFrame(() => {
+ requestAnimationFrame(() => {
+ resolve();
+ });
+ });
+ });
+ });
+}
diff --git a/html/cross-origin-opener-policy/resources/coop-coep.py b/html/cross-origin-opener-policy/resources/coop-coep.py
index 285b961e996917..04b673bf2d9732 100644
--- a/html/cross-origin-opener-policy/resources/coop-coep.py
+++ b/html/cross-origin-opener-policy/resources/coop-coep.py
@@ -26,29 +26,19 @@ def main(request, response):
-
+
+
+
"""
diff --git a/html/cross-origin-opener-policy/resources/csp-sandbox.py b/html/cross-origin-opener-policy/resources/csp-sandbox.py
new file mode 100644
index 00000000000000..ed415c431eca42
--- /dev/null
+++ b/html/cross-origin-opener-policy/resources/csp-sandbox.py
@@ -0,0 +1,29 @@
+def main(request, response):
+ coop = request.GET.first(b"coop")
+ coep = request.GET.first(b"coep")
+ sandbox = request.GET.first(b"sandbox")
+ if coop != "":
+ response.headers.set(b"Cross-Origin-Opener-Policy", coop)
+ if coep != "":
+ response.headers.set(b"Cross-Origin-Embedder-Policy", coep)
+ response.headers.set(b"Content-Security-Policy", b"sandbox " + sandbox + b";")
+
+ # Open a popup to coop-coep.py with the same parameters (except sandbox)
+ response.content = b"""
+
+
+
+
+
+"""