<!DOCTYPE html>
<html>
<head>
<title>
Test allow attribute with "digital-credentials-get" and
CredentialsContainer's .get() method
</title>
<script src="/common/get-host-info.sub.js"></script>
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
<script>
const hostInfo = get_host_info();
const iframeDetails = [
{
policy: null,
crossOrigin: false,
expectIsAllowed: true,
},
{
policy: null,
crossOrigin: true,
expectIsAllowed: false,
},
{
policy: "digital-credentials-get",
crossOrigin: false,
expectIsAllowed: true,
},
{
policy: "digital-credentials-get",
crossOrigin: true,
expectIsAllowed: true,
},
{
policy: "digital-credentials-get *",
crossOrigin: false,
expectIsAllowed: true,
},
{
policy: "digital-credentials-get *",
crossOrigin: true,
expectIsAllowed: true,
},
{
policy: "digital-credentials-get 'none'",
crossOrigin: false,
expectIsAllowed: false,
},
{
policy: "digital-credentials-get 'none'",
crossOrigin: true,
expectIsAllowed: false,
},
{
policy: "digital-credentials-get 'self'",
crossOrigin: false,
expectIsAllowed: true,
},
{
policy: "digital-credentials-get 'self'",
crossOrigin: true,
expectIsAllowed: false,
},
{
policy: `digital-credentials-get ${hostInfo.HTTPS_REMOTE_ORIGIN}`,
crossOrigin: false,
expectIsAllowed: false,
},
{
policy: `digital-credentials-get ${hostInfo.HTTPS_REMOTE_ORIGIN}`,
crossOrigin: true,
expectIsAllowed: true,
},
];
async function loadIframe({ policy, crossOrigin, expectIsAllowed }) {
const iframe = document.createElement("iframe");
if (policy !== null) {
iframe.allow = policy;
}
await new Promise((resolve) => {
iframe.onload = resolve;
iframe.src = new URL(
"/digital-credentials/support/iframe.html",
crossOrigin
? hostInfo.HTTPS_REMOTE_ORIGIN
: location.origin
).href;
iframe.dataset.expectIsAllowed = expectIsAllowed;
document.body.appendChild(iframe);
});
iframe.focus();
return iframe;
}
function runTests() {
for (const details of iframeDetails) {
promise_test(async (test) => {
const iframe = await loadIframe(details);
const { expectIsAllowed } = details;
const action = "get";
const options = {
digital: {
// Results in TypeError when allowed, NotAllowedError when disallowed
providers: [],
},
};
const { data } = await new Promise((resolve) => {
window.addEventListener("message", resolve, {
once: true,
});
iframe.contentWindow.postMessage(
{ action, options, needsActivation: true },
"*"
);
});
const { name, message } = data;
assert_equals(
name,
expectIsAllowed ? "TypeError" : "NotAllowedError",
`${iframe.outerHTML} - ${message}`
);
iframe.remove();
}, `Policy to use: ${details.policy}, is cross-origin: ${details.crossOrigin}, is allowed by policy: ${details.expectIsAllowed}`);
}
}
</script>
</head>
<body onload="runTests()"></body>
</html>
Codebase Browser
chromium