LayoutTests/http/wpt/webauthn/public-key-credential-same-origin-with-ancestors.https.html - WebKit - Git at Google

 <!DOCTYPE html><!-- webkit-test-runner [ WebAuthenticationModernEnabled=true ] -->
 <html>
 <head>
     <meta charset="utf-8">
     <title>Web Authentication API: Tests that a frame that doesn't share the same origin with all its ancestors could not access the API.</title>
     <script src="/resources/testharness.js"></script>
     <script src="/resources/testharnessreport.js"></script>
     <script src="/common/utils.js"></script>
     <script src="/common/get-host-info.sub.js"></script>
     <script src="./resources/util.js"></script>
 </head>
 <body>
     <script>
         promise_test(t => {
             return withCrossOriginIframe("last-layer-frame.https.html?shouldFocus=true&exceptionMessage=The origin of the document is not the same as its ancestors.").then((message) => {
                 assert_equals(message.data, "PASS.");
             });
         }, "Tests that a frame that doesn't share the same origin with all its ancestors could not access the API.");

         promise_test(t => {
             return withCrossOriginIframe("second-layer-frame.https.html").then((message) => {
                 assert_equals(message.data, "PASS.");
             });
         }, "Tests that a frame that doesn't share the same origin with all its ancestors could not access the API. 2");

         promise_test(t => {
             return withSameSiteIframe("samesite-iframe.html").then((message) => {
                 assert_equals(message.data, "Throw NotAllowedError: The origin of the document is not the same as its ancestors.");
             });
         }, "Tests that a frame that is same-site, cross-origin without publickey-credentials-get feature policy cannot use get().");

         promise_test(t => {
             return withSameSiteIframe("samesite-iframe.html", "publickey-credentials-get").then((message) => {
                 assert_equals(message.data, "PASS!");
             });
         }, "Tests that a frame that is same-site, cross-origin with publickey-credentials-get feature policy can use get().");

         promise_test(t => {
             return withCrossOriginIframe("samesite-iframe.html", "publickey-credentials-get").then((message) => {
                 assert_equals(message.data, "Throw NotAllowedError: The origin of the document is not the same as its ancestors.");
             });
         }, "Tests that a frame that is cross-origin, NOT same-site  with publickey-credentials-get feature policy cannot use get().");
     </script>
 </body>
 </html>
	<!DOCTYPE html><!-- webkit-test-runner [ WebAuthenticationModernEnabled=true ] -->
	<html>
	<head>
	<meta charset="utf-8">
	<title>Web Authentication API: Tests that a frame that doesn't share the same origin with all its ancestors could not access the API.</title>
	<script src="/resources/testharness.js"></script>
	<script src="/resources/testharnessreport.js"></script>
	<script src="/common/utils.js"></script>
	<script src="/common/get-host-info.sub.js"></script>
	<script src="./resources/util.js"></script>
	</head>
	<body>
	<script>
	promise_test(t => {
	return withCrossOriginIframe("last-layer-frame.https.html?shouldFocus=true&exceptionMessage=The origin of the document is not the same as its ancestors.").then((message) => {
	assert_equals(message.data, "PASS.");
	});
	}, "Tests that a frame that doesn't share the same origin with all its ancestors could not access the API.");

	promise_test(t => {
	return withCrossOriginIframe("second-layer-frame.https.html").then((message) => {
	assert_equals(message.data, "PASS.");
	});
	}, "Tests that a frame that doesn't share the same origin with all its ancestors could not access the API. 2");

	promise_test(t => {
	return withSameSiteIframe("samesite-iframe.html").then((message) => {
	assert_equals(message.data, "Throw NotAllowedError: The origin of the document is not the same as its ancestors.");
	});
	}, "Tests that a frame that is same-site, cross-origin without publickey-credentials-get feature policy cannot use get().");

	promise_test(t => {
	return withSameSiteIframe("samesite-iframe.html", "publickey-credentials-get").then((message) => {
	assert_equals(message.data, "PASS!");
	});
	}, "Tests that a frame that is same-site, cross-origin with publickey-credentials-get feature policy can use get().");

	promise_test(t => {
	return withCrossOriginIframe("samesite-iframe.html", "publickey-credentials-get").then((message) => {
	assert_equals(message.data, "Throw NotAllowedError: The origin of the document is not the same as its ancestors.");
	});
	}, "Tests that a frame that is cross-origin, NOT same-site with publickey-credentials-get feature policy cannot use get().");
	</script>
	</body>
	</html>