storage-access-beyond-cookies-iframe.sub.html (5487B)
1 <!doctype html> 2 <meta charset="utf-8"> 3 <script src="/resources/testdriver.js"></script> 4 <script src="/resources/testdriver-vendor.js"></script> 5 <script src="/storage-access-api/helpers.js"></script> 6 <body> 7 <script> 8 window.addEventListener("message", async (e) => { 9 if (e.data != "blessed") { 10 return; 11 } 12 test_driver.set_test_context(window.top); 13 const type = (new URLSearchParams(window.location.search)).get("type"); 14 const id = (new URLSearchParams(window.location.search)).get("id"); 15 let message = ""; 16 // Step 4 (storage-access-api/storage-access-beyond-cookies.{}.sub.https.html) 17 try { 18 if (type == "cookies") { 19 await test_driver.set_permission({ name: 'storage-access' }, 'denied'); 20 let didSeeError = false; 21 try { 22 await document.requestStorageAccess({cookies: true}); 23 } catch (e) { 24 didSeeError = true; 25 } 26 if (!didSeeError) { 27 message = "document.requestStorageAccess() should reject if storage access is denied."; 28 } 29 } 30 await test_driver.set_permission({ name: 'storage-access' }, 'granted'); 31 const handle = await test_driver.bless("fake user interaction", () => document.requestStorageAccess({all: true})); 32 if (type == "cookies") { 33 if (!(await document.hasUnpartitionedCookieAccess())) { 34 message = "First-party cookies should be readable after handle is loaded."; 35 } 36 } 37 switch (type) { 38 case "none": { 39 break; 40 } 41 case "cookies": { 42 if (document.cookie.includes("test="+id)) { 43 message = "Cross-site first-party cookies should be empty"; 44 } 45 break; 46 } 47 case "sessionStorage": { 48 if (!!handle.sessionStorage.getItem("test")) { 49 message = "Cross-site first-party Session Storage should be empty"; 50 } 51 handle.sessionStorage.setItem("test2", id); 52 if (window.sessionStorage.getItem("test2") == id) { 53 message = "Handle bound partitioned instead of unpartitioned Session Storage"; 54 } 55 handle.sessionStorage.clear(); 56 window.sessionStorage.clear(); 57 break; 58 } 59 case "localStorage": { 60 if (!!handle.localStorage.getItem("test")) { 61 message = "Cross-site first-party Local Storage should be empty"; 62 } 63 handle.localStorage.setItem("test2", id); 64 if (window.localStorage.getItem("test2") == id) { 65 message = "Handle bound partitioned instead of unpartitioned Local Storage"; 66 } 67 handle.localStorage.clear(); 68 window.localStorage.clear(); 69 break; 70 } 71 case "indexedDB": { 72 const dbs = await handle.indexedDB.databases(); 73 if (dbs.length != 0) { 74 message = "Cross-site first-party IndexedDB should be empty"; 75 } 76 break; 77 } 78 case "locks": { 79 const state = await handle.locks.query(); 80 if (state.held.length != 0) { 81 message = "Cross-site first-party Web Locks should be empty"; 82 } 83 break; 84 } 85 case "caches": { 86 const has = await handle.caches.has(id); 87 if (has) { 88 message = "Cross-site first-party Cache Storage should be empty"; 89 } 90 break; 91 } 92 case "getDirectory": { 93 const root = await handle.getDirectory(); 94 let has = await root.getFileHandle(id).then(() => true, () => false);; 95 if (has) { 96 message = "Cross-site first-party Origin Private File System should be empty"; 97 } 98 break; 99 } 100 case "estimate": { 101 const estimate = await handle.estimate(); 102 if (estimate.usage > 0) { 103 message = "Cross-site first-party estimate should be empty"; 104 } 105 break; 106 } 107 case "blobStorage": { 108 const blob = await fetch(atob(id)).then( 109 (response) => response.text(), 110 () => ""); 111 if (blob != "") { 112 message = "Cross-site first-party blob storage should be empty"; 113 } 114 break; 115 } 116 case "BroadcastChannel": { 117 const channel = handle.BroadcastChannel(id); 118 channel.postMessage("Cross-origin handle access"); 119 channel.close(); 120 break; 121 } 122 case "SharedWorker": { 123 const shared_worker = handle.SharedWorker("/storage-access-api/resources/shared-worker-relay.js", id); 124 shared_worker.port.start(); 125 shared_worker.port.postMessage("Cross-origin handle access"); 126 break; 127 } 128 case "BlobURLDedicatedWorker": { 129 break; 130 } 131 case "ThirdPartyBlobURL": { 132 break; 133 } 134 case "BlobURLSharedWorker": { 135 break; 136 } 137 default: { 138 message = "Unexpected type " + type; 139 break; 140 } 141 } 142 } catch (_) { 143 message = "Unable to load handle in cross-site context for all"; 144 } 145 await test_driver.set_permission({ name: 'storage-access' }, 'prompt'); 146 if (message) { 147 window.top.postMessage({type: "result", message: message}, "*"); 148 return; 149 } 150 // Step 5 (storage-access-api/storage-access-beyond-cookies.{}.sub.https.html) 151 let iframe = document.createElement("iframe"); 152 iframe.src = "https://{{hosts[][]}}:{{ports[https][0]}}/storage-access-api/resources/storage-access-beyond-cookies-iframe-iframe.html?type=" + type + "&id=" + id; 153 document.body.appendChild(iframe); 154 }); 155 window.open("https://{{hosts[alt][]}}:{{ports[https][0]}}/storage-access-api/resources/bless_cross_site_permissions.html"); 156 </script> 157 </body>