tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

trust-token-redemption-default-feature-policy.tentative.https.sub.html (2209B)

      1 <!DOCTYPE html>
      2 <title>Test that trust token redemption is enabled/disabled according to the feature policy</title>
      3 
      4 <body>
      5  <script src=/resources/testharness.js></script>
      6  <script src=/resources/testharnessreport.js></script>
      7  <script src=/feature-policy/resources/featurepolicy.js></script>
      8  <script>
      9    'use strict';
     10    const same_origin_src = '/feature-policy/experimental-features/resources/feature-policy-trust-token-redemption.html';
     11    const cross_origin_src = 'https://{{domains[www]}}:{{ports[https][0]}}' +
     12      same_origin_src;
     13    const header = 'Default "trust-token-redemption" feature policy ["self"]';
     14 
     15    test(() => {
     16      try {
     17        // The feature policy gates redemption and signing via both the Fetch
     18        // and XHR interfaces.
     19        new Request("https://issuer.example/", {
     20          trustToken: {
     21            type: "token-redemption"
     22          }
     23        });
     24        new Request("https://destination.example/", {
     25          trustToken: {
     26            type: "send-redemption-record", // signing
     27            issuers: ["https://issuer.example/"]
     28          }
     29        });
     30 
     31        const redemption_xhr = new XMLHttpRequest();
     32        redemption_xhr.open("GET", "https://issuer.example/");
     33        redemption_xhr.setTrustToken({
     34          type: "token-redemption"
     35        });
     36 
     37        const signing_xhr = new XMLHttpRequest();
     38        signing_xhr.open("GET", "https://destination.example/");
     39        signing_xhr.setTrustToken({
     40          type: "send-redemption-record", // signing
     41          issuers: ["https://issuer.example/"]
     42        });
     43      } catch (e) {
     44        assert_unreached();
     45      }
     46    }, header + ' allows the top-level document.');
     47 
     48    async_test(t => {
     49      test_feature_availability('Trust token redemption', t, same_origin_src,
     50        (data, desc) => {
     51          assert_equals(data.num_operations_enabled, 4, desc);
     52        });
     53    }, header + ' allows same-origin iframes.');
     54 
     55    async_test(t => {
     56      test_feature_availability('Trust token redemption', t, cross_origin_src,
     57        (data, desc) => {
     58          assert_equals(data.num_operations_enabled, 0, desc);
     59        });
     60    }, header + ' disallows cross-origin iframes.');
     61  </script>
     62 </body>