testing/web-platform/tests/web-share/disabled-by-permissions-policy-cross-origin.https.sub.html


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122

<!DOCTYPE html>
<html>
  <head>
    <meta charset="utf-8" />
    <title>WebShare Test: is disabled by permissions policy cross-origin</title>
    <link
      rel="help"
      href="https://w3c.github.io/web-share/#permissions-policy"
    />
    <script src="/resources/testharness.js"></script>
    <script src="/resources/testharnessreport.js"></script>
  </head>
  <body></body>
  <script>
    const crossOrigin = "https://{{hosts[alt][]}}:{{ports[https][0]}}";
    const sameOriginPath = "/web-share/resources/post-message.html";
    const crossOriginSrc = `${crossOrigin}${sameOriginPath}`;
    const shareData = {
      title: "WebShare Test",
      text: "This is a test of the Web Share API",
      url: "https://example.com/",
    };

    function waitForMessage(message) {
      return new Promise((resolve) => {
        window.addEventListener("message", function listener(event) {
          if (event.data.action !== message) return;
          window.removeEventListener("message", listener);
          resolve(event.data);
        });
      });
    }

    async function loadIframe(t, src, allowList) {
      const iframe = document.createElement("iframe");
      if (allowList !== undefined) iframe.allow = allowList;
      t.add_cleanup(() => {
        iframe.remove();
      });
      await new Promise((resolve) => {
        iframe.src = src;
        document.body.appendChild(iframe);
        iframe.onload = resolve;
      });
      await waitForMessage("loaded");
      return iframe;
    }

    promise_test(async (t) => {
      assert_true("share" in navigator, "navigator.share is exposed");
      const iframe = await loadIframe(t, crossOriginSrc);
      const iframeWindow = iframe.contentWindow;
      iframeWindow.postMessage({ action: "share", data: shareData }, "*");
      const data = await waitForMessage("share");
      assert_equals(data.result, "error");
      assert_equals(data.error, "NotAllowedError");
    }, "share() is disabled by default 'self' by permissions policy for cross-origin iframes");

    promise_test(async (t) => {
      assert_true("share" in navigator, "navigator.share is exposed");
      const iframe = await loadIframe(t, crossOriginSrc, "web-share 'none'");
      const iframeWindow = iframe.contentWindow;
      iframeWindow.postMessage({ action: "share", data: shareData }, "*");
      const data = await waitForMessage("share");
      assert_equals(data.result, "error");
      assert_equals(data.error, "NotAllowedError");
    }, "share() is disabled explicitly by permissions policy for cross-origin iframe");

    promise_test(async (t) => {
      assert_true("share" in navigator, "navigator.share is exposed");
      const iframe = await loadIframe(t, crossOriginSrc, "web-share 'self'");
      const iframeWindow = iframe.contentWindow;
      iframeWindow.postMessage({ action: "share", data: shareData }, "*");
      const data = await waitForMessage("share");
      assert_equals(data.result, "error");
      assert_equals(data.error, "NotAllowedError");
    }, "share() not allowed, as only allowed to share with self");

    promise_test(async (t) => {
      assert_true("canShare" in navigator, "navigator.canShare is exposed");
      const iframe = await loadIframe(t, crossOriginSrc);
      const iframeWindow = iframe.contentWindow;
      iframeWindow.postMessage({ action: "canShare", data: shareData }, "*");
      const data = await waitForMessage("canShare");
      assert_equals(data.result, false, "Expected false, as it can't share.");
    }, "canShare() not allowed to share by default permissions policy cross-origin");

    promise_test(async (t) => {
      assert_true("canShare" in navigator, "navigator.canShare is exposed");
      const iframe = await loadIframe(
        t,
        crossOriginSrc,
        `web-share ${crossOrigin}`
      );
      iframe.contentWindow.postMessage(
        { action: "canShare", data: shareData },
        "*"
      );
      const data = await waitForMessage("canShare");
      assert_equals(
        data.result,
        true,
        `Expected true, is it can now share on ${origin}.`
      );
    }, "canShare() is allowed by permissions policy to share cross-origin on a particular origin");

    promise_test(async (t) => {
      assert_true("canShare" in navigator, "navigator.canShare is exposed");
      const iframe = await loadIframe(t, sameOriginPath, "web-share 'self'");
      iframe.contentWindow.postMessage(
        { action: "canShare", data: shareData },
        "*"
      );
      const data = await waitForMessage("canShare");
      assert_equals(
        data.result,
        true,
        "Expected true, at it can share with self."
      );
    }, "canShare() with self");
  </script>
</html>