[ tor-browser ].git.dasho

feature-policy-frame-policy-allowed-for-some.https.sub.html (7078B)
      1 <!DOCTYPE html>
      2 <html>
      3 <head>
      4  <meta name="timeout" content="long">
      5  <script src=/resources/testharness.js></script>
      6  <script src=/resources/testharnessreport.js></script>
      7 </head>
      8 <body>
      9  <script src=/feature-policy/resources/featurepolicy.js></script>
     10  <!-- Feature-Policy: fullscreen 'self' cross_origin https://www.example.com; -->
     11  <script>
     12  'use strict';
     13  var same_origin = 'https://{{domains[]}}:{{ports[https][0]}}';
     14  var cross_origin = 'https://{{domains[www]}}:{{ports[https][0]}}';
     15  var cross_origin1 = 'https://{{domains[www1]}}:{{ports[https][0]}}';
     16  var same_origin_src = '/feature-policy/resources/feature-policy-allowedfeatures.html';
     17  var cross_origin_src = cross_origin + same_origin_src;
     18  var cross_origin_src1 = cross_origin1 + same_origin_src;
     19  var data_src = 'data:text/html,<h1>data: URL</h1>';
     20  // Test feature policy with same_origin_src and cross_origin_src.
     21  var policies = [
     22    {allow: "*", sameOriginTestExpect: true, crossOriginTestExpect: true, crossOrigin1TestExpect: false, dataOriginTestExpect: false},
     23    {allow: "'self'", sameOriginTestExpect: true, crossOriginTestExpect: false, crossOrigin1TestExpect: false, dataOriginTestExpect: false},
     24    {allow: "'none'", sameOriginTestExpect: false, crossOriginTestExpect: false, crossOrigin1TestExpect: false, dataOriginTestExpect: false},
     25    {allow: "'self' " + cross_origin + " https://www.example.com", sameOriginTestExpect: true, crossOriginTestExpect: true, crossOrigin1TestExpect: false, dataOriginTestExpect: false}];
     26  var pipe_front = '?pipe=sub|header(Feature-Policy,fullscreen ';
     27  var pipe_end = ';)';
     28  var header_policies = ["*", "'self'", "'none'"];
     29 
     30  // Test that frame.policy inherits from parent's header policy when allow
     31  // attribute is not specified.
     32  test(function() {
     33    test_frame_policy('fullscreen', same_origin_src, undefined, true);
     34  }, 'Test frame policy on same origin iframe inherit from header policy.');
     35  test(function() {
     36    test_frame_policy('fullscreen', cross_origin_src, undefined, false);
     37  }, 'Test frame policy on cross origin iframe inherit from header policy.');
     38  test(function() {
     39    test_frame_policy('fullscreen', cross_origin_src1, undefined, false);
     40  }, 'Test frame policy on another cross origin iframe inherit from header policy.');
     41  test(function() {
     42    test_frame_policy('fullscreen', undefined, true, true);
     43  }, 'Test frame policy on srcdoc iframe inherit from header policy.');
     44  test(function() {
     45    test_frame_policy('fullscreen', same_origin_src, true, true);
     46  }, 'Test frame policy on srcdoc + same origin iframe inherit from header policy.');
     47  test(function() {
     48    test_frame_policy('fullscreen', cross_origin_src, true, true);
     49  }, 'Test frame policy on srcdoc + cross origin iframe inherit from header policy.');
     50  test(function() {
     51    test_frame_policy('fullscreen', cross_origin_src1, true, true);
     52  }, 'Test frame policy on srcdoc + another cross origin iframe inherit from header policy.');
     53  test(function() {
     54    test_frame_policy('fullscreen', data_src, undefined, false);
     55  }, 'Test frame policy on data: URL cross origin iframe inherit from header policy.');
     56 
     57  // Test frame policy with allow attribute set to be one of the policies above.
     58  for (var i = 0; i < policies.length; i++) {
     59    test(function() {
     60      test_frame_policy(
     61        'fullscreen', same_origin_src, undefined,
     62        policies[i].sameOriginTestExpect,
     63        'fullscreen ' + policies[i].allow + ';');
     64    }, 'Test frame policy on same origin iframe with allow = "' + policies[i].allow + '".');
     65    test(function() {
     66      test_frame_policy(
     67        'fullscreen', cross_origin_src, undefined,
     68        policies[i].crossOriginTestExpect,
     69        'fullscreen ' + policies[i].allow + ';');
     70    }, 'Test frame policy on cross origin iframe with allow = "' + policies[i].allow + '".');
     71    test(function() {
     72      test_frame_policy(
     73        'fullscreen', cross_origin_src1, undefined,
     74        policies[i].crossOrigin1TestExpect,
     75        'fullscreen ' + policies[i].allow + ';');
     76    }, 'Test frame policy on another cross origin iframe with allow = "' + policies[i].allow + '".');
     77    test(function() {
     78      test_frame_policy(
     79        'fullscreen', undefined, true, policies[i].sameOriginTestExpect,
     80        'fullscreen ' + policies[i].allow + ';');
     81    }, 'Test frame policy on srcdoc iframe with allow = "' + policies[i].allow + '".');
     82    test(function() {
     83      test_frame_policy(
     84        'fullscreen', same_origin_src, true, policies[i].sameOriginTestExpect,
     85        'fullscreen ' + policies[i].allow + ';');
     86    }, 'Test frame policy on srcdoc + same origin iframe with allow = "' + policies[i].allow + '".');
     87    test(function() {
     88      test_frame_policy(
     89        'fullscreen', cross_origin_src, true, policies[i].sameOriginTestExpect,
     90        'fullscreen ' + policies[i].allow + ';');
     91    }, 'Test frame policy on srcdoc + cross origin iframe with allow = "' + policies[i].allow + '".');
     92    test(function() {
     93      test_frame_policy(
     94        'fullscreen', cross_origin_src1, true, policies[i].sameOriginTestExpect,
     95        'fullscreen ' + policies[i].allow + ';');
     96    }, 'Test frame policy on srcdoc + another cross origin iframe with allow = "' + policies[i].allow + '".');
     97    test(function() {
     98      test_frame_policy(
     99        'fullscreen', data_src, undefined, policies[i].dataOriginTestExpect,
    100        'fullscreen ' + policies[i].allow + ';');
    101    }, 'Test frame policy on data: URL cross origin iframe with allow = "' + policies[i].allow + '".');
    102  }
    103 
    104  // Test that the header policy of the iframe document does not change the
    105  // frame policy.
    106  for (var i = 0; i < policies.length; i++) {
    107    for (var j = 0; j < header_policies.length; j++) {
    108      test(function() {
    109        test_frame_policy(
    110          'fullscreen',
    111          same_origin_src + pipe_front + header_policies[j] + pipe_end,
    112          undefined, policies[i].sameOriginTestExpect,
    113          'fullscreen ' + policies[i].allow + ';');
    114      }, 'Test frame policy on same origin iframe with allow = "' + policies[i].allow +
    115         '" and header policy = "Feature-Policy: fullscreen ' + header_policies[j] + ';".');
    116      test(function() {
    117        test_frame_policy(
    118          'fullscreen',
    119          cross_origin_src + pipe_front + header_policies[j] + pipe_end,
    120          undefined, policies[i].crossOriginTestExpect,
    121          'fullscreen ' + policies[i].allow + ';');
    122      }, 'Test frame policy on cross origin iframe with allow = "' + policies[i].allow +
    123         '" and header policy = "Feature-Policy: fullscreen ' + header_policies[j] + ';".');
    124      test(function() {
    125        test_frame_policy(
    126          'fullscreen',
    127          cross_origin_src1 + pipe_front + header_policies[j] + pipe_end,
    128          undefined, policies[i].crossOrigin1TestExpect,
    129          'fullscreen ' + policies[i].allow + ';');
    130      }, 'Test frame policy on another cross origin iframe with allow = "' + policies[i].allow +
    131         '" and header policy = "Feature-Policy: fullscreen ' + header_policies[j] + ';".');
    132    }
    133  }
    134  </script>
    135 </body>
    136 </html>
	tor-browser The Tor Browser
	git clone https://git.dasho.dev/tor-browser.git
	Log \| Files \| Refs \| README \| LICENSE