| <!DOCTYPE html> |
| <body> |
| <script src=/resources/testharness.js></script> |
| <script src=/resources/testharnessreport.js></script> |
| <script src=/permissions-policy/resources/permissions-policy.js></script> |
| <script> |
| 'use strict'; |
| var same_origin_src = '/permissions-policy/resources/permissions-policy-private-state-token-issuance.html'; |
| var cross_origin_src = 'https://{{domains[www]}}:{{ports[https][0]}}' + |
| same_origin_src; |
| var test_desc_begin = 'Permissions policy header "private-state-token-issuance=*"'; |
| |
| test(() => { |
| try { |
| new Request("https://issuer.example/", { |
| privateToken: { |
| version: 1, |
| operation: "token-request" |
| } |
| }); |
| } catch(e) { |
| assert_unreached(); |
| } |
| try { |
| const xhr = new XMLHttpRequest(); |
| xhr.open("GET", "https://issuer.example/"); |
| xhr.setPrivateToken({ |
| version: 1, |
| operation: "token-request" |
| }); |
| } catch(e) { |
| assert_unreached(); |
| } |
| |
| }, test_desc_begin + ' allows the top-level document.'); |
| |
| async_test(t => { |
| test_feature_availability('Private State Token issuance request', t, |
| same_origin_src, |
| (data, desc) => { |
| assert_equals(data.num_operations_enabled, 2, desc);}); |
| }, test_desc_begin + ' allows same-origin iframes.'); |
| |
| async_test(t => { |
| test_feature_availability('Private State Token issuance request', t, |
| cross_origin_src, |
| (data, desc) => { |
| assert_equals(data.num_operations_enabled, 0, desc);}); |
| }, test_desc_begin + ' disallows cross-origin iframes.'); |
| |
| async_test(t => { |
| test_feature_availability( |
| 'Private State Token issuance request', t, cross_origin_src, |
| (data, desc) => {assert_equals(data.num_operations_enabled, 2, desc);}, |
| 'private-state-token-issuance'); |
| }, test_desc_begin + ' and allow="private-state-token-issuance" allows cross-origin iframes.'); |
| </script> |
| </body> |