tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

shared-storage-writable-permissions-policy-self.tentative.https.sub.html (3159B)

      1 <!doctype html>
      2 <body>
      3  <script src=/resources/testharness.js></script>
      4  <script src=/resources/testharnessreport.js></script>
      5  <script src=/permissions-policy/resources/permissions-policy.js></script>
      6  <script src=/common/utils.js></script>
      7  <script src=/fenced-frame/resources/utils.js></script>
      8  <script src=/shared-storage/resources/util.js></script>
      9  <script>
     10    'use strict';
     11    const header = 'permissions policy header shared-storage=(self)';
     12 
     13    const rawSetHeader = 'set;key=hello;value=world';
     14    const setHeader = encodeURIComponent(rawSetHeader);
     15    const sameOriginUrl =
     16          `/shared-storage/resources/shared-storage-write.py?write=${setHeader}`;
     17    const sameOrigin = generateURL(sameOriginUrl, []).origin;
     18    const crossOrigin = 'https://{{domains[www]}}:{{ports[https][0]}}';
     19    const crossOriginUrl = crossOrigin + sameOriginUrl;
     20 
     21    promise_test(async t => {
     22      let response = await fetch(sameOriginUrl,
     23                                 {sharedStorageWritable: true});
     24      let sharedStorageWritableHeader = await response.text();
     25      assert_equals(sharedStorageWritableHeader, "?1");
     26 
     27      await verifyKeyValueForOrigin('hello', 'world', sameOrigin);
     28      await deleteKeyForOrigin('hello', sameOrigin);
     29    }, header + ' allows the \'Sec-Shared-Storage-Writable\' header to be sent '
     30              + 'for the same-origin shared storage fetch request.');
     31 
     32    promise_test(async t => {
     33      let response = await fetch(crossOriginUrl,
     34                                 {sharedStorageWritable: true});
     35      let sharedStorageWritableHeader = await response.text();
     36      assert_equals(sharedStorageWritableHeader,
     37                    "NO_SHARED_STORAGE_WRITABLE_HEADER");
     38    }, header + ' disallows the \'Sec-Shared-Storage-Writable\' header to be '
     39              + 'sent for the cross-origin shared storage fetch request.');
     40 
     41    promise_test(async t => {
     42      let response = await fetch('/common/redirect.py?location='
     43                                 + sameOriginUrl,
     44                                 {sharedStorageWritable: true});
     45      let sharedStorageWritableHeader = await response.text();
     46      assert_equals(sharedStorageWritableHeader, "?1");
     47 
     48      await verifyKeyValueForOrigin('hello', 'world', sameOrigin);
     49      await deleteKeyForOrigin('hello', sameOrigin);
     50    }, header + ' allows the \'Sec-Shared-Storage-Writable\' header to be '
     51              + 'sent for the redirect of a shared storage fetch request, '
     52              + 'where the redirect has a same-origin URL.');
     53 
     54    promise_test(async t => {
     55      let response = await fetch('/common/redirect.py?location='
     56                                 + crossOriginUrl,
     57                                 {sharedStorageWritable: true});
     58      let sharedStorageWritableHeader = await response.text();
     59      assert_equals(sharedStorageWritableHeader,
     60                    "NO_SHARED_STORAGE_WRITABLE_HEADER");
     61    }, header + ' disallows the \'Sec-Shared-Storage-Writable\' header to be '
     62              + 'sent for the redirect of a shared storage fetch request, '
     63              + 'where the redirect has a cross-origin URL.');
     64  </script>
     65 </body>