tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

hasStorageAccess.sub.https.window.js (3164B)

      1 // META: script=helpers.js
      2 // META: script=/resources/testdriver.js
      3 // META: script=/resources/testdriver-vendor.js
      4 // META: script=/cookies/resources/cookie-helper.sub.js
      5 'use strict';
      6 
      7 const {testPrefix, topLevelDocument} = processQueryParams();
      8 
      9 // Common tests to run in all frames.
     10 promise_test(async () => {
     11  assert_not_equals(document.hasStorageAccess, undefined);
     12 }, "[" + testPrefix + "] document.hasStorageAccess() should exist on the document interface");
     13 
     14 promise_test(async () => {
     15  const hasAccess = await document.hasStorageAccess();
     16  if (topLevelDocument || testPrefix.includes('same-origin')) {
     17    assert_true(hasAccess, "Access should be granted in top-level frame or iframe that is in first-party context by default.");
     18    return;
     19  }
     20  if (CanAccessCookiesViaJS()) {
     21    // Nothing to test here, since cross-site cookies are not blocked.
     22    // See https://github.com/privacycg/storage-access/issues/162.
     23    return;
     24  }
     25  if (testPrefix == "ABA") {
     26    assert_false(
     27        hasAccess,
     28        "Access should not be granted in secure same-origin iframe that is in a third-party context by default when cookies are blocked.");
     29    return;
     30  }
     31  assert_false(
     32      hasAccess,
     33      "Access should not be granted in secure cross-origin iframes.");
     34 }, "[" + testPrefix + "] document.hasStorageAccess() should not be allowed by default unless in top-level frame or same-origin iframe.");
     35 
     36 promise_test(async (t) => {
     37  const description = "Promise should reject when called on a generated document not part of the DOM.";
     38  const createdDocument = document.implementation.createDocument("", null);
     39 
     40  // Can't use `promise_rejects_dom` here, since the error comes from the wrong global.
     41  await createdDocument.hasStorageAccess().then(
     42    t.unreached_func("Should have rejected: " + description), (e) => {
     43      assert_equals(e.name, 'InvalidStateError', description);
     44    });
     45 }, "[" + testPrefix + "] document.hasStorageAccess() should reject in a document that isn't fully active.");
     46 
     47 // Logic to load test cases within combinations of iFrames.
     48 if (topLevelDocument) {
     49  // This specific test will run only as a top level test (not as a worker).
     50  // Specific hasStorageAccess() scenarios will be tested within the context
     51  // of various iFrames
     52 
     53  // Create a test with a single-child same-origin iframe.
     54  RunTestsInIFrame("resources/hasStorageAccess-iframe.https.html?testCase=same-origin-frame");
     55 
     56  // Create a test with a single-child cross-site iframe.
     57  RunTestsInIFrame("https://{{hosts[alt][]}}:{{ports[https][0]}}/storage-access-api/resources/hasStorageAccess-iframe.https.html?testCase=cross-site-frame");
     58 
     59  // Validate the nested-iframe scenario where the same-origin frame containing
     60  // the tests is not the first child.
     61  RunTestsInNestedIFrame("resources/hasStorageAccess-iframe.https.html?testCase=nested-same-origin-frame");
     62 
     63  // Validate the nested-iframe scenario where the cross-site frame containing
     64  //  the tests is not the first child.
     65  RunTestsInNestedIFrame("https://{{hosts[alt][]}}:{{ports[https][0]}}/storage-access-api/resources/hasStorageAccess-iframe.https.html?testCase=nested-cross-site-frame");
     66 }