web-platform-tests · marcoscaceres · Aug 22, 2024 · Aug 19, 2024 · Aug 20, 2024 · Aug 21, 2024
diff --git a/digital-credentials/allow-attribute.https.html b/digital-credentials/allow-attribute.https.html
@@ -0,0 +1,131 @@
+<!DOCTYPE html>
+<html>
+    <head>
+        <title>
+            Test allow attribute with "digital-credentials-get" and
+            CredentialsContainer's .get() method
+        </title>
+        <script src="/common/get-host-info.sub.js"></script>
+        <script src="/resources/testharness.js"></script>
+        <script src="/resources/testharnessreport.js"></script>
+        <script>
+            const hostInfo = get_host_info();
+            const iframeDetails = [
+                {
+                    policy: null,
+                    crossOrigin: false,
+                    expectIsAllowed: true,
+                },
+                {
+                    policy: null,
+                    crossOrigin: true,
+                    expectIsAllowed: false,
+                },
+                {
+                    policy: "digital-credentials-get",
+                    crossOrigin: false,
+                    expectIsAllowed: true,
+                },
+                {
+                    policy: "digital-credentials-get",
+                    crossOrigin: true,
+                    expectIsAllowed: true,
+                },
+                {
+                    policy: "digital-credentials-get *",
+                    crossOrigin: false,
+                    expectIsAllowed: true,
+                },
+                {
+                    policy: "digital-credentials-get *",
+                    crossOrigin: true,
+                    expectIsAllowed: true,
+                },
+                {
+                    policy: "digital-credentials-get 'none'",
+                    crossOrigin: false,
+                    expectIsAllowed: false,
+                },
+                {
+                    policy: "digital-credentials-get 'none'",
+                    crossOrigin: true,
+                    expectIsAllowed: false,
+                },
+                {
+                    policy: "digital-credentials-get 'self'",
+                    crossOrigin: false,
+                    expectIsAllowed: true,
+                },
+                {
+                    policy: "digital-credentials-get 'self'",
+                    crossOrigin: true,
+                    expectIsAllowed: false,
+                },
+                {
+                    policy: `digital-credentials-get ${hostInfo.HTTPS_REMOTE_ORIGIN}`,
+                    crossOrigin: false,
+                    expectIsAllowed: false,
+                },
+                {
+                    policy: `digital-credentials-get ${hostInfo.HTTPS_REMOTE_ORIGIN}`,
+                    crossOrigin: true,
+                    expectIsAllowed: true,
+                },
+            ];
+
+            async function loadIframe({ policy, crossOrigin, expectIsAllowed }) {
+                const iframe = document.createElement("iframe");
+                if (policy !== null) {
+                    iframe.allow = policy;
+                }
+
+                await new Promise((resolve) => {
+                    iframe.onload = resolve;
+                    iframe.src = new URL(
+                        "/digital-credentials/support/iframe.html",
+                        crossOrigin
+                            ? hostInfo.HTTPS_REMOTE_ORIGIN
+                            : location.origin
+                    ).href;
+                    iframe.dataset.expectIsAllowed = expectIsAllowed;
+                    document.body.appendChild(iframe);
+                });
+                iframe.focus();
+                return iframe;
+            }
+
+            function runTests() {
+                for (const details of iframeDetails) {
+                    promise_test(async (test) => {
+                        const iframe = await loadIframe(details);
+                        const { expectIsAllowed } = details;
+                        const action = "get";
+                        const options = {
+                            digital: {
+                                // Results in TypeError when allowed, NotAllowedError when disallowed
+                                providers: [],
+                            },
+                        };
+                        const { data } = await new Promise((resolve) => {
+                            window.addEventListener("message", resolve, {
+                                once: true,
+                            });
+                            iframe.contentWindow.postMessage(
+                                { action, options, needsActivation: true },
+                                "*"
+                            );
+                        });
+                        const { name, message } = data;
+                        assert_equals(
+                            name,
+                            expectIsAllowed ? "TypeError" : "NotAllowedError",
+                            `${iframe.outerHTML} - ${message}`
+                        );
+                        iframe.remove();
+                    }, `Policy to use: ${details.policy}, is cross-origin: ${details.crossOrigin}, is allowed by policy: ${details.expectIsAllowed}`);
+                }
+            }
+        </script>
+    </head>
+    <body onload="runTests()"></body>
+</html>
diff --git a/digital-credentials/default-permissions-policy.https.sub.html b/digital-credentials/default-permissions-policy.https.sub.html
@@ -0,0 +1,42 @@
+<!DOCTYPE html>
+<meta charset="utf-8" />
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+<script src="/resources/testdriver.js"></script>
+<script src="/resources/testdriver-vendor.js"></script>
+<script src="/permissions-policy/resources/permissions-policy.js"></script>
+<script src="/common/get-host-info.sub.js"></script>
+<body></body>
+<script>
+    "use strict";
+    const { HTTPS_REMOTE_ORIGIN } = get_host_info();
+    const same_origin_src =
+        "/permissions-policy/resources/digital-credentials-get.html";
+    const cross_origin_src = new URL(same_origin_src, HTTPS_REMOTE_ORIGIN).href;
+
+    promise_test(async (test) => {
+        await test_driver.bless("user activation");
+        await promise_rejects_js(
+            test,
+            TypeError,
+            navigator.identity.get({ digital: { providers: [] } })
+        );
+
+        await test_feature_availability({
+            feature_description: "Digital Credential API",
+            test,
+            src: same_origin_src,
+            expect_feature_available: expect_feature_available_default,
+            is_promise_test: true,
+        });
+
+        await test_feature_availability({
+            feature_description: "Digital Credential API",
+            test,
+            src: cross_origin_src,
+            expect_feature_available: expect_feature_unavailable_default,
+            feature_name: "digital-credentials-get",
+            is_promise_test: true,
+        });
+    }, "Permissions-Policy is by default 'self'.");
+</script>
diff --git a/digital-credentials/disabled-by-permissions-policy.https.sub.html b/digital-credentials/disabled-by-permissions-policy.https.sub.html
@@ -0,0 +1,59 @@
+<!DOCTYPE html>
+<meta charset="utf-8" />
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+<script src="/resources/testdriver.js"></script>
+<script src="/resources/testdriver-vendor.js"></script>
+<script src="/permissions-policy/resources/permissions-policy.js"></script>
+<script src="/common/get-host-info.sub.js"></script>
+<body></body>
+<script>
+    "use strict";
+    const { HTTPS_REMOTE_ORIGIN } = get_host_info();
+    const same_origin_src =
+        "/permissions-policy/resources/digital-credentials-get.html";
+    const cross_origin_src = new URL(same_origin_src, HTTPS_REMOTE_ORIGIN).href;
+
+    promise_test(async (test) => {
+        await test_driver.bless("user activation");
+        await promise_rejects_dom(
+            test,
+            "NotAllowedError",
+            navigator.identity.get({ digital: { providers: [] } })
+        );
+    }, "Permissions-Policy header digital-credentials-get=() disallows the top-level document.");
+
+    promise_test(async (test) => {
+        await test_feature_availability({
+            feature_description: "Digital Credential API",
+            test,
+            src: same_origin_src,
+            expect_feature_available: expect_feature_unavailable_default,
+            is_promise_test: true,
+            needs_focus: true,
+        });
+    }, "Permissions-Policy header digital-credentials-get=() disallows same-origin iframes.");
+
+    promise_test(async (test) => {
+        await test_feature_availability({
+            feature_description: "Digital Credential API",
+            test,
+            src: cross_origin_src,
+            expect_feature_available: expect_feature_available_default,
+            feature_name: "digital-credentials-get",
+            is_promise_test: true,
+            needs_focus: true,
+        });
+    }, "Header-set policy is overridden in cross-origin iframe using allow attribute.");
+
+    promise_test(async (test) => {
+        await test_feature_availability({
+            feature_description: "Digital Credential API",
+            test,
+            src: same_origin_src,
+            expect_feature_available: expect_feature_unavailable_default,
+            is_promise_test: true,
+            needs_focus: true,
+        });
+    }, "Setting digital-credentials-get=(self) disallows the API in same-origin iframes.");
+</script>
diff --git a/digital-credentials/disabled-by-permissions-policy.https.sub.html.headers b/digital-credentials/disabled-by-permissions-policy.https.sub.html.headers
@@ -0,0 +1 @@
+Permissions-Policy: digital-credentials-get=()
diff --git a/digital-credentials/enabled-on-self-origin-by-permissions-policy.https.sub.html b/digital-credentials/enabled-on-self-origin-by-permissions-policy.https.sub.html
@@ -0,0 +1,59 @@
+<!DOCTYPE html>
+<meta charset="utf-8" />
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+<script src="/resources/testdriver.js"></script>
+<script src="/resources/testdriver-vendor.js"></script>
+<script src="/permissions-policy/resources/permissions-policy.js"></script>
+<script src="/common/get-host-info.sub.js"></script>
+<body></body>
+<script>
+    "use strict";
+    const { HTTPS_REMOTE_ORIGIN } = get_host_info();
+    const same_origin_src =
+        "/permissions-policy/resources/digital-credentials-get.html";
+    const cross_origin_src = new URL(same_origin_src, HTTPS_REMOTE_ORIGIN).href;
+
+    promise_test(async (test) => {
+        await test_driver.bless("user activation");
+        await promise_rejects_js(
+            test,
+            TypeError,
+            navigator.identity.get({ digital: { providers: [] } })
+        );
+    }, "Permissions-Policy header digital-credentials-get=(self) allows the top-level document.");
+
+    promise_test(async (test) => {
+        await test_feature_availability({
+            feature_description: "Digital Credential API",
+            test,
+            src: same_origin_src,
+            expect_feature_available: expect_feature_available_default,
+            is_promise_test: true,
+            needs_focus: true,
+        });
+    }, "Permissions-Policy header digital-credentials-get=(self) allows same-origin iframes.");
+
+    promise_test(async (test) => {
+        await test_feature_availability({
+            feature_description: "Digital Credential API",
+            test,
+            src: cross_origin_src,
+            expect_feature_available: expect_feature_unavailable_default,
+            is_promise_test: true,
+            needs_focus: true,
+        });
+    }, "Permissions-Policy header digital-credentials-get=(self) disallows cross-origin iframes.");
+
+    promise_test(async (test) => {
+        await test_feature_availability({
+            feature_description: "Digital Credential API",
+            test,
+            src: cross_origin_src,
+            expect_feature_available: expect_feature_available_default,
+            feature_name: "digital-credentials-get",
+            is_promise_test: true,
+            needs_focus: true,
+        });
+    }, "Permissions-Policy header digital-credentials-get=(self) gets overridden by allow attribute.");
+</script>
diff --git a/digital-credentials/enabled-on-self-origin-by-permissions-policy.https.sub.html.headers b/digital-credentials/enabled-on-self-origin-by-permissions-policy.https.sub.html.headers
@@ -0,0 +1 @@
+Permissions-Policy: digital-credentials-get=(self)
diff --git a/permissions-policy/resources/digital-credentials-get.html b/permissions-policy/resources/digital-credentials-get.html
@@ -0,0 +1,33 @@
+<!DOCTYPE html>
+<meta charset="utf-8" />
+<script src="/resources/testdriver.js"></script>
+<script src="/resources/testdriver-vendor.js"></script>
+<body></body>
+<script>
+    const type = "availability-result";
+    async function notify() {
+        if (!navigator.userActivation.isActive) {
+            await test_driver.bless("user activation", null, window);
+        }
+        let enabled = undefined;
+        try {
+            await navigator.identity.get({ digital: { providers: [] } });
+        } catch (e) {
+            switch (e.name) {
+                case "NotAllowedError":
+                    enabled = false;
+                    break;
+                case "TypeError":
+                    enabled = true;
+                    break;
+                default:
+                    throw e;
+            }
+        } finally {
+            window.parent.postMessage({ type, enabled }, "*");
+        }
+    }
+</script>
+<body onload="notify()">
+    <h1>Digital Credentials iframe</h1>
+</body>
diff --git a/permissions-policy/resources/permissions-policy.js b/permissions-policy/resources/permissions-policy.js
@@ -30,7 +30,7 @@ function assert_permissions_policy_supported() {
 //    promise. Used by test_feature_availability_with_post_message_result()
 function test_feature_availability(
     feature_descriptionOrObject, test, src, expect_feature_available, feature_name,
-    allowfullscreen, is_promise_test = false) {
+    allowfullscreen, is_promise_test = false, needs_focus = false) {
 
   if (feature_descriptionOrObject && feature_descriptionOrObject instanceof Object) {
     const {
@@ -41,6 +41,7 @@ function test_feature_availability(
       feature_name,
       allowfullscreen,
       is_promise_test,
+      needs_focus,
     } = feature_descriptionOrObject;
     return test_feature_availability(
       feature_description,
@@ -49,7 +50,8 @@ function test_feature_availability(
       expect_feature_available,
       feature_name,
       allowfullscreen,
-      is_promise_test
+      is_promise_test,
+      needs_focus,
     );
   }
 
@@ -84,6 +86,9 @@ function test_feature_availability(
                     window.addEventListener('message', resolve);
                   }).then(expectFeatureAvailable);
   document.body.appendChild(frame);
+  if (needs_focus) {
+    frame.focus();
+  }
   return promise;
 }
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1 @@
		Permissions-Policy: digital-credentials-get=(self)
marcoscaceres marked this conversation as resolved. Show resolved Hide resolved