summaryrefslogtreecommitdiffstats
path: root/testing/web-platform/tests/storage-access-api/requestStorageAccess-insecure.sub.window.js
blob: f845f0647ca001e7a5fe304816a055e2d70c28df (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
// META: script=helpers.js
// META: script=/resources/testdriver.js
// META: script=/resources/testdriver-vendor.js
'use strict';

// Document-level test config flags:
//
// testPrefix: Prefix each test case with an indicator so we know what context
// they are run in if they are used in multiple iframes.
//
// topLevelDocument: Keep track of if we run these tests in a nested context, we
// don't want to recurse forever.
const {testPrefix, topLevelDocument} = processQueryParams();

// Common tests to run in all frames.
test(() => {
  assert_not_equals(document.requestStorageAccess, undefined);
}, "[" + testPrefix + "] document.requestStorageAccess() should exist on the document interface");

promise_test(t => {
  return promise_rejects_dom(t, "NotAllowedError", document.requestStorageAccess(),
    "document.requestStorageAccess() call without user gesture");
}, "[" + testPrefix + "] document.requestStorageAccess() should be rejected in insecure context");

// Logic to load test cases within combinations of iFrames.
if (topLevelDocument) {
  // This specific test will run only as a top level test (not as a worker).
  // Specific requestStorageAccess() scenarios will be tested within the context
  // of various iFrames
  promise_test(t => {
    const description = "document.requestStorageAccess() call in a detached frame";
    // Can't use `promise_rejects_dom` here, since the error comes from the wrong global.
    return RunRequestStorageAccessInDetachedFrame()
      .then(t.unreached_func("Should have rejected: " + description), (e) => {
        assert_equals(e.name, 'InvalidStateError', description);
      });
  }, "[non-fully-active] document.requestStorageAccess() should reject when run in a detached frame");

  promise_test(t => {
    return promise_rejects_dom(t, 'InvalidStateError', RunRequestStorageAccessViaDomParser(),
     "document.requestStorageAccess() in a detached DOMParser result");
  }, "[non-fully-active] document.requestStorageAccess() should reject when run in a detached DOMParser document");

  // Create a test with a single-child same-origin iframe.
  const sameOriginFramePromise = RunTestsInIFrame(
      'resources/requestStorageAccess-iframe.html?testCase=same-origin-frame&rootdocument=false');

  // Create a test with a single-child cross-origin iframe.
  const crossOriginFramePromise = RunTestsInIFrame(
      'http://{{domains[www]}}:{{ports[http][0]}}/storage-access-api/resources/requestStorageAccess-iframe.html?testCase=cross-origin-frame&rootdocument=false');

  // Validate the nested-iframe scenario where the same-origin frame
  // containing the tests is not the first child.
  const nestedSameOriginFramePromise = RunTestsInNestedIFrame(
      'resources/requestStorageAccess-iframe.html?testCase=nested-same-origin-frame&rootdocument=false');

  // Validate the nested-iframe scenario where the cross-origin frame
  // containing the tests is not the first child.
  const nestedCrossOriginFramePromise = RunTestsInNestedIFrame(
      'http://{{domains[www]}}:{{ports[http][0]}}/storage-access-api/resources/requestStorageAccess-iframe.html?testCase=nested-cross-origin-frame&rootdocument=false');

  // Because the iframe tests expect no user activation, and because they
  // load asynchronously, we want to first run those tests before simulating
  // clicks on the page.
  Promise
      .all([
        sameOriginFramePromise,
        crossOriginFramePromise,
        nestedSameOriginFramePromise,
        nestedCrossOriginFramePromise,
      ])
      .then(() => {
        promise_test(
            async t => {
              await RunCallbackWithGesture(() => {
                return promise_rejects_dom(t, "NotAllowedError", document.requestStorageAccess(),
                "should reject in insecure context");
              });
            },
            '[' + testPrefix +
                '] document.requestStorageAccess() should be rejected when called with a user gesture in insecure context');
      });
}