summaryrefslogtreecommitdiffstats
path: root/testing/web-platform/tests/permissions-policy/payment-disabled-by-permissions-policy.https.sub.html
blob: b53eff996a4e386b97fdbb85609c4abf4e3eb6ee (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
<!DOCTYPE html>
<body>
  <script src="/resources/testharness.js"></script>
  <script src="/resources/testharnessreport.js"></script>
  <script src="/permissions-policy/resources/permissions-policy.js"></script>
  <script>
    "use strict";
    const same_origin_src =
      "/permissions-policy/resources/permissions-policy-payment.html";
    const cross_origin_src =
      "https://{{hosts[alt][]}}:{{ports[https][0]}}" + same_origin_src;
    const header = 'permissions policy header "payment=()"';

    test(() => {
      const supportedInstruments = [{ supportedMethods: "visa" }];
      const details = {
        total: {
          label: "Test",
          amount: { currency: "USD", value: "5.00" },
        },
      };
      assert_throws_dom("SecurityError", () => {
        new PaymentRequest(supportedInstruments, details);
      });
    }, `${header} disallows Payment Request API in top-level document.`);

    promise_test((test) => {
      return test_feature_availability({
        feature_description: "PaymentRequest()",
        test,
        src: same_origin_src,
        expect_feature_available: expect_feature_unavailable_default,
        is_promise_test: true,
      });
    }, `${header} disallows Payment Request API in same-origin iframes.`);

    promise_test((test) => {
      return test_feature_availability({
        feature_description: "PaymentRequest()",
        test,
        src: cross_origin_src,
        expect_feature_available: expect_feature_unavailable_default,
        is_promise_test: true,
      });
    }, `${header} disallows Payment Request API in cross-origin iframes.`);
  </script>
</body>