tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

private-state-token-redemption-default-permissions-policy.tentative.https.sub.html (2753B)

      1 <!DOCTYPE html>
      2 <title>Test that private state token redemption is enabled/disabled according to the permissions policy</title>
      3 
      4 <body>
      5  <script src=/resources/testharness.js></script>
      6  <script src=/resources/testharnessreport.js></script>
      7  <script src=/permissions-policy/resources/permissions-policy.js></script>
      8  <script>
      9    'use strict';
     10    const same_origin_src = '/permissions-policy/experimental-features/resources/permissions-policy-private-state-token-redemption.html';
     11    const cross_origin_src = 'https://{{domains[www]}}:{{ports[https][0]}}' +
     12      same_origin_src;
     13    const header = 'Default "private-state-token-redemption" permissions policy ["self"]';
     14 
     15    test(() => {
     16      try {
     17        // The permissions policy gates redemption and signing via both the Fetch
     18        // and XHR interfaces.
     19        new Request("https://issuer.example/", {
     20          privateToken: {
     21            version: 1,
     22            operation: "token-redemption"
     23          }
     24        });
     25        new Request("https://destination.example/", {
     26          privateToken: {
     27            version: 1,
     28            operation: "send-redemption-record", // signing
     29            issuers: ["https://issuer.example/"]
     30          }
     31        });
     32 
     33        const redemption_xhr = new XMLHttpRequest();
     34        redemption_xhr.open("GET", "https://issuer.example/");
     35        redemption_xhr.setPrivateToken({
     36          version: 1,
     37          operation: "token-redemption"
     38        });
     39 
     40        const signing_xhr = new XMLHttpRequest();
     41        signing_xhr.open("GET", "https://destination.example/");
     42        signing_xhr.setPrivateToken({
     43          version: 1,
     44          operation: "send-redemption-record", // signing
     45          issuers: ["https://issuer.example/"]
     46        });
     47      } catch (e) {
     48        assert_unreached();
     49      }
     50    }, header + ' allows the top-level document.');
     51 
     52    async_test(t => {
     53      test_feature_availability('Private state token redemption', t, same_origin_src,
     54        (data, desc) => {
     55          assert_equals(data.num_operations_enabled, 4, desc);
     56        });
     57    }, header + ' allows same-origin iframes.');
     58 
     59    async_test(t => {
     60      test_feature_availability('Private state token redemption', t, cross_origin_src,
     61        (data, desc) => {
     62          assert_equals(data.num_operations_enabled, 4, desc);
     63        });
     64    }, header + ' allows cross-origin iframes.');
     65 
     66    async_test(t => {
     67    test_feature_availability(
     68        'Private State Token issuance request', t, cross_origin_src,
     69        (data, desc) => {assert_equals(data.num_operations_enabled, 0, desc);},
     70        'private-state-token-redemption \'none\'');
     71  }, header + ' and allow="private-state-token-redemption \'none\'" disallows cross-origin iframes.');
     72  </script>
     73 </body>