| <!doctype html> |
| <html> |
| <head> |
| <meta charset=utf-8> |
| <title>Test SharedWorkerGlobalScope.isSecureContext for HTTP creator</title> |
| <meta name="help" href="https://w3c.github.io/webappsec-secure-contexts/#monkey-patching-global-object"> |
| <script src=/resources/testharness.js></script> |
| <script src=/resources/testharnessreport.js></script> |
| <script src="server-locations.sub.js"></script> |
| </head> |
| <body> |
| <script> |
| /* |
| * The goal of this test is to check that we do the right thing if the |
| * same SharedWorker is used first from an secure context and then from |
| * an insecure context. |
| * |
| * To do this, we load a subframe which loads a SharedWorker |
| * and communicates back to us whether that worker and a child dedicated |
| * worker it spawns think they are secure contexts. Async tests t1 and t2 |
| * track these two workers. |
| * |
| * After we have heard from both workers in the subframe, we open an |
| * insecure (http) popup, which loads the same exact subframe. This |
| * subframe is still is same-origin with |
| * us but not a secure context, since its parent is http, not https. Then |
| * we wait to hear about the status of the workers in the popup's |
| * subframe. Async tests t3 and t4 track these two workers. |
| * |
| */ |
| var t1 = async_test("Shared worker in subframe"); |
| var t2 = async_test("Nested worker in shared worker in subframe"); |
| var t3 = async_test("Shared worker in popup"); |
| var t4 = async_test("Nested worker from shared worker in popup"); |
| |
| var messageCount = 0; |
| var popup = null; |
| onmessage = function(e) { |
| ++messageCount; |
| if (messageCount == 4 && popup) { |
| popup.close(); |
| } |
| var data = e.data; |
| if (data.type == "shared") { |
| // This is a message from our shared worker; check whether it's the |
| // one in the popup or in our subframe. |
| if (data.fromPopup) { |
| t3.step(function() { |
| assert_false(data.exception, "No exception should be present."); |
| assert_true(data.error, "SharedWorker connection should error out."); |
| }); |
| t3.done(); |
| } else { |
| t1.step(function() { |
| assert_false(data.exception, "SharedWorker should not throw an exception."); |
| assert_false(data.error, "SharedWorker connection should not generate an error."); |
| assert_true(data.isSecureContext, "SharedWorker is a secure context"); |
| }); |
| t1.done(); |
| } |
| } else if (data.type == "nested") { |
| // This is a message from our shared worker's nested dedicated worker; |
| // check whether it's the one in the popup or in our subframe. |
| if (data.fromPopup) { |
| t4.step(function() { |
| assert_false(data.exception, "No exception should be present."); |
| assert_true(data.error, "SharedWorker connection should error out."); |
| }); |
| t4.done(); |
| } else { |
| t2.step(function() { |
| assert_false(data.exception, "SharedWorker should not throw an exception."); |
| assert_false(data.error, "SharedWorker connection should not generate an error."); |
| assert_true(data.isSecureContext, "SharedWorker is a secure context"); |
| }); |
| t2.done(); |
| } |
| } else { |
| if (popup) { |
| popup.close(); |
| } |
| t1.step(function() { |
| assert_unreached("Unknown message"); |
| }); |
| t1.done(); |
| t2.step(function() { |
| assert_unreached("Unknown message"); |
| }); |
| t2.done(); |
| t3.step(function() { |
| assert_unreached("Unknown message"); |
| }); |
| t3.done(); |
| t4.step(function() { |
| assert_unreached("Unknown message"); |
| }); |
| t4.done(); |
| } |
| |
| if (messageCount == 2) { |
| // Got both messages from our child; time to open our popup |
| popup = window.open(http_dir + "support/shared-worker-insecure-popup.html?https_dir4"); |
| } |
| } |
| |
| var ifr = document.createElement("iframe"); |
| ifr.src = https_dir4 + "support/https-subframe-shared.html"; |
| document.body.appendChild(ifr); |
| </script> |
| </body> |
| </html> |
