tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

sandboxed-iframe-allow-storage-access.html (3074B)

      1 <!doctype html>
      2 <meta charset="utf-8">
      3 <script src="/cookies/resources/cookie-helper.sub.js"></script>
      4 <script src="/resources/testdriver.js"></script>
      5 <script src="/resources/testdriver-vendor.js"></script>
      6 <script src="/resources/testharness.js"></script>
      7 <!-- no testharnessreport.js -->
      8 <script src="/storage-access-api/helpers.js"></script>
      9 <script>
     10 'use strict';
     11 (async function() {
     12  test_driver.set_test_context(window.top);
     13 
     14  const testPrefix = 'sandboxed-iframe-allow-storage-access-by-user-activation';
     15 
     16  test(() => {
     17    let iframe = document.createElement('iframe');
     18    assert_true(
     19        iframe.sandbox.supports('allow-storage-access-by-user-activation'),
     20        '`allow-storage-access-by-user-activation`' +
     21            'sandbox attribute should be supported');
     22  }, '`allow-storage-access-by-user-activation` sandbox attribute is supported');
     23 
     24  if (CanAccessCookiesViaJS()) {
     25    // Nothing to test here, as cookie access is not blocked.
     26    // See https://github.com/privacycg/storage-access/issues/162.
     27    return;
     28  }
     29 
     30  // Ideally this would check whether the user-activation condition changes
     31  // the behavior; however, due to limitations in the test driver, the
     32  // 'prompt' permission state is effectively the same as 'denied' from the
     33  // perspective of platform tests.
     34  promise_test(async t => {
     35    t.add_cleanup(async () => {
     36      await test_driver.set_permission({name: 'storage-access'}, 'prompt');
     37    });
     38    await SetFirstPartyCookie(location.origin, "initial-cookie=unpartitioned;Secure;SameSite=None;Path=/");
     39    await test_driver.set_permission({name: 'storage-access'}, 'granted');
     40    await MaybeSetStorageAccess('*', '*', 'blocked');
     41    await document.requestStorageAccess();
     42 
     43    assert_true(
     44        await CanAccessCookiesViaHTTP(),
     45        'After obtaining storage access, subresource requests from the frame should send and set cookies.');
     46    assert_true(
     47        CanAccessCookiesViaJS(),
     48        'After obtaining storage access, scripts in the frame should be able to access cookies.');
     49  }, `[${testPrefix}] document.requestStorageAccess() should resolve even without a user gesture when already granted.`);
     50 
     51  promise_test(async t => {
     52    t.add_cleanup(async () => {
     53      await test_driver.set_permission({name: 'storage-access'}, 'prompt');
     54    });
     55    await SetFirstPartyCookie(location.origin, "initial-cookie=unpartitioned;Secure;SameSite=None;Path=/");
     56    await test_driver.set_permission({name: 'storage-access'}, 'granted');
     57    await MaybeSetStorageAccess('*', '*', 'blocked');
     58 
     59    await RunCallbackWithGesture(async () => {
     60      await document.requestStorageAccess();
     61    });
     62 
     63    assert_true(
     64        await CanAccessCookiesViaHTTP(),
     65        'After obtaining storage access, subresource requests from the frame should send and set cookies.');
     66    assert_true(
     67        CanAccessCookiesViaJS(),
     68        'After obtaining storage access, scripts in the frame should be able to access cookies.');
     69  }, `[${testPrefix}] document.requestStorageAccess() should resolve with a user gesture`);
     70 })();
     71 </script>