tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

permissions-policy-header-policy-allowed-for-wildcard.https.sub.html (3035B)

      1 <!DOCTYPE html>
      2 <body>
      3  <script src=/resources/testharness.js></script>
      4  <script src=/resources/testharnessreport.js></script>
      5  <script src=/permissions-policy/resources/permissions-policy.js></script>
      6  <!-- Permissions-Policy: fullscreen=self wildcard_origin; -->
      7  <script>
      8  'use strict';
      9  var same_origin = 'https://{{domains[]}}:{{ports[https][0]}}';
     10  var wildcard_origin = 'https://*.{{domains[]}}:{{ports[https][0]}}';
     11  var cross_origin = 'https://{{domains[www]}}:{{ports[https][0]}}';
     12  var cross_origin1 = 'https://{{domains[www1]}}:{{ports[https][0]}}';
     13  var same_origin_src = '/permissions-policy/resources/permissions-policy-allowedfeatures.html';
     14  var cross_origin_src = cross_origin + same_origin_src;
     15  var cross_origin_src1 = cross_origin1 + same_origin_src;
     16  var header_policy = `Permissions-Policy: fullscreen=("${wildcard_origin}")`;
     17 
     18  // Test that fullscreen's allowlist is [self wildcard_origin].
     19  test(function() {
     20    assert_array_equals(
     21      document.featurePolicy.getAllowlistForFeature('fullscreen').sort(),
     22      [wildcard_origin, same_origin].sort());
     23  }, header_policy + ' -- test allowlist is [self wildcard_origin].');
     24 
     25  // Test that fullscreen is allowed on same-origin subframes with or without an allow attribute.
     26  test_allowed_feature_for_subframe(
     27    header_policy + ' -- test fullscreen is allowed on same-origin subframe',
     28    'fullscreen',
     29    same_origin_src);
     30  test_allowed_feature_for_subframe(
     31    header_policy + ' -- test fullscreen is allowed on same-origin subframe even with allow attribute',
     32    'fullscreen',
     33    same_origin_src,
     34    "fullscreen " + same_origin);
     35 
     36  // Test that fullscreen is disallowed on cross-origin subframes without an allow attribute.
     37  test_disallowed_feature_for_subframe(
     38    header_policy + ' -- test fullscreen is disallowed on cross-origin subframe',
     39    'fullscreen',
     40    cross_origin_src);
     41  test_allowed_feature_for_subframe(
     42    header_policy + ' -- test fullscreen is allowed on cross-origin subframe allow attribute',
     43    'fullscreen',
     44    cross_origin_src,
     45    "fullscreen " + cross_origin);
     46  test_disallowed_feature_for_subframe(
     47    header_policy + ' -- test fullscreen is disallowed on another cross-origin subframe',
     48    'fullscreen',
     49    cross_origin_src1);
     50  test_allowed_feature_for_subframe(
     51    header_policy + ' -- test fullscreen is allowed on another cross-origin subframe allow attribute',
     52    'fullscreen',
     53    cross_origin_src1,
     54    "fullscreen " + cross_origin1);
     55 
     56  // Test that wildcard allow attribute isn't supported.
     57  test_disallowed_feature_for_subframe(
     58    header_policy + ' -- test fullscreen is disallowed on cross-origin subframe with wildcard allow attribute',
     59    'fullscreen',
     60    cross_origin_src,
     61    "fullscreen " + wildcard_origin);
     62  test_disallowed_feature_for_subframe(
     63    header_policy + ' -- test fullscreen is disallowed on another cross-origin subframe with wildcard allow attribute',
     64    'fullscreen',
     65    cross_origin_src1,
     66    "fullscreen " + wildcard_origin);
     67  </script>
     68 </body>