-
Notifications
You must be signed in to change notification settings - Fork 3.2k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Digital Credentials: digital-credentials-get Permissions Policy tests
- Loading branch information
1 parent
832c120
commit 39c10d1
Showing
11 changed files
with
387 additions
and
2 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,131 @@ | ||
| <!DOCTYPE html> | ||
| <html> | ||
| <head> | ||
| <title> | ||
| Test allow attribute with "digital-credentials-get" and | ||
| CredentialsContainer's .get() method | ||
| </title> | ||
| <script src="/common/get-host-info.sub.js"></script> | ||
| <script src="/resources/testharness.js"></script> | ||
| <script src="/resources/testharnessreport.js"></script> | ||
| <script> | ||
| const hostInfo = get_host_info(); | ||
| const iframeDetails = [ | ||
| { | ||
| policy: null, | ||
| crossOrigin: false, | ||
| isAllowed: true, | ||
| }, | ||
| { | ||
| policy: null, | ||
| crossOrigin: true, | ||
| isAllowed: false, | ||
| }, | ||
| { | ||
| policy: "digital-credentials-get", | ||
| crossOrigin: false, | ||
| isAllowed: true, | ||
| }, | ||
| { | ||
| policy: "digital-credentials-get", | ||
| crossOrigin: true, | ||
| isAllowed: true, | ||
| }, | ||
| { | ||
| policy: "digital-credentials-get *", | ||
| crossOrigin: true, | ||
| isAllowed: true, | ||
| }, | ||
| { | ||
| policy: "digital-credentials-get *", | ||
| crossOrigin: false, | ||
| isAllowed: true, | ||
| }, | ||
| { | ||
| policy: "digital-credentials-get 'none'", | ||
| crossOrigin: true, | ||
| isAllowed: false, | ||
| }, | ||
| { | ||
| policy: "digital-credentials-get 'none'", | ||
| crossOrigin: false, | ||
| isAllowed: false, | ||
| }, | ||
| { | ||
| policy: "digital-credentials-get 'self'", | ||
| crossOrigin: true, | ||
| isAllowed: false, | ||
| }, | ||
| { | ||
| policy: "digital-credentials-get 'self'", | ||
| crossOrigin: false, | ||
| isAllowed: true, | ||
| }, | ||
| { | ||
| policy: `digital-credentials-get ${hostInfo.HTTPS_REMOTE_ORIGIN}`, | ||
| crossOrigin: true, | ||
| isAllowed: true, | ||
| }, | ||
| { | ||
| policy: `digital-credentials-get ${hostInfo.HTTPS_REMOTE_ORIGIN}`, | ||
| crossOrigin: false, | ||
| isAllowed: false, | ||
| }, | ||
| ]; | ||
|
|
||
| async function loadIframe({ policy, crossOrigin, isAllowed }) { | ||
| const iframe = document.createElement("iframe"); | ||
| if (policy !== null) { | ||
| iframe.allow = policy; | ||
| } | ||
|
|
||
| await new Promise((resolve) => { | ||
| iframe.onload = resolve; | ||
| iframe.src = new URL( | ||
| "/digital-credentials/support/iframe.html", | ||
| crossOrigin | ||
| ? hostInfo.HTTPS_REMOTE_ORIGIN | ||
| : location.origin | ||
| ).href; | ||
| iframe.dataset.isAllowed = isAllowed; | ||
| document.body.appendChild(iframe); | ||
| }); | ||
| iframe.focus(); | ||
| return iframe; | ||
| } | ||
|
|
||
| function runTests() { | ||
| for (const details of iframeDetails) { | ||
| promise_test(async (test) => { | ||
| const iframe = await loadIframe(details); | ||
| const { isAllowed } = details; | ||
| const action = "get"; | ||
| const options = { | ||
| digital: { | ||
| // Results in TypeError when allowed, NotAllowedError when disallowed | ||
| providers: [], | ||
| }, | ||
| }; | ||
| const { data } = await new Promise((resolve) => { | ||
| window.addEventListener("message", resolve, { | ||
| once: true, | ||
| }); | ||
| iframe.contentWindow.postMessage( | ||
| { action, options, needsActivation: true }, | ||
| "*" | ||
| ); | ||
| }); | ||
| const { name, messsage } = data; | ||
| assert_equals( | ||
| name, | ||
| isAllowed ? "TypeError" : "NotAllowedError", | ||
| `${iframe.outerHTML} - ${messsage}` | ||
| ); | ||
| iframe.remove(); | ||
| }, `Policy to use: ${details.policy}, is cross-origin: ${details.crossOrigin}, is allowed by policy: ${details.isAllowed}`); | ||
| } | ||
| } | ||
| </script> | ||
| </head> | ||
| <body onload="runTests()"></body> | ||
| </html> |
42 changes: 42 additions & 0 deletions
42
digital-credentials/default-permissions-policy.https.sub.html
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,42 @@ | ||
| <!DOCTYPE html> | ||
| <meta charset="utf-8" /> | ||
| <script src="/resources/testharness.js"></script> | ||
| <script src="/resources/testharnessreport.js"></script> | ||
| <script src="/resources/testdriver.js"></script> | ||
| <script src="/resources/testdriver-vendor.js"></script> | ||
| <script src="/permissions-policy/resources/permissions-policy.js"></script> | ||
| <script src="/common/get-host-info.sub.js"></script> | ||
| <body></body> | ||
| <script> | ||
| "use strict"; | ||
| const { HTTPS_REMOTE_ORIGIN } = get_host_info(); | ||
| const same_origin_src = | ||
| "/permissions-policy/resources/digital-credentials-get.html"; | ||
| const cross_origin_src = new URL(same_origin_src, HTTPS_REMOTE_ORIGIN).href; | ||
|
|
||
| promise_test(async (test) => { | ||
| await test_driver.bless("use activation"); | ||
| await promise_rejects_js( | ||
| test, | ||
| TypeError, | ||
| navigator.identity.get({ digital: { providers: [] } }) | ||
| ); | ||
|
|
||
| await test_feature_availability({ | ||
| feature_description: "Digital Credential API", | ||
| test, | ||
| src: same_origin_src, | ||
| expect_feature_available: expect_feature_available_default, | ||
| is_promise_test: true, | ||
| }); | ||
|
|
||
| await test_feature_availability({ | ||
| feature_description: "Digital Credential API", | ||
| test, | ||
| src: cross_origin_src, | ||
| expect_feature_available: expect_feature_unavailable_default, | ||
| feature_name: "digital-credentials-get", | ||
| is_promise_test: true, | ||
| }); | ||
| }, "Permissions-Policy is by default 'self'."); | ||
| </script> |
36 changes: 36 additions & 0 deletions
36
digital-credentials/disabled-by-permissions-policy.https.sub.html
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,36 @@ | ||
| <!DOCTYPE html> | ||
| <meta charset="utf-8" /> | ||
| <script src="/resources/testharness.js"></script> | ||
| <script src="/resources/testharnessreport.js"></script> | ||
| <script src="/resources/testdriver.js"></script> | ||
| <script src="/resources/testdriver-vendor.js"></script> | ||
| <script src="/permissions-policy/resources/permissions-policy.js"></script> | ||
| <script src="/common/get-host-info.sub.js"></script> | ||
| <body></body> | ||
| <script> | ||
| "use strict"; | ||
| const { HTTPS_REMOTE_ORIGIN } = get_host_info(); | ||
| const same_origin_src = | ||
| "/permissions-policy/resources/digital-credentials-get.html"; | ||
| const cross_origin_src = new URL(same_origin_src, HTTPS_REMOTE_ORIGIN).href; | ||
|
|
||
| promise_test(async (test) => { | ||
| await test_driver.bless("user activation"); | ||
| await promise_rejects_dom( | ||
| test, | ||
| "NotAllowedError", | ||
| navigator.identity.get({ digital: { providers: [] } }) | ||
| ); | ||
| }, "Permissions-Policy header digital-credentials-get=() disallows the top-level document."); | ||
|
|
||
| promise_test(async (test) => { | ||
| await test_feature_availability({ | ||
| feature_description: "Digital Credential API", | ||
| test, | ||
| src: same_origin_src, | ||
| expect_feature_available: expect_feature_unavailable_default, | ||
| is_promise_test: true, | ||
| needs_focus: true, | ||
| }); | ||
| }, "Permissions-Policy header digital-credentials-get=() disallows same-origin iframes."); | ||
| </script> |
1 change: 1 addition & 0 deletions
1
digital-credentials/disabled-by-permissions-policy.https.sub.html.headers
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1 @@ | ||
| Permissions-Policy: digital-credentials-get=() |
59 changes: 59 additions & 0 deletions
59
digital-credentials/enabled-on-self-origin-by-permissions-policy.https.sub.html
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,59 @@ | ||
| <!DOCTYPE html> | ||
| <meta charset="utf-8" /> | ||
| <script src="/resources/testharness.js"></script> | ||
| <script src="/resources/testharnessreport.js"></script> | ||
| <script src="/resources/testdriver.js"></script> | ||
| <script src="/resources/testdriver-vendor.js"></script> | ||
| <script src="/permissions-policy/resources/permissions-policy.js"></script> | ||
| <script src="/common/get-host-info.sub.js"></script> | ||
| <body></body> | ||
| <script> | ||
| "use strict"; | ||
| const { HTTPS_REMOTE_ORIGIN } = get_host_info(); | ||
| const same_origin_src = | ||
| "/permissions-policy/resources/digital-credentials-get.html"; | ||
| const cross_origin_src = new URL(same_origin_src, HTTPS_REMOTE_ORIGIN).href; | ||
|
|
||
| promise_test(async (test) => { | ||
| await test_driver.bless("user activation"); | ||
| await promise_rejects_js( | ||
| test, | ||
| TypeError, | ||
| navigator.identity.get({ digital: { providers: [] } }) | ||
| ); | ||
| }, "Permissions-Policy header digital-credentials-get=(self) allows the top-level document."); | ||
|
|
||
| promise_test(async (test) => { | ||
| await test_feature_availability({ | ||
| feature_description: "Digital Credential API", | ||
| test, | ||
| src: same_origin_src, | ||
| expect_feature_available: expect_feature_available_default, | ||
| is_promise_test: true, | ||
| needs_focus: true, | ||
| }); | ||
| }, "Permissions-Policy header digital-credentials-get=(self) allows same-origin iframes."); | ||
|
|
||
| promise_test(async (test) => { | ||
| await test_feature_availability({ | ||
| feature_description: "Digital Credential API", | ||
| test, | ||
| src: cross_origin_src, | ||
| expect_feature_available: expect_feature_unavailable_default, | ||
| is_promise_test: true, | ||
| needs_focus: true, | ||
| }); | ||
| }, "Permissions-Policy header digital-credentials-get=(self) disallows cross-origin iframes."); | ||
|
|
||
| promise_test(async (test) => { | ||
| await test_feature_availability({ | ||
| feature_description: "Digital Credential API", | ||
| test, | ||
| src: cross_origin_src, | ||
| expect_feature_available: expect_feature_available_default, | ||
| feature_name: "digital-credentials-get", | ||
| is_promise_test: true, | ||
| needs_focus: true, | ||
| }); | ||
| }, "Permissions-Policy header digital-credentials-get=(self) gets overridden by allow attribute."); | ||
| </script> |
1 change: 1 addition & 0 deletions
1
digital-credentials/enabled-on-self-origin-by-permissions-policy.https.sub.html.headers
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1 @@ | ||
| Permissions-Policy: digital-credentials-get=(self) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,37 @@ | ||
| <!DOCTYPE html> | ||
| <title>Digital Credential API: get() consumes user activation.</title> | ||
| <script src="/resources/testdriver.js"></script> | ||
| <script src="/resources/testdriver-vendor.js"></script> | ||
| <script src="/resources/testharness.js"></script> | ||
| <script src="/resources/testharnessreport.js"></script> | ||
| <body></body> | ||
| <script> | ||
| promise_test(async (t) => { | ||
| assert_false( | ||
| navigator.userActivation.isActive, | ||
| "User activation should not be active" | ||
| ); | ||
| await promise_rejects_dom( | ||
| t, | ||
| "NotAllowedError", | ||
| navigator.identity.get({ digital: { providers: [] } }) | ||
| ); | ||
| }, "navigator.identity.get() calling the API without user activation should reject with NotAllowedError."); | ||
|
|
||
| promise_test(async (t) => { | ||
| await test_driver.bless(); | ||
| assert_true( | ||
| navigator.userActivation.isActive, | ||
| "User activation should be active after test_driver.bless()." | ||
| ); | ||
| await promise_rejects_js( | ||
| t, | ||
| TypeError, | ||
| navigator.identity.get({ digital: { providers: [] } }) | ||
| ); | ||
| assert_false( | ||
| navigator.userActivation.isActive, | ||
| "User activation should be consumed after navigator.identity.get()." | ||
| ); | ||
| }, "navigator.identity.get() consumes user activation."); | ||
| </script> |
39 changes: 39 additions & 0 deletions
39
digital-credentials/override-permissions-policy.https.sub.html
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,39 @@ | ||
| <!DOCTYPE html> | ||
| <meta charset="utf-8" /> | ||
| <script src="/resources/testharness.js"></script> | ||
| <script src="/resources/testharnessreport.js"></script> | ||
| <script src="/resources/testdriver.js"></script> | ||
| <script src="/resources/testdriver-vendor.js"></script> | ||
| <script src="/permissions-policy/resources/permissions-policy.js"></script> | ||
| <script src="/common/get-host-info.sub.js"></script> | ||
| <body></body> | ||
| <script> | ||
| "use strict"; | ||
| const { HTTPS_REMOTE_ORIGIN } = get_host_info(); | ||
| const same_origin_src = | ||
| "/permissions-policy/resources/digital-credentials-get.html"; | ||
| const cross_origin_src = new URL(same_origin_src, HTTPS_REMOTE_ORIGIN).href; | ||
|
|
||
| promise_test(async (test) => { | ||
| await test_feature_availability({ | ||
| feature_description: "Digital Credential API", | ||
| test, | ||
| src: cross_origin_src, | ||
| expect_feature_available: expect_feature_available_default, | ||
| feature_name: "digital-credentials-get", | ||
| is_promise_test: true, | ||
| needs_focus: true, | ||
| }); | ||
| }, "Header-set policy is overridden in cross-origin iframe using allow attribute."); | ||
|
|
||
| promise_test(async (test) => { | ||
| await test_feature_availability({ | ||
| feature_description: "Digital Credential API", | ||
| test, | ||
| src: same_origin_src, | ||
| expect_feature_available: expect_feature_unavailable_default, | ||
| is_promise_test: true, | ||
| needs_focus: true, | ||
| }); | ||
| }, "Setting digital-credentials-get=(self) disallows the API in same-origin iframes."); | ||
| </script> |
1 change: 1 addition & 0 deletions
1
digital-credentials/override-permissions-policy.https.sub.html.headers
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1 @@ | ||
| Permissions-Policy: digital-credentials-get=() |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,33 @@ | ||
| <!DOCTYPE html> | ||
| <meta charset="utf-8" /> | ||
| <script src="/resources/testdriver.js"></script> | ||
| <script src="/resources/testdriver-vendor.js"></script> | ||
| <body></body> | ||
| <script> | ||
| const type = "availability-result"; | ||
| async function notify() { | ||
| if (!navigator.userActivation.isActive) { | ||
| await test_driver.bless("user activation", null, window); | ||
| } | ||
| let enabled = undefined; | ||
| try { | ||
| await navigator.identity.get({ digital: { providers: [] } }); | ||
| } catch (e) { | ||
| switch (e.name) { | ||
| case "NotAllowedError": | ||
| enabled = false; | ||
| break; | ||
| case "TypeError": | ||
| enabled = true; | ||
| break; | ||
| default: | ||
| throw e; | ||
| } | ||
| } finally { | ||
| window.parent.postMessage({ type, enabled }, "*"); | ||
| } | ||
| } | ||
| </script> | ||
| <body onload="notify()"> | ||
| <h1>Digital Credentials iframe</h1> | ||
| </body> |
Oops, something went wrong.