shared-worker-secure-first.https.html (4422B)
1 <!doctype html> 2 <html> 3 <head> 4 <meta charset=utf-8> 5 <title>Test SharedWorkerGlobalScope.isSecureContext for HTTP creator</title> 6 <meta name="help" href="https://w3c.github.io/webappsec-secure-contexts/#monkey-patching-global-object"> 7 <script src=/resources/testharness.js></script> 8 <script src=/resources/testharnessreport.js></script> 9 <script src="server-locations.sub.js"></script> 10 </head> 11 <body> 12 <script> 13 /* 14 * The goal of this test is to check that we do the right thing if the 15 * same SharedWorker is used first from an secure context and then from 16 * an insecure context. 17 * 18 * To do this, we load a subframe which loads a SharedWorker 19 * and communicates back to us whether that worker and a child dedicated 20 * worker it spawns think they are secure contexts. Async tests t1 and t2 21 * track these two workers. 22 * 23 * After we have heard from both workers in the subframe, we open an 24 * insecure (http) popup, which loads the same exact subframe. This 25 * subframe is still is same-origin with 26 * us but not a secure context, since its parent is http, not https. Then 27 * we wait to hear about the status of the workers in the popup's 28 * subframe. Async tests t3 and t4 track these two workers. 29 * 30 */ 31 var t1 = async_test("Shared worker in subframe"); 32 var t2 = async_test("Nested worker in shared worker in subframe"); 33 var t3 = async_test("Shared worker in popup"); 34 var t4 = async_test("Nested worker from shared worker in popup"); 35 36 var messageCount = 0; 37 var popup = null; 38 onmessage = function(e) { 39 ++messageCount; 40 if (messageCount == 4 && popup) { 41 popup.close(); 42 } 43 var data = e.data; 44 if (data.type == "shared") { 45 // This is a message from our shared worker; check whether it's the 46 // one in the popup or in our subframe. 47 if (data.fromPopup) { 48 t3.step(function() { 49 assert_false(data.exception, "No exception should be present."); 50 assert_true(data.error, "SharedWorker connection should error out."); 51 }); 52 t3.done(); 53 } else { 54 t1.step(function() { 55 assert_false(data.exception, "SharedWorker should not throw an exception."); 56 assert_false(data.error, "SharedWorker connection should not generate an error."); 57 assert_true(data.isSecureContext, "SharedWorker is a secure context"); 58 }); 59 t1.done(); 60 } 61 } else if (data.type == "nested") { 62 // This is a message from our shared worker's nested dedicated worker; 63 // check whether it's the one in the popup or in our subframe. 64 if (data.fromPopup) { 65 t4.step(function() { 66 assert_false(data.exception, "No exception should be present."); 67 assert_true(data.error, "SharedWorker connection should error out."); 68 }); 69 t4.done(); 70 } else { 71 t2.step(function() { 72 assert_false(data.exception, "SharedWorker should not throw an exception."); 73 assert_false(data.error, "SharedWorker connection should not generate an error."); 74 assert_true(data.isSecureContext, "SharedWorker is a secure context"); 75 }); 76 t2.done(); 77 } 78 } else { 79 if (popup) { 80 popup.close(); 81 } 82 t1.step(function() { 83 assert_unreached("Unknown message"); 84 }); 85 t1.done(); 86 t2.step(function() { 87 assert_unreached("Unknown message"); 88 }); 89 t2.done(); 90 t3.step(function() { 91 assert_unreached("Unknown message"); 92 }); 93 t3.done(); 94 t4.step(function() { 95 assert_unreached("Unknown message"); 96 }); 97 t4.done(); 98 } 99 100 if (messageCount == 2) { 101 // Got both messages from our child; time to open our popup 102 popup = window.open(http_dir + "support/shared-worker-insecure-popup.html?https_dir4"); 103 } 104 } 105 106 var ifr = document.createElement("iframe"); 107 ifr.src = https_dir4 + "support/https-subframe-shared.html"; 108 document.body.appendChild(ifr); 109 </script> 110 </body> 111 </html>