blob: e3ea3c63efe900152d4242b4aba3b5bee4595997 [file] [log] [blame]
<!DOCTYPE html>
<html>
<head>
<script src="/js-test-resources/js-test.js"></script>
<script src="/js-test-resources/ui-helper.js"></script>
<script>
description("Tests that cross-origin iframe storage access is denied if the iframe is sandboxed, has the allow token, the iframe origin is a prevalent resource, the iframe origin has had user interaction, the user opts in, but the frame is not the one with access.");
jsTestIsAsync = true;
const hostUnderTest = "localhost:8000";
const statisticsUrl = "http://" + hostUnderTest + "/temp";
const partitionHost = "127.0.0.1:8000";
const thirdPartyOrigin = "http://localhost:8000";
const resourcePath = "/storageAccess/resources";
const thirdPartyBaseUrl = thirdPartyOrigin + resourcePath;
const firstPartyCookieName = "firstPartyCookie";
const subPathToSetFirstPartyCookie = "/set-cookie.php?name=" + firstPartyCookieName + "&value=value";
const partitionedCookieName = "partitionedCookie";
const subPathToSetPartitionedCookie = "/set-cookie.php?name=" + partitionedCookieName + "&value=value";
const returnUrl = "http://" + partitionHost + "/storageAccess/request-and-grant-storage-access-cross-origin-sandboxed-iframe-from-prevalent-domain-with-non-recent-user-interaction-but-try-access-from-wrong-frame.html";
const subPathToGetCookies = "/get-cookies.php?name1=" + firstPartyCookieName + "&name2=" + partitionedCookieName;
function setEnableFeature(enable) {
if (!enable)
testRunner.statisticsResetToConsistentState();
internals.setResourceLoadStatisticsEnabled(enable);
testRunner.setCookieStoragePartitioningEnabled(enable);
testRunner.setStorageAccessAPIEnabled(enable);
}
function openIframe(url, onLoadHandler) {
const element = document.createElement("iframe");
element.src = url;
if (onLoadHandler) {
element.onload = onLoadHandler;
}
document.body.appendChild(element);
}
function receiveMessage(event) {
if (event.origin === "http://localhost:8000") {
if (event.data.indexOf("PASS") !== -1)
testPassed(event.data.replace("PASS ", ""));
else
testFailed(event.data);
} else
testFailed("Received a message from an unexpected origin: " + event.origin);
runTest();
}
function activateElement(elementId) {
var element = document.getElementById(elementId);
var centerX = element.offsetLeft + element.offsetWidth / 2;
var centerY = element.offsetTop + element.offsetHeight / 2;
UIHelper.activateAt(centerX, centerY).then(
function () {
if (window.eventSender)
eventSender.keyDown("escape");
else {
testFailed("No eventSender.");
setEnableFeature(false);
finishJSTest();
}
},
function () {
testFailed("Promise rejected.");
setEnableFeature(false);
finishJSTest();
}
);
}
function runTest() {
switch (document.location.hash) {
case "#step1":
// Set localhost as prevalent.
if (testRunner.isStatisticsPrevalentResource(statisticsUrl))
testFailed("Host prematurely set as prevalent resource.");
// Set first-party cookie for localhost.
document.location.href = thirdPartyBaseUrl + subPathToSetFirstPartyCookie + "#" + returnUrl + "#step2";
break;
case "#step2":
document.location.hash = "step3";
// Check that the first-party cookie does get sent for localhost under 127.0.0.1.
openIframe(thirdPartyBaseUrl + subPathToGetCookies + "&message=Should receive first-party cookie.", runTest);
break;
case "#step3":
document.location.hash = "step4";
testRunner.setStatisticsPrevalentResource(statisticsUrl, true);
if (!testRunner.isStatisticsPrevalentResource(statisticsUrl))
testFailed("Host did not get set as prevalent resource.");
testRunner.setStatisticsHasHadNonRecentUserInteraction(statisticsUrl);
if (!testRunner.isStatisticsHasHadUserInteraction(statisticsUrl))
testFailed("Host did not get logged for user interaction.");
testRunner.statisticsUpdateCookiePartitioning();
// Check that the first-party cookie does not get sent for localhost under 127.0.0.1.
openIframe(thirdPartyBaseUrl + subPathToGetCookies + "&message=Should not receive cookies.", runTest);
break;
case "#step4":
document.location.hash = "step5";
// Set partitioned cookie for localhost.
openIframe(thirdPartyBaseUrl + subPathToSetPartitionedCookie, runTest);
break;
case "#step5":
document.location.hash = "step6";
// Check that the partitioned cookie does get sent for localhost under 127.0.0.1.
openIframe(thirdPartyBaseUrl + subPathToGetCookies + "&message=Should receive partitioned cookie.", runTest);
break;
case "#step6":
document.location.hash = "step7";
activateElement("theIframe");
break;
case "#step7":
document.location.hash = "step8";
// Check that the partitioned cookie gets sent for localhost under 127.0.0.1 since we're opening a new frame.
openIframe(thirdPartyBaseUrl + subPathToGetCookies + "&message=Should receive partitioned cookie.", runTest);
break;
case "#step8":
setEnableFeature(false);
finishJSTest();
break;
}
}
if (document.location.hash === "") {
setEnableFeature(true);
if (testRunner.isStatisticsPrevalentResource(thirdPartyBaseUrl))
testFailed("Localhost was classified as prevalent resource before the test starts.");
// Make sure the network process is up-to-date.
testRunner.statisticsSetShouldPartitionCookiesForHost("localhost", false);
testRunner.dumpChildFramesAsText();
document.location.hash = "step1";
}
window.addEventListener("message", receiveMessage, false);
</script>
</head>
<body>
<iframe sandbox="allow-storage-access-by-user-activation allow-scripts allow-same-origin allow-modals" onload="runTest()" id="theIframe" src="http://localhost:8000/storageAccess/resources/request-storage-access-iframe.html#userShouldGrantAccess,userShouldBeConsulted,policyShouldGrantAccess,isNotSameOriginIframe"></iframe>
</body>
</html>