navigate.tentative.window.js (5816B)
1 // META: script=/common/subset-tests-by-key.js 2 // META: script=/common/dispatcher/dispatcher.js 3 // META: script=/common/utils.js 4 // META: script=resources/support.sub.js 5 // META: timeout=long 6 // META: variant=?include=from-loopback 7 // META: variant=?include=from-local 8 // META: variant=?include=from-public 9 // META: variant=?include=from-treat-as-public 10 // 11 // These tests verify that nonsecure contexts can make top-level navigations 12 // to less-public address spaces. These are not restricted under LNA. 13 // 14 // This file covers only those tests that must execute in a non secure context. 15 // Other tests are defined in: navigate.tentative.https.window.js 16 17 setup(() => { 18 assert_false(window.isSecureContext); 19 }); 20 21 // Source: nonsecure loopback context. 22 // 23 // All top-level navigations unaffected by Local Network Access. 24 25 subsetTestByKey( 26 'from-loopback', promise_test, t => navigateTest(t, { 27 source: Server.HTTP_LOOPBACK, 28 target: Server.HTTP_LOOPBACK, 29 expected: NavigationTestResult.SUCCESS, 30 }), 31 'loopback to loopback: no permission required.'); 32 33 subsetTestByKey( 34 'from-loopback', promise_test, t => navigateTest(t, { 35 source: Server.HTTP_LOOPBACK, 36 target: Server.HTTP_LOCAL, 37 expected: NavigationTestResult.SUCCESS, 38 }), 39 'loopback to local: no permission required.'); 40 41 subsetTestByKey( 42 'from-loopback', promise_test, t => navigateTest(t, { 43 source: Server.HTTP_LOOPBACK, 44 target: Server.HTTP_PUBLIC, 45 expected: NavigationTestResult.SUCCESS, 46 }), 47 'loopback to public: no preflight required.'); 48 49 // Source: secure local context. 50 // 51 // All top-level navigations unaffected by Local Network Access. 52 53 subsetTestByKey( 54 'from-local', promise_test, t => navigateTest(t, { 55 source: Server.HTTP_LOCAL, 56 target: Server.HTTP_LOOPBACK, 57 expected: NavigationTestResult.SUCCESS, 58 }), 59 'local to loopback: no permission required.'); 60 61 subsetTestByKey( 62 'from-local', promise_test, t => navigateTest(t, { 63 source: Server.HTTP_LOCAL, 64 target: Server.HTTP_LOCAL, 65 expected: NavigationTestResult.SUCCESS, 66 }), 67 'local to local: no permission required.'); 68 69 subsetTestByKey( 70 'from-local', promise_test, t => navigateTest(t, { 71 source: Server.HTTP_LOCAL, 72 target: Server.HTTP_PUBLIC, 73 expected: NavigationTestResult.SUCCESS, 74 }), 75 'local to public: no permission required.'); 76 77 // Source: secure public context. 78 // 79 // All top-level navigations unaffected by Local Network Access 80 81 subsetTestByKey( 82 'from-public', promise_test, t => navigateTest(t, { 83 source: Server.HTTP_PUBLIC, 84 target: Server.HTTP_LOOPBACK, 85 expected: NavigationTestResult.SUCCESS, 86 }), 87 'public to loopback: no permission required.'); 88 89 subsetTestByKey( 90 'from-public', promise_test, t => navigateTest(t, { 91 source: Server.HTTP_PUBLIC, 92 target: Server.HTTP_LOCAL, 93 expected: NavigationTestResult.SUCCESS, 94 }), 95 'public to local: no permission required.'); 96 97 subsetTestByKey( 98 'from-public', promise_test, t => navigateTest(t, { 99 source: Server.HTTP_PUBLIC, 100 target: Server.HTTP_PUBLIC, 101 expected: NavigationTestResult.SUCCESS, 102 }), 103 'public to public: no permission required.'); 104 105 // The following tests verify that `CSP: treat-as-public-address` makes 106 // documents behave as if they had been served from a public IP address. 107 108 subsetTestByKey( 109 'from-treat-as-public', promise_test, 110 t => navigateTest(t, { 111 source: { 112 server: Server.HTTP_LOOPBACK, 113 treatAsPublic: true, 114 }, 115 target: Server.OTHER_HTTP_LOOPBACK, 116 expected: NavigationTestResult.SUCCESS, 117 }), 118 'treat-as-public-address to loopback: no permission required.'); 119 120 subsetTestByKey( 121 'from-treat-as-public', promise_test, 122 t => navigateTest(t, { 123 source: { 124 server: Server.HTTP_LOOPBACK, 125 treatAsPublic: true, 126 }, 127 target: Server.HTTP_LOOPBACK, 128 expected: NavigationTestResult.SUCCESS, 129 }), 130 'treat-as-public-address to loopback (same-origin): no permission required.'); 131 132 subsetTestByKey( 133 'from-treat-as-public', promise_test, 134 t => navigateTest(t, { 135 source: { 136 server: Server.HTTP_LOOPBACK, 137 treatAsPublic: true, 138 }, 139 target: Server.HTTP_LOCAL, 140 expected: NavigationTestResult.SUCCESS, 141 }), 142 'treat-as-public-address to local: no permission required.'); 143 144 subsetTestByKey( 145 'from-treat-as-public', promise_test, 146 t => navigateTest(t, { 147 source: { 148 server: Server.HTTP_LOOPBACK, 149 treatAsPublic: true, 150 }, 151 target: Server.HTTP_PUBLIC, 152 expected: NavigationTestResult.SUCCESS, 153 }), 154 'treat-as-public-address to public: no permission required.');