requestStorageAccess-insecure.sub.window.js (3901B)
1 // META: script=helpers.js 2 // META: script=/resources/testdriver.js 3 // META: script=/resources/testdriver-vendor.js 4 'use strict'; 5 6 // Document-level test config flags: 7 // 8 // testPrefix: Prefix each test case with an indicator so we know what context 9 // they are run in if they are used in multiple iframes. 10 // 11 // topLevelDocument: Keep track of if we run these tests in a nested context, we 12 // don't want to recurse forever. 13 const {testPrefix, topLevelDocument} = processQueryParams(); 14 15 // Common tests to run in all frames. 16 promise_test(async () => { 17 assert_not_equals(document.requestStorageAccess, undefined); 18 }, "[" + testPrefix + "] document.requestStorageAccess() should exist on the document interface"); 19 20 promise_test(t => { 21 return promise_rejects_dom(t, "NotAllowedError", document.requestStorageAccess(), 22 "document.requestStorageAccess() call without user gesture"); 23 }, "[" + testPrefix + "] document.requestStorageAccess() should be rejected in insecure context"); 24 25 // Logic to load test cases within combinations of iFrames. 26 if (topLevelDocument) { 27 // This specific test will run only as a top level test (not as a worker). 28 // Specific requestStorageAccess() scenarios will be tested within the context 29 // of various iFrames 30 promise_test(t => { 31 const description = "document.requestStorageAccess() call in a detached frame"; 32 // Can't use `promise_rejects_dom` here, since the error comes from the wrong global. 33 return CreateDetachedFrame().requestStorageAccess() 34 .then(t.unreached_func("Should have rejected: " + description), (e) => { 35 assert_equals(e.name, 'InvalidStateError', description); 36 t.done(); 37 }); 38 }, "[non-fully-active] document.requestStorageAccess() should reject when run in a detached frame"); 39 40 promise_test(t => { 41 return promise_rejects_dom(t, 'InvalidStateError', CreateDocumentViaDOMParser().requestStorageAccess(), 42 "document.requestStorageAccess() in a detached DOMParser result"); 43 }, "[non-fully-active] document.requestStorageAccess() should reject when run in a detached DOMParser document"); 44 45 // Create a test with a single-child same-origin iframe. 46 const sameOriginFramePromise = RunTestsInIFrame( 47 'resources/requestStorageAccess-iframe.html?testCase=same-origin-frame'); 48 49 // Create a test with a single-child cross-origin iframe. 50 const crossOriginFramePromise = RunTestsInIFrame( 51 'http://{{domains[www]}}:{{ports[http][0]}}/storage-access-api/resources/requestStorageAccess-iframe.html?testCase=cross-origin-frame'); 52 53 // Validate the nested-iframe scenario where the same-origin frame 54 // containing the tests is not the first child. 55 const nestedSameOriginFramePromise = RunTestsInNestedIFrame( 56 'resources/requestStorageAccess-iframe.html?testCase=nested-same-origin-frame'); 57 58 // Validate the nested-iframe scenario where the cross-origin frame 59 // containing the tests is not the first child. 60 const nestedCrossOriginFramePromise = RunTestsInNestedIFrame( 61 'http://{{domains[www]}}:{{ports[http][0]}}/storage-access-api/resources/requestStorageAccess-iframe.html?testCase=nested-cross-origin-frame'); 62 63 // Because the iframe tests expect no user activation, and because they 64 // load asynchronously, we want to first run those tests before simulating 65 // clicks on the page. 66 const testsWithoutUserActivation = [ 67 sameOriginFramePromise, 68 crossOriginFramePromise, 69 nestedSameOriginFramePromise, 70 nestedCrossOriginFramePromise, 71 ]; 72 73 promise_test(async t => { 74 await Promise .all(testsWithoutUserActivation); 75 await RunCallbackWithGesture(() => { 76 return promise_rejects_dom(t, "NotAllowedError", document.requestStorageAccess(), 77 "should reject in insecure context"); 78 }); 79 }, 80 '[' + testPrefix + 81 '] document.requestStorageAccess() should be rejected when called with a user gesture in insecure context'); 82 }