1 files changed, 83 insertions, 0 deletions
diff --git a/testing/web-platform/tests/storage-access-api/requestStorageAccess-insecure.sub.window.js b/testing/web-platform/tests/storage-access-api/requestStorageAccess-insecure.sub.window.js
new file mode 100644
index 0000000000..f845f0647c
--- /dev/null
+++ b/testing/web-platform/tests/storage-access-api/requestStorageAccess-insecure.sub.window.js
@@ -0,0 +1,83 @@
+// META: script=helpers.js
+// META: script=/resources/testdriver.js
+// META: script=/resources/testdriver-vendor.js
+'use strict';
+
+// Document-level test config flags:
+//
+// testPrefix: Prefix each test case with an indicator so we know what context
+// they are run in if they are used in multiple iframes.
+//
+// topLevelDocument: Keep track of if we run these tests in a nested context, we
+// don't want to recurse forever.
+const {testPrefix, topLevelDocument} = processQueryParams();
+
+// Common tests to run in all frames.
+test(() => {
+  assert_not_equals(document.requestStorageAccess, undefined);
+}, "[" + testPrefix + "] document.requestStorageAccess() should exist on the document interface");
+
+promise_test(t => {
+  return promise_rejects_dom(t, "NotAllowedError", document.requestStorageAccess(),
+    "document.requestStorageAccess() call without user gesture");
+}, "[" + testPrefix + "] document.requestStorageAccess() should be rejected in insecure context");
+
+// Logic to load test cases within combinations of iFrames.
+if (topLevelDocument) {
+  // This specific test will run only as a top level test (not as a worker).
+  // Specific requestStorageAccess() scenarios will be tested within the context
+  // of various iFrames
+  promise_test(t => {
+    const description = "document.requestStorageAccess() call in a detached frame";
+    // Can't use `promise_rejects_dom` here, since the error comes from the wrong global.
+    return RunRequestStorageAccessInDetachedFrame()
+      .then(t.unreached_func("Should have rejected: " + description), (e) => {
+        assert_equals(e.name, 'InvalidStateError', description);
+      });
+  }, "[non-fully-active] document.requestStorageAccess() should reject when run in a detached frame");
+
+  promise_test(t => {
+    return promise_rejects_dom(t, 'InvalidStateError', RunRequestStorageAccessViaDomParser(),
+     "document.requestStorageAccess() in a detached DOMParser result");
+  }, "[non-fully-active] document.requestStorageAccess() should reject when run in a detached DOMParser document");
+
+  // Create a test with a single-child same-origin iframe.
+  const sameOriginFramePromise = RunTestsInIFrame(
+      'resources/requestStorageAccess-iframe.html?testCase=same-origin-frame&rootdocument=false');
+
+  // Create a test with a single-child cross-origin iframe.
+  const crossOriginFramePromise = RunTestsInIFrame(
+      'http://{{domains[www]}}:{{ports[http][0]}}/storage-access-api/resources/requestStorageAccess-iframe.html?testCase=cross-origin-frame&rootdocument=false');
+
+  // Validate the nested-iframe scenario where the same-origin frame
+  // containing the tests is not the first child.
+  const nestedSameOriginFramePromise = RunTestsInNestedIFrame(
+      'resources/requestStorageAccess-iframe.html?testCase=nested-same-origin-frame&rootdocument=false');
+
+  // Validate the nested-iframe scenario where the cross-origin frame
+  // containing the tests is not the first child.
+  const nestedCrossOriginFramePromise = RunTestsInNestedIFrame(
+      'http://{{domains[www]}}:{{ports[http][0]}}/storage-access-api/resources/requestStorageAccess-iframe.html?testCase=nested-cross-origin-frame&rootdocument=false');
+
+  // Because the iframe tests expect no user activation, and because they
+  // load asynchronously, we want to first run those tests before simulating
+  // clicks on the page.
+  Promise
+      .all([
+        sameOriginFramePromise,
+        crossOriginFramePromise,
+        nestedSameOriginFramePromise,
+        nestedCrossOriginFramePromise,
+      ])
+      .then(() => {
+        promise_test(
+            async t => {
+              await RunCallbackWithGesture(() => {
+                return promise_rejects_dom(t, "NotAllowedError", document.requestStorageAccess(),
+                "should reject in insecure context");
+              });
+            },
+            '[' + testPrefix +
+                '] document.requestStorageAccess() should be rejected when called with a user gesture in insecure context');
+      });
+}