<!DOCTYPE html>
<body>
<script src=/resources/testharness.js></script>
<script src=/resources/testharnessreport.js></script>
<script src=/permissions-policy/resources/permissions-policy.js></script>
<script>
'use strict';
var same_origin_src = '/permissions-policy/resources/permissions-policy-private-state-token-issuance.html';
var cross_origin_src = 'https://{{domains[www]}}:{{ports[https][0]}}' +
same_origin_src;
var test_desc_begin = 'Permissions policy header "private-state-token-issuance=*"';
test(() => {
try {
new Request("https://issuer.example/", {
privateToken: {
version: 1,
operation: "token-request"
}
});
} catch(e) {
assert_unreached();
}
try {
const xhr = new XMLHttpRequest();
xhr.open("GET", "https://issuer.example/");
xhr.setPrivateToken({
version: 1,
operation: "token-request"
});
} catch(e) {
assert_unreached();
}
}, test_desc_begin + ' allows the top-level document.');
async_test(t => {
test_feature_availability('Private State Token issuance request', t,
same_origin_src,
(data, desc) => {
assert_equals(data.num_operations_enabled, 2, desc);});
}, test_desc_begin + ' allows same-origin iframes.');
async_test(t => {
test_feature_availability('Private State Token issuance request', t,
cross_origin_src,
(data, desc) => {
assert_equals(data.num_operations_enabled, 0, desc);});
}, test_desc_begin + ' disallows cross-origin iframes.');
async_test(t => {
test_feature_availability(
'Private State Token issuance request', t, cross_origin_src,
(data, desc) => {assert_equals(data.num_operations_enabled, 2, desc);},
'private-state-token-issuance');
}, test_desc_begin + ' and allow="private-state-token-issuance" allows cross-origin iframes.');
</script>
</body>