| <!DOCTYPE html> |
| <html> |
| <head> |
| <title>Authenticated origins are secure, both at top-level and in frames.</title> |
| <script src="/resources/testharness.js"></script> |
| <script src="/resources/testharnessreport.js"></script> |
| <script src="/resources/get-host-info.js"></script> |
| </head> |
| <body> |
| <script> |
| if (window.location.origin != get_host_info().AUTHENTICATED_ORIGIN) { |
| window.location = get_host_info().AUTHENTICATED_ORIGIN + |
| window.location.pathname; |
| } else { |
| test(function () { |
| assert_equals(window.location.origin, get_host_info().AUTHENTICATED_ORIGIN, "Sanity check the test runner."); |
| assert_true(window.isSecureContext); |
| }, "authenticated origin is secure at the top-level."); |
| |
| async_test(function (t) { |
| var messages = 0; |
| window.addEventListener("message", t.step_func(function (e) { |
| if (e.origin == get_host_info().AUTHENTICATED_ORIGIN) |
| assert_true(e.data.isSecureContext); |
| if (e.origin == get_host_info().UNAUTHENTICATED_ORIGIN) |
| assert_false(e.data.isSecureContext); |
| messages++; |
| if (messages >= 2) |
| t.done(); |
| }), false); |
| |
| var i1 = document.createElement("iframe"); |
| i1.src = get_host_info().UNAUTHENTICATED_ORIGIN + "/security/secureContexts/resources/post-securecontext-status.html"; |
| // This will almost certainly be blocked by the mixed content checker, handle that case by incrementing the `messages` count. |
| i1.addEventListener("error", t.step_func(function (e) { |
| messages++; |
| if (messages >= 2) |
| t.done(); |
| }), false); |
| document.body.appendChild(i1); |
| |
| var i2 = document.createElement("iframe"); |
| i2.src = get_host_info().AUTHENTICATED_ORIGIN + "/security/secureContexts/resources/post-securecontext-status.html"; |
| document.body.appendChild(i2); |
| }, "Frames are either secure or insecure (and blocked by mixed content)."); |
| } |
| </script> |
| </body> |
| </html> |
