1 files changed, 61 insertions, 0 deletions

diff --git a/testing/web-platform/tests/credential-management/fedcm-iframe.https.html b/testing/web-platform/tests/credential-management/fedcm-iframe.https.html
new file mode 100644
index 0000000000..43fe39f7bc
--- /dev/null
+++ b/testing/web-platform/tests/credential-management/fedcm-iframe.https.html
@@ -0,0 +1,61 @@
+<!doctype html>
+<link rel="help" href="https://wicg.github.io/FedCM">
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+<script src="/common/get-host-info.sub.js"></script>
+<div id=log>
+<script type="module">
+'use strict';
+
+import {fedcm_test, set_fedcm_cookie} from './support/fedcm-helper.sub.js';
+
+const host = get_host_info();
+const remoteBaseURL =
+    host.HTTPS_REMOTE_ORIGIN +
+    window.location.pathname.replace(/\/[^\/]*$/, '/');
+
+async function createIframeAndWaitForMessage(test, iframeUrl, setPermissionPolicy) {
+    const messageWatcher = new EventWatcher(test, window, "message");
+    var iframe = document.createElement("iframe");
+    iframe.src = iframeUrl;
+    if (setPermissionPolicy) {
+      iframe.allow = "identity-credentials-get";
+    }
+    document.body.appendChild(iframe);
+    const message = await messageWatcher.wait_for("message");
+    return message.data;
+}
+
+fedcm_test(async t => {
+  const message = await createIframeAndWaitForMessage(
+      t, remoteBaseURL + "support/fedcm-iframe.html",
+      /*setPermissionPolicy=*/false);
+  assert_equals(message.result, "Fail");
+  assert_equals(message.errorType, "NotAllowedError");
+}, "FedCM disabled in cross origin iframe without permissions policy");
+
+fedcm_test(async t => {
+  const message = await createIframeAndWaitForMessage(
+      t, remoteBaseURL + "support/fedcm-iframe-level2.html",
+      /*setPermissionPolicy=*/true);
+  assert_equals(message.result, "Pass");
+  assert_equals(message.token, "token");
+}, "FedCM enabled in 2 level deep nested iframe. FedCM should be enabled regardless of iframe nesting depth");
+
+fedcm_test(async t => {
+  const message = await createIframeAndWaitForMessage(
+      t, remoteBaseURL + "support/fedcm-iframe-level2.html",
+      /*setPermissionPolicy=*/false);
+  assert_equals(message.result, "Fail");
+  assert_equals(message.errorType, "NotAllowedError");
+}, "FedCM disabled in 2 level deep nested iframe where middle iframe does not have permission policy");
+
+fedcm_test(async t => {
+  const message = await createIframeAndWaitForMessage(
+      t, remoteBaseURL + "support/fedcm-iframe-level2.html?permission=0",
+      /*setPermissionPolicy=*/true);
+  assert_equals(message.result, "Fail");
+  assert_equals(message.errorType, "NotAllowedError");
+}, "FedCM disabled in 2 level deep nested iframe where innermost iframe does not have permission policy");
+
+</script>