summaryrefslogtreecommitdiffstats
path: root/testing/web-platform/tests/browsing-topics/browsing-topics-permissions-policy-self.tentative.https.sub.html
blob: 601266794797ebf8b7a7bdacfd3b3c5cb1c92f2c (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
<!doctype html>
<body>
  <script src=/resources/testharness.js></script>
  <script src=/resources/testharnessreport.js></script>
  <script src=/browsing-topics/resources/navigation-header-util.sub.js></script>
  <script src=/browsing-topics/resources/permissions-policy-util.sub.js></script>
  <script>
    'use strict';
    const header = 'permissions policy header browsing-topics=(self)';

    promise_test(async t => {
      let topics = await document.browsingTopics();
      assert_equals(topics.length, 0);
    }, header + ' allows document.browsingTopics() in the current page.');

    async_test(t => {
      test_topics_feature_availability_in_subframe(t, /*is_same_origin=*/true,
          expect_topics_feature_available);
    }, header + ' allows document.browsingTopics() in same-origin iframes.');

    async_test(t => {
      test_topics_feature_availability_in_subframe(t, /*is_same_origin=*/false,
          expect_topics_feature_unavailable);
    }, header + ' disallows document.browsingTopics() in cross-origin iframes.');

    const same_origin_url = '/browsing-topics/resources/check-topics-request-header.py';
    const cross_origin_url = 'https://{{domains[www]}}:{{ports[https][0]}}' +
      same_origin_url;

    promise_test(async t => {
      let response = await fetch(same_origin_url, {browsingTopics: true});
      let topics_header = await response.text();
      assert_equals(topics_header, "");
    }, header + 'allows the \'Sec-Browsing-Topics\' header to be sent for the same-origin topics fetch request.');

    promise_test(async t => {
      let response = await fetch(cross_origin_url, {browsingTopics: true});
      let topics_header = await response.text();
      assert_equals(topics_header, "NO_TOPICS_HEADER");
    }, header + 'disallows the \'Sec-Browsing-Topics\' header to be sent for the cross-origin topics fetch request.');

    promise_test(async t => {
      let response = await fetch('/common/redirect.py?location=' + same_origin_url, {browsingTopics: true});
      let topics_header = await response.text();
      assert_equals(topics_header, "");
    }, header + 'allows the \'Sec-Browsing-Topics\' header to be sent for the redirect of a topics fetch request, where the redirect has a same-origin URL.');

    promise_test(async t => {
      let response = await fetch('/common/redirect.py?location=' + cross_origin_url, {browsingTopics: true});
      let topics_header = await response.text();
      assert_equals(topics_header, "NO_TOPICS_HEADER");
    }, header + 'disallows the \'Sec-Browsing-Topics\' header to be sent for the redirect of a topics fetch request, where the redirect has a cross-origin URL.');

    async_test(t => {
      test_topics_iframe_navigation_header(
          t, /*has_browsing_topics_attribute=*/true, /*is_same_origin=*/true,
          expect_topics_header_available);
    }, header + ' allows the \'Sec-Browsing-Topics\' header to be sent for the same-origin iframe navigation request.');

    async_test(t => {
      test_topics_iframe_navigation_header(
          t, /*has_browsing_topics_attribute=*/true, /*is_same_origin=*/false,
          expect_topics_header_unavailable);
    }, header + ' disallows the \'Sec-Browsing-Topics\' header to be sent for the cross-origin iframe navigation request.');
  </script>
</body>