1 files changed, 61 insertions, 0 deletions

diff --git a/dom/tests/mochitest/geolocation/test_crossorigin_iframe.html b/dom/tests/mochitest/geolocation/test_crossorigin_iframe.html
new file mode 100644
index 0000000000..3a5080dcb0
--- /dev/null
+++ b/dom/tests/mochitest/geolocation/test_crossorigin_iframe.html
@@ -0,0 +1,61 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+  <title>Test for geolocation is disabled by default, and set
+    allow="geolocation" in iframe could enable geolcation</title>
+  <script src="/tests/SimpleTest/SimpleTest.js"></script>
+  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+</head>
+<body>
+<script class="testbody" type="text/javascript">
+
+SimpleTest.waitForExplicitFinish();
+
+var tests = [
+  // default cross-origin permission is denied
+  [ null, "denied" ],
+  [ "geolocation", "allowed"],
+];
+
+function checkGeolocationResult(test) {
+  return new Promise(resolve => {
+    function onMessage(event) {
+      is(event.data, test[1], "Expected " + test[1] + " for " + test[0]);
+      window.removeEventListener("message", onMessage);
+      resolve();
+    }
+
+    window.addEventListener("message", onMessage);
+  });
+}
+
+async function nextTest() {
+  if (!tests.length) {
+    SimpleTest.finish();
+    return;
+  }
+
+  let test = tests.shift();
+
+  var iframe = document.createElement("iframe");
+  if (test[0]) {
+    iframe.allow = test[0];
+  }
+
+  let geolocationPromise = checkGeolocationResult(test);
+  iframe.src =
+    "https://example.org/tests/dom/tests/mochitest/geolocation/crossorigin_iframe.html";
+  document.body.appendChild(iframe);
+  await geolocationPromise;
+
+  document.body.removeChild(iframe);
+  SimpleTest.executeSoon(nextTest);
+}
+
+SpecialPowers.pushPrefEnv({"set": [
+  ["dom.security.featurePolicy.header.enabled", true],
+  ["dom.security.featurePolicy.webidl.enabled", true],
+]}).then(nextTest);
+</script>
+</body>
+</html>