testing/web-platform/tests/cookie-store/cookieStore_opaque_origin.https.html


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73

<!DOCTYPE html>
<meta charset=utf-8>
<title>Cookie Store API: Opaque origins for cookieStore</title>
<link rel=help href="https://wicg.github.io/cookie-store/">
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
<script>

const apiCalls = {
  'get': 'cookieStore.get("cookie-name")',
  'getAll': 'cookieStore.getAll()',
  'set': 'cookieStore.set("cookie-name", "cookie-value")',
  'delete': 'cookieStore.delete("cookie-name")'
};

const script = `
<script>
  "use strict";
  window.onmessage = async () => {
    try {
      await %s;
      window.parent.postMessage({result: "no exception"}, "*");
    } catch (ex) {
      window.parent.postMessage({result: ex.name}, "*");
    };
  };
<\/script>
`;

function load_iframe(apiCall, sandbox) {
  return new Promise(resolve => {
    const iframe = document.createElement('iframe');
    iframe.onload = () => { resolve(iframe); };
    if (sandbox)
      iframe.sandbox = sandbox;
    iframe.srcdoc = script.replace("%s", apiCalls[apiCall]);
    iframe.style.display = 'none';
    document.documentElement.appendChild(iframe);
  });
}

function wait_for_message(iframe) {
  return new Promise(resolve => {
    self.addEventListener('message', function listener(e) {
      if (e.source === iframe.contentWindow) {
        resolve(e.data);
        self.removeEventListener('message', listener);
      }
    });
  });
}

promise_test(async t => {
  for (apiCall in apiCalls) {
    const iframe = await load_iframe(apiCall);
    iframe.contentWindow.postMessage({}, '*');
    const message = await wait_for_message(iframe);
    assert_equals(message.result, 'no exception',
      'cookieStore ${apiCall} should not throw');
  }
}, 'cookieStore in non-sandboxed iframe should not throw');

promise_test(async t => {
  for (apiCall in apiCalls) {
    const iframe = await load_iframe(apiCall, 'allow-scripts');
    iframe.contentWindow.postMessage({}, '*');
    const message = await wait_for_message(iframe);
    assert_equals(message.result, 'SecurityError',
      'cookieStore ${apiCall} should throw SecurityError');
  }
}, 'cookieStore in sandboxed iframe should throw SecurityError');

</script>