allow-attribute-with-create.https.html (5863B)
1 <!DOCTYPE html> 2 <html> 3 <head> 4 <title> 5 Test allow attribute with "digital-credentials-create" and 6 CredentialsContainer's .create() method 7 </title> 8 <script src="/common/get-host-info.sub.js"></script> 9 <script src="/resources/testharness.js"></script> 10 <script src="/resources/testharnessreport.js"></script> 11 <script src="/resources/testdriver.js"></script> 12 <script src="/resources/testdriver-vendor.js"></script> 13 <script type="module"> 14 import { makeCreateOptions } from "./support/helper.js"; 15 16 const hostInfo = get_host_info(); 17 const iframeDetails = [ 18 { 19 policy: null, 20 crossOrigin: false, 21 expectIsAllowed: true, 22 }, 23 { 24 policy: null, 25 crossOrigin: true, 26 expectIsAllowed: false, 27 }, 28 { 29 policy: "digital-credentials-create", 30 crossOrigin: false, 31 expectIsAllowed: true, 32 }, 33 { 34 policy: "digital-credentials-create", 35 crossOrigin: true, 36 expectIsAllowed: true, 37 }, 38 { 39 policy: "digital-credentials-create *", 40 crossOrigin: false, 41 expectIsAllowed: true, 42 }, 43 { 44 policy: "digital-credentials-create *", 45 crossOrigin: true, 46 expectIsAllowed: true, 47 }, 48 { 49 policy: "digital-credentials-create 'none'", 50 crossOrigin: false, 51 expectIsAllowed: false, 52 }, 53 { 54 policy: "digital-credentials-create 'none'", 55 crossOrigin: true, 56 expectIsAllowed: false, 57 }, 58 { 59 policy: "digital-credentials-create 'self'", 60 crossOrigin: false, 61 expectIsAllowed: true, 62 }, 63 { 64 policy: "digital-credentials-create 'self'", 65 crossOrigin: true, 66 expectIsAllowed: false, 67 }, 68 { 69 policy: `digital-credentials-create ${hostInfo.HTTPS_REMOTE_ORIGIN}`, 70 crossOrigin: false, 71 expectIsAllowed: false, 72 }, 73 { 74 policy: `digital-credentials-create ${hostInfo.HTTPS_REMOTE_ORIGIN}`, 75 crossOrigin: true, 76 expectIsAllowed: true, 77 }, 78 ]; 79 80 async function loadIframe({ policy, crossOrigin, expectIsAllowed }) { 81 const iframe = document.createElement("iframe"); 82 if (policy !== null) { 83 iframe.allow = policy; 84 } 85 86 await new Promise((resolve) => { 87 iframe.onload = resolve; 88 iframe.src = new URL( 89 "/digital-credentials/support/iframe.html", 90 crossOrigin 91 ? hostInfo.HTTPS_REMOTE_ORIGIN 92 : location.origin 93 ).href; 94 iframe.dataset.expectIsAllowed = expectIsAllowed; 95 document.body.appendChild(iframe); 96 }); 97 iframe.focus(); 98 return iframe; 99 } 100 101 function runTests() { 102 for (const details of iframeDetails) { 103 promise_test(async (test) => { 104 const iframe = await loadIframe(details); 105 test.add_cleanup(() => { 106 document.body.removeChild(iframe); 107 }); 108 const { expectIsAllowed } = details; 109 const action = "create"; 110 // Results in TypeError when allowed, NotAllowedError when disallowed 111 const options = makeCreateOptions({ protocol: [] }); 112 const { data } = await new Promise((resolve) => { 113 const callback = (e) => { 114 if (e.source === iframe.contentWindow) { 115 window.removeEventListener('message', callback); 116 resolve(e); 117 } 118 } 119 window.addEventListener("message", callback); 120 iframe.contentWindow.postMessage( 121 { action, options, needsActivation: true }, 122 "*" 123 ); 124 }); 125 const { name, message } = data; 126 const fullMessage = `${iframe.outerHTML} - ${message}`; 127 if (expectIsAllowed) { 128 assert_true( 129 name == "TypeError" || name == "NotAllowedError", 130 fullMessage 131 ); 132 } else { 133 assert_equals(name, "NotAllowedError", fullMessage); 134 } 135 }, `With Create: Policy to use: ${details.policy}, is cross-origin: ${details.crossOrigin}, is allowed by policy: ${details.expectIsAllowed}`); 136 } 137 } 138 window.onload = runTests; 139 </script> 140 </head> 141 <body></body> 142 </html>