tor-browser

shared-storage-permissions-policy-self.tentative.https.sub.html (1916B)

---

<!doctype html>
<body>
 <script src=/resources/testharness.js></script>
 <script src=/resources/testharnessreport.js></script>
 <script src=/permissions-policy/resources/permissions-policy.js></script>
 <script src="/shared-storage/resources/util.js"></script>
 <script>
   'use strict';
   const same_origin_src = '/shared-storage/resources/shared-storage-permissions-policy-helper.html';
   const same_origin_script = '/shared-storage/resources/simple-module.js';
   const cross_origin = 'https://{{domains[www]}}:{{ports[https][0]}}';
   const cross_origin_src = cross_origin + same_origin_src;
   const cross_origin_script = cross_origin + same_origin_script;
   const header = 'permissions policy header shared-storage=(self)';

   promise_test(async t => {
     const allowed = await AreRegularSharedStorageMethodsAllowed();
     assert_true(allowed);
   }, header + ' allows sharedStorage in the current page.');

   promise_test(async t => {
     const worklet = await sharedStorage.createWorklet(
       same_origin_script,
       { credentials: "omit" });
   }, header + ' allows sharedStorage.createWorklet() with same-origin script');

   promise_test(async t => {
     return promise_rejects_dom(t, "InvalidAccessError",
       sharedStorage.createWorklet(
           cross_origin_script,
           { credentials: "omit", dataOrigin: "script-origin" }));
   }, header + ' disallows sharedStorage.createWorklet() with cross-origin script');

   async_test(t => {
     test_feature_availability('shared-storage', t, same_origin_src,
         expect_feature_available_default);
   }, header + ' allows sharedStorage in same-origin iframes.');

   async_test(t => {
     test_feature_availability('shared-storage', t, cross_origin_src,
         expect_feature_unavailable_default);
   }, header + ' disallows sharedStorage in cross-origin iframes.');
 </script>
</body>