blob: 343136fea7e8823ae5be9e13b66f748f0e15de54 [file] [log] [blame]
<!DOCTYPE html>
<title>Credential Manager: Call get() across browsing contexts.</title>
<script src="../resources/testharness.js"></script>
<script src="../resources/testharnessreport.js"></script>
<script src="/gen/layout_test_data/mojo/public/js/mojo_bindings.js"></script>
<script src="/gen/third_party/WebKit/public/platform/modules/credentialmanager/credential_manager.mojom.js"></script>
<script src="/gen/third_party/WebKit/public/platform/modules/webauth/authenticator.mojom.js"></script>
<script src="resources/credential-helpers.js"></script>
<body>
<script>
if (document.location.hostname == "127.0.0.1")
document.location = "https://subdomain.example.test:8443/credentialmanager/credentialscontainer-get-from-nested-frame.html";
promise_test(t => {
let PROBE_CREDENTIALS = "window.parent.postMessage(String(navigator.credentials), '*');";
let frame = document.createElement("iframe");
frame.src = "data:text/html," + EncloseInScriptTag(PROBE_CREDENTIALS);
window.setTimeout(_ => document.body.append(frame));
let eventWatcher = new EventWatcher(t, window, "message");
return eventWatcher.wait_for("message").then(message => {
assert_equals(message.data, "undefined");
});
}, "navigator.credentials should be undefined in documents generated from `data:` URLs.");
promise_test(t => {
let frame = document.createElement("iframe");
frame.src = "resources/nested-mock-authenticator-client.html";
window.setTimeout(_ => document.body.append(frame));
let loadWatcher = new EventWatcher(t, frame, "load");
loadWatcher.wait_for("load").then(_ =>
frame.contentWindow.location = "javascript:" + GET_CREDENTIAL);
let messageWatcher = new EventWatcher(t, window, "message");
return messageWatcher.wait_for("message").then(message => {
assert_equals(message.data, TEST_NESTED_CREDENTIAL_ID);
});
}, "navigator.credentials.get({publicKey}) in a javascript url should should succeed.");
// Load the content we want to inject into the nested frames below into
// |templateFrame| so that we don't have to use string literals here.
var templateFrame = document.createElement("iframe");
templateFrame.src = "resources/nested-mock-authenticator-client.html";
templateFrame.addEventListener("load", _ => {
// Uses mockAuthenticator.
promise_test(t => {
let frame = document.createElement("iframe");
frame.srcdoc = templateFrame.contentDocument.documentElement.outerHTML;
window.setTimeout(_ => document.body.append(frame));
let loadWatcher = new EventWatcher(t, frame, "load");
loadWatcher.wait_for("load").then(_ => {
frame.contentWindow.eval(GET_CREDENTIAL);
});
let eventWatcher = new EventWatcher(t, window, "message");
return eventWatcher.wait_for("message").then(message => {
assert_equals(message.data, TEST_NESTED_CREDENTIAL_ID);
});
}, "navigator.credentials.get({publicKey}) in srcdoc should succeed.");
// Uses mockAuthenticator.
promise_test(t => {
let frame = document.createElement("iframe");
frame.src = "about:blank";
window.setTimeout(_ => document.body.append(frame));
let loadWatcher = new EventWatcher(t, frame, "load");
loadWatcher.wait_for("load").then(_ => {
frame.contentDocument.write(templateFrame.contentDocument.documentElement.outerHTML);
frame.contentDocument.write(EncloseInScriptTag(GET_CUSTOM_CREDENTIALS));
});
let eventWatcher = new EventWatcher(t, window, "message");
return eventWatcher.wait_for("message").then(message => {
assert_equals(message.data, TEST_NESTED_CREDENTIAL_ID);
});
}, "navigator.credentials.get({publicKey}) in about:blank embedded in a secure context should succeed.");
// Does not use mockAuthenticator, but times out instead.
promise_test(t => {
let frame = document.createElement("iframe");
frame.src = "about:blank";
window.setTimeout(_ => document.body.append(frame));
let loadWatcher = new EventWatcher(t, frame, "load");
loadWatcher.wait_for("load").then(_ => {
frame.contentWindow.eval(GET_CUSTOM_CREDENTIALS);
});
let eventWatcher = new EventWatcher(t, window, "message");
return eventWatcher.wait_for("message").then(message => {
assert_equals(message.data, "NotAllowedError");
});
}, "navigator.credentials.get({publicKey}) in an about:blank page embedded in a secure context should pass rpID checks.");
});
document.body.append(templateFrame);
</script>