| <script src="/resources/testharness.js"></script> |
| <script src="/resources/testharnessreport.js"></script> |
| <script src="/common/get-host-info.sub.js"></script> |
| <script src="/common/utils.js"></script> |
| <script src="../resources/common.js"></script> |
| <script src="../resources/dispatcher.js"></script> |
| <script> |
| |
| const same_origin = get_host_info().HTTPS_ORIGIN; |
| const cross_origin = get_host_info().HTTPS_REMOTE_ORIGIN; |
| const local_storage_key = "coep_credentialless_iframe_local_storage"; |
| const local_storage_same_origin = "same_origin"; |
| const local_storage_cross_origin = "cross_origin"; |
| |
| promise_test_parallel(async test => { |
| // Add an item in the localStorage on same_origin. |
| localStorage.setItem(local_storage_key, local_storage_same_origin); |
| |
| // Add an item in the localStorage on cross_origin. |
| { |
| const w_token = token(); |
| const w_url = cross_origin + executor_path + `&uuid=${w_token}`; |
| const w = window.open(w_url); |
| const reply_token = token(); |
| send(w_token, ` |
| localStorage.setItem("${local_storage_key}", |
| "${local_storage_cross_origin}"); |
| send("${reply_token}", "done"); |
| `); |
| assert_equals(await receive(reply_token), "done"); |
| w.close(); |
| } |
| |
| let credentialless_window = newCredentiallessWindow(same_origin); |
| |
| promise_test_parallel(async test => { |
| let iframe = newCredentiallessIframe(credentialless_window, same_origin); |
| let reply_token = token(); |
| send(iframe, ` |
| let value = localStorage.getItem("${local_storage_key}"); |
| send("${reply_token}", value); |
| `) |
| assert_equals( |
| await receive(reply_token), |
| local_storage_same_origin |
| ); |
| }, "same_origin iframe can access the localStorage"); |
| |
| promise_test_parallel(async test => { |
| let iframe = newCredentiallessIframe(credentialless_window, cross_origin); |
| let reply_token = token(); |
| send(iframe, ` |
| let value = localStorage.getItem("${local_storage_key}"); |
| send("${reply_token}", value); |
| `) |
| assert_equals(await receive(reply_token), "") |
| }, "cross_origin iframe can't access the localStorage"); |
| |
| }, "Setup") |
| |
| </script> |