Codebase Browser
chromium
Go to App

chromium/third_party/blink/web_tests/http/tests/security/powerfulFeatureRestrictions/geolocation-on-secure-origin-in-insecure-origin.html 

<!DOCTYPE html>
<html>
<head>
<title>Geolocation On An Secure Origin Embedded in an Insecure Origin</title>
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
<script src="/resources/get-host-info.js"></script>
</head>
<body></body>
<script>
    if (window.location.origin != get_host_info().UNAUTHENTICATED_ORIGIN) {
        window.location = get_host_info().UNAUTHENTICATED_ORIGIN +
                          window.location.pathname;
    } else {
        var num_received = 0;
        if (window.testRunner)
            testRunner.overridePreference(
                "WebKitStrictPowerfulFeatureRestrictions", true);

        async_test(function () {
            window.addEventListener("message", this.step_func(function (event) {
                assert_equals(
                    event.data.message,
                    'Only secure origins are allowed ' +
                    '(see: https://goo.gl/Y0ZkNV).');
                num_received++;
                if (num_received == 4)
                    this.done();
            }));

            var iframe = document.createElement("iframe");
            iframe.src = get_host_info().HTTP_ORIGIN +
                         "/security/powerfulFeatureRestrictions/" +
                         "resources/geolocation.html";
            iframe.allow = 'geolocation *;';
           document.body.appendChild(iframe);

           // A srcdoc should be skipped in the ancestor check.
           var iframe = document.createElement("iframe");
           iframe.srcdoc = "<script>" +
                           "window.addEventListener('message', function(evt) {" +
                           "window.parent.postMessage(evt.data, '*'); });" +
                           "</sc" + "ript>" +
                           "<iframe src='" + get_host_info().HTTP_ORIGIN +
                           "/security/powerfulFeatureRestrictions/resources" +
                           "/geolocation.html' allow='geolocation *;'>" +
                           "</iframe>";
           iframe.allow = 'geolocation *;';
           document.body.appendChild(iframe);

           // A sandboxed iframe should use the frame's URL as the origin to
           // check.
           var iframe = document.createElement("iframe");
           iframe.sandbox = "allow-scripts allow-same-origin";
           iframe.src = get_host_info().HTTP_ORIGIN +
                        "/security/powerfulFeatureRestrictions/resources/" +
                        "geolocation.html";
           iframe.allow = 'geolocation *;';
           document.body.appendChild(iframe);

           // Insecure origin frames sandboxed secure origin frames secure
           // origin.
           var iframe = document.createElement("iframe");
           iframe.sandbox = "allow-scripts allow-same-origin";
           iframe.src = get_host_info().HTTP_ORIGIN +
                        "/security/powerfulFeatureRestrictions/resources/" +
                        "geolocation-in-iframe.html";
           iframe.allow = 'geolocation *;';
           document.body.appendChild(iframe);


        }, 'getCurrentPosition in iframe');
    }
</script>
</html>