1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
|
<!DOCTYPE html>
<title>Test default permission policy features gating (*)</title>
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
<script src="/common/utils.js"></script>
<script src="/common/dispatcher/dispatcher.js"></script>
<script src="resources/utils.js"></script>
<script src="/common/get-host-info.sub.js"></script>
<script src="resources/default-enabled-features-helper.js"></script>
<body>
<script>
promise_test(async(t) => {
await runDefaultEnabledFeaturesTest(t, true, get_host_info().ORIGIN);
await runDefaultEnabledFeaturesTest(t, true, get_host_info().ORIGIN,
generator_api="sharedstorage");
}, 'Same-origin fenced frame loads when feature policies are *');
promise_test(async(t) => {
await runDefaultEnabledFeaturesTest(t, true, get_host_info().REMOTE_ORIGIN);
await runDefaultEnabledFeaturesTest(t, true, get_host_info().REMOTE_ORIGIN,
generator_api="sharedstorage");
}, 'Cross-origin fenced frame loads when feature policies are *');
promise_test(async(t) => {
// We do this test the "old fashioned way" because a redirect in a fenced
// frame remote context will cause it to lose its ability to communicate with
// the main page (which results in a timeout).
const page1_key = token();
const redirect_key = token();
const fencedframe = attachFencedFrame(
await generateURNFromFledge(
"resources/default-enabled-features-navigate.https.html",
[page1_key, redirect_key]));
// The fenced frame will send its attribution reporting result and then
// attempt to redirect to a remote origin page.
const page1_resp = await nextValueFromServer(page1_key);
assert_equals(page1_resp, "true",
"Attribution reporting should be enabled on the original page.");
// The fenced frame will send its attribution reporting result and then
// attempt to redirect to a remote origin page.
const redirect_resp = await nextValueFromServer(redirect_key);
assert_equals(redirect_resp, "true",
"Attribution reporting should be enabled on the redirected page.");
}, 'A fenced frame that navigates itself to a cross origin page that allows feature policies ' +
'can still access the feature policies');
promise_test(async(t) => {
const fencedframe = await attachFencedFrameContext({
origin: get_host_info().REMOTE_ORIGIN});
await fencedframe.execute(async () => {
assert_true(
document.featurePolicy.allowsFeature('shared-storage'),
"Shared storage should be allowed in the fenced frame.");
assert_true(
document.featurePolicy.allowsFeature('private-aggregation'),
"Private aggregation should be allowed in the fenced frame.");
assert_false(
document.featurePolicy.allowsFeature('attribution-reporting'),
"Attribution reporting should be disallowed in the fenced frame.");
assert_false(
document.featurePolicy.allowsFeature('sync-xhr'),
"USB access should be disallowed in the fenced frame.");
}, []);
}, 'Cross-origin fenced frames default feature policies follow inheritance' +
' rules.');
</script>
</body>
</html>
|