| <!DOCTYPE html> |
| <title>Test default permission policy features gating (*)</title> |
| <script src="/resources/testharness.js"></script> |
| <script src="/resources/testharnessreport.js"></script> |
| <script src="/common/utils.js"></script> |
| <script src="/common/dispatcher/dispatcher.js"></script> |
| <script src="resources/utils.js"></script> |
| <script src="/common/get-host-info.sub.js"></script> |
| <script src="resources/default-enabled-features-helper.js"></script> |
| |
| <body> |
| <script> |
| promise_test(async(t) => { |
| await runDefaultEnabledFeaturesTest(t, true, get_host_info().ORIGIN); |
| await runDefaultEnabledFeaturesTest(t, true, get_host_info().ORIGIN, |
| generator_api="sharedstorage"); |
| }, 'Same-origin fenced frame loads when feature policies are *'); |
| |
| promise_test(async(t) => { |
| await runDefaultEnabledFeaturesTest(t, true, get_host_info().REMOTE_ORIGIN); |
| await runDefaultEnabledFeaturesTest(t, true, get_host_info().REMOTE_ORIGIN, |
| generator_api="sharedstorage"); |
| }, 'Cross-origin fenced frame loads when feature policies are *'); |
| |
| promise_test(async(t) => { |
| // We do this test the "old fashioned way" because a redirect in a fenced |
| // frame remote context will cause it to lose its ability to communicate with |
| // the main page (which results in a timeout). |
| const page1_key = token(); |
| const redirect_key = token(); |
| |
| const fencedframe = attachFencedFrame( |
| await generateURNFromFledge( |
| "resources/default-enabled-features-navigate.https.html", |
| [page1_key, redirect_key])); |
| |
| // The fenced frame will send its attribution reporting result and then |
| // attempt to redirect to a remote origin page. |
| const page1_resp = await nextValueFromServer(page1_key); |
| assert_equals(page1_resp, "true", |
| "Attribution reporting should be enabled on the original page."); |
| |
| // The fenced frame will send its attribution reporting result and then |
| // attempt to redirect to a remote origin page. |
| const redirect_resp = await nextValueFromServer(redirect_key); |
| assert_equals(redirect_resp, "true", |
| "Attribution reporting should be enabled on the redirected page."); |
| }, 'A fenced frame that navigates itself to a cross origin page that allows feature policies ' + |
| 'can still access the feature policies'); |
| |
| promise_test(async(t) => { |
| const fencedframe = await attachFencedFrameContext({ |
| origin: get_host_info().REMOTE_ORIGIN}); |
| |
| await fencedframe.execute(async () => { |
| assert_true( |
| document.featurePolicy.allowsFeature('shared-storage'), |
| "Shared storage should be allowed in the fenced frame."); |
| assert_true( |
| document.featurePolicy.allowsFeature('private-aggregation'), |
| "Private aggregation should be allowed in the fenced frame."); |
| assert_false( |
| document.featurePolicy.allowsFeature('attribution-reporting'), |
| "Attribution reporting should be disallowed in the fenced frame."); |
| assert_false( |
| document.featurePolicy.allowsFeature('sync-xhr'), |
| "USB access should be disallowed in the fenced frame."); |
| }, []); |
| }, 'Cross-origin fenced frames default feature policies follow inheritance' + |
| ' rules.'); |
| |
| </script> |
| </body> |
| </html> |
