trust-token-parameter-validation-xhr.tentative.https.html (3244B)
1 <!DOCTYPE html> 2 <meta charset="utf-8"> 3 <title>JavaScript: the Private Token API XHR interface correctly validates its parameters</title> 4 <script src="/resources/testharness.js"></script> 5 <script src="/resources/testharnessreport.js"></script> 6 <script> 7 'use strict'; 8 9 test(() => { 10 assert_throws_dom("InvalidStateError", () => { 11 let request = new XMLHttpRequest(); 12 request.setPrivateToken({ 13 version: 1, 14 operation: 'token-request' 15 }); 16 }); 17 }, 'Setting XHR Private Token parameters requires that the XHR request be open.'); 18 19 test(() => { 20 assert_throws_dom("InvalidStateError", () => { 21 let request = new XMLHttpRequest(); 22 request.open('GET', 'https://privatetoken.example'); 23 request.send(); 24 request.setPrivateToken({ 25 version: 1, 26 operation: 'token-request' 27 }); 28 }); 29 }, 'Setting XHR Private Token parameters requires that the XHR request not have been sent.'); 30 31 test(() => { 32 assert_throws_js(TypeError, () => { 33 let request = new XMLHttpRequest(); 34 request.open('GET', 'https://privatetoken.example'); 35 request.setPrivateToken({ 36 version: 1, 37 operation: "token-request", 38 refreshPolicy: "not a member of the refreshPolicy enum", 39 }); 40 }); 41 }, 'Private Token operations require valid `refreshPolicy:` values, if provided.'); 42 43 test(() => { 44 assert_throws_js(TypeError, () => { 45 let request = new XMLHttpRequest(); 46 request.open('GET', 'https://privatetoken.example'); 47 request.setPrivateToken({ 48 version: 1, 49 operation: "send-redemption-record", 50 issuers: [] 51 }); 52 }); 53 }, 'Private Token signing operations require at least one issuer URL.'); 54 55 test(() => { 56 assert_throws_js(TypeError, () => { 57 let request = new XMLHttpRequest(); 58 request.open('GET', 'https://privatetoken.example'); 59 request.setPrivateToken({ 60 version: 1, 61 operation: "send-redemption-record", 62 issuers: [3] 63 }); 64 }); 65 }, 'Private Token operations require string issuer URLs, if provided.'); 66 67 test(() => { 68 assert_throws_js(TypeError, () => { 69 let request = new XMLHttpRequest(); 70 request.open('GET', 'https://privatetoken.example'); 71 request.setPrivateToken({ 72 version: 1, 73 operation: "send-redemption-record", 74 issuers: ["not a valid URL"] 75 }); 76 }); 77 }, 'Private Token operations require valid issuer URLs, if provided.'); 78 79 test(() => { 80 assert_throws_js(TypeError, () => { 81 let request = new XMLHttpRequest(); 82 request.open('GET', 'https://privatetoken.example'); 83 request.setPrivateToken({ 84 version: 1, 85 operation: "send-redemption-record", 86 issuers: ["http://not-secure.com"] 87 }); 88 }); 89 }, 'Private Token operations require secure issuer URLs, if provided.'); 90 91 test(() => { 92 let request = new XMLHttpRequest(); 93 request.open('GET', 'https://privatetoken.example'); 94 request.setPrivateToken({ 95 version: 1, 96 operation: "send-redemption-record", 97 issuers: ["http://localhost"] 98 }); 99 }, 'Since localhost URLs are potentially trustworthy, setting an issuer to localhost should succeed.'); 100 </script>