File: default-enabled-features-allow-self.https.html

package info (click to toggle)
firefox-esr 115.15.0esr-1~deb12u1
  • links: PTS, VCS
  • area: main
  • in suites: bookworm
  • size: 3,659,216 kB
  • sloc: cpp: 6,676,686; javascript: 5,690,965; ansic: 3,328,546; python: 1,120,594; asm: 397,163; xml: 180,531; java: 178,838; sh: 68,930; makefile: 20,999; perl: 12,595; objc: 12,561; yacc: 4,583; cs: 3,846; pascal: 2,840; lex: 1,720; ruby: 1,079; exp: 762; php: 436; lisp: 258; awk: 247; sql: 66; sed: 54; csh: 10
file content (73 lines) | stat: -rw-r--r-- 3,189 bytes parent folder | download | duplicates (4) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
 
<!DOCTYPE html>
<title>Test default permission policy features gating (self)</title>
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
<script src="/common/utils.js"></script>
<script src="/common/dispatcher/dispatcher.js"></script>
<script src="resources/utils.js"></script>
<script src="/common/get-host-info.sub.js"></script>
<script src="resources/default-enabled-features-helper.js"></script>

<body>
<script>
promise_test(async(t) => {
  await runDefaultEnabledFeaturesTest(t, true, get_host_info().ORIGIN);
  await runDefaultEnabledFeaturesTest(t, true, get_host_info().ORIGIN,
      generator_api="sharedstorage");
}, 'Same-origin fenced frame loads when feature policies are self');

promise_test(async(t) => {
  await runDefaultEnabledFeaturesTest(t, false, get_host_info().REMOTE_ORIGIN);
  await runDefaultEnabledFeaturesTest(t, false, get_host_info().REMOTE_ORIGIN,
      generator_api="sharedstorage");
}, 'Cross-origin fenced frame does not load when feature policies are self');

promise_test(async(t) => {
  const fencedframe = await attachFencedFrameContext({
        origin: get_host_info().ORIGIN});

  await fencedframe.execute(async () => {
    assert_false(
        document.featurePolicy.allowsFeature('shared-storage'),
        "Shared storage should be disallowed in the fenced frame.");
    assert_false(
        document.featurePolicy.allowsFeature('attribution-reporting'),
        "Attribution reporting should be disallowed in the fenced frame.");
    assert_false(
        document.featurePolicy.allowsFeature('sync-xhr'),
        "USB access should be disallowed in the fenced frame.");
  }, []);
}, 'Fenced frames default feature policies are set to not allow anything.');

promise_test(async(t) => {
  // We do this test the "old fashioned way" because a redirect in a fenced
  // frame remote context will cause it to lose its ability to communicate with
  // the main page (which results in a timeout).
  const page1_key = token();
  const redirect_key = token();

  const fencedframe = attachFencedFrame(
      await generateURNFromFledge(
          "resources/default-enabled-features-redirect.https.html",
          [page1_key, redirect_key]));

  // The fenced frame will send its attribution reporting result and then
  // attempt to redirect to a remote origin page.
  const page1_resp = await nextValueFromServer(page1_key);
  assert_equals(page1_resp, "true",
      "Attribution reporting should be enabled on the original page.");

  // There is no API to observe whether the document in the fenced frame loaded
  // or not. Instead, set up a timeout. If the document loads, "FAIL" will be
  // sent to the server. Otherwise "blocked" will be sent after 2 seconds.
  const fencedframe_blocked = new Promise(r => t.step_timeout(r, 1000));
  assert_equals("blocked", await Promise.any([
    nextValueFromServer(redirect_key).then(() => "loaded"),
    fencedframe_blocked.then(() => "blocked")
  ]), "The fenced frame redirect should not be successful.");
}, 'A fenced frame redirected to a page that does not allow feature policies ' +
    'does not navigate');

</script>
</body>
</html>