tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

feature-policy-header-policy-allowed-for-all.https.sub.html (2314B)

      1 <!DOCTYPE html>
      2 <body>
      3  <script src=/resources/testharness.js></script>
      4  <script src=/resources/testharnessreport.js></script>
      5  <script src=/feature-policy/resources/featurepolicy.js></script>
      6  <!-- Feature-Policy: fullscreen *; -->
      7  <script>
      8  'use strict';
      9  var same_origin = 'https://{{domains[]}}:{{ports[https][0]}}';
     10  var cross_origin = 'https://{{domains[www]}}:{{ports[https][0]}}';
     11  var same_origin_src = '/feature-policy/resources/feature-policy-allowedfeatures.html';
     12  var cross_origin_src = cross_origin + same_origin_src;
     13  var header_policy = 'Feature-Policy: fullscreen *';
     14 
     15  // Test that fullscreen's allowlist is ['*']
     16  test(function() {
     17    assert_array_equals(
     18      document.featurePolicy.getAllowlistForFeature('fullscreen'),
     19      ['*']);
     20  }, header_policy + ' -- test allowlist is ['*']');
     21 
     22  // Test that fullscreen is allowed on same-origin subframes.
     23  test_allowed_feature_for_subframe(
     24    header_policy + ' -- test fullscreen is allowed on same-origin subframe',
     25    'fullscreen',
     26    same_origin_src);
     27 
     28  // Test that fullscreen is not allowed on cross-origin subframes without an
     29  // allow attribute.
     30  test_disallowed_feature_for_subframe(
     31    header_policy + ' -- test fullscreen is disallowed on cross-origin subframe',
     32    'fullscreen',
     33    cross_origin_src);
     34 
     35  // Dynamically update sub frame's container policy to self
     36  var allow = "fullscreen 'self';"
     37  test_allowed_feature_for_subframe(
     38    header_policy + ', iframe.allow = ' + allow + ' -- test fullscreen is allowed on same-origin subframe',
     39    'fullscreen',
     40    same_origin_src,
     41    allow);
     42  test_disallowed_feature_for_subframe(
     43    header_policy + ', iframe.allow = ' + allow + ' -- test fullscreen is disallowed on cross-origin subframe',
     44    'fullscreen',
     45    cross_origin_src,
     46    allow);
     47 
     48  // Dynamically update sub frame's container policy to src
     49  var allow = "fullscreen 'src';"
     50  test_allowed_feature_for_subframe(
     51    header_policy + ', iframe.allow = ' + allow + ' -- test fullscreen is allowed on same-origin subframe',
     52    'fullscreen',
     53    same_origin_src,
     54    allow);
     55  test_allowed_feature_for_subframe(
     56    header_policy + ', iframe.allow = ' + allow + ' -- test fullscreen is allowed on cross-origin subframe',
     57    'fullscreen',
     58    cross_origin_src,
     59    allow);
     60  </script>
     61 </body>