iframe.tentative.https.window.js (6522B)
1 // META: script=/common/subset-tests-by-key.js 2 // META: script=/common/dispatcher/dispatcher.js 3 // META: script=/common/utils.js 4 // META: script=/resources/testdriver.js 5 // META: script=/resources/testdriver-vendor.js 6 // META: script=resources/support.sub.js 7 // META: timeout=long 8 // META: variant=?include=from-loopback 9 // META: variant=?include=from-local 10 // META: variant=?include=from-public 11 // META: variant=?include=from-treat-as-public 12 // 13 // Spec: https://wicg.github.io/local-network-access/#integration-fetch 14 // 15 // These tests verify that secure contexts can navigate iframes to less-public 16 // address spaces iff the initiating document has been granted the LNA 17 // permission. 18 // 19 // This file covers only those tests that must execute in a secure context. 20 21 setup(() => { 22 assert_true(window.isSecureContext); 23 }); 24 25 // Source: secure loopback context. 26 // 27 // All iframe navigations unaffected by Local Network Access. 28 29 subsetTestByKey( 30 'from-loopback', promise_test, t => iframeTest(t, { 31 source: Server.HTTP_LOOPBACK, 32 target: Server.HTTPS_LOOPBACK, 33 expected: NavigationTestResult.SUCCESS, 34 }), 35 'loopback to loopback: no permission required.'); 36 37 subsetTestByKey( 38 'from-loopback', promise_test, t => iframeTest(t, { 39 source: Server.HTTP_LOOPBACK, 40 target: Server.HTTPS_LOCAL, 41 expected: NavigationTestResult.SUCCESS, 42 }), 43 'loopback to local: no permission required.'); 44 45 subsetTestByKey( 46 'from-loopback', promise_test, t => iframeTest(t, { 47 source: Server.HTTP_LOOPBACK, 48 target: Server.HTTPS_PUBLIC, 49 expected: NavigationTestResult.SUCCESS, 50 }), 51 'loopback to public: no permission required.'); 52 53 // Source: local secure context. 54 // 55 // All iframe navigations unaffected by Local Network Access. 56 57 // Requests from the `local` address space to the `loopback` address space 58 // are not yet restricted by LNA. 59 subsetTestByKey( 60 'from-local', promise_test, t => iframeTest(t, { 61 source: Server.HTTP_LOCAL, 62 target: Server.HTTPS_LOOPBACK, 63 expected: NavigationTestResult.SUCCESS, 64 }), 65 'local to loopback: no permission required.'); 66 67 subsetTestByKey( 68 'from-local', promise_test, t => iframeTest(t, { 69 source: Server.HTTP_LOCAL, 70 target: Server.HTTPS_LOCAL, 71 expected: NavigationTestResult.SUCCESS, 72 }), 73 'local to local: no permission required.'); 74 75 subsetTestByKey( 76 'from-local', promise_test, t => iframeTest(t, { 77 source: Server.HTTP_LOCAL, 78 target: Server.HTTPS_PUBLIC, 79 expected: NavigationTestResult.SUCCESS, 80 }), 81 'local to public: no permission required.'); 82 83 84 // Generates tests of permission behavior for a single (source, target) pair. 85 // 86 // Scenarios: 87 // 88 // - parent (source) navigates child (target): 89 // - parent has been denied the LNA permission (failure) 90 // - parent has been granted the LNA permission (success) 91 // 92 function makePermissionTests({ 93 key, 94 sourceName, 95 sourceServer, 96 sourceTreatAsPublic, 97 targetName, 98 targetServer, 99 }) { 100 const prefix = `${sourceName} to ${targetName}: `; 101 102 const source = { 103 server: sourceServer, 104 treatAsPublic: sourceTreatAsPublic, 105 }; 106 107 promise_test( 108 t => iframeTest(t, { 109 source, 110 target: { 111 server: targetServer, 112 }, 113 expected: NavigationTestResult.FAILURE, 114 permission: 'denied', 115 }), 116 prefix + 'permission denied.'); 117 118 promise_test( 119 t => iframeTest(t, { 120 source, 121 target: { 122 server: targetServer, 123 }, 124 expected: NavigationTestResult.SUCCESS, 125 permission: 'granted', 126 }), 127 prefix + 'success.'); 128 } 129 130 131 // Source: public secure context. 132 // 133 // iframe navigations to the loopback and local address spaces require the LNA 134 // permission. 135 136 subsetTestByKey('from-public', makePermissionTests, { 137 sourceServer: Server.HTTPS_PUBLIC, 138 sourceName: 'public', 139 targetServer: Server.HTTPS_LOOPBACK, 140 targetName: 'loopback', 141 }); 142 143 subsetTestByKey('from-public', makePermissionTests, { 144 sourceServer: Server.HTTPS_PUBLIC, 145 sourceName: 'public', 146 targetServer: Server.HTTPS_LOCAL, 147 targetName: 'local', 148 }); 149 150 subsetTestByKey( 151 'from-public', promise_test, t => iframeTest(t, { 152 source: Server.HTTPS_PUBLIC, 153 target: Server.HTTPS_PUBLIC, 154 expected: NavigationTestResult.SUCCESS, 155 }), 156 'public to public: no permission required.'); 157 158 // The following tests verify that `CSP: treat-as-public-address` makes 159 // documents behave as if they had been served from a public IP address. 160 161 subsetTestByKey('from-treat-as-public', makePermissionTests, { 162 sourceServer: Server.HTTPS_LOOPBACK, 163 sourceTreatAsPublic: true, 164 sourceName: 'treat-as-public-address', 165 targetServer: Server.OTHER_HTTPS_LOOPBACK, 166 targetName: 'loopback', 167 }); 168 169 subsetTestByKey( 170 'from-treat-as-public', promise_test, 171 t => iframeTest(t, { 172 source: { 173 server: Server.HTTPS_LOOPBACK, 174 treatAsPublic: true, 175 }, 176 target: Server.HTTPS_LOOPBACK, 177 expected: NavigationTestResult.SUCCESS, 178 }), 179 'treat-as-public-address to local (same-origin): no permission required.'); 180 181 subsetTestByKey('from-treat-as-public', makePermissionTests, { 182 sourceServer: Server.HTTPS_LOOPBACK, 183 sourceTreatAsPublic: true, 184 sourceName: 'treat-as-public-address', 185 targetServer: Server.HTTPS_LOCAL, 186 targetName: 'local', 187 }); 188 189 subsetTestByKey( 190 'from-treat-as-public', promise_test, 191 t => iframeTest(t, { 192 source: { 193 server: Server.HTTPS_LOOPBACK, 194 treatAsPublic: true, 195 }, 196 target: Server.HTTPS_PUBLIC, 197 expected: NavigationTestResult.SUCCESS, 198 }), 199 'treat-as-public-address to public: no permission required.');