cross-origin-same-site-request.tentative.https.sub.html (1477B)
1 <!DOCTYPE html> 2 <meta charset="utf-8"> 3 <title>Notifications in cross origin iframes</title> 4 <link rel="help" href="https://github.com/whatwg/notifications/issues/177"> 5 <script src="/resources/testharness.js"></script> 6 <script src="/resources/testharnessreport.js"></script> 7 <script src="/resources/testdriver.js"></script> 8 <script src="/resources/testdriver-vendor.js"></script> 9 <script src="resources/helpers.js"></script> 10 <script> 11 // The syntax below will give us a same-site cross-origin URL. 12 // See: https://web-platform-tests.org/writing-tests/server-features.html 13 const sameSiteIframe = 14 'https://{{hosts[][www1]}}:{{ports[https][0]}}/notifications/resources/cross-origin-nested-child.sub.html'; 15 let promise; 16 17 // Firefox and Chrome deny notification permission in a same-site cross-origin 18 // iframe even if the permission is granted for origin of the iframe. 19 20 // Set up the listeners and then create a same-site iframe. 21 promise_setup(async () => { 22 await trySettingPermission("granted"); 23 24 promise = new Promise(r => window.addEventListener("message", ev => { 25 if (ev.data.sender === "childRequest") { 26 r(ev.data); 27 } 28 })); 29 30 const iframe = document.createElement("iframe"); 31 iframe.src = sameSiteIframe; 32 document.body.append(iframe); 33 }) 34 35 promise_test(async t => { 36 const childRequestResult = await promise; 37 assert_equals(childRequestResult.permission, "denied", "should deny the permission request"); 38 }, "same-site cross-origin iframe"); 39 </script>