blob: 40ea09b832e0ecf593e8f0ebb3ff6d77ee7152fa [file] [log] [blame]
<!DOCTYPE html>
<!-- This test cannot be upstreamed to WPT because while a roughly
equivalent version is available in the Web Platform Tests project, the
limitations of the WPT infrastructure precludes the use of iframes for this
purpose. This version should be maintained only insofar as the functionality
under test concerns iframe contexts specifically; otherwise, modifications
should be contributed to the shared version. -->
<title>register on a secure page after redirect from an non-secure url</title>
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
<script src="/resources/get-host-info.js?pipe=sub"></script>
<script src="resources/test-helpers.js"></script>
<body>
<script>
'use strict';
// Loads a non-secure url in an iframe, which redirects to |target_url|.
// That page then registers a service worker, and messages back with the result.
// Returns a promise that resolves with the result.
function redirect_and_register(target_url) {
var redirect_url = get_host_info()['UNAUTHENTICATED_ORIGIN'] +
'/serviceworker/resources/redirect.php?Redirect=';
var message_promise = new Promise(resolve => {
window.addEventListener('message', e => resolve(e.data));
});
var iframe_promise = with_iframe(redirect_url + encodeURIComponent(target_url));
return Promise.all([message_promise, iframe_promise])
.then(results => {
results[1].remove();
return results[0];
});
}
promise_test(function(t) {
var target_url = window.location.origin +
'/serviceworker/resources/register.html';
return redirect_and_register(target_url)
.then(result => { assert_equals(result, 'OK'); });
}, 'register on a secure page after redirect from an non-secure url');
promise_test(function(t) {
var target_url = get_host_info()['UNAUTHENTICATED_ORIGIN'] +
'/serviceworker/resources/register.html';
return redirect_and_register(target_url)
.then(result => {assert_equals(result, 'FAIL: SecurityError');});
}, 'register on a non-secure page after redirect from an non-secure url');
</script>
</body>