test_notification_crossorigin_iframe.html (3630B)
1 <!DOCTYPE HTML> 2 <html> 3 <!-- 4 Tests that Notification permissions are denied in cross-origin iframes. 5 https://bugzilla.mozilla.org/show_bug.cgi?id=1560741 6 --> 7 <head> 8 <title>Notification permission in cross-origin iframes</title> 9 <script src="/tests/SimpleTest/SimpleTest.js"></script> 10 <script src="/tests/SimpleTest/GleanTest.js"></script> 11 <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" /> 12 </head> 13 <body> 14 <p id="display"></p> 15 <div id="content" style="display: none"> 16 </div> 17 <pre id="test"> 18 <script class="testbody" type="text/javascript"> 19 SimpleTest.waitForExplicitFinish(); 20 21 const kBlankURL = "https://example.org/tests/dom/notification/test/mochitest/blank.html"; 22 23 (async function runTest() { 24 let iframe = document.createElement("iframe"); 25 iframe.src = kBlankURL; 26 document.body.appendChild(iframe); 27 await new Promise(resolve => { 28 iframe.onload = resolve; 29 }); 30 31 await SpecialPowers.spawn(iframe, [], async () => { 32 await SpecialPowers.pushPermissions([ 33 { 34 type: "desktop-notification", 35 allow: SpecialPowers.Services.perms.ALLOW_ACTION, 36 context: content.document, 37 }, 38 ]); 39 }); 40 41 await GleanTest.testResetFOG(); 42 43 let checkRequest = async (expectedResponse, msg) => { 44 let response = await this.content.Notification.requestPermission(); 45 Assert.equal(response, expectedResponse, msg); 46 }; 47 48 await SpecialPowers.spawn(iframe, 49 ["denied", "Denied permission in cross-origin iframe"], 50 checkRequest); 51 52 const requestCount = await GleanTest.webNotification.requestPermissionOrigin.third_party.testGetValue(); 53 is(requestCount, 1, "Notification third party request permission counter should increment once."); 54 55 let checkPermission = async (expectedPermission, msg) => { 56 let permission = this.content.Notification.permission; 57 Assert.equal(permission, expectedPermission, msg); 58 }; 59 60 await SpecialPowers.spawn(iframe, 61 ["denied", "Permission is denied in cross-origin iframe"], 62 checkPermission); 63 64 const permissionCount = await GleanTest.webNotification.permissionOrigin.third_party.testGetValue(); 65 is(permissionCount, 1, "Notification third party permission read counter should increment once."); 66 67 let checkConstruct = async (expectedShown, msg) => { 68 const shown = await new Promise(r => { 69 const n = new this.content.Notification("cross origin"); 70 n.onshow = () => r(true); 71 n.onerror = () => r(false); 72 }); 73 Assert.equal(shown, expectedShown, msg); 74 }; 75 76 await SpecialPowers.spawn(iframe, 77 [false, "Notification constructor should error in cross-origin iframe"], 78 checkConstruct); 79 80 const showCount = await GleanTest.webNotification.showOrigin.third_party.testGetValue(); 81 is(showCount, 1, "Notification third party show attempt counter should increment once."); 82 83 await SpecialPowers.pushPrefEnv({"set": [["dom.webnotifications.allowcrossoriginiframe", true]]}); 84 85 await SpecialPowers.spawn(iframe, 86 ["granted", "Granted permission in cross-origin iframe with pref set"], 87 checkRequest); 88 await SpecialPowers.spawn(iframe, 89 ["granted", "Permission is granted in cross-origin iframe with pref set"], 90 checkPermission); 91 92 SimpleTest.finish(); 93 })(); 94 </script> 95 </pre> 96 </body> 97 </html>