firefox/dom/geolocation/test/mochitest/test_crossorigin_iframe.html

<!DOCTYPE HTML>
<html>
<head>
  <title>Test for geolocation is disabled by default, and set
    allow="geolocation" in iframe could enable geolcation</title>
  <script src="/tests/SimpleTest/SimpleTest.js"></script>
  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
</head>
<body>
<script class="testbody" type="text/javascript">

SimpleTest.waitForExplicitFinish();

var tests = [
  // default cross-origin permission is denied
  [ null, "denied" ],
  [ "geolocation", "allowed"],
];

function checkGeolocationResult(test) {
  return new Promise(resolve => {
    function onMessage(event) {
      is(event.data, test[1], "Expected " + test[1] + " for " + test[0]);
      window.removeEventListener("message", onMessage);
      resolve();
    }

    window.addEventListener("message", onMessage);
  });
}

async function nextTest() {
  if (!tests.length) {
    SimpleTest.finish();
    return;
  }

  let test = tests.shift();

  var iframe = document.createElement("iframe");
  if (test[0]) {
    iframe.allow = test[0];
  }

  let geolocationPromise = checkGeolocationResult(test);
  iframe.src =
    "https://example.net/tests/dom/geolocation/test/mochitest/crossorigin_iframe.html";
  document.body.appendChild(iframe);
  await geolocationPromise;

  document.body.removeChild(iframe);
  SimpleTest.executeSoon(nextTest);
}

SpecialPowers.pushPrefEnv({"set": [
  ["dom.security.featurePolicy.header.enabled", true],
  ["dom.security.featurePolicy.webidl.enabled", true],
]}).then(nextTest);
</script>
</body>
</html>