allow-attribute-with-get.https.html (6008B)
1 <!DOCTYPE html> 2 <html> 3 <head> 4 <title> 5 Test allow attribute with "digital-credentials-get" and 6 CredentialsContainer's .get() method 7 </title> 8 <script src="/common/get-host-info.sub.js"></script> 9 <script src="/resources/testharness.js"></script> 10 <script src="/resources/testharnessreport.js"></script> 11 <script src="/resources/testdriver.js"></script> 12 <script src="/resources/testdriver-vendor.js"></script> 13 <script type="module"> 14 import { makeGetOptions } from "./support/helper.js"; 15 16 const hostInfo = get_host_info(); 17 const iframeDetails = [ 18 { 19 policy: null, 20 crossOrigin: false, 21 expectIsAllowed: true, 22 }, 23 { 24 policy: null, 25 crossOrigin: true, 26 expectIsAllowed: false, 27 }, 28 { 29 policy: "digital-credentials-get", 30 crossOrigin: false, 31 expectIsAllowed: true, 32 }, 33 { 34 policy: "digital-credentials-get", 35 crossOrigin: true, 36 expectIsAllowed: true, 37 }, 38 { 39 policy: "digital-credentials-get *", 40 crossOrigin: false, 41 expectIsAllowed: true, 42 }, 43 { 44 policy: "digital-credentials-get *", 45 crossOrigin: true, 46 expectIsAllowed: true, 47 }, 48 { 49 policy: "digital-credentials-get 'none'", 50 crossOrigin: false, 51 expectIsAllowed: false, 52 }, 53 { 54 policy: "digital-credentials-get 'none'", 55 crossOrigin: true, 56 expectIsAllowed: false, 57 }, 58 { 59 policy: "digital-credentials-get 'self'", 60 crossOrigin: false, 61 expectIsAllowed: true, 62 }, 63 { 64 policy: "digital-credentials-get 'self'", 65 crossOrigin: true, 66 expectIsAllowed: false, 67 }, 68 { 69 policy: `digital-credentials-get ${hostInfo.HTTPS_REMOTE_ORIGIN}`, 70 crossOrigin: false, 71 expectIsAllowed: false, 72 }, 73 { 74 policy: `digital-credentials-get ${hostInfo.HTTPS_REMOTE_ORIGIN}`, 75 crossOrigin: true, 76 expectIsAllowed: true, 77 }, 78 ]; 79 80 async function loadIframe({ policy, crossOrigin, expectIsAllowed }) { 81 const iframe = document.createElement("iframe"); 82 if (policy !== null) { 83 iframe.allow = policy; 84 } 85 86 await new Promise((resolve) => { 87 iframe.onload = resolve; 88 iframe.src = new URL( 89 "/digital-credentials/support/iframe.html", 90 crossOrigin 91 ? hostInfo.HTTPS_REMOTE_ORIGIN 92 : location.origin 93 ).href; 94 iframe.dataset.expectIsAllowed = expectIsAllowed; 95 iframe.width = "400"; 96 iframe.height = "200"; 97 document.body.appendChild(iframe); 98 }); 99 iframe.focus(); 100 return iframe; 101 } 102 103 function runTests() { 104 for (const details of iframeDetails) { 105 promise_test(async (test) => { 106 const iframe = await loadIframe(details); 107 test.add_cleanup(() => { 108 document.body.removeChild(iframe); 109 }); 110 const { expectIsAllowed } = details; 111 const action = "get"; 112 const options = makeGetOptions({ protocol: [] }); 113 await test_driver.bless("User activation"); 114 const { data } = await new Promise((resolve) => { 115 const callback = (e) => { 116 if (e.source === iframe.contentWindow) { 117 window.removeEventListener('message', callback); 118 resolve(e); 119 } 120 } 121 window.addEventListener("message", callback); 122 iframe.contentWindow.postMessage( 123 { action, options, needsActivation: true }, 124 "*" 125 ); 126 }); 127 const { name, message } = data; 128 const fullMessage = `${iframe.outerHTML} - ${message}`; 129 if (expectIsAllowed) { 130 // When the call is allowed, result in a TypeError since no valid requests 131 // were passed to the call. 132 assert_true(name == "TypeError", fullMessage); 133 } else { 134 // When the call is disallowed, it MUST result in a NotAllowedError. 135 assert_equals(name, "NotAllowedError", fullMessage); 136 } 137 138 }, `With Get: Policy to use: ${details.policy}, is cross-origin: ${details.crossOrigin}, is allowed by policy: ${details.expectIsAllowed}`); 139 } 140 } 141 window.onload = runTests; 142 </script> 143 </head> 144 <body></body> 145 </html>