tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

disabled-by-permissions-policy-cross-origin.https.sub.html (4855B)

      1 <!DOCTYPE html>
      2 <html>
      3  <head>
      4    <meta charset="utf-8" />
      5    <title>WebShare Test: is disabled by permissions policy cross-origin</title>
      6    <link
      7      rel="help"
      8      href="https://w3c.github.io/web-share/#permissions-policy"
      9    />
     10    <script src="/resources/testharness.js"></script>
     11    <script src="/resources/testharnessreport.js"></script>
     12    <script src="/resources/testdriver.js"></script>
     13    <script src="/resources/testdriver-vendor.js"></script>
     14  </head>
     15  <body></body>
     16  <script>
     17    const crossOrigin = "https://{{hosts[alt][]}}:{{ports[https][0]}}";
     18    const sameOriginPath = "/web-share/resources/post-message.html";
     19    const crossOriginSrc = `${crossOrigin}${sameOriginPath}`;
     20    const shareData = {
     21      title: "WebShare Test",
     22      text: "This is a test of the Web Share API",
     23      url: "https://example.com/",
     24    };
     25 
     26    function waitForMessage(message) {
     27      return new Promise((resolve) => {
     28        window.addEventListener("message", function listener(event) {
     29          if (event.data.action !== message) return;
     30          window.removeEventListener("message", listener);
     31          resolve(event.data);
     32        });
     33      });
     34    }
     35 
     36    async function loadIframe(t, src, allowList) {
     37      const iframe = document.createElement("iframe");
     38      if (allowList !== undefined) iframe.allow = allowList;
     39      t.add_cleanup(() => {
     40        iframe.remove();
     41      });
     42      await new Promise((resolve) => {
     43        iframe.src = src;
     44        document.body.appendChild(iframe);
     45        iframe.onload = resolve;
     46      });
     47      await waitForMessage("loaded");
     48      return iframe;
     49    }
     50 
     51    promise_test(async (t) => {
     52      assert_true("share" in navigator, "navigator.share is exposed");
     53      const iframe = await loadIframe(t, crossOriginSrc);
     54      const iframeWindow = iframe.contentWindow;
     55      iframeWindow.postMessage({ action: "share", data: shareData }, "*");
     56      const data = await waitForMessage("share");
     57      assert_equals(data.result, "error");
     58      assert_equals(data.error, "NotAllowedError");
     59    }, "share() is disabled by default 'self' by permissions policy for cross-origin iframes");
     60 
     61    promise_test(async (t) => {
     62      assert_true("share" in navigator, "navigator.share is exposed");
     63      const iframe = await loadIframe(t, crossOriginSrc, "web-share 'none'");
     64      const iframeWindow = iframe.contentWindow;
     65      iframeWindow.postMessage({ action: "share", data: shareData }, "*");
     66      const data = await waitForMessage("share");
     67      assert_equals(data.result, "error");
     68      assert_equals(data.error, "NotAllowedError");
     69    }, "share() is disabled explicitly by permissions policy for cross-origin iframe");
     70 
     71    promise_test(async (t) => {
     72      assert_true("share" in navigator, "navigator.share is exposed");
     73      const iframe = await loadIframe(t, crossOriginSrc, "web-share 'self'");
     74      const iframeWindow = iframe.contentWindow;
     75      iframeWindow.postMessage({ action: "share", data: shareData }, "*");
     76      const data = await waitForMessage("share");
     77      assert_equals(data.result, "error");
     78      assert_equals(data.error, "NotAllowedError");
     79    }, "share() not allowed, as only allowed to share with self");
     80 
     81    promise_test(async (t) => {
     82      assert_true("canShare" in navigator, "navigator.canShare is exposed");
     83      const iframe = await loadIframe(t, crossOriginSrc);
     84      const iframeWindow = iframe.contentWindow;
     85      iframeWindow.postMessage({ action: "canShare", data: shareData }, "*");
     86      const data = await waitForMessage("canShare");
     87      assert_equals(data.result, false, "Expected false, as it can't share.");
     88    }, "canShare() not allowed to share by default permissions policy cross-origin");
     89 
     90    promise_test(async (t) => {
     91      assert_true("canShare" in navigator, "navigator.canShare is exposed");
     92      const iframe = await loadIframe(
     93        t,
     94        crossOriginSrc,
     95        `web-share ${crossOrigin}`
     96      );
     97      iframe.contentWindow.postMessage(
     98        { action: "canShare", data: shareData },
     99        "*"
    100      );
    101      const data = await waitForMessage("canShare");
    102      assert_equals(
    103        data.result,
    104        true,
    105        `Expected true, is it can now share on ${origin}.`
    106      );
    107    }, "canShare() is allowed by permissions policy to share cross-origin on a particular origin");
    108 
    109    promise_test(async (t) => {
    110      assert_true("canShare" in navigator, "navigator.canShare is exposed");
    111      const iframe = await loadIframe(t, sameOriginPath, "web-share 'self'");
    112      iframe.contentWindow.postMessage(
    113        { action: "canShare", data: shareData },
    114        "*"
    115      );
    116      const data = await waitForMessage("canShare");
    117      assert_equals(
    118        data.result,
    119        true,
    120        "Expected true, at it can share with self."
    121      );
    122    }, "canShare() with self");
    123  </script>
    124 </html>