tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

credentials.sub.html (2622B)

      1 <!DOCTYPE html>
      2 <meta charset="utf-8">
      3 <script src="/resources/testharness.js"></script>
      4 <script src="/resources/testharnessreport.js"></script>
      5 
      6 <script>
      7 document.cookie = 'milk=1';
      8 
      9 const setCookiePromise = fetch(
     10    'http://{{domains[www2]}}:{{ports[http][0]}}/cookies/resources/set-cookie.py?name=milk&path=/html/semantics/scripting-1/the-script-element/json-module/',
     11    {
     12      mode: 'no-cors',
     13      credentials: 'include',
     14    });
     15 
     16 const windowLoadPromise = new Promise(resolve => {
     17  window.addEventListener('load', () => {
     18    resolve();
     19  });
     20 });
     21 
     22 promise_test(t => {
     23  const iframe = document.createElement('iframe');
     24 
     25  return Promise.all([setCookiePromise, windowLoadPromise]).then(() => {
     26    const messagePromise = new Promise(resolve => {
     27      window.addEventListener('message', event => {
     28        resolve();
     29      });
     30    });
     31 
     32    iframe.src = 'credentials-iframe.sub.html';
     33    document.body.appendChild(iframe);
     34 
     35    return messagePromise;
     36  }).then(() => {
     37    const w = iframe.contentWindow;
     38 
     39    assert_equals(w.sameOriginNoneDescendant, true,
     40                  'Descendant JSON modules should be loaded with the credentials when the crossOrigin attribute is not specified and the target is same-origin');
     41    assert_equals(w.sameOriginAnonymousDescendant, true,
     42                  'Descendant JSON modules should be loaded with the credentials when the crossOrigin attribute is specified with "anonymous" as its value and the target is same-origin');
     43    assert_equals(w.sameOriginUseCredentialsDescendant, true,
     44                  'Descendant JSON modules should be loaded with the credentials when the crossOrigin attribute is specified with "use-credentials" as its value and the target is same-origin');
     45    assert_equals(w.crossOriginNoneDescendant, false,
     46                  'Descendant JSON modules should not be loaded with the credentials when the crossOrigin attribute is not specified and the target is cross-origin');
     47    assert_equals(w.crossOriginAnonymousDescendant, false,
     48                  'Descendant JSON modules should not be loaded with the credentials when the crossOrigin attribute is specified with "anonymous" as its value and the target is cross-origin');
     49    assert_equals(w.crossOriginUseCredentialsDescendant, true,
     50                  'Descendant JSON modules should be loaded with the credentials when the crossOrigin attribute is specified with "use-credentials" as its value and the target is cross-origin');
     51 });
     52 }, 'JSON Modules should be loaded with or without the credentials based on the same-origin-ness and the crossOrigin attribute');
     53 </script>
     54 <body>
     55 </body>