summaryrefslogtreecommitdiffstats
path: root/testing/web-platform/tests/webstorage/sessionStorage-basic-partitioned.tentative.sub.html
blob: 30575bfaf1a579a7667ad677718684d181d7187d (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
<!doctype html>
<meta charset=utf-8>
<title>sessionStorage: partitioned storage test</title>
<meta name=help href="https://privacycg.github.io/storage-partitioning/">
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
<iframe id="shared-iframe" src="http://{{host}}:{{ports[http][0]}}/webstorage/resources/sessionStorage-about-blank-partitioned-iframe.html"></iframe>
<body>
<script>
// Here's the set-up for this test:
// Step 1. (main window) set up messaging and same-site iframe load listeners.
// Step 2. (same-site iframe) loads, requests sessionStorage for "userID".
// Step 3. (same-site iframe) receives the message, gets or allocates sessionStorage,
// and returns the generated ID to the main frame.
// Step 4. (main window) receives "storage got set" message from same-site iframe.
// Step 5. (main window) opens a new cross-site window with the shared-iframe inside.
// Step 6. (cross-site iframe) loads, requests sessionStorage for "userID", gets or
// allocates that sessionStorage, and returns the generated ID to the main frame.
// Step 7. (main window) asserts that the generated IDs should be different, as
// they should have a different StorageKey.
const altOrigin = "http://{{hosts[alt][]}}:{{ports[http][0]}}";

async_test(t => {
  let crossSiteWindow;
  let crossSiteID;
  let sameSiteID;
  // Retrieve the iframe we created in the HTML above.
  const iframe = document.getElementById("shared-iframe");

  // Once the iframe loads, we request sessionStorage.
  iframe.addEventListener("load", t.step_func(e => {
    const payload = {
      command: "create ID",
      key: "userID",
    };
    iframe.contentWindow.postMessage(payload, iframe.origin);
  }), {once: true});

  window.addEventListener("message", t.step_func(e => {
    // Once we get or allocate the sessionStorage, we expect the iframe
    // to message us back with the generated ID.
    if (e.data.message === "ID created") {
      sameSiteID = e.data.userID;
      assert_true(typeof sameSiteID === "string");

      // Now that same-site storage has been secured, we need to open a
      // new cross-site window that contains our shared-iframe to repeat
      // the process in a cross-site environment.
      if (location.origin !== altOrigin) {
        crossSiteWindow = window.open(`${altOrigin}/webstorage/sessionStorage-basic-partitioned.tentative.sub.html`, "", "noopener=false");
        t.add_cleanup(() => crossSiteWindow.close());
      }
    }

    // We expect that once the cross-site iframe requests sessionStorage,
    // it will message us back with the generated ID.
    if (e.data.message === "cross-site window iframe loaded") {
      crossSiteID = e.data.userID;
      t.step(() => {
        // Same and cross-site iframes should have different generated IDs.
        assert_true(typeof crossSiteID === "string");
        assert_true(sameSiteID !== crossSiteID, "IDs pulled from two partitioned iframes are different.")
      });

      // Clear storage state to clean up after the test.
      iframe.contentWindow.sessionStorage.clear();
      crossSiteWindow.postMessage({command: "clearStorage"}, altOrigin);
      t.done();
    };
  }));
}, "Simple test for partitioned sessionStorage");
</script>
</body>