summaryrefslogtreecommitdiffstats
path: root/testing/web-platform/tests/storage-access-api/resources/storage-access-beyond-cookies-iframe-iframe.html
diff options
context:
space:
mode:
Diffstat (limited to 'testing/web-platform/tests/storage-access-api/resources/storage-access-beyond-cookies-iframe-iframe.html')
-rw-r--r--testing/web-platform/tests/storage-access-api/resources/storage-access-beyond-cookies-iframe-iframe.html259
1 files changed, 259 insertions, 0 deletions
diff --git a/testing/web-platform/tests/storage-access-api/resources/storage-access-beyond-cookies-iframe-iframe.html b/testing/web-platform/tests/storage-access-api/resources/storage-access-beyond-cookies-iframe-iframe.html
new file mode 100644
index 0000000000..ffb419f799
--- /dev/null
+++ b/testing/web-platform/tests/storage-access-api/resources/storage-access-beyond-cookies-iframe-iframe.html
@@ -0,0 +1,259 @@
+<!doctype html>
+<meta charset="utf-8">
+<script src="/resources/testdriver.js"></script>
+<script src="/resources/testdriver-vendor.js"></script>
+<script src="/storage-access-api/helpers.js"></script>
+<script>
+(async function() {
+ test_driver.set_test_context(window.top);
+ const type = (new URLSearchParams(window.location.search)).get("type");
+ const id = (new URLSearchParams(window.location.search)).get("id");
+ let message = "HasAccess for " + type;
+ // Step 6 (storage-access-api/storage-access-beyond-cookies.{}.tentative.sub.https.html)
+ try {
+ await MaybeSetStorageAccess("*", "*", "blocked");
+ await test_driver.set_permission({ name: 'storage-access' }, 'granted');
+ switch (type) {
+ case "none": {
+ let couldRequestStorageAccessForNone = true;
+ try {
+ await document.requestStorageAccess({});
+ } catch (_) {
+ couldRequestStorageAccessForNone = false;
+ }
+ if (couldRequestStorageAccessForNone) {
+ message = "Requesting access for {} should fail."
+ }
+ let couldRequestStorageAccessForAllFalse = true;
+ try {
+ await document.requestStorageAccess({all:false});
+ } catch (_) {
+ couldRequestStorageAccessForAllFalse = false;
+ }
+ if (couldRequestStorageAccessForAllFalse) {
+ message = "Requesting access for {all:false} should fail."
+ }
+ let hasUnpartitionedCookieAccess = await document.hasUnpartitionedCookieAccess();
+ if (hasUnpartitionedCookieAccess) {
+ message = "First-party cookies should not be readable if not requested.";
+ }
+ break;
+ }
+ case "cookies": {
+ let hasUnpartitionedCookieAccess = await document.hasUnpartitionedCookieAccess();
+ if (hasUnpartitionedCookieAccess || document.cookie.includes("test="+id)) {
+ message = "First-party cookies should not be readable before handle is loaded.";
+ }
+ await document.requestStorageAccess({cookies: true});
+ hasUnpartitionedCookieAccess = await document.hasUnpartitionedCookieAccess();
+ if (!hasUnpartitionedCookieAccess || !document.cookie.includes("test="+id)) {
+ message = "First-party cookies should be readable if cookies were requested.";
+ }
+ break;
+ }
+ case "sessionStorage": {
+ const handle = await document.requestStorageAccess({sessionStorage: true});
+ let hasUnpartitionedCookieAccess = await document.hasUnpartitionedCookieAccess();
+ if (hasUnpartitionedCookieAccess) {
+ message = "First-party cookies should not be readable if not requested.";
+ }
+ if (id != handle.sessionStorage.getItem("test")) {
+ message = "No first-party Session Storage access";
+ }
+ if (!!window.sessionStorage.getItem("test")) {
+ message = "Handle should not override window Session Storage";
+ }
+ window.onstorage = (e) => {
+ if (e.key == "window_event") {
+ if (e.newValue != id) {
+ handle.sessionStorage.setItem("handle_event", "wrong data " + e.newValue);
+ } else if (e.storageArea != handle.sessionStorage) {
+ handle.sessionStorage.setItem("handle_event", "storage area mismatch");
+ } else {
+ handle.sessionStorage.setItem("handle_event", id);
+ }
+ }
+ };
+ break;
+ }
+ case "localStorage": {
+ const handle = await document.requestStorageAccess({localStorage: true});
+ let hasUnpartitionedCookieAccess = await document.hasUnpartitionedCookieAccess();
+ if (hasUnpartitionedCookieAccess) {
+ message = "First-party cookies should not be readable if not requested.";
+ }
+ if (id != handle.localStorage.getItem("test")) {
+ message = "No first-party Local Storage access";
+ }
+ if (!!window.localStorage.getItem("test")) {
+ message = "Handle should not override window Local Storage";
+ }
+ window.onstorage = (e) => {
+ if (e.key == "window_event") {
+ if (e.newValue != id) {
+ handle.localStorage.setItem("handle_event", "wrong data " + e.newValue);
+ } else if (e.storageArea != handle.localStorage) {
+ handle.localStorage.setItem("handle_event", "storage area mismatch");
+ } else {
+ handle.localStorage.setItem("handle_event", id);
+ }
+ }
+ };
+ break;
+ }
+ case "indexedDB": {
+ const handle = await document.requestStorageAccess({indexedDB: true});
+ let hasUnpartitionedCookieAccess = await document.hasUnpartitionedCookieAccess();
+ if (hasUnpartitionedCookieAccess) {
+ message = "First-party cookies should not be readable if not requested.";
+ }
+ const handle_dbs = await handle.indexedDB.databases();
+ if (handle_dbs.length != 1 || handle_dbs[0].name != id) {
+ message = "No first-party IndexedDB access";
+ }
+ const local_dbs = await window.indexedDB.databases();
+ if (local_dbs.length != 0) {
+ message = "Handle should not override window IndexedDB";
+ }
+ await handle.indexedDB.deleteDatabase(id);
+ break;
+ }
+ case "locks": {
+ const handle = await document.requestStorageAccess({locks: true});
+ let hasUnpartitionedCookieAccess = await document.hasUnpartitionedCookieAccess();
+ if (hasUnpartitionedCookieAccess) {
+ message = "First-party cookies should not be readable if not requested.";
+ }
+ const handle_state = await handle.locks.query();
+ if (handle_state.held.length != 1 || handle_state.held[0].name != id) {
+ message = "No first-party Web Lock access";
+ }
+ const local_state = await window.navigator.locks.query();
+ if (local_state.held.length != 0) {
+ message = "Handle should not override window Web Locks";
+ }
+ await handle.locks.request(id, {steal: true}, async () => {});
+ break;
+ }
+ case "caches": {
+ const handle = await document.requestStorageAccess({caches: true});
+ let hasUnpartitionedCookieAccess = await document.hasUnpartitionedCookieAccess();
+ if (hasUnpartitionedCookieAccess) {
+ message = "First-party cookies should not be readable if not requested.";
+ }
+ const handle_has = await handle.caches.has(id);
+ if (!handle_has) {
+ message = "No first-party Cache Storage access";
+ }
+ const local_has = await window.caches.has(id);
+ if (local_has) {
+ message = "Handle should not override window Cache Storage";
+ }
+ await handle.caches.delete(id);
+ break;
+ }
+ case "getDirectory": {
+ const handle = await document.requestStorageAccess({getDirectory: true});
+ let hasUnpartitionedCookieAccess = await document.hasUnpartitionedCookieAccess();
+ if (hasUnpartitionedCookieAccess) {
+ message = "First-party cookies should not be readable if not requested.";
+ }
+ const handle_root = await handle.getDirectory();
+ let handle_has = await handle_root.getFileHandle(id).then(() => true, () => false);
+ if (!handle_has) {
+ message = "No first-party Origin Private File System access";
+ }
+ const local_root = await window.navigator.storage.getDirectory();
+ let local_has = await local_root.getFileHandle(id).then(() => true, () => false);
+ if (local_has) {
+ message = "Handle should not override window Origin Private File System";
+ }
+ await handle_root.removeEntry(id);
+ break;
+ }
+ case "estimate": {
+ const handle = await document.requestStorageAccess({estimate: true});
+ let hasUnpartitionedCookieAccess = await document.hasUnpartitionedCookieAccess();
+ if (hasUnpartitionedCookieAccess) {
+ message = "First-party cookies should not be readable if not requested.";
+ }
+ const handle_estimate = await handle.estimate();
+ if (handle_estimate.usage <= 0) {
+ message = "No first-party quota access";
+ }
+ const local_estimate = await window.navigator.storage.estimate();
+ if (local_estimate > 0) {
+ message = "Handle should not override window quota";
+ }
+ break;
+ }
+ case "blobStorage": {
+ const handle = await document.requestStorageAccess({createObjectURL: true, revokeObjectURL: true});
+ let hasUnpartitionedCookieAccess = await document.hasUnpartitionedCookieAccess();
+ if (hasUnpartitionedCookieAccess) {
+ message = "First-party cookies should not be readable if not requested.";
+ }
+ let blob = await fetch(atob(id)).then(
+ (response) => response.text(),
+ () => "");
+ if (blob != "TEST") {
+ message = "Blob storage should be readable in this context";
+ }
+ URL.revokeObjectURL(atob(id));
+ blob = await fetch(atob(id)).then(
+ (response) => response.text(),
+ () => "");
+ if (blob != "TEST") {
+ message = "Handle should not override window blob storage";
+ }
+ handle.revokeObjectURL(atob(id));
+ blob = await fetch(atob(id)).then(
+ (response) => response.text(),
+ () => "");
+ if (blob != "") {
+ message = "No first-party blob access";
+ }
+ const url = handle.createObjectURL(new Blob(["TEST2"]));
+ blob = await fetch(url).then(
+ (response) => response.text(),
+ () => "");
+ if (blob != "TEST2") {
+ message = "A blob url created via the handle should be readable";
+ }
+ handle.revokeObjectURL(url);
+ blob = await fetch(url).then(
+ (response) => response.text(),
+ () => "");
+ if (blob != "") {
+ message = "A blob url removed via the handle should be cleared";
+ }
+ break;
+ }
+ case "BroadcastChannel": {
+ const handle = await document.requestStorageAccess({BroadcastChannel: true});
+ let hasUnpartitionedCookieAccess = await document.hasUnpartitionedCookieAccess();
+ if (hasUnpartitionedCookieAccess) {
+ message = "First-party cookies should not be readable if not requested.";
+ }
+ const handle_channel = handle.BroadcastChannel(id);
+ handle_channel.postMessage("Same-origin handle access");
+ handle_channel.close();
+ const local_channel = new BroadcastChannel(id);
+ local_channel.postMessage("Same-origin local access");
+ local_channel.close();
+ break;
+ }
+ default: {
+ message = "Unexpected type " + type;
+ break;
+ }
+ }
+ } catch (_) {
+ message = "Unable to load handle in same-origin context for " + type;
+ }
+ // Step 7 (storage-access-api/storage-access-beyond-cookies.{}.tentative.sub.https.html)
+ await MaybeSetStorageAccess("*", "*", "allowed");
+ await test_driver.set_permission({ name: 'storage-access' }, 'prompt');
+ window.top.postMessage(message, "*");
+})();
+</script>
generated by cgit v1.2.3 (git 2.39.1) at 2024-07-30 10:36:49 +0000