<!DOCTYPE html>
<title>Credential Manager: Call create() across browsing contexts.</title>
<script src="../resources/testharness.js"></script>
<script src="../resources/testharnessreport.js"></script>
<body>
<script type="module">
import {ACCEPTABLE_CREDENTIAL_ID, CREATE_CREDENTIALS, encloseInScriptTag} from './resources/test-inputs.js';
import {TestAuthenticatorManager} from './resources/virtual-navigator-credentials.js';
if (document.location.host != "subdomain.example.test:8443") {
document.location = "https://subdomain.example.test:8443/credentialmanagement/credentialscontainer-create-from-nested-frame.html";
promise_test(_ => new Promise(_ => {}), "Stall tests on the wrong host.");
}
const manager = new TestAuthenticatorManager;
promise_test(async _ => {
let authenticators = await manager.authenticators();
assert_equals(authenticators.length, 0);
let testAuthenticator = await manager.createAuthenticator();
assert_true(await testAuthenticator.generateAndRegisterKey(ACCEPTABLE_CREDENTIAL_ID, "subdomain.example.test"));
}, "Set up the testing environment.");
promise_test(t => {
let PROBE_CREDENTIALS = "window.parent.postMessage(String(navigator.credentials), '*');";
let frame = document.createElement("iframe");
frame.src = "data:text/html," + encloseInScriptTag(PROBE_CREDENTIALS);
window.setTimeout(_ => document.body.append(frame));
let eventWatcher = new EventWatcher(t, window, "message");
return eventWatcher.wait_for("message").then(message => {
assert_equals(message.data, "undefined");
});
}, "navigator.credentials should be undefined in documents generated from `data:` URLs.");
promise_test(async t => {
const frame = document.createElement("iframe");
frame.src = "resources/nested-document.html";
window.setTimeout(_ => document.body.append(frame));
const loadWatcher = new EventWatcher(t, frame, "load");
await loadWatcher.wait_for("load");
frame.contentWindow.location = "javascript:" + CREATE_CREDENTIALS;
const messageWatcher = new EventWatcher(t, window, "message");
const {data} = await messageWatcher.wait_for("message");
assert_equals(data, "[object PublicKeyCredential]");
}, "navigator.credentials.create({publicKey}) in a javascript url should should succeed.");
promise_test(t => {
let frame = document.createElement("iframe");
frame.srcdoc = '';
window.setTimeout(_ => document.body.append(frame));
let loadWatcher = new EventWatcher(t, frame, "load");
loadWatcher.wait_for("load").then(_ => {
frame.contentWindow.eval(CREATE_CREDENTIALS);
});
let eventWatcher = new EventWatcher(t, window, "message");
return eventWatcher.wait_for("message").then(message => {
assert_equals(message.data, "[object PublicKeyCredential]");
});
}, "navigator.credentials.create({publicKey}) in srcdoc should succeed.");
promise_test(t => {
let frame = document.createElement("iframe");
frame.src = "about:blank";
window.setTimeout(_ => document.body.append(frame));
let loadWatcher = new EventWatcher(t, frame, "load");
loadWatcher.wait_for("load").then(_ => {
frame.contentDocument.write(encloseInScriptTag(CREATE_CREDENTIALS));
});
let eventWatcher = new EventWatcher(t, window, "message");
return eventWatcher.wait_for("message").then(message => {
assert_equals(message.data, "[object PublicKeyCredential]");
});
}, "navigator.credentials.create({publicKey}) in about:blank embedded in a secure context should succeed.");
promise_test(t => {
let frame = document.createElement("iframe");
frame.src = "about:blank";
window.setTimeout(_ => document.body.append(frame));
let loadWatcher = new EventWatcher(t, frame, "load");
loadWatcher.wait_for("load").then(_ => {
frame.contentWindow.eval(CREATE_CREDENTIALS);
});
let eventWatcher = new EventWatcher(t, window, "message");
return eventWatcher.wait_for("message").then(message => {
assert_equals(message.data, "[object PublicKeyCredential]");
});
}, "navigator.credentials.create({publicKey}) in an about:blank page embedded in a secure context should pass rpID checks.");
promise_test(t => {
return manager.clearAuthenticators();
}, "Clean up testing environment.");
</script>
Codebase Browser
chromium