| <!DOCTYPE html> |
| <!-- This test cannot be upstreamed to WPT because while a roughly |
| equivalent version is available in the Web Platform Tests project, the |
| limitations of the WPT infrastructure precludes the use of iframes for this |
| purpose. This version should be maintained only insofar as the functionality |
| under test concerns iframe contexts specifically; otherwise, modifications |
| should be contributed to the shared version. --> |
| <title>register on a secure page after redirect from an non-secure url</title> |
| <script src="/resources/testharness.js"></script> |
| <script src="/resources/testharnessreport.js"></script> |
| <script src="/resources/get-host-info.js?pipe=sub"></script> |
| <script src="resources/test-helpers.js"></script> |
| <body> |
| <script> |
| 'use strict'; |
| |
| // Loads a non-secure url in an iframe, which redirects to |target_url|. |
| // That page then registers a service worker, and messages back with the result. |
| // Returns a promise that resolves with the result. |
| function redirect_and_register(target_url) { |
| var redirect_url = get_host_info()['UNAUTHENTICATED_ORIGIN'] + |
| '/serviceworker/resources/redirect.php?Redirect='; |
| var message_promise = new Promise(resolve => { |
| window.addEventListener('message', e => resolve(e.data)); |
| }); |
| var iframe_promise = with_iframe(redirect_url + encodeURIComponent(target_url)); |
| return Promise.all([message_promise, iframe_promise]) |
| .then(results => { |
| results[1].remove(); |
| return results[0]; |
| }); |
| } |
| |
| promise_test(function(t) { |
| var target_url = window.location.origin + |
| '/serviceworker/resources/register.html'; |
| |
| return redirect_and_register(target_url) |
| .then(result => { assert_equals(result, 'OK'); }); |
| }, 'register on a secure page after redirect from an non-secure url'); |
| |
| promise_test(function(t) { |
| var target_url = get_host_info()['UNAUTHENTICATED_ORIGIN'] + |
| '/serviceworker/resources/register.html'; |
| |
| return redirect_and_register(target_url) |
| .then(result => {assert_equals(result, 'FAIL: SecurityError');}); |
| }, 'register on a non-secure page after redirect from an non-secure url'); |
| </script> |
| </body> |