summaryrefslogtreecommitdiffstats
path: root/testing/web-platform/tests/secure-contexts/shared-worker-insecure-first.https.html
blob: 00db9517d01ea6e4d8d680211e5a9f0488c51283 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
<!doctype html>
<html>
  <head>
    <meta charset=utf-8>
    <title>Test SharedWorkerGlobalScope.isSecureContext for HTTP creator</title>
    <meta name="help" href="https://w3c.github.io/webappsec-secure-contexts/#monkey-patching-global-object">
    <script src=/resources/testharness.js></script>
    <script src=/resources/testharnessreport.js></script>
    <script src="server-locations.sub.js"></script>
  </head>
  <body>
    <script>
      /*
       * The goal of this test is to check that we do the right thing if the
       * same SharedWorker is used first from an insecure context and then from
       * a secure context.
       *
       * To do this, we first open an insecure (http) popup, which loads a
       * subframe that is same-origin with us but not a secure context, since
       * its parent is http, not https.  Then this subframe loads a SharedWorker
       * and communicates back to us whether that worker and a child dedicated
       * worker it spawns think they are secure contexts.  Async tests t3 and t4
       * track these two workers.
       *
       * After we have heard from both workers in the popup, we directly load
       * the same exact subframe ourselves and see what the workers in it
       * report.  Async tests t1 and t2 track these two workers.
       */
      var t1 = async_test("Shared worker in subframe");
      var t2 = async_test("Nested worker in shared worker in subframe");
      var t3 = async_test("Shared worker in popup");
      var t4 = async_test("Nested worker from shared worker in popup");

      var messageCount = 0;
      var popup = null;
      onmessage = function(e) {
        ++messageCount;
        // Make sure to not close the popup until we've run the iframe part of
        // the test!  We need to keep those shared workers alive.
        if (messageCount == 4 && popup) {
          popup.close();
        }
        var data = e.data;
        if (data.type == "shared") {
          // This is a message from our shared worker; check whether it's the
          // one in the popup or in our subframe.
          if (data.fromPopup) {
            t3.step(function() {
              assert_false(data.exception, "SharedWorker should not throw an exception.");
              assert_false(data.error, "SharedWorker connection should not generate an error.");
              assert_false(data.isSecureContext, "SharedWorker is not a secure context");
            });
            t3.done();
          } else {
            t1.step(function() {
              assert_false(data.exception, "SharedWorker should not throw an exception.");
              assert_true(data.error, "SharedWorker connection should generate an error.");
            });
            t1.done();
          }
        } else if (data.type == "nested") {
          // This is a message from our shared worker's nested dedicated worker;
          // check whether it's the one in the popup or in our subframe.
          if (data.fromPopup) {
            t4.step(function() {
              assert_false(data.exception, "SharedWorker should not throw an exception.");
              assert_false(data.error, "SharedWorker connection should not generate an error.");
              assert_false(data.isSecureContext);
            });
            t4.done();
          } else {
            t2.step(function() {
              assert_false(data.exception, "SharedWorker should not throw an exception.");
              assert_true(data.error, "SharedWorker connection should generate an error.");
            });
            t2.done();
          }
        } else {
          if (popup) {
            popup.close();
          }
          t1.step(function() {
            assert_unreached("Unknown message");
          });
          t1.done();
          t2.step(function() {
            assert_unreached("Unknown message");
          });
          t2.done();
          t3.step(function() {
            assert_unreached("Unknown message");
          });
          t3.done();
          t4.step(function() {
            assert_unreached("Unknown message");
          });
          t4.done();
        }

        if (messageCount == 2) {
          // Got both messages from our popup; time to create our child.
          var ifr = document.createElement("iframe");
          ifr.src = https_dir5 + "support/https-subframe-shared.html";
          document.body.appendChild(ifr);
        }
      }

      popup = window.open(http_dir + "support/shared-worker-insecure-popup.html?https_dir5");
    </script>
  </body>
</html>