tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

enrollment-in-iframe.sub.https.html (6371B)

      1 <!DOCTYPE html>
      2 <meta charset="utf-8">
      3 <title>Test for the 'secure-payment-confirmation' payment method enrollment - cross origin</title>
      4 <link rel="help" href="https://w3c.github.io/secure-payment-confirmation#client-extension-processing-registration">
      5 <script src="/resources/testharness.js"></script>
      6 <script src="/resources/testharnessreport.js"></script>
      7 <script src="/resources/testdriver.js"></script>
      8 <script src="/resources/testdriver-vendor.js"></script>
      9 <script src="utils.sub.js"></script>
     10 
     11 <!-- This test requires a non-empty body to workaround https://github.com/web-platform-tests/wpt/issues/34563 -->
     12 <body><div>Non-empty body</div></body>
     13 
     14 <script>
     15 'use strict';
     16 
     17 promise_test(async t => {
     18  // Make sure that we are testing enrolling an SPC credential in a
     19  // cross-origin iframe.
     20  assert_not_equals(window.location.hostname, '{{hosts[alt][]}}',
     21      'This test must not be run on the alt hostname.');
     22 
     23  const authenticator = await window.test_driver.add_virtual_authenticator(
     24      AUTHENTICATOR_OPTS);
     25  t.add_cleanup(() => {
     26    return window.test_driver.remove_virtual_authenticator(authenticator);
     27  });
     28 
     29  const frame = document.createElement('iframe');
     30  frame.allow = 'payment';
     31  frame.src = 'https://{{hosts[alt][]}}:{{ports[https][0]}}' +
     32      '/secure-payment-confirmation/resources/iframe-enroll.html';
     33 
     34  // Wait for the iframe to load.
     35  const readyPromise = new Promise(resolve => {
     36      window.addEventListener('message', function handler(evt) {
     37        if (evt.source === frame.contentWindow && evt.data.type == 'loaded') {
     38          window.removeEventListener('message', handler);
     39 
     40          resolve(evt.data);
     41        }
     42      });
     43  });
     44  document.body.appendChild(frame);
     45  await readyPromise;
     46 
     47  const resultPromise = new Promise(resolve => {
     48      window.addEventListener('message', function handler(evt) {
     49        if (evt.source === frame.contentWindow && evt.data.type == 'spc_result') {
     50          window.removeEventListener('message', handler);
     51          document.body.removeChild(frame);
     52          resolve(evt.data);
     53        }
     54      });
     55  });
     56  frame.contentWindow.postMessage({ userActivation: true }, '*');
     57  const result = await resultPromise;
     58 
     59  // Because we specified the 'payment' permission and the iframe had a user
     60  // activation, the enrollment should work.
     61  assert_equals(result.error, null);
     62  assert_own_property(result, 'id');
     63  assert_own_property(result, 'rawId');
     64 }, 'SPC enrollment in cross-origin iframe');
     65 
     66 promise_test(async t => {
     67  // Make sure that we are testing enrolling an SPC credential in a
     68  // cross-origin iframe.
     69  assert_not_equals(window.location.hostname, '{{hosts[alt][]}}',
     70      'This test must not be run on the alt hostname.');
     71 
     72  const authenticator = await window.test_driver.add_virtual_authenticator(
     73      AUTHENTICATOR_OPTS);
     74  t.add_cleanup(() => {
     75    return window.test_driver.remove_virtual_authenticator(authenticator);
     76  });
     77 
     78  const frame = document.createElement('iframe');
     79  frame.allow = 'payment';
     80  frame.src = 'https://{{hosts[alt][]}}:{{ports[https][0]}}' +
     81      '/secure-payment-confirmation/resources/iframe-enroll.html';
     82 
     83  // Wait for the iframe to load.
     84  const readyPromise = new Promise(resolve => {
     85      window.addEventListener('message', function handler(evt) {
     86        if (evt.source === frame.contentWindow && evt.data.type == 'loaded') {
     87          window.removeEventListener('message', handler);
     88 
     89          resolve(evt.data);
     90        }
     91      });
     92  });
     93  document.body.appendChild(frame);
     94  await readyPromise;
     95 
     96  const resultPromise = new Promise(resolve => {
     97      window.addEventListener('message', function handler(evt) {
     98        if (evt.source === frame.contentWindow && evt.data.type == 'spc_result') {
     99          window.removeEventListener('message', handler);
    100          document.body.removeChild(frame);
    101          resolve(evt.data);
    102        }
    103      });
    104  });
    105  frame.contentWindow.postMessage({ userActivation: false }, '*');
    106  const result = await resultPromise;
    107 
    108  // Without a user activation, we expect a NotAllowedError.
    109  assert_true(result.error instanceof DOMException);
    110  assert_equals(result.error.name, 'NotAllowedError');
    111  assert_not_own_property(result, 'id');
    112  assert_not_own_property(result, 'rawId');
    113 }, 'SPC enrollment in cross-origin iframe fails without user activation');
    114 
    115 promise_test(async t => {
    116  // Make sure that we are testing enrolling an SPC credential in a
    117  // cross-origin iframe.
    118  assert_not_equals(window.location.hostname, '{{hosts[alt][]}}',
    119      'This test must not be run on the alt hostname.');
    120 
    121  const authenticator = await window.test_driver.add_virtual_authenticator(
    122      AUTHENTICATOR_OPTS);
    123  t.add_cleanup(() => {
    124    return window.test_driver.remove_virtual_authenticator(authenticator);
    125  });
    126 
    127  const frame = document.createElement('iframe');
    128  // This iframe does *not* have a payments permission specified on it, and so
    129  // should not allow SPC credential creation.
    130  frame.src = 'https://{{hosts[alt][]}}:{{ports[https][0]}}' +
    131      '/secure-payment-confirmation/resources/iframe-enroll.html';
    132 
    133  // Wait for the iframe to load.
    134  const readyPromise = new Promise(resolve => {
    135      window.addEventListener('message', function handler(evt) {
    136        if (evt.source === frame.contentWindow && evt.data.type == 'loaded') {
    137          window.removeEventListener('message', handler);
    138 
    139          resolve(evt.data);
    140        }
    141      });
    142  });
    143  document.body.appendChild(frame);
    144  await readyPromise;
    145 
    146  const resultPromise = new Promise(resolve => {
    147      window.addEventListener('message', function handler(evt) {
    148        if (evt.source === frame.contentWindow && evt.data.type == 'spc_result') {
    149          window.removeEventListener('message', handler);
    150          document.body.removeChild(frame);
    151          resolve(evt.data);
    152        }
    153      });
    154  });
    155  frame.contentWindow.postMessage({ userActivation: true }, '*');
    156  const result = await resultPromise;
    157 
    158  // Because we didn't specify the 'payment' permission, the enrollment should
    159  // result in an error.
    160  assert_own_property(result, 'error');
    161  assert_true(result.error instanceof DOMException);
    162  assert_equals(result.error.name, 'NotSupportedError');
    163  assert_not_own_property(result, 'id');
    164  assert_not_own_property(result, 'rawId');
    165 }, 'SPC enrollment in cross-origin iframe without payment permission');
    166 </script>