require-corp-embed-anonymous-iframe.tentative.https.window.js (1824B)
1 // META: script=/common/utils.js 2 3 promise_test(async t => { 4 let iframe_allowed = (iframe) => new Promise(async resolve => { 5 window.addEventListener("message", t.step_func(msg => { 6 if (msg.source !== iframe.contentWindow) return; 7 assert_equals(msg.data, "loaded", 8 "Unexpected message from broadcast channel."); 9 resolve(true); 10 })); 11 12 // To see whether the iframe was blocked, we check whether it 13 // becomes cross-origin (since error pages are loaded cross-origin). 14 await t.step_wait(() => { 15 try { 16 // Accessing contentWindow.location.href cross-origin throws. 17 iframe.contentWindow.location.href === null; 18 return false; 19 } catch { 20 return true; 21 } 22 }); 23 resolve(false); 24 }); 25 26 // Create a credentialless child iframe. 27 const child = document.createElement("iframe"); 28 child.credentialless = true; 29 t.add_cleanup(() => child.remove()); 30 31 child.src = "/html/cross-origin-embedder-policy/resources/" + 32 "navigate-none.sub.html?postMessageTo=top"; 33 document.body.append(child); 34 35 assert_true(await iframe_allowed(child), 36 "The credentialless iframe should be allowed."); 37 38 // Create a child of the credentialless iframe. Even if the grandchild 39 // does not have the 'credentialless' attribute set, it inherits the 40 // credentialless property from the parent. 41 const grandchild = child.contentDocument.createElement("iframe"); 42 43 grandchild.src = "/html/cross-origin-embedder-policy/resources/" + 44 "navigate-none.sub.html?postMessageTo=top"; 45 child.contentDocument.body.append(grandchild); 46 47 assert_true(await iframe_allowed(grandchild), 48 "The child of the credentialless iframe should be allowed."); 49 }, 'Loading a credentialless iframe with COEP: require-corp is allowed.');