tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

storage-access-beyond-cookies.SharedWorker.sub.https.window.js (2324B)

      1 // META: script=/resources/testdriver.js
      2 // META: script=/resources/testdriver-vendor.js
      3 
      4 'use strict';
      5 
      6 // Here's the set-up for this test:
      7 // Step 1 (top-frame) Set up fallback failure listener for if the handle cannot be used.
      8 // Step 2 (top-frame) Set up relay worker to expect "Same-origin handle access".
      9 // Step 3 (top-frame) Set cookies and embed an iframe that's cross-site with top-frame.
     10 // Step 4 (sub-frame) Try to use storage access API to access shared worker.
     11 // Step 5 (sub-frame) Embed an iframe that's same-origin with top-frame.
     12 // Step 6 (sub-sub-frame) Try to use storage access API to access first-party shared worker.
     13 // Step 7 (sub-sub-frame) Send "HasAccess for SharedWorker" message to top-frame.
     14 // Step 8 (top-frame) Set up cookie worker to expect it's already opened.
     15 
     16 async_test(t => {
     17  // Step 1
     18  window.addEventListener("message", t.step_func(e => {
     19    if (e.data.type != "result") {
     20      return;
     21    }
     22    assert_equals(e.data.message, "HasAccess for SharedWorker", "Storage Access API should be accessible and return first-party data");
     23  }));
     24 
     25  // Step 2
     26  const id = Date.now();
     27  const relay_worker = new SharedWorker("/storage-access-api/resources/shared-worker-relay.js", {name: id, sameSiteCookies: 'none'});
     28  relay_worker.port.onmessage = t.step_func(e => {
     29    assert_equals(e.data, "Same-origin handle access", "Relay worker should divert messages here");
     30    // Step 8
     31    const cookie_worker = new SharedWorker("/storage-access-api/resources/shared-worker-cookies.py", {name: id, sameSiteCookies: 'none'});
     32    cookie_worker.port.onmessage = t.step_func((e) => {
     33      assert_equals(e.data, "ReadOnLoad:None,ReadOnFetch:None,ConnectionsMade:2", "Worker should already have been opened and only see SameSite=None cookies");
     34      test_driver.delete_all_cookies().then(() => t.done());
     35    });
     36  });
     37 
     38  // Step 3
     39  const cookie_set_window = window.open("/storage-access-api/resources/set_cookies.py");
     40  cookie_set_window.onload =  t.step_func(_ => {
     41    let iframe = document.createElement("iframe");
     42    iframe.src = "https://{{hosts[alt][]}}:{{ports[https][0]}}/storage-access-api/resources/storage-access-beyond-cookies-iframe.sub.html?type=SharedWorker&id="+id;
     43    document.body.appendChild(iframe);
     44  });
     45 }, "Verify StorageAccessAPIBeyondCookies for Shared Worker");