summaryrefslogtreecommitdiffstats
path: root/dom/u2f/tests/frame_appid_facet_insecure.html
diff options
context:
space:
mode:
Diffstat (limited to 'dom/u2f/tests/frame_appid_facet_insecure.html')
-rw-r--r--dom/u2f/tests/frame_appid_facet_insecure.html60
1 files changed, 60 insertions, 0 deletions
diff --git a/dom/u2f/tests/frame_appid_facet_insecure.html b/dom/u2f/tests/frame_appid_facet_insecure.html
new file mode 100644
index 0000000000..c21e1eb36d
--- /dev/null
+++ b/dom/u2f/tests/frame_appid_facet_insecure.html
@@ -0,0 +1,60 @@
+<!DOCTYPE html>
+<meta charset=utf-8>
+<head>
+ <script type="text/javascript" src="frame_utils.js"></script>
+ <script type="text/javascript" src="u2futil.js"></script>
+</head>
+<body>
+<p>Insecure AppID / FacetID behavior check</p>
+<script class="testbody" type="text/javascript">
+"use strict";
+
+local_setParentOrigin("http://mochi.test:8888");
+
+async function doTests() {
+ var version = "U2F_V2";
+ var challenge = new Uint8Array(16);
+
+ local_is(window.location.origin, "http://test2.example.com", "Is loaded correctly");
+
+ local_is('u2f' in window, false, "window.u2f must be undefined when accessed from an insecure origin");
+ local_is('U2F' in window, false, "window.U2F must be undefined when accessed from an insecure origin");
+
+ try {
+ u2f.register(null, [], [], function(res) {
+ local_ok(false, "Callbacks should not be called.");
+ });
+ } catch (err) {
+ local_ok(err == "ReferenceError: u2f is not defined", "calling u2f should have thrown from an insecure origin");
+ }
+
+ try {
+ window.u2f.register(null, [], [], function(res) {
+ local_ok(false, "Callbacks should not be called.");
+ });
+ } catch (err) {
+ local_is(err.constructor.name, 'TypeError',
+ "accessing window.u2f should have thrown from an insecure origin");
+ local_ok(err.message.endsWith("window.u2f is undefined"),
+ "accessing window.u2f should have thrown from an insecure origin");
+ }
+
+ try {
+ await promiseU2FRegister(null, [{
+ version,
+ challenge: bytesToBase64UrlSafe(challenge),
+ }], [], function(res){
+ local_ok(false, "Shouldn't have gotten here on an insecure origin");
+ });
+ } catch (err) {
+ local_ok(err == "ReferenceError: u2f is not defined", "Should have thrown from an insecure origin");
+ }
+
+ local_finished();
+};
+
+doTests();
+
+</script>
+</body>
+</html>
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-29 09:17:58 +0000