File: private-state-token-redemption-default-permissions-policy.tentative.https.sub.html

package info (click to toggle)

thunderbird 1%3A140.5.0esr-1

links: PTS, VCS
area: main
in suites: forky, sid
size: 4,609,032 kB
sloc: cpp: 7,672,739; javascript: 5,901,898; ansic: 3,898,899; python: 1,413,347; xml: 653,997; asm: 462,284; java: 180,927; sh: 113,491; makefile: 20,460; perl: 14,288; objc: 13,059; yacc: 4,583; pascal: 3,352; lex: 1,720; ruby: 1,222; exp: 762; sql: 715; awk: 580; php: 436; lisp: 430; sed: 70; csh: 10

file content (73 lines) | stat: -rw-r--r-- 2,753 bytes

parent folder | download | duplicates (12)

<!DOCTYPE html>
<title>Test that private state token redemption is enabled/disabled according to the permissions policy</title>

<body>
  <script src=/resources/testharness.js></script>
  <script src=/resources/testharnessreport.js></script>
  <script src=/permissions-policy/resources/permissions-policy.js></script>
  <script>
    'use strict';
    const same_origin_src = '/permissions-policy/experimental-features/resources/permissions-policy-private-state-token-redemption.html';
    const cross_origin_src = 'https://{{domains[www]}}:{{ports[https][0]}}' +
      same_origin_src;
    const header = 'Default "private-state-token-redemption" permissions policy ["self"]';

    test(() => {
      try {
        // The permissions policy gates redemption and signing via both the Fetch
        // and XHR interfaces.
        new Request("https://issuer.example/", {
          privateToken: {
            version: 1,
            operation: "token-redemption"
          }
        });
        new Request("https://destination.example/", {
          privateToken: {
            version: 1,
            operation: "send-redemption-record", // signing
            issuers: ["https://issuer.example/"]
          }
        });

        const redemption_xhr = new XMLHttpRequest();
        redemption_xhr.open("GET", "https://issuer.example/");
        redemption_xhr.setPrivateToken({
          version: 1,
          operation: "token-redemption"
        });

        const signing_xhr = new XMLHttpRequest();
        signing_xhr.open("GET", "https://destination.example/");
        signing_xhr.setPrivateToken({
          version: 1,
          operation: "send-redemption-record", // signing
          issuers: ["https://issuer.example/"]
        });
      } catch (e) {
        assert_unreached();
      }
    }, header + ' allows the top-level document.');

    async_test(t => {
      test_feature_availability('Private state token redemption', t, same_origin_src,
        (data, desc) => {
          assert_equals(data.num_operations_enabled, 4, desc);
        });
    }, header + ' allows same-origin iframes.');

    async_test(t => {
      test_feature_availability('Private state token redemption', t, cross_origin_src,
        (data, desc) => {
          assert_equals(data.num_operations_enabled, 4, desc);
        });
    }, header + ' allows cross-origin iframes.');

    async_test(t => {
    test_feature_availability(
        'Private State Token issuance request', t, cross_origin_src,
        (data, desc) => {assert_equals(data.num_operations_enabled, 0, desc);},
        'private-state-token-redemption \'none\'');
  }, header + ' and allow="private-state-token-redemption \'none\'" disallows cross-origin iframes.');
  </script>
</body>