[ tor-browser ].git.dasho

fedcm-storage-access-api-autogrant.tentative.https.sub.html (4551B)
      1 <!DOCTYPE html>
      2 <title>Federated Credential Management API / Storage Access API autogrants tests.</title>
      3 <meta name="timeout" content="long">
      4 <link rel="help" href="https://fedidcg.github.io/FedCM">
      5 <link rel="help" href="https://privacycg.github.io/storage-access/">
      6 <script src="/resources/testharness.js"></script>
      7 <script src="/resources/testharnessreport.js"></script>
      8 <script src="/resources/testdriver.js"></script>
      9 <script src="/resources/testdriver-vendor.js"></script>
     10 <script src="/storage-access-api/helpers.js"></script>
     11 
     12 <script type="module">
     13 import {request_options_with_mediation_required,
     14        fedcm_test,
     15        select_manifest,
     16        fedcm_get_and_select_first_account} from './support/fedcm-helper.sub.js';
     17 
     18 const www_alt = "https://{{hosts[alt][www]}}:{{ports[https][0]}}";
     19 const responder_html_load_ack = "/storage-access-api/resources/script-with-cookie-header.py?script=embedded_responder.js&should_ack_load=true";
     20 
     21 fedcm_test(async t => {
     22  await MaybeSetStorageAccess("*", "*", "blocked");
     23  let test_options = request_options_with_mediation_required();
     24  await select_manifest(t, test_options);
     25 
     26  await fedcm_get_and_select_first_account(t, test_options);
     27 
     28  const frame_loaded = new Promise(r => {
     29    onmessage = e => {
     30      if (e.data == "loaded") {
     31        r(e.data);
     32      }
     33    }
     34  });
     35  const frame = await CreateFrame(www_alt + responder_html_load_ack, false,
     36    undefined, `identity-credentials-get ${www_alt};`);
     37  assert_equals(await frame_loaded, "loaded");
     38  if (await FrameHasStorageAccess(frame)) {
     39    // Nothing to test here, as cross-site cookies are not blocked.
     40    // See https://github.com/privacycg/storage-access/issues/162.
     41    return;
     42  }
     43 
     44  assert_true(await RequestStorageAccessInFrame(frame),
     45    "requestStorageAccess doesn't require a gesture since the FedCM account is already connected.");
     46 
     47  assert_true(await FrameHasStorageAccess(frame), "frame should have storage access now.");
     48  assert_equals(await GetPermissionInFrame(frame), "prompt");
     49 }, "Test that FedCM accounts autogrant storage access.");
     50 
     51 fedcm_test(async t => {
     52  await MaybeSetStorageAccess("*", "*", "blocked");
     53  let test_options = request_options_with_mediation_required();
     54  await select_manifest(t, test_options);
     55 
     56  await fedcm_get_and_select_first_account(t, test_options);
     57 
     58  const frame_loaded = new Promise(r => {
     59    onmessage = e => {
     60      if (e.data == "loaded") {
     61        r(e.data);
     62      }
     63    }
     64  });
     65  const frame = await CreateFrame(www_alt + responder_html_load_ack, false);
     66  assert_equals(await frame_loaded, "loaded");
     67  if (await FrameHasStorageAccess(frame)) {
     68    // Nothing to test here, as cross-site cookies are not blocked.
     69    // See https://github.com/privacycg/storage-access/issues/162.
     70    return;
     71  }
     72 
     73  assert_false(await RequestStorageAccessInFrame(frame),
     74    "requestStorageAccess requires a gesture since the 'identity-credentials-get' policy is absent.");
     75 
     76  assert_false(await FrameHasStorageAccess(frame), "frame should not have storage access.");
     77  assert_equals(await GetPermissionInFrame(frame), "prompt");
     78 }, "Test that FedCM accounts do not autogrant storage access without permissions policy.");
     79 
     80 fedcm_test(async t => {
     81  await MaybeSetStorageAccess("*", "*", "blocked");
     82  let test_options = request_options_with_mediation_required();
     83  await select_manifest(t, test_options);
     84 
     85  await fedcm_get_and_select_first_account(t, test_options);
     86  try {
     87    await navigator.credentials.preventSilentAccess();
     88  } catch (ex) {
     89    // In Chrome's content_shell, the promise will be rejected
     90    // even though the part we care about succeeds.
     91  }
     92 
     93  const frame_loaded = new Promise(r => {
     94    onmessage = e => {
     95      if (e.data == "loaded") {
     96        r(e.data);
     97      }
     98    }
     99  });
    100  const frame = await CreateFrame(www_alt + responder_html_load_ack, false,
    101    undefined, `identity-credentials-get ${www_alt};`);
    102  assert_equals(await frame_loaded, "loaded");
    103  if (await FrameHasStorageAccess(frame)) {
    104    // Nothing to test here, as cross-site cookies are not blocked.
    105    // See https://github.com/privacycg/storage-access/issues/162.
    106    return;
    107  }
    108 
    109  assert_false(await RequestStorageAccessInFrame(frame),
    110    "requestStorageAccess requires a gesture since the preventSilentAccess flag is true.");
    111 
    112  assert_false(await FrameHasStorageAccess(frame), "frame should not have storage access.");
    113  assert_equals(await GetPermissionInFrame(frame), "prompt");
    114 }, "Test that FedCM accounts do not autogrant storage access if preventSilentAccess is set.");
    115 
    116 </script>
	tor-browser The Tor Browser
	git clone https://git.dasho.dev/tor-browser.git
	Log \| Files \| Refs \| README \| LICENSE