diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-07 09:22:09 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-07 09:22:09 +0000 |
commit | 43a97878ce14b72f0981164f87f2e35e14151312 (patch) | |
tree | 620249daf56c0258faa40cbdcf9cfba06de2a846 /testing/web-platform/tests/feature-policy/reporting | |
parent | Initial commit. (diff) | |
download | firefox-43a97878ce14b72f0981164f87f2e35e14151312.tar.xz firefox-43a97878ce14b72f0981164f87f2e35e14151312.zip |
Adding upstream version 110.0.1.upstream/110.0.1upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'testing/web-platform/tests/feature-policy/reporting')
31 files changed, 580 insertions, 0 deletions
diff --git a/testing/web-platform/tests/feature-policy/reporting/camera-reporting.https.html b/testing/web-platform/tests/feature-policy/reporting/camera-reporting.https.html new file mode 100644 index 0000000000..708d3fa525 --- /dev/null +++ b/testing/web-platform/tests/feature-policy/reporting/camera-reporting.https.html @@ -0,0 +1,34 @@ +<!DOCTYPE html> +<html> + <head> + <script src='/resources/testharness.js'></script> + <script src='/resources/testharnessreport.js'></script> + <script src=/resources/testdriver.js></script> + <script src=/resources/testdriver-vendor.js></script> + <script src='../../mediacapture-streams/permission-helper.js'></script> + </head> + <body> + <script> +var t = async_test("Camera Report Format"); + +var check_report_format = (reports, observer) => { + let report = reports[0]; + assert_equals(report.type, "permissions-policy-violation"); + assert_equals(report.url, document.location.href); + assert_equals(report.body.featureId, "camera"); + assert_equals(report.body.sourceFile, document.location.href); + assert_equals(typeof report.body.lineNumber, "number"); + assert_equals(typeof report.body.columnNumber, "number"); + assert_equals(report.body.disposition, "enforce"); +}; + +new ReportingObserver(t.step_func_done(check_report_format), + {types: ['permissions-policy-violation']}).observe(); + + setMediaPermission("granted", ["camera"]).then(() => navigator.mediaDevices.getUserMedia({video: true})) + .then( + t.unreached_func("UserMedia camera access should not be allowed in this document.") +).catch(() => {}); + </script> + </body> +</html> diff --git a/testing/web-platform/tests/feature-policy/reporting/camera-reporting.https.html.headers b/testing/web-platform/tests/feature-policy/reporting/camera-reporting.https.html.headers new file mode 100644 index 0000000000..2adc5e237f --- /dev/null +++ b/testing/web-platform/tests/feature-policy/reporting/camera-reporting.https.html.headers @@ -0,0 +1 @@ +Feature-Policy: camera 'none' diff --git a/testing/web-platform/tests/feature-policy/reporting/encrypted-media-reporting.https.html b/testing/web-platform/tests/feature-policy/reporting/encrypted-media-reporting.https.html new file mode 100644 index 0000000000..32a5a2cc48 --- /dev/null +++ b/testing/web-platform/tests/feature-policy/reporting/encrypted-media-reporting.https.html @@ -0,0 +1,37 @@ +<!DOCTYPE html> +<html> + <head> + <script src='/resources/testharness.js'></script> + <script src='/resources/testharnessreport.js'></script> + </head> + <body> + <script> +var check_report_format = (reports, observer) => { + let report = reports[0]; + assert_equals(report.type, "permissions-policy-violation"); + assert_equals(report.url, document.location.href); + assert_equals(report.body.featureId, "encrypted-media"); + assert_equals(report.body.disposition, "enforce"); + assert_equals(report.body.sourceFile, document.location.href); + assert_equals(typeof report.body.lineNumber, "number"); + assert_equals(typeof report.body.columnNumber, "number"); +}; + +promise_test(async t => { + const report = new Promise(resolve => { + new ReportingObserver((reports, observer) => resolve([reports, observer]), + {types: ['permissions-policy-violation']}).observe(); + }); + await promise_rejects_dom(t, "SecurityError", + navigator.requestMediaKeySystemAccess("org.w3.clearkey", + [{ + initDataTypes: ["webm"], + videoCapabilities: [{contentType: 'video/webm;codecs="vp8"'}], + }]), + "requestMediaKeySystemAccess() should not be allowed in this document."); + const [reports, observer] = await report; + check_report_format(reports, observer); +}, "Encrypted Media report format"); + </script> + </body> +</html> diff --git a/testing/web-platform/tests/feature-policy/reporting/encrypted-media-reporting.https.html.headers b/testing/web-platform/tests/feature-policy/reporting/encrypted-media-reporting.https.html.headers new file mode 100644 index 0000000000..73753a2e41 --- /dev/null +++ b/testing/web-platform/tests/feature-policy/reporting/encrypted-media-reporting.https.html.headers @@ -0,0 +1 @@ +Feature-Policy: encrypted-media 'none' diff --git a/testing/web-platform/tests/feature-policy/reporting/fullscreen-reporting.html b/testing/web-platform/tests/feature-policy/reporting/fullscreen-reporting.html new file mode 100644 index 0000000000..d7b905744d --- /dev/null +++ b/testing/web-platform/tests/feature-policy/reporting/fullscreen-reporting.html @@ -0,0 +1,45 @@ +<!DOCTYPE html> +<html> + <head> + <script src='/resources/testharness.js'></script> + <script src='/resources/testharnessreport.js'></script> + </head> + <body> + <div id='fs'></div> + <script> +var observer1; +var observer2; + +var check_report_format = (reports, observer) => { + // Test that observer2 is notified, even if it is disconnected. + observer1.disconnect(); + observer2.disconnect(); + let report = reports[0]; + assert_equals(report.type, "permissions-policy-violation"); + assert_equals(report.url, document.location.href); + assert_equals(report.body.featureId, "fullscreen"); + assert_equals(report.body.sourceFile, document.location.href); + assert_equals(typeof report.body.lineNumber, "number"); + assert_equals(typeof report.body.columnNumber, "number"); + assert_equals(report.body.disposition, "enforce"); +}; + +var check_second_observer = (reports, observer) => { + let report = reports[0]; + assert_equals(report.type, "permissions-policy-violation"); + assert_equals(report.body.featureId, "fullscreen"); +}; + +async_test(t => { + observer1 = new ReportingObserver(t.step_func(check_report_format), + {types: ['permissions-policy-violation']}); + observer1.observe(); + observer2 = new ReportingObserver(t.step_func_done(check_second_observer), + {types: ['permissions-policy-violation']}); + observer2.observe(); + document.getElementById('fs').requestFullscreen().then(t.unreached_func( + "Fullscreen should not be allowed in this document.")).catch(()=>{}); +}, "Fullscreen Report Format"); + </script> + </body> +</html> diff --git a/testing/web-platform/tests/feature-policy/reporting/fullscreen-reporting.html.headers b/testing/web-platform/tests/feature-policy/reporting/fullscreen-reporting.html.headers new file mode 100644 index 0000000000..d35e48ba40 --- /dev/null +++ b/testing/web-platform/tests/feature-policy/reporting/fullscreen-reporting.html.headers @@ -0,0 +1 @@ +Feature-Policy: fullscreen 'none' diff --git a/testing/web-platform/tests/feature-policy/reporting/generic-sensor-reporting.https.html b/testing/web-platform/tests/feature-policy/reporting/generic-sensor-reporting.https.html new file mode 100644 index 0000000000..c29c069ee3 --- /dev/null +++ b/testing/web-platform/tests/feature-policy/reporting/generic-sensor-reporting.https.html @@ -0,0 +1,55 @@ +<!DOCTYPE html> +<html> + <head> + <script src='/resources/testharness.js'></script> + <script src='/resources/testharnessreport.js'></script> + </head> + <body> + <script> +var sensor_features_verified = { + "accelerometer": false, + "ambient-light-sensor": false, + "magnetometer": false, + "gyroscope": false +}; + +var check_report_format = function(reports, observer) { + // Check each report in this batch. This observer callback may be called + // multiple times before all reports have been processed. + for (const report of reports) { + + // Validate that the reported feature is one of the sensor features, and that + // we have not seen a report for this feature before. + assert_true(sensor_features_verified.hasOwnProperty(report.body.featureId)); + assert_false(sensor_features_verified[report.body.featureId]); + + // Validate the remainder of the report + assert_equals(report.type, "permissions-policy-violation"); + assert_equals(report.url, document.location.href); + assert_equals(report.body.sourceFile, document.location.href); + assert_equals(typeof report.body.lineNumber, "number"); + assert_equals(typeof report.body.columnNumber, "number"); + assert_equals(report.body.disposition, "enforce"); + + sensor_features_verified[report.body.featureId] = true; + } + + // Test is only done when reports for all features have been seen + for (let result of Object.values(sensor_features_verified)) { + if (!result) + return; + } + this.done(); +}; + +async_test(t => { + new ReportingObserver(t.step_func(check_report_format), + {types: ['permissions-policy-violation']}).observe(); + assert_throws_dom("SecurityError", () => new Accelerometer(), "Constructing sensors should be blocked by policy"); + assert_throws_dom("SecurityError", () => new AmbientLightSensor(), "Constructing sensors should be blocked by policy"); + assert_throws_dom("SecurityError", () => new Gyroscope(), "Constructing sensors should be blocked by policy"); + assert_throws_dom("SecurityError", () => new Magnetometer(), "Constructing sensors should be blocked by policy"); +}, "Generic Sensor Report Format"); + </script> + </body> +</html> diff --git a/testing/web-platform/tests/feature-policy/reporting/generic-sensor-reporting.https.html.headers b/testing/web-platform/tests/feature-policy/reporting/generic-sensor-reporting.https.html.headers new file mode 100644 index 0000000000..80cc027530 --- /dev/null +++ b/testing/web-platform/tests/feature-policy/reporting/generic-sensor-reporting.https.html.headers @@ -0,0 +1 @@ +Feature-Policy: ambient-light-sensor 'none'; accelerometer 'none'; gyroscope 'none'; magnetometer 'none' diff --git a/testing/web-platform/tests/feature-policy/reporting/geolocation-reporting.https.html b/testing/web-platform/tests/feature-policy/reporting/geolocation-reporting.https.html new file mode 100644 index 0000000000..e0eb275bcc --- /dev/null +++ b/testing/web-platform/tests/feature-policy/reporting/geolocation-reporting.https.html @@ -0,0 +1,30 @@ +<!DOCTYPE html> +<html> + <head> + <script src='/resources/testharness.js'></script> + <script src='/resources/testharnessreport.js'></script> + </head> + <body> + <script> +var t = async_test("Geolocation Report Format"); + +var check_report_format = (reports, observer) => { + let report = reports[0]; + assert_equals(report.type, "permissions-policy-violation"); + assert_equals(report.url, document.location.href); + assert_equals(report.body.featureId, "geolocation"); + assert_equals(report.body.sourceFile, document.location.href); + assert_equals(typeof report.body.lineNumber, "number"); + assert_equals(typeof report.body.columnNumber, "number"); + assert_equals(report.body.disposition, "enforce"); +}; + +new ReportingObserver(t.step_func_done(check_report_format), + {types: ['permissions-policy-violation']}).observe(); + +navigator.geolocation.getCurrentPosition( + t.unreached_func("geolocation should be disabled in this document"), + () => {}); + </script> + </body> +</html> diff --git a/testing/web-platform/tests/feature-policy/reporting/geolocation-reporting.https.html.headers b/testing/web-platform/tests/feature-policy/reporting/geolocation-reporting.https.html.headers new file mode 100644 index 0000000000..7e75481ea6 --- /dev/null +++ b/testing/web-platform/tests/feature-policy/reporting/geolocation-reporting.https.html.headers @@ -0,0 +1 @@ +Feature-Policy: geolocation 'none' diff --git a/testing/web-platform/tests/feature-policy/reporting/image.bmp b/testing/web-platform/tests/feature-policy/reporting/image.bmp Binary files differnew file mode 100644 index 0000000000..f2b88690fc --- /dev/null +++ b/testing/web-platform/tests/feature-policy/reporting/image.bmp diff --git a/testing/web-platform/tests/feature-policy/reporting/microphone-reporting.https.html b/testing/web-platform/tests/feature-policy/reporting/microphone-reporting.https.html new file mode 100644 index 0000000000..14ae976cde --- /dev/null +++ b/testing/web-platform/tests/feature-policy/reporting/microphone-reporting.https.html @@ -0,0 +1,34 @@ +<!DOCTYPE html> +<html> + <head> + <script src='/resources/testharness.js'></script> + <script src='/resources/testharnessreport.js'></script> + <script src=/resources/testdriver.js></script> + <script src=/resources/testdriver-vendor.js></script> + <script src='../../mediacapture-streams/permission-helper.js'></script> + </head> + <body> + <script> +var t = async_test("Microphone Report Format"); + +var check_report_format = (reports, observer) => { + let report = reports[0]; + assert_equals(report.type, "permissions-policy-violation"); + assert_equals(report.url, document.location.href); + assert_equals(report.body.featureId, "microphone"); + assert_equals(report.body.sourceFile, document.location.href); + assert_equals(typeof report.body.lineNumber, "number"); + assert_equals(typeof report.body.columnNumber, "number"); + assert_equals(report.body.disposition, "enforce"); +}; + +new ReportingObserver(t.step_func_done(check_report_format), + {types: ['permissions-policy-violation']}).observe(); + +setMediaPermission().then(() => navigator.mediaDevices.getUserMedia({audio: true})) + .then( + t.unreached_func("UserMedia microphone access should not be allowed in this document.") +).catch(() => {}); + </script> + </body> +</html> diff --git a/testing/web-platform/tests/feature-policy/reporting/microphone-reporting.https.html.headers b/testing/web-platform/tests/feature-policy/reporting/microphone-reporting.https.html.headers new file mode 100644 index 0000000000..a86e0a0778 --- /dev/null +++ b/testing/web-platform/tests/feature-policy/reporting/microphone-reporting.https.html.headers @@ -0,0 +1 @@ +Feature-Policy: microphone 'none' diff --git a/testing/web-platform/tests/feature-policy/reporting/midi-reporting.https.html b/testing/web-platform/tests/feature-policy/reporting/midi-reporting.https.html new file mode 100644 index 0000000000..6cc07f5371 --- /dev/null +++ b/testing/web-platform/tests/feature-policy/reporting/midi-reporting.https.html @@ -0,0 +1,32 @@ +<!DOCTYPE html> +<html> + <head> + <script src='/resources/testharness.js'></script> + <script src='/resources/testharnessreport.js'></script> + </head> + <body> + <script> +var check_report_format = (reports, observer) => { + let report = reports[0]; + assert_equals(report.type, "permissions-policy-violation"); + assert_equals(report.url, document.location.href); + assert_equals(report.body.featureId, "midi"); + assert_equals(report.body.sourceFile, document.location.href); + assert_equals(typeof report.body.lineNumber, "number"); + assert_equals(typeof report.body.columnNumber, "number"); + assert_equals(report.body.disposition, "enforce"); +}; + +promise_test(async (t) => { + const report = new Promise(resolve => { + new ReportingObserver((reports, observer) => resolve([reports, observer]), + {types: ['permissions-policy-violation']}).observe(); + }); + await promise_rejects_dom(t, 'SecurityError', navigator.requestMIDIAccess(), + "MIDI device access should not be allowed in this document."); + const [reports, observer] = await report; + check_report_format(reports, observer); +}, "MIDI Report Format"); + </script> + </body> +</html> diff --git a/testing/web-platform/tests/feature-policy/reporting/midi-reporting.https.html.headers b/testing/web-platform/tests/feature-policy/reporting/midi-reporting.https.html.headers new file mode 100644 index 0000000000..0e145978a0 --- /dev/null +++ b/testing/web-platform/tests/feature-policy/reporting/midi-reporting.https.html.headers @@ -0,0 +1 @@ +Feature-Policy: midi 'none' diff --git a/testing/web-platform/tests/feature-policy/reporting/payment-reporting.https.html b/testing/web-platform/tests/feature-policy/reporting/payment-reporting.https.html new file mode 100644 index 0000000000..3c04db864d --- /dev/null +++ b/testing/web-platform/tests/feature-policy/reporting/payment-reporting.https.html @@ -0,0 +1,37 @@ +<!DOCTYPE html> +<html> + <head> + <script src='/resources/testharness.js'></script> + <script src='/resources/testharnessreport.js'></script> + <script src='../resources/feature-policy-report-json.js'></script> + </head> + <body> + <script> +var t = async_test("PaymentRequest Report Format"); + +var check_report_format = (reports, observer) => { + let report = reports[0]; + assert_equals(report.type, "permissions-policy-violation"); + assert_equals(report.url, document.location.href); + assert_equals(report.body.featureId, "payment"); + assert_equals(report.body.sourceFile, document.location.href); + assert_equals(typeof report.body.lineNumber, "number"); + assert_equals(typeof report.body.columnNumber, "number"); + assert_equals(report.body.disposition, "enforce"); + check_report_json(report); +}; + +new ReportingObserver(t.step_func_done(check_report_format), + {types: ['permissions-policy-violation']}).observe(); + +t.step_func(() => { + assert_throws_dom('SecurityError', + () => new PaymentRequest( + [{ supportedMethods: 'https://example.com/pay' }], + { total: { label: 'Total', amount: { currency: 'USD', value: 0 }}}, + {}).show(), + "PaymentRequest API should not be allowed in this document."); +})(); + </script> + </body> +</html> diff --git a/testing/web-platform/tests/feature-policy/reporting/payment-reporting.https.html.headers b/testing/web-platform/tests/feature-policy/reporting/payment-reporting.https.html.headers new file mode 100644 index 0000000000..a2836778bc --- /dev/null +++ b/testing/web-platform/tests/feature-policy/reporting/payment-reporting.https.html.headers @@ -0,0 +1 @@ +Feature-Policy: payment 'none' diff --git a/testing/web-platform/tests/feature-policy/reporting/picture-in-picture-reporting.html b/testing/web-platform/tests/feature-policy/reporting/picture-in-picture-reporting.html new file mode 100644 index 0000000000..177e4d5c02 --- /dev/null +++ b/testing/web-platform/tests/feature-policy/reporting/picture-in-picture-reporting.html @@ -0,0 +1,46 @@ +<!DOCTYPE html> +<html> + <head> + <script src='/common/media.js'></script> + <script src='/resources/testharness.js'></script> + <script src='/resources/testharnessreport.js'></script> + <script src="/resources/testdriver.js"></script> + <script src="/resources/testdriver-vendor.js"></script> + <script src='../resources/picture-in-picture.js'></script> + </head> + <body> + <script> +const check_report_format = (reports, observer) => { + const report = reports[0]; + assert_equals(report.type, "permissions-policy-violation"); + assert_equals(report.url, document.location.href); + assert_equals(report.body.featureId, "picture-in-picture"); + assert_equals(report.body.sourceFile, document.location.href); + assert_equals(typeof report.body.lineNumber, "number"); + assert_equals(typeof report.body.columnNumber, "number"); + assert_equals(report.body.disposition, "enforce"); +}; + +const loadVideo = () => new Promise(resolve => { + const video = document.createElement('video'); + video.src = getVideoURI('/media/movie_5'); + video.addEventListener('loadedmetadata', () => { + resolve(video); + }, { once: true }); +}); + +promise_pip_test(async (t) => { + const report = new Promise(resolve => { + new ReportingObserver((reports, observer) => resolve([reports, observer]), + {types: ['permissions-policy-violation']}).observe(); + }); + const videoElement = await loadVideo(); + await test_driver.bless('picture-in-picture'); + await promise_rejects_dom(t, 'SecurityError', videoElement.requestPictureInPicture(), + "Picture-in-Picture should not be allowed in this document."); + const [reports, observer] = await report; + check_report_format(reports, observer); +}, "Picture-in-Picture Report Format"); + </script> + </body> +</html> diff --git a/testing/web-platform/tests/feature-policy/reporting/picture-in-picture-reporting.html.headers b/testing/web-platform/tests/feature-policy/reporting/picture-in-picture-reporting.html.headers new file mode 100644 index 0000000000..1759381fdc --- /dev/null +++ b/testing/web-platform/tests/feature-policy/reporting/picture-in-picture-reporting.html.headers @@ -0,0 +1 @@ +Feature-Policy: picture-in-picture 'none' diff --git a/testing/web-platform/tests/feature-policy/reporting/serial-reporting.https.html b/testing/web-platform/tests/feature-policy/reporting/serial-reporting.https.html new file mode 100644 index 0000000000..c96d8f878a --- /dev/null +++ b/testing/web-platform/tests/feature-policy/reporting/serial-reporting.https.html @@ -0,0 +1,54 @@ +<!DOCTYPE html> +<html> + <head> + <script src='/resources/testharness.js'></script> + <script src='/resources/testharnessreport.js'></script> + <script src='/resources/testdriver.js'></script> + <script src="/resources/testdriver-vendor.js"></script> + </head> + <body> + <script> +var check_report_format = ([reports, observer]) => { + let report = reports[0]; + assert_equals(report.type, "permissions-policy-violation"); + assert_equals(report.url, document.location.href); + assert_equals(report.body.featureId, "serial"); + assert_equals(report.body.sourceFile, document.location.href); + assert_equals(typeof report.body.lineNumber, "number"); + assert_equals(typeof report.body.columnNumber, "number"); + assert_equals(report.body.disposition, "enforce"); +}; + +promise_test(async t => { + const report = new Promise(resolve => { + new ReportingObserver((reports, observer) => resolve([reports, observer]), + {types: ['permissions-policy-violation']}).observe(); + }); + + await test_driver.bless('Activate document for serial.requestPort'); + try { + await navigator.serial.requestPort({ filters: [] }); + assert_unreached("Serial port access should not be allowed in this document."); + } catch (e) { + assert_equals(e.code, DOMException.SECURITY_ERR); + } + check_report_format(await report); +}, "requestPort in serial reporting mode"); + +promise_test(async t => { + const report = new Promise(resolve => { + new ReportingObserver((reports, observer) => resolve([reports, observer]), + {types: ['permissions-policy-violation']}).observe(); + }); + + try { + await navigator.serial.getPorts(); + assert_unreached("Serial port access should not be allowed in this document."); + } catch (e) { + assert_equals(e.code, DOMException.SECURITY_ERR); + } + check_report_format(await report); +}, "getPorts in serial reporting mode"); + </script> + </body> +</html> diff --git a/testing/web-platform/tests/feature-policy/reporting/serial-reporting.https.html.headers b/testing/web-platform/tests/feature-policy/reporting/serial-reporting.https.html.headers new file mode 100644 index 0000000000..be3e6afd42 --- /dev/null +++ b/testing/web-platform/tests/feature-policy/reporting/serial-reporting.https.html.headers @@ -0,0 +1 @@ +Feature-Policy: serial 'none' diff --git a/testing/web-platform/tests/feature-policy/reporting/sync-xhr-reporting.html b/testing/web-platform/tests/feature-policy/reporting/sync-xhr-reporting.html new file mode 100644 index 0000000000..416edf0cbb --- /dev/null +++ b/testing/web-platform/tests/feature-policy/reporting/sync-xhr-reporting.html @@ -0,0 +1,36 @@ +<!DOCTYPE html> +<html> + <head> + <script src='/resources/testharness.js'></script> + <script src='/resources/testharnessreport.js'></script> + <script src='../resources/feature-policy-report-json.js'></script> + </head> + <body> + <script> +var t = async_test("Sync-xhr Report Format"); + +var check_report_format = (reports, observer) => { + let report = reports[0]; + assert_equals(report.type, "permissions-policy-violation"); + assert_equals(report.url, document.location.href); + assert_equals(report.body.featureId, "sync-xhr"); + assert_equals(report.body.sourceFile, document.location.href); + assert_equals(typeof report.body.lineNumber, "number"); + assert_equals(typeof report.body.columnNumber, "number"); + assert_equals(report.body.disposition, "enforce"); + check_report_json(report); +}; + +new ReportingObserver(t.step_func_done(check_report_format), + {types: ['permissions-policy-violation']}).observe(); + +t.step_func(() => { + var xhr = new XMLHttpRequest(); + xhr.open("GET", document.location.href, false); + assert_throws_dom('NetworkError', + () => xhr.send(), + "Synchronous XHR.send should throw an exception when disabled"); +})(); + </script> + </body> +</html> diff --git a/testing/web-platform/tests/feature-policy/reporting/sync-xhr-reporting.html.headers b/testing/web-platform/tests/feature-policy/reporting/sync-xhr-reporting.html.headers new file mode 100644 index 0000000000..21a909e1fb --- /dev/null +++ b/testing/web-platform/tests/feature-policy/reporting/sync-xhr-reporting.html.headers @@ -0,0 +1 @@ +Feature-Policy: sync-xhr 'none' diff --git a/testing/web-platform/tests/feature-policy/reporting/usb-reporting.https.html b/testing/web-platform/tests/feature-policy/reporting/usb-reporting.https.html new file mode 100644 index 0000000000..1ec5ba4370 --- /dev/null +++ b/testing/web-platform/tests/feature-policy/reporting/usb-reporting.https.html @@ -0,0 +1,30 @@ +<!DOCTYPE html> +<html> + <head> + <script src='/resources/testharness.js'></script> + <script src='/resources/testharnessreport.js'></script> + </head> + <body> + <script> +var t = async_test("USB Report Format"); + +var check_report_format = (reports, observer) => { + let report = reports[0]; + assert_equals(report.type, "permissions-policy-violation"); + assert_equals(report.url, document.location.href); + assert_equals(report.body.featureId, "usb"); + assert_equals(report.body.sourceFile, document.location.href); + assert_equals(typeof report.body.lineNumber, "number"); + assert_equals(typeof report.body.columnNumber, "number"); + assert_equals(report.body.disposition, "enforce"); +}; + +new ReportingObserver(t.step_func_done(check_report_format), + {types: ['permissions-policy-violation']}).observe(); + +navigator.usb.getDevices().then( + t.unreached_func("USB device access should not be allowed in this document.") +).catch(() => {}); + </script> + </body> +</html> diff --git a/testing/web-platform/tests/feature-policy/reporting/usb-reporting.https.html.headers b/testing/web-platform/tests/feature-policy/reporting/usb-reporting.https.html.headers new file mode 100644 index 0000000000..4fd1e26936 --- /dev/null +++ b/testing/web-platform/tests/feature-policy/reporting/usb-reporting.https.html.headers @@ -0,0 +1 @@ +Feature-Policy: usb 'none' diff --git a/testing/web-platform/tests/feature-policy/reporting/vr-report-only.https.html b/testing/web-platform/tests/feature-policy/reporting/vr-report-only.https.html new file mode 100644 index 0000000000..b64a2015f7 --- /dev/null +++ b/testing/web-platform/tests/feature-policy/reporting/vr-report-only.https.html @@ -0,0 +1,30 @@ +<!DOCTYPE html> +<html> + <head> + <script src='/resources/testharness.js'></script> + <script src='/resources/testharnessreport.js'></script> + </head> + <body> + <script> +const check_report_format = ([reports, observer]) => { + const report = reports[0]; + assert_equals(report.type, "feature-policy-violation"); + assert_equals(report.url, document.location.href); + assert_equals(report.body.featureId, "vr"); + assert_equals(report.body.sourceFile, document.location.href); + assert_equals(typeof report.body.lineNumber, "number"); + assert_equals(typeof report.body.columnNumber, "number"); + assert_equals(report.body.disposition, "report"); +}; + +promise_test(async t => { + const report = new Promise(resolve => { + new ReportingObserver((reports, observer) => resolve([reports, observer]), + {types: ['feature-policy-violation']}).observe(); + }); + await navigator.getVRDisplays(); + check_report_format(await report); +}, "VR report only mode"); + </script> + </body> +</html> diff --git a/testing/web-platform/tests/feature-policy/reporting/vr-report-only.https.html.headers b/testing/web-platform/tests/feature-policy/reporting/vr-report-only.https.html.headers new file mode 100644 index 0000000000..0761021f45 --- /dev/null +++ b/testing/web-platform/tests/feature-policy/reporting/vr-report-only.https.html.headers @@ -0,0 +1 @@ +Feature-Policy-Report-Only: vr 'none' diff --git a/testing/web-platform/tests/feature-policy/reporting/vr-reporting.https.html b/testing/web-platform/tests/feature-policy/reporting/vr-reporting.https.html new file mode 100644 index 0000000000..b47f7e187e --- /dev/null +++ b/testing/web-platform/tests/feature-policy/reporting/vr-reporting.https.html @@ -0,0 +1,32 @@ +<!DOCTYPE html> +<html> + <head> + <script src='/resources/testharness.js'></script> + <script src='/resources/testharnessreport.js'></script> + </head> + <body> + <script> +var check_report_format = (reports, observer) => { + let report = reports[0]; + assert_equals(report.type, "feature-policy-violation"); + assert_equals(report.url, document.location.href); + assert_equals(report.body.featureId, "vr"); + assert_equals(report.body.sourceFile, document.location.href); + assert_equals(typeof report.body.lineNumber, "number"); + assert_equals(typeof report.body.columnNumber, "number"); + assert_equals(report.body.disposition, "enforce"); +}; + +promise_test(async (t) => { + const report = new Promise(resolve => { + new ReportingObserver((reports, observer) => resolve([reports, observer]), + {types: ['feature-policy-violation']}).observe(); + }); + await promise_rejects_dom(t, 'SecurityError', navigator.getVRDisplays(), + "VR device access should not be allowed in this document."); + const [reports, observer] = await report; + check_report_format(reports, observer); +}, "VR Report Format"); + </script> + </body> +</html> diff --git a/testing/web-platform/tests/feature-policy/reporting/vr-reporting.https.html.headers b/testing/web-platform/tests/feature-policy/reporting/vr-reporting.https.html.headers new file mode 100644 index 0000000000..d021af7563 --- /dev/null +++ b/testing/web-platform/tests/feature-policy/reporting/vr-reporting.https.html.headers @@ -0,0 +1 @@ +Feature-Policy: vr 'none' diff --git a/testing/web-platform/tests/feature-policy/reporting/xr-reporting.https.html b/testing/web-platform/tests/feature-policy/reporting/xr-reporting.https.html new file mode 100644 index 0000000000..d87d4fb028 --- /dev/null +++ b/testing/web-platform/tests/feature-policy/reporting/xr-reporting.https.html @@ -0,0 +1,33 @@ +<!DOCTYPE html> +<html> + <head> + <script src='/resources/testharness.js'></script> + <script src='/resources/testharnessreport.js'></script> + </head> + <body> + <script> +var check_report_format = (reports, observer) => { + let report = reports[0]; + assert_equals(report.type, "permissions-policy-violation"); + assert_equals(report.url, document.location.href); + assert_equals(report.body.featureId, "xr-spatial-tracking"); + assert_equals(report.body.sourceFile, document.location.href); + assert_equals(typeof report.body.lineNumber, "number"); + assert_equals(typeof report.body.columnNumber, "number"); + assert_equals(report.body.disposition, "enforce"); +}; + +promise_test(async (t) => { + const report = new Promise(resolve => { + new ReportingObserver((reports, observer) => resolve([reports, observer]), + {types: ['permissions-policy-violation']}).observe(); + }); + await promise_rejects_dom(t, 'SecurityError', + navigator.xr.isSessionSupported('immersive-vr'), + "XR spatial tracking should not be allowed in this document."); + const [reports, observer] = await report; + check_report_format(reports, observer); +}, "XR Report Format"); + </script> + </body> +</html> diff --git a/testing/web-platform/tests/feature-policy/reporting/xr-reporting.https.html.headers b/testing/web-platform/tests/feature-policy/reporting/xr-reporting.https.html.headers new file mode 100644 index 0000000000..2c75896233 --- /dev/null +++ b/testing/web-platform/tests/feature-policy/reporting/xr-reporting.https.html.headers @@ -0,0 +1 @@ +Feature-Policy: xr-spatial-tracking 'none' |