storage-access-beyond-cookies.BroadcastChannel.sub.https.window.js (1699B)
1 // META: script=/resources/testdriver.js 2 // META: script=/resources/testdriver-vendor.js 3 4 'use strict'; 5 6 // Here's the set-up for this test: 7 // Step 1 (top-frame) Set up listener for "HasAccess" message. 8 // Step 2 (top-frame) Open channel first-party broadcast. 9 // Step 3 (top-frame) Embed an iframe that's cross-site with top-frame. 10 // Step 4 (sub-frame) Try to use storage access API and send first-party broadcast. 11 // Step 5 (sub-frame) Embed an iframe that's same-origin with top-frame. 12 // Step 6 (sub-sub-frame) Try to use storage access API and send first-party broadcast. 13 // Step 7 (sub-sub-frame) Send "HasAccess for BroadcastChannel" message to top-frame. 14 // Step 8 (top-frame) Receive "HasAccess for BroadcastChannel" message and cleanup. 15 16 async_test(t => { 17 let broadcasts = []; 18 // Step 1 19 window.addEventListener("message", t.step_func(e => { 20 if (e.data.type != "result") { 21 return; 22 } 23 // Step 8 24 assert_equals(e.data.message, "HasAccess for BroadcastChannel", "Storage Access API should be accessible and return first-party data"); 25 assert_array_equals(broadcasts, ["Same-origin handle access"], "Should have only seen same-origin handle broadcasts"); 26 t.done(); 27 })); 28 29 // Step 2 30 const id = Date.now(); 31 const channel = new BroadcastChannel(id); 32 channel.onmessage = (event) => { 33 broadcasts.push(event.data); 34 }; 35 36 // Step 3 37 let iframe = document.createElement("iframe"); 38 iframe.src = "https://{{hosts[alt][]}}:{{ports[https][0]}}/storage-access-api/resources/storage-access-beyond-cookies-iframe.sub.html?type=BroadcastChannel&id="+id; 39 document.body.appendChild(iframe); 40 }, "Verify StorageAccessAPIBeyondCookies for Broadcast Channel");