cross-origin-nested.tentative.https.sub.html (3155B)
1 <!DOCTYPE html> 2 <meta charset="utf-8"> 3 <title>Notifications in cross origin iframes</title> 4 <link rel="help" href="https://github.com/whatwg/notifications/issues/177"> 5 <script src="/resources/testharness.js"></script> 6 <script src="/resources/testharnessreport.js"></script> 7 <script src="/resources/testdriver.js"></script> 8 <script src="/resources/testdriver-vendor.js"></script> 9 <script src="resources/helpers.js"></script> 10 <script> 11 // The syntax below will give us a third party URL. 12 // See: https://web-platform-tests.org/writing-tests/server-features.html 13 const thirdPartyIframe = 14 'https://{{hosts[alt][]}}:{{ports[https][0]}}/notifications/resources/cross-origin-nested-parent.sub.html'; 15 const promises = new Map(); 16 17 // Firefox and Chrome deny notification permission in a third party partitioned 18 // iframe even if the permission is granted for origin of the iframe. 19 20 // Set up the listeners and then create a third party iframe. 21 // The iframe will again create a first party iframe. 22 promise_setup(async () => { 23 await trySettingPermission("granted"); 24 25 // parent: the third party iframe 26 // child: the first party iframe in the third party one (ABA) 27 for (const iframe of ["parent", "child"]) { 28 // from the iframe window, or the worker opened from there 29 for (const worker of ["", "Worker"]) { 30 // permission attribute (.permission), or 31 // the permission request (.requestPermission()) 32 for (const type of ["", "Request"]) { 33 const sender = iframe + worker + type; 34 promises.set(sender, new Promise(r => window.addEventListener("message", ev => { 35 if (ev.data.sender === sender) { 36 r(ev.data); 37 } 38 }))); 39 } 40 } 41 } 42 43 const iframe = document.createElement("iframe"); 44 iframe.src = thirdPartyIframe; 45 document.body.append(iframe); 46 }) 47 48 promise_test(async t => { 49 const result = await promises.get("parent"); 50 assert_equals(result.permission, "denied", `should deny the permission`); 51 assert_false(result.shown, `notification should not be shown`); 52 53 const parentRequestResult = await promises.get("parentRequest"); 54 assert_equals(parentRequestResult.permission, "denied", "should deny the permission request"); 55 }, "third party iframe"); 56 57 promise_test(async t => { 58 const result = await promises.get("child"); 59 assert_equals(result.permission, "denied", `should deny the permission`); 60 assert_false(result.shown, `notification should not be shown`); 61 62 const childRequestResult = await promises.get("childRequest"); 63 assert_equals(childRequestResult.permission, "denied", "should deny the permission request"); 64 }, "nested first party iframe"); 65 66 promise_test(async t => { 67 const result = await promises.get("parentWorker"); 68 assert_equals(result.permission, "denied", `should deny the permission`); 69 assert_false(result.shown, `notification should not be shown`); 70 }, "third party worker"); 71 72 promise_test(async t => { 73 const result = await promises.get("childWorker"); 74 assert_equals(result.permission, "denied", `should deny the permission`); 75 assert_false(result.shown, `notification should not be shown`); 76 }, "nested first party worker"); 77 </script>