| <!DOCTYPE html> |
| <title>Credential Manager: Call get() across browsing contexts.</title> |
| <script src="../resources/testharness.js"></script> |
| <script src="../resources/testharnessreport.js"></script> |
| <script src="/gen/layout_test_data/mojo/public/js/mojo_bindings.js"></script> |
| <script src="/gen/third_party/WebKit/public/platform/modules/credentialmanager/credential_manager.mojom.js"></script> |
| <script src="/gen/third_party/WebKit/public/platform/modules/webauth/authenticator.mojom.js"></script> |
| <script src="resources/credential-helpers.js"></script> |
| <body> |
| <script> |
| |
| if (document.location.hostname == "127.0.0.1") |
| document.location = "https://subdomain.example.test:8443/credentialmanager/credentialscontainer-get-from-nested-frame.html"; |
| |
| promise_test(t => { |
| let PROBE_CREDENTIALS = "window.parent.postMessage(String(navigator.credentials), '*');"; |
| |
| let frame = document.createElement("iframe"); |
| frame.src = "data:text/html," + EncloseInScriptTag(PROBE_CREDENTIALS); |
| window.setTimeout(_ => document.body.append(frame)); |
| |
| let eventWatcher = new EventWatcher(t, window, "message"); |
| return eventWatcher.wait_for("message").then(message => { |
| assert_equals(message.data, "undefined"); |
| }); |
| }, "navigator.credentials should be undefined in documents generated from `data:` URLs."); |
| |
| promise_test(t => { |
| let frame = document.createElement("iframe"); |
| frame.src = "resources/nested-mock-authenticator-client.html"; |
| window.setTimeout(_ => document.body.append(frame)); |
| |
| let loadWatcher = new EventWatcher(t, frame, "load"); |
| loadWatcher.wait_for("load").then(_ => |
| frame.contentWindow.location = "javascript:" + GET_CREDENTIAL); |
| |
| let messageWatcher = new EventWatcher(t, window, "message"); |
| return messageWatcher.wait_for("message").then(message => { |
| assert_equals(message.data, TEST_NESTED_CREDENTIAL_ID); |
| }); |
| }, "navigator.credentials.get({publicKey}) in a javascript url should should succeed."); |
| |
| // Load the content we want to inject into the nested frames below into |
| // |templateFrame| so that we don't have to use string literals here. |
| var templateFrame = document.createElement("iframe"); |
| templateFrame.src = "resources/nested-mock-authenticator-client.html"; |
| templateFrame.addEventListener("load", _ => { |
| |
| // Uses mockAuthenticator. |
| promise_test(t => { |
| let frame = document.createElement("iframe"); |
| frame.srcdoc = templateFrame.contentDocument.documentElement.outerHTML; |
| window.setTimeout(_ => document.body.append(frame)); |
| |
| let loadWatcher = new EventWatcher(t, frame, "load"); |
| loadWatcher.wait_for("load").then(_ => { |
| frame.contentWindow.eval(GET_CREDENTIAL); |
| }); |
| |
| let eventWatcher = new EventWatcher(t, window, "message"); |
| return eventWatcher.wait_for("message").then(message => { |
| assert_equals(message.data, TEST_NESTED_CREDENTIAL_ID); |
| }); |
| }, "navigator.credentials.get({publicKey}) in srcdoc should succeed."); |
| |
| // Uses mockAuthenticator. |
| promise_test(t => { |
| let frame = document.createElement("iframe"); |
| frame.src = "about:blank"; |
| window.setTimeout(_ => document.body.append(frame)); |
| |
| let loadWatcher = new EventWatcher(t, frame, "load"); |
| loadWatcher.wait_for("load").then(_ => { |
| frame.contentDocument.write(templateFrame.contentDocument.documentElement.outerHTML); |
| frame.contentDocument.write(EncloseInScriptTag(GET_CUSTOM_CREDENTIALS)); |
| }); |
| |
| let eventWatcher = new EventWatcher(t, window, "message"); |
| return eventWatcher.wait_for("message").then(message => { |
| assert_equals(message.data, TEST_NESTED_CREDENTIAL_ID); |
| }); |
| }, "navigator.credentials.get({publicKey}) in about:blank embedded in a secure context should succeed."); |
| |
| // Does not use mockAuthenticator, but times out instead. |
| promise_test(t => { |
| let frame = document.createElement("iframe"); |
| frame.src = "about:blank"; |
| window.setTimeout(_ => document.body.append(frame)); |
| |
| let loadWatcher = new EventWatcher(t, frame, "load"); |
| loadWatcher.wait_for("load").then(_ => { |
| frame.contentWindow.eval(GET_CUSTOM_CREDENTIALS); |
| }); |
| |
| let eventWatcher = new EventWatcher(t, window, "message"); |
| return eventWatcher.wait_for("message").then(message => { |
| assert_equals(message.data, "NotAllowedError"); |
| }); |
| }, "navigator.credentials.get({publicKey}) in an about:blank page embedded in a secure context should pass rpID checks."); |
| }); |
| document.body.append(templateFrame); |
| |
| </script> |