shared-worker-insecure-first.https.html (4546B)
1 <!doctype html> 2 <html> 3 <head> 4 <meta charset=utf-8> 5 <title>Test SharedWorkerGlobalScope.isSecureContext for HTTP creator</title> 6 <meta name="help" href="https://w3c.github.io/webappsec-secure-contexts/#monkey-patching-global-object"> 7 <script src=/resources/testharness.js></script> 8 <script src=/resources/testharnessreport.js></script> 9 <script src="server-locations.sub.js"></script> 10 </head> 11 <body> 12 <script> 13 /* 14 * The goal of this test is to check that we do the right thing if the 15 * same SharedWorker is used first from an insecure context and then from 16 * a secure context. 17 * 18 * To do this, we first open an insecure (http) popup, which loads a 19 * subframe that is same-origin with us but not a secure context, since 20 * its parent is http, not https. Then this subframe loads a SharedWorker 21 * and communicates back to us whether that worker and a child dedicated 22 * worker it spawns think they are secure contexts. Async tests t3 and t4 23 * track these two workers. 24 * 25 * After we have heard from both workers in the popup, we directly load 26 * the same exact subframe ourselves and see what the workers in it 27 * report. Async tests t1 and t2 track these two workers. 28 */ 29 var t1 = async_test("Shared worker in subframe"); 30 var t2 = async_test("Nested worker in shared worker in subframe"); 31 var t3 = async_test("Shared worker in popup"); 32 var t4 = async_test("Nested worker from shared worker in popup"); 33 34 var messageCount = 0; 35 var popup = null; 36 onmessage = function(e) { 37 ++messageCount; 38 // Make sure to not close the popup until we've run the iframe part of 39 // the test! We need to keep those shared workers alive. 40 if (messageCount == 4 && popup) { 41 popup.close(); 42 } 43 var data = e.data; 44 if (data.type == "shared") { 45 // This is a message from our shared worker; check whether it's the 46 // one in the popup or in our subframe. 47 if (data.fromPopup) { 48 t3.step(function() { 49 assert_false(data.exception, "SharedWorker should not throw an exception."); 50 assert_false(data.error, "SharedWorker connection should not generate an error."); 51 assert_false(data.isSecureContext, "SharedWorker is not a secure context"); 52 }); 53 t3.done(); 54 } else { 55 t1.step(function() { 56 assert_false(data.exception, "SharedWorker should not throw an exception."); 57 assert_true(data.error, "SharedWorker connection should generate an error."); 58 }); 59 t1.done(); 60 } 61 } else if (data.type == "nested") { 62 // This is a message from our shared worker's nested dedicated worker; 63 // check whether it's the one in the popup or in our subframe. 64 if (data.fromPopup) { 65 t4.step(function() { 66 assert_false(data.exception, "SharedWorker should not throw an exception."); 67 assert_false(data.error, "SharedWorker connection should not generate an error."); 68 assert_false(data.isSecureContext); 69 }); 70 t4.done(); 71 } else { 72 t2.step(function() { 73 assert_false(data.exception, "SharedWorker should not throw an exception."); 74 assert_true(data.error, "SharedWorker connection should generate an error."); 75 }); 76 t2.done(); 77 } 78 } else { 79 if (popup) { 80 popup.close(); 81 } 82 t1.step(function() { 83 assert_unreached("Unknown message"); 84 }); 85 t1.done(); 86 t2.step(function() { 87 assert_unreached("Unknown message"); 88 }); 89 t2.done(); 90 t3.step(function() { 91 assert_unreached("Unknown message"); 92 }); 93 t3.done(); 94 t4.step(function() { 95 assert_unreached("Unknown message"); 96 }); 97 t4.done(); 98 } 99 100 if (messageCount == 2) { 101 // Got both messages from our popup; time to create our child. 102 var ifr = document.createElement("iframe"); 103 ifr.src = https_dir5 + "support/https-subframe-shared.html"; 104 document.body.appendChild(ifr); 105 } 106 } 107 108 popup = window.open(http_dir + "support/shared-worker-insecure-popup.html?https_dir5"); 109 </script> 110 </body> 111 </html>