tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

default-enabled-features-allow-all.https.html (3163B)

      1 <!DOCTYPE html>
      2 <title>Test default permission policy features gating (*)</title>
      3 <script src="/resources/testharness.js"></script>
      4 <script src="/resources/testharnessreport.js"></script>
      5 <script src="/common/utils.js"></script>
      6 <script src="/common/dispatcher/dispatcher.js"></script>
      7 <script src="resources/utils.js"></script>
      8 <script src="/common/get-host-info.sub.js"></script>
      9 <script src="resources/default-enabled-features-helper.js"></script>
     10 
     11 <body>
     12 <script>
     13 promise_test(async(t) => {
     14  await runDefaultEnabledFeaturesTest(t, true, get_host_info().ORIGIN);
     15  await runDefaultEnabledFeaturesTest(t, true, get_host_info().ORIGIN,
     16      generator_api="sharedstorage");
     17 }, 'Same-origin fenced frame loads when feature policies are *');
     18 
     19 promise_test(async(t) => {
     20  await runDefaultEnabledFeaturesTest(t, true, get_host_info().REMOTE_ORIGIN);
     21  await runDefaultEnabledFeaturesTest(t, true, get_host_info().REMOTE_ORIGIN,
     22      generator_api="sharedstorage");
     23 }, 'Cross-origin fenced frame loads when feature policies are *');
     24 
     25 promise_test(async(t) => {
     26  // We do this test the "old fashioned way" because a redirect in a fenced
     27  // frame remote context will cause it to lose its ability to communicate with
     28  // the main page (which results in a timeout).
     29  const page1_key = token();
     30  const redirect_key = token();
     31 
     32  const fencedframe = attachFencedFrame(
     33      await generateURNFromFledge(
     34          "resources/default-enabled-features-navigate.https.html",
     35          [page1_key, redirect_key]));
     36 
     37  // The fenced frame will send its attribution reporting result and then
     38  // attempt to redirect to a remote origin page.
     39  const page1_resp = await nextValueFromServer(page1_key);
     40  assert_equals(page1_resp, "true",
     41      "Attribution reporting should be enabled on the original page.");
     42 
     43  // The fenced frame will send its attribution reporting result and then
     44  // attempt to redirect to a remote origin page.
     45  const redirect_resp = await nextValueFromServer(redirect_key);
     46  assert_equals(redirect_resp, "true",
     47      "Attribution reporting should be enabled on the redirected page.");
     48 }, 'A fenced frame that navigates itself to a cross origin page that allows feature policies ' +
     49    'can still access the feature policies');
     50 
     51 promise_test(async(t) => {
     52  const fencedframe = await attachFencedFrameContext({
     53        origin: get_host_info().REMOTE_ORIGIN});
     54 
     55  await fencedframe.execute(async () => {
     56    assert_true(
     57        document.featurePolicy.allowsFeature('shared-storage'),
     58        "Shared storage should be allowed in the fenced frame.");
     59    assert_true(
     60        document.featurePolicy.allowsFeature('private-aggregation'),
     61        "Private aggregation should be allowed in the fenced frame.");
     62    assert_false(
     63        document.featurePolicy.allowsFeature('attribution-reporting'),
     64        "Attribution reporting should be disallowed in the fenced frame.");
     65    assert_false(
     66        document.featurePolicy.allowsFeature('sync-xhr'),
     67        "USB access should be disallowed in the fenced frame.");
     68  }, []);
     69 }, 'Cross-origin fenced frames default feature policies follow inheritance' +
     70   ' rules.');
     71 
     72 </script>
     73 </body>
     74 </html>