browsing-topics-permissions-policy-self.tentative.https.sub.html (4105B)
1 <!doctype html> 2 <body> 3 <script src=/resources/testharness.js></script> 4 <script src=/resources/testharnessreport.js></script> 5 <script src=/browsing-topics/resources/header-util.sub.js></script> 6 <script src=/browsing-topics/resources/load_img.sub.js></script> 7 <script src=/browsing-topics/resources/permissions-policy-util.sub.js></script> 8 <script src=/common/utils.js></script> 9 <script> 10 'use strict'; 11 const header = 'permissions policy header browsing-topics=(self)'; 12 13 promise_test(async t => { 14 let topics = await document.browsingTopics(); 15 assert_equals(topics.length, 0); 16 }, header + ' allows document.browsingTopics() in the current page.'); 17 18 async_test(t => { 19 test_topics_feature_availability_in_subframe(t, /*is_same_origin=*/true, 20 expect_topics_feature_available); 21 }, header + ' allows document.browsingTopics() in same-origin iframes.'); 22 23 async_test(t => { 24 test_topics_feature_availability_in_subframe(t, /*is_same_origin=*/false, 25 expect_topics_feature_unavailable); 26 }, header + ' disallows document.browsingTopics() in cross-origin iframes.'); 27 28 const same_origin_url = '/browsing-topics/resources/check-topics-request-header.py'; 29 const cross_origin_url = 'https://{{domains[www]}}:{{ports[https][0]}}' + 30 same_origin_url; 31 32 promise_test(async t => { 33 let response = await fetch(same_origin_url, {browsingTopics: true}); 34 let topics_header = await response.text(); 35 assert_equals(topics_header, EMPTY_TOPICS_HEADER); 36 }, header + 'allows the \'Sec-Browsing-Topics\' header to be sent for the same-origin topics fetch request.'); 37 38 promise_test(async t => { 39 let response = await fetch(cross_origin_url, {browsingTopics: true}); 40 let topics_header = await response.text(); 41 assert_equals(topics_header, "NO_TOPICS_HEADER"); 42 }, header + 'disallows the \'Sec-Browsing-Topics\' header to be sent for the cross-origin topics fetch request.'); 43 44 promise_test(async t => { 45 let response = await fetch('/common/redirect.py?location=' + same_origin_url, {browsingTopics: true}); 46 let topics_header = await response.text(); 47 assert_equals(topics_header, EMPTY_TOPICS_HEADER); 48 }, header + 'allows the \'Sec-Browsing-Topics\' header to be sent for the redirect of a topics fetch request, where the redirect has a same-origin URL.'); 49 50 promise_test(async t => { 51 let response = await fetch('/common/redirect.py?location=' + cross_origin_url, {browsingTopics: true}); 52 let topics_header = await response.text(); 53 assert_equals(topics_header, "NO_TOPICS_HEADER"); 54 }, header + 'disallows the \'Sec-Browsing-Topics\' header to be sent for the redirect of a topics fetch request, where the redirect has a cross-origin URL.'); 55 56 promise_test(async t => { 57 let topics_header = await load_topics_image( 58 /*has_browsing_topics_attribute=*/true, /*is_same_origin=*/true); 59 assert_equals(topics_header, EMPTY_TOPICS_HEADER); 60 }, header + 'allows the \'Sec-Browsing-Topics\' header to be sent for the same-origin topics img request.'); 61 62 promise_test(async t => { 63 let topics_header = await load_topics_image( 64 /*has_browsing_topics_attribute=*/true, /*is_same_origin=*/false); 65 assert_equals(topics_header, "NO_TOPICS_HEADER"); 66 }, header + 'disallows the \'Sec-Browsing-Topics\' header to be sent for the cross-origin topics img request.'); 67 68 async_test(t => { 69 test_topics_iframe_navigation_header( 70 t, /*has_browsing_topics_attribute=*/true, /*is_same_origin=*/true, 71 expect_topics_header_available); 72 }, header + ' allows the \'Sec-Browsing-Topics\' header to be sent for the same-origin iframe navigation request.'); 73 74 async_test(t => { 75 test_topics_iframe_navigation_header( 76 t, /*has_browsing_topics_attribute=*/true, /*is_same_origin=*/false, 77 expect_topics_header_unavailable); 78 }, header + ' disallows the \'Sec-Browsing-Topics\' header to be sent for the cross-origin iframe navigation request.'); 79 </script> 80 </body>