tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

private-state-token-issue-enabled-by-permissions-policy.tentative.https.sub.html (1971B)

      1 <!DOCTYPE html>
      2 <body>
      3  <script src=/resources/testharness.js></script>
      4  <script src=/resources/testharnessreport.js></script>
      5  <script src=/permissions-policy/resources/permissions-policy.js></script>
      6  <script>
      7  'use strict';
      8  var same_origin_src = '/permissions-policy/resources/permissions-policy-private-state-token-issuance.html';
      9  var cross_origin_src = 'https://{{domains[www]}}:{{ports[https][0]}}' +
     10    same_origin_src;
     11  var test_desc_begin = 'Permissions policy header "private-state-token-issuance=*"';
     12 
     13  test(() => {
     14    try {
     15      new Request("https://issuer.example/", {
     16        privateToken: {
     17          version: 1,
     18          operation: "token-request"
     19        }
     20      });
     21    } catch(e) {
     22      assert_unreached();
     23    }
     24    try {
     25      const xhr = new XMLHttpRequest();
     26      xhr.open("GET", "https://issuer.example/");
     27      xhr.setPrivateToken({
     28        version: 1,
     29        operation: "token-request"
     30      });
     31    } catch(e) {
     32      assert_unreached();
     33    }
     34 
     35  }, test_desc_begin + ' allows the top-level document.');
     36 
     37  async_test(t => {
     38    test_feature_availability('Private State Token issuance request', t,
     39        same_origin_src,
     40        (data, desc) => {
     41            assert_equals(data.num_operations_enabled, 2, desc);});
     42  }, test_desc_begin + ' allows same-origin iframes.');
     43 
     44  async_test(t => {
     45    test_feature_availability('Private State Token issuance request', t,
     46        cross_origin_src,
     47        (data, desc) => {
     48            assert_equals(data.num_operations_enabled, 2, desc);});
     49  }, test_desc_begin + ' allows cross-origin iframes.');
     50 
     51  async_test(t => {
     52    test_feature_availability(
     53        'Private State Token issuance request', t, cross_origin_src,
     54        (data, desc) => {assert_equals(data.num_operations_enabled, 0, desc);},
     55        'private-state-token-issuance \'none\'');
     56  }, test_desc_begin + ' and allow="private-state-token-issuance \'none\'" disallows cross-origin iframes.');
     57  </script>
     58 </body>