createcredential-nested-frame.https.html (3537B)
1 <!DOCTYPE html> 2 <meta charset="utf-8"> 3 <title>WebAuthn credential.create() in a nested frame</title> 4 <link rel="help" href="https://w3c.github.io/webauthn/#publickey-credentials-create-feature"> 5 <script src="/resources/testharness.js"></script> 6 <script src="/resources/testharnessreport.js"></script> 7 <script src="/resources/testdriver.js"></script> 8 <script src="/resources/testdriver-vendor.js"></script> 9 <script src="/resources/common-inputs.js"></script> 10 <script src=helpers.js></script> 11 12 <body></body> 13 <script> 14 15 standardSetup(function () { 16 "use strict"; 17 18 const CREATE_CREDENTIALS = ` 19 navigator.credentials.create({ 20 publicKey: { 21 challenge: Uint8Array.from([]), 22 rp: { name: "rp" }, 23 user: { id: Uint8Array.from([]), name: "marisa", displayName: "Marisa" }, 24 pubKeyCredParams: [{type: "public-key", alg: -7}], 25 } 26 }).then(c => window.parent.postMessage("OK", "*")) 27 .catch(e => window.parent.postMessage("Error: " + e.toString(), "*")); 28 `; 29 30 promise_test(async t => { 31 const frame = document.createElement("iframe"); 32 const loadPromise = new EventWatcher(t, frame, "load").wait_for("load"); 33 document.body.append(frame); 34 await loadPromise; 35 frame.contentWindow.location = "javascript:" + CREATE_CREDENTIALS; 36 37 const messageWatcher = new EventWatcher(t, window, "message"); 38 const { data } = await messageWatcher.wait_for("message"); 39 assert_equals(data, "OK"); 40 }, "navigator.credentials.create({publicKey}) in a javascript url should should succeed."); 41 42 promise_test(async t => { 43 let frame = document.createElement("iframe"); 44 const loadPromise = new EventWatcher(t, frame, "load").wait_for("load"); 45 frame.srcdoc = ""; 46 document.body.append(frame); 47 await loadPromise; 48 frame.contentWindow.eval(CREATE_CREDENTIALS); 49 50 let eventWatcher = new EventWatcher(t, window, "message"); 51 const { data } = await eventWatcher.wait_for("message"); 52 assert_equals(data, "OK"); 53 }, "navigator.credentials.create({publicKey}) in srcdoc should succeed."); 54 55 promise_test(async t => { 56 let frame = document.createElement("iframe"); 57 const loadPromise = new EventWatcher(t, frame, "load").wait_for("load"); 58 frame.src = "about:blank"; 59 document.body.append(frame); 60 await loadPromise; 61 frame.contentDocument.write("<script>" + CREATE_CREDENTIALS + "<\/script>"); 62 63 let eventWatcher = new EventWatcher(t, window, "message"); 64 const { data } = await eventWatcher.wait_for("message"); 65 assert_equals(data, "OK"); 66 }, "navigator.credentials.create({publicKey}) in about:blank embedded in a secure context should succeed."); 67 68 promise_test(async t => { 69 let frame = document.createElement("iframe"); 70 const eventWatcher = new EventWatcher(t, window, "message"); 71 frame.src = "resources/webauthn-subframe.sub.html"; 72 document.body.append(frame); 73 assert_equals((await eventWatcher.wait_for("message")).data.type, "subframe-loaded"); 74 75 frame.contentWindow.postMessage({ type: "create-credential", addUserActivation: false }); 76 const { data } = await eventWatcher.wait_for("message"); 77 assert_equals(data.result, "success", "Error: " + data.error); 78 }, "navigator.credentials.create({publicKey}) in a same-origin frame should succeed without requiring user activation."); 79 }, { 80 protocol: "ctap2_1", 81 hasUserVerification: true, 82 isUserVerified: true, 83 }); 84 85 </script>