cross-origin-status.https.html (3656B)
1 <!DOCTYPE html> 2 <meta charset="utf-8"> 3 <title>FedCM IDP login status API tests</title> 4 <script src="/resources/testharness.js"></script> 5 <script src="/resources/testharnessreport.js"></script> 6 <script src="/resources/testdriver.js"></script> 7 <script src="/resources/testdriver-vendor.js"></script> 8 9 <script type="module"> 10 import {fedcm_test, 11 alt_manifest_origin, 12 same_site_manifest_origin, 13 set_fedcm_cookie, 14 select_manifest, 15 request_options_with_mediation_required, 16 alt_request_options_with_mediation_required, 17 fedcm_get_and_select_first_account, 18 open_and_wait_for_popup, 19 mark_signed_out} from '../support/fedcm-helper.sub.js'; 20 21 const path = '/fedcm/support/' 22 const url_prefix = alt_manifest_origin + path; 23 const same_site_url_prefix = same_site_manifest_origin + path; 24 25 fedcm_test(async t => { 26 await set_fedcm_cookie(same_site_manifest_origin); 27 await mark_signed_out(same_site_manifest_origin); 28 // The header should be processed successfully because it is same-site. 29 const fetch_result = await fetch(same_site_url_prefix + "mark_signedin"); 30 assert_true(fetch_result.ok); 31 32 const config = request_options_with_mediation_required(undefined, same_site_manifest_origin); 33 await select_manifest(t, config); 34 const cred = await fedcm_get_and_select_first_account(t, config); 35 assert_equals(cred.token, "token"); 36 }, 'Cross-origin same-site status header should work from fetch()'); 37 38 fedcm_test(async t => { 39 await mark_signed_out(alt_manifest_origin); 40 // The header should be ignored because it's a cross-site fetch. 41 const fetch_result = await fetch(url_prefix + "mark_signedin"); 42 assert_true(fetch_result.ok); 43 44 const config = alt_request_options_with_mediation_required(); 45 const result = navigator.credentials.get(config); 46 return promise_rejects_dom(t, 'NetworkError', result); 47 }, 'Cross-origin status header should be ignored from fetch()'); 48 49 fedcm_test(async t => { 50 await mark_signed_out(alt_manifest_origin); 51 // The header should be ignored because it's a cross-site iframe. 52 let iframe = document.createElement("iframe"); 53 let iframe_load = new Promise(resolve => {iframe.onload = resolve;}); 54 iframe.src = url_prefix + "mark_signedin"; 55 document.body.appendChild(iframe); 56 await iframe_load; 57 58 const config = alt_request_options_with_mediation_required(); 59 const result = navigator.credentials.get(config); 60 return promise_rejects_dom(t, 'NetworkError', result); 61 }, 'Status header should be ignored from cross-site iframe'); 62 63 fedcm_test(async t => { 64 await mark_signed_out(alt_manifest_origin); 65 // The header in the subresource should be ignored because the iframe is cross-site. 66 let iframe = document.createElement("iframe"); 67 let iframe_load = new Promise(resolve => {iframe.onload = resolve;}); 68 iframe.src = url_prefix + "iframe-mark-signedin.html"; 69 document.body.appendChild(iframe); 70 await iframe_load; 71 72 const config = alt_request_options_with_mediation_required(); 73 const result = navigator.credentials.get(config); 74 return promise_rejects_dom(t, 'NetworkError', result); 75 }, 'Status header should be ignored from cross-site iframe that contains a subresource with the header'); 76 77 fedcm_test(async t => { 78 await mark_signed_out(alt_manifest_origin); 79 await open_and_wait_for_popup(alt_manifest_origin, "/fedcm/support/fencedframe-mark-signedin.html"); 80 81 const config = alt_request_options_with_mediation_required(); 82 const result = navigator.credentials.get(config); 83 return promise_rejects_dom(t, 'NetworkError', result); 84 }, 'Status header should be ignored from a fenced frame, even if it is same-origin'); 85 86 </script>