summaryrefslogtreecommitdiffstats
path: root/testing/web-platform/tests/fenced-frame/can-load-api.https.html
blob: f9996dd5e9a7628b1ec61abe80bc47db3a632f52 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
<!DOCTYPE html>
<title>Test canLoadOpaqueURL API</title>
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
<script src="/common/utils.js"></script>
<script src="/common/dispatcher/dispatcher.js"></script>
<script src="resources/utils.js"></script>

<body>
<script>
async function runTest(expected_result, generator_api, attribute_list, header_list, use_fencedframe=false) {
  const frame = use_fencedframe ?
      await attachFencedFrameContext({generator_api: generator_api, attributes:attribute_list, headers:header_list}) :
      await attachIFrameContext({generator_api, generator_api, attributes:attribute_list, headers:header_list});
  await frame.execute(async (expected_result, attribute_list) => {
    assert_equals(navigator.canLoadAdAuctionFencedFrame(), expected_result,
    "A frame with attributes " + attribute_list + " should return " +
    expected_result + " for canLoadOpaqueURL.");
  }, [expected_result, attribute_list]);
}

promise_test(async(t) => {
  assert_true(navigator.canLoadAdAuctionFencedFrame());
}, 'canLoadOpaqueURL called on a page that can load a FF should return true');

promise_test(async(t) => {
  await runTest(true, "sharedstorage",
     [["width", "300"],
      ["height", "200"]],
      [], use_fencedframe=true);
}, 'canLoadOpaqueURL returns true inside an opaque-ads fenced frame');

promise_test(async(t) => {
  await runTest(false, "default", [], [], use_fencedframe=true);
}, 'canLoadOpaqueURL returns false inside an default fenced frame');

promise_test(async(t) => {
  await runTest(true, "default", [], [["Content-Security-Policy", "fenced-frame-src *"]]);
  await runTest(true, "default", [], [["Content-Security-Policy", "fenced-frame-src https:"]]);
  await runTest(true, "default", [], [["Content-Security-Policy", "fenced-frame-src https://*:*"]]);
}, 'canLoadOpaqueURL returns true for all 3 fenced-frame-src allowed values');

promise_test(async(t) => {
  await runTest(true, "default", [], [["Content-Security-Policy", "fenced-frame-src *; frame-src 'self'"]]);
  await runTest(false, "default", [], [["Content-Security-Policy", "fenced-frame-src 'self'; frame-src *"]]);
  await runTest(true, "default", [], [["Content-Security-Policy", "child-src 'self'; fenced-frame-src https:"]]);
  await runTest(false, "default", [], [["Content-Security-Policy", "child-src *; fenced-frame-src 'self'"]]);
}, 'canLoadOpaqueURL ignores fallback CSPs');

promise_test(async(t) => {
  await runTest(true, "default", [], [["Content-Security-Policy", "img-src 'none';"]]);
  await runTest(true, "default", [], [["Content-Security-Policy", "font-src 'none';"]]);
}, 'canLoadOpaqueURL ignores unrelated CSPs');

promise_test(async(t) => {
  const iframe = attachIFrame("resources/dummy.html");
  const iframe_ff_class = iframe.contentWindow.HTMLFencedFrameElement;

  // Sanity check to make sure the function returns true as we expect it to
  // before we remove the frame.
  assert_true(iframe_ff_class.canLoadOpaqueURL());

  // The one variable we're changing is whether the frame is attached or not.
  iframe.remove();
  assert_false(iframe_ff_class.canLoadOpaqueURL());
}, 'canLoadOpaqueURL returns false in a detached frame');
</script>
</body>