1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
|
<!doctype html>
<body>
<script src=/resources/testharness.js></script>
<script src=/resources/testharnessreport.js></script>
<script src=/browsing-topics/resources/navigation-header-util.sub.js></script>
<script src=/browsing-topics/resources/permissions-policy-util.sub.js></script>
<script>
'use strict';
const header = 'permissions policy header browsing-topics=(self)';
promise_test(async t => {
let topics = await document.browsingTopics();
assert_equals(topics.length, 0);
}, header + ' allows document.browsingTopics() in the current page.');
async_test(t => {
test_topics_feature_availability_in_subframe(t, /*is_same_origin=*/true,
expect_topics_feature_available);
}, header + ' allows document.browsingTopics() in same-origin iframes.');
async_test(t => {
test_topics_feature_availability_in_subframe(t, /*is_same_origin=*/false,
expect_topics_feature_unavailable);
}, header + ' disallows document.browsingTopics() in cross-origin iframes.');
const same_origin_url = '/browsing-topics/resources/check-topics-request-header.py';
const cross_origin_url = 'https://{{domains[www]}}:{{ports[https][0]}}' +
same_origin_url;
promise_test(async t => {
let response = await fetch(same_origin_url, {browsingTopics: true});
let topics_header = await response.text();
assert_equals(topics_header, "");
}, header + 'allows the \'Sec-Browsing-Topics\' header to be sent for the same-origin topics fetch request.');
promise_test(async t => {
let response = await fetch(cross_origin_url, {browsingTopics: true});
let topics_header = await response.text();
assert_equals(topics_header, "NO_TOPICS_HEADER");
}, header + 'disallows the \'Sec-Browsing-Topics\' header to be sent for the cross-origin topics fetch request.');
promise_test(async t => {
let response = await fetch('/common/redirect.py?location=' + same_origin_url, {browsingTopics: true});
let topics_header = await response.text();
assert_equals(topics_header, "");
}, header + 'allows the \'Sec-Browsing-Topics\' header to be sent for the redirect of a topics fetch request, where the redirect has a same-origin URL.');
promise_test(async t => {
let response = await fetch('/common/redirect.py?location=' + cross_origin_url, {browsingTopics: true});
let topics_header = await response.text();
assert_equals(topics_header, "NO_TOPICS_HEADER");
}, header + 'disallows the \'Sec-Browsing-Topics\' header to be sent for the redirect of a topics fetch request, where the redirect has a cross-origin URL.');
async_test(t => {
test_topics_iframe_navigation_header(
t, /*has_browsing_topics_attribute=*/true, /*is_same_origin=*/true,
expect_topics_header_available);
}, header + ' allows the \'Sec-Browsing-Topics\' header to be sent for the same-origin iframe navigation request.');
async_test(t => {
test_topics_iframe_navigation_header(
t, /*has_browsing_topics_attribute=*/true, /*is_same_origin=*/false,
expect_topics_header_unavailable);
}, header + ' disallows the \'Sec-Browsing-Topics\' header to be sent for the cross-origin iframe navigation request.');
</script>
</body>
|