<!DOCTYPE html>
<meta charset="utf-8">
<title>Tests the Private Token API's hasPrivateToken function (tentative: the API is a prototype).</title>
<link rel="help" href="https://github.com/WICG/trust-token-api#trust-token-redemption" />
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
<script>
'use strict';
promise_test((t) => {
return promise_rejects_js(t, TypeError, document.hasPrivateToken(
"http://not-a-secure-url.example"));
},
'hasPrivateToken requires a secure URL as its issuer argument.');
promise_test((t) => {
return promise_rejects_js(t, TypeError, document.hasPrivateToken(
"file:///"));
},
'hasPrivateToken requires a HTTP(S) URL as its issuer argument.');
// These hasPrivateToken calls all affect global state: each call in the form
// of hasPrivateToken(issuer) will result in |issuer| becoming associated in
// persistent storage with the calling top frame's origin.
//
// TODO(davidvc, crbug.com/1063140): Once it's possible to write WPTs that
// result in a private state token being deposited in storage, this should be
// expanded to cover the case where the user _does_ have a token.
promise_test(async (t) => {
t.add_cleanup(async () => {
if (window.testRunner)
await new Promise(res => window.testRunner.clearTrustTokenState(res));
});
let result = await document.hasPrivateToken("https://issuer.example/");
assert_false(result, "The client should not possess any private state tokens for " +
"https://issuer.example since it has not executed an issuance operation" +
" against that issuer.");
result = await document.hasPrivateToken("https://issuer2.example/");
assert_false(result, "The client should not possess any private state tokens for" +
" https://issuer2.example since it has not executed an issuance " +
"operation against that issuer.");
await promise_rejects_dom(t, "OperationError", document.hasPrivateToken(
"https://issuer3.example/"),
"The first two hasPrivateToken operations associated this top-level" +
" origin with the maximum number of issuers (2), so an attempt to " +
" execute hasPrivateToken against another issuer should fail.");
result = await document.hasPrivateToken("https://issuer2.example/");
assert_false(result, "Since this top-level origin is already associated " +
"with https://issuer2.example, subsequent hasPrivateToken operations should " +
"not error out even though the top-level origin is at its " +
"number-of-issuers limit.");
if (window.testRunner) {
await new Promise(res =>
window.testRunner.clearTrustTokenState(res)
);
result = await document.hasPrivateToken("https://issuer3.example/");
assert_false(result, "Since state was cleared, it should be possible to" +
"run hasPrivateToken against more issuers.");
}
}, "When given a valid, secure origin, hasPrivateToken should succeed " +
"unless associating that origin with the top-level domain would exceed " +
"the top-level origin's number-of-associated-issuers limit.");
</script>
Codebase Browser
chromium