permissions-policy-frame-policy-disallowed-for-all.https.sub.html (7483B)
1 <!DOCTYPE html> 2 <html> 3 <head> 4 <meta name="timeout" content="long"> 5 <script src=/resources/testharness.js></script> 6 <script src=/resources/testharnessreport.js></script> 7 </head> 8 <body> 9 <script src=/permissions-policy/resources/permissions-policy.js></script> 10 <!-- Permissions-Policy: fullscreen=(); --> 11 <script> 12 'use strict'; 13 var same_origin = 'https://{{domains[]}}:{{ports[https][0]}}'; 14 var cross_origin = 'https://{{domains[www]}}:{{ports[https][0]}}'; 15 var same_origin_src = '/permissions-policy/resources/permissions-policy-allowedfeatures.html'; 16 var cross_origin_src = cross_origin + same_origin_src; 17 var data_src = 'data:text/html,<h1>data: URL</h1>'; 18 var policies = [ 19 {allow: "*", sameOriginTestExpect: false, crossOriginTestExpect: false, dataOriginTestExpect: false}, 20 {allow: "'self'", sameOriginTestExpect: false, crossOriginTestExpect: false, dataOriginTestExpect: false}, 21 {allow: "'none'", sameOriginTestExpect: false, crossOriginTestExpect: false, dataOriginTestExpect: false}, 22 {allow: "'self' " + cross_origin + " https://www.example.com", sameOriginTestExpect: false, crossOriginTestExpect: false, dataOriginTestExpect: false}]; 23 var pipe_front = '?pipe=sub|header(Permissions-Policy, fullscreen='; 24 var pipe_end = ';)'; 25 var header_policies = ["*", "self", "()"]; 26 27 // Test that frame.policy inherits from parent's header policy when allow 28 // attribute is not specified. 29 test(function() { 30 test_frame_policy('fullscreen', same_origin_src, undefined, false); 31 }, 'Test frame policy on same origin iframe inherit from header policy.'); 32 test(function() { 33 test_frame_policy('fullscreen', cross_origin_src, undefined, false); 34 }, 'Test frame policy on cross origin iframe inherit from header policy.'); 35 test(function() { 36 test_frame_policy('fullscreen', undefined, true, false); 37 }, 'Test frame policy on srcdoc iframe inherit from header policy.'); 38 test(function() { 39 test_frame_policy('fullscreen', same_origin_src, true, false); 40 }, 'Test frame policy on srcdoc + same origin iframe inherit from header policy.'); 41 test(function() { 42 test_frame_policy('fullscreen', cross_origin_src, true, false); 43 }, 'Test frame policy on srcdoc + cross origin iframe inherit from header policy.'); 44 test(function() { 45 test_frame_policy('fullscreen', data_src, undefined, false); 46 }, 'Test frame policy on data: URL cross origin iframe inherit from header policy.'); 47 48 // Test frame policy with allow attribute set to be one of the policies above. 49 for (var i = 0; i < policies.length; i++) { 50 test(function() { 51 test_frame_policy( 52 'fullscreen', same_origin_src, undefined, 53 policies[i].sameOriginTestExpect, 54 'fullscreen ' + policies[i].allow + ';'); 55 }, 'Test frame policy on same origin iframe with allow = "' + policies[i].allow + '".'); 56 test(function() { 57 test_frame_policy( 58 'fullscreen', cross_origin_src, undefined, 59 policies[i].crossOriginTestExpect, 60 'fullscreen ' + policies[i].allow + ';'); 61 }, 'Test frame policy on cross origin iframe with allow = "' + policies[i].allow + '".'); 62 test(function() { 63 test_frame_policy( 64 'fullscreen', undefined, true, policies[i].sameOriginTestExpect, 65 'fullscreen ' + policies[i].allow + ';'); 66 }, 'Test frame policy on srcdoc iframe with allow = "' + policies[i].allow + '".'); 67 test(function() { 68 test_frame_policy( 69 'fullscreen', same_origin_src, true, policies[i].sameOriginTestExpect, 70 'fullscreen ' + policies[i].allow + ';'); 71 }, 'Test frame policy on srcdoc + same origin iframe with allow = "' + policies[i].allow + '".'); 72 test(function() { 73 test_frame_policy( 74 'fullscreen', cross_origin_src, true, policies[i].sameOriginTestExpect, 75 'fullscreen ' + policies[i].allow + ';'); 76 }, 'Test frame policy on srcdoc + cross origin iframe with allow = "' + policies[i].allow + '".'); 77 test(function() { 78 test_frame_policy( 79 'fullscreen', data_src, undefined, policies[i].dataOriginTestExpect, 80 'fullscreen ' + policies[i].allow + ';'); 81 }, 'Test frame policy on data: URL cross origin iframe with allow = "' + policies[i].allow + '".'); 82 } 83 84 // Test that the header policy of the iframe document does not change the 85 // frame policy. 86 for (var i = 0; i < policies.length; i++) { 87 for (var j = 0; j < header_policies.length; j++) { 88 test(function() { 89 test_frame_policy( 90 'fullscreen', 91 same_origin_src + pipe_front + header_policies[j].replace(")", "\\)") + pipe_end, 92 undefined, policies[i].sameOriginTestExpect, 93 'fullscreen ' + policies[i].allow + ';'); 94 }, 'Test frame policy on same origin iframe with allow = "' + policies[i].allow + 95 '" and header policy = "Permissions-Policy: fullscreen=' + header_policies[j] + ';".'); 96 test(function() { 97 test_frame_policy( 98 'fullscreen', 99 cross_origin_src + pipe_front + header_policies[j].replace(")", "\\)") + pipe_end, 100 undefined, policies[i].crossOriginTestExpect, 101 'fullscreen ' + policies[i].allow + ';'); 102 }, 'Test frame policy on cross origin iframe with allow = "' + policies[i].allow + 103 '" and header policy = "Permissions-Policy: fullscreen=' + header_policies[j] + ';".'); 104 } 105 } 106 107 // Test that the allow attribute overrides allowfullscreen. 108 for (var i = 0; i < policies.length; i++) { 109 test(function() { 110 test_frame_policy( 111 'fullscreen', same_origin_src, undefined, 112 policies[i].sameOriginTestExpect, 113 'fullscreen ' + policies[i].allow + ';', /*allowfullscreen*/true); 114 }, 'Test frame policy on same origin iframe with allow = "' + policies[i].allow + 115 '" and allowfullscreen.'); 116 test(function() { 117 test_frame_policy( 118 'fullscreen', cross_origin_src, undefined, 119 policies[i].crossOriginTestExpect, 120 'fullscreen ' + policies[i].allow + ';', /*allowfullscreen*/true); 121 }, 'Test frame policy on cross origin iframe with allow = "' + policies[i].allow + 122 '" and allowfullscreen.'); 123 test(function() { 124 test_frame_policy( 125 'fullscreen', undefined, true, policies[i].sameOriginTestExpect, 126 'fullscreen ' + policies[i].allow + ';', /*allowfullscreen*/true); 127 }, 'Test frame policy on srcdoc iframe with allow = "' + policies[i].allow + 128 '" and allowfullscreen.'); 129 test(function() { 130 test_frame_policy( 131 'fullscreen', same_origin_src, true, policies[i].sameOriginTestExpect, 132 'fullscreen ' + policies[i].allow + ';', /*allowfullscreen*/true); 133 }, 'Test frame policy on srcdoc + same origin iframe with allow = "' + policies[i].allow + 134 '" and allowfullscreen.'); 135 test(function() { 136 test_frame_policy( 137 'fullscreen', cross_origin_src, true, policies[i].sameOriginTestExpect, 138 'fullscreen ' + policies[i].allow + ';', /*allowfullscreen*/true); 139 }, 'Test frame policy on srcdoc + cross origin iframe with allow = "' + policies[i].allow + 140 '" and allowfullscreen.'); 141 test(function() { 142 test_frame_policy( 143 'fullscreen', data_src, undefined, policies[i].dataOriginTestExpect, 144 'fullscreen ' + policies[i].allow + ';', /*allowfullscreen*/true); 145 }, 'Test frame policy on data: URL cross origin iframe with allow = "' + policies[i].allow + 146 '" and allowfullscreen.'); 147 } 148 </script> 149 </body> 150 </html>