tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

cross-origin-isolated-permission-iframe.https.window.js (2565B)

      1 // META: script=/common/get-host-info.sub.js
      2 // META: script=/common/utils.js
      3 // META: script=/common/dispatcher/dispatcher.js
      4 // META: script=./credentialless/resources/common.js
      5 // META: script=./resources/common.js
      6 
      7 const cors_coep_headers = coep_require_corp + corp_cross_origin;
      8 const same_origin = get_host_info().HTTPS_ORIGIN;
      9 const cross_origin = get_host_info().HTTPS_REMOTE_ORIGIN;
     10 
     11 const newIframe = async (
     12  test,
     13  parent_origin,
     14  parent_headers,
     15  child_origin,
     16  child_headers
     17 ) => {
     18  const [future_child, future_error] =
     19    await createIsolatedFrame(parent_origin, parent_headers);
     20  future_error.then(test.unreached_func('cannot create isolated iframe.'));
     21 
     22  const child = await future_child;
     23  add_completion_callback(() => child.remove());
     24 
     25  const grand_child_token = token();
     26  const grand_child = child.contentDocument.createElement('iframe');
     27  grand_child.src = child_origin + executor_path + child_headers +
     28    `&uuid=${grand_child_token}`;
     29  child.contentDocument.body.appendChild(grand_child);
     30  add_completion_callback(() => grand_child.remove());
     31 
     32  return grand_child_token;
     33 };
     34 
     35 const childFrameIsCrossOriginIsolated = async (
     36  test,
     37  child_origin,
     38  parent_permission_coi
     39 ) => {
     40  let parent_headers = cors_coep_headers;
     41  const child_headers = cors_coep_headers;
     42  if (parent_permission_coi !== undefined) {
     43    // Escape right parenthesis in WPT pipe:
     44    parent_permission_coi = parent_permission_coi.replace(')', '\\)');
     45    parent_headers += `|header(permissions-policy,` +
     46                      `cross-origin-isolated=${parent_permission_coi})`;
     47  }
     48  const parent_origin = same_origin;
     49  const iframe = await newIframe(
     50    test,
     51    parent_origin,
     52    parent_headers,
     53    child_origin,
     54    child_headers);
     55  return IsCrossOriginIsolated(iframe);
     56 }
     57 
     58 const generate_iframe_test = async (origin, isolation, expect_coi) => {
     59  promise_test_parallel(async (test) => {
     60    const isCrossOriginIsolated =
     61      await childFrameIsCrossOriginIsolated(test, origin, isolation);
     62    assert_equals(isCrossOriginIsolated, expect_coi)
     63  }, `iframe (origin: ${origin}) cross origin isolated (${isolation}) ` +
     64     `permission test`);
     65 }
     66 
     67 generate_iframe_test(same_origin, undefined, true);
     68 generate_iframe_test(same_origin, '*', true);
     69 generate_iframe_test(same_origin, 'self', true);
     70 generate_iframe_test(same_origin, '()', false);
     71 generate_iframe_test(cross_origin, undefined, false);
     72 generate_iframe_test(cross_origin, '*', false);
     73 generate_iframe_test(cross_origin, 'self', false);
     74 generate_iframe_test(cross_origin, '()', false);