1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
|
<!doctype html>
<html>
<head>
<meta charset=utf-8>
<title>Test SharedWorkerGlobalScope.isSecureContext for HTTP creator</title>
<meta name="help" href="https://w3c.github.io/webappsec-secure-contexts/#monkey-patching-global-object">
<script src=/resources/testharness.js></script>
<script src=/resources/testharnessreport.js></script>
<script src="server-locations.sub.js"></script>
</head>
<body>
<script>
/*
* The goal of this test is to check that we do the right thing if the
* same SharedWorker is used first from an secure context and then from
* an insecure context.
*
* To do this, we load a subframe which loads a SharedWorker
* and communicates back to us whether that worker and a child dedicated
* worker it spawns think they are secure contexts. Async tests t1 and t2
* track these two workers.
*
* After we have heard from both workers in the subframe, we open an
* insecure (http) popup, which loads the same exact subframe. This
* subframe is still is same-origin with
* us but not a secure context, since its parent is http, not https. Then
* we wait to hear about the status of the workers in the popup's
* subframe. Async tests t3 and t4 track these two workers.
*
*/
var t1 = async_test("Shared worker in subframe");
var t2 = async_test("Nested worker in shared worker in subframe");
var t3 = async_test("Shared worker in popup");
var t4 = async_test("Nested worker from shared worker in popup");
var messageCount = 0;
var popup = null;
onmessage = function(e) {
++messageCount;
if (messageCount == 4 && popup) {
popup.close();
}
var data = e.data;
if (data.type == "shared") {
// This is a message from our shared worker; check whether it's the
// one in the popup or in our subframe.
if (data.fromPopup) {
t3.step(function() {
assert_false(data.exception, "No exception should be present.");
assert_true(data.error, "SharedWorker connection should error out.");
});
t3.done();
} else {
t1.step(function() {
assert_false(data.exception, "SharedWorker should not throw an exception.");
assert_false(data.error, "SharedWorker connection should not generate an error.");
assert_true(data.isSecureContext, "SharedWorker is a secure context");
});
t1.done();
}
} else if (data.type == "nested") {
// This is a message from our shared worker's nested dedicated worker;
// check whether it's the one in the popup or in our subframe.
if (data.fromPopup) {
t4.step(function() {
assert_false(data.exception, "No exception should be present.");
assert_true(data.error, "SharedWorker connection should error out.");
});
t4.done();
} else {
t2.step(function() {
assert_false(data.exception, "SharedWorker should not throw an exception.");
assert_false(data.error, "SharedWorker connection should not generate an error.");
assert_true(data.isSecureContext, "SharedWorker is a secure context");
});
t2.done();
}
} else {
if (popup) {
popup.close();
}
t1.step(function() {
assert_unreached("Unknown message");
});
t1.done();
t2.step(function() {
assert_unreached("Unknown message");
});
t2.done();
t3.step(function() {
assert_unreached("Unknown message");
});
t3.done();
t4.step(function() {
assert_unreached("Unknown message");
});
t4.done();
}
if (messageCount == 2) {
// Got both messages from our child; time to open our popup
popup = window.open(http_dir + "support/shared-worker-insecure-popup.html?https_dir4");
}
}
var ifr = document.createElement("iframe");
ifr.src = https_dir4 + "support/https-subframe-shared.html";
document.body.appendChild(ifr);
</script>
</body>
</html>
|
