commit f7b85ab73e04994eea940c2a7a81f98c8bc75c14
author Yi Gu <yigu@chromium.org> Mon Nov 30 17:05:06 2020
committer Blink WPT Bot <blink-w3c-test-autoroller@chromium.org> Mon Nov 30 17:31:43 2020
tree 93a172417c4417492c6edbe349ecb3abf0012dfa
parent 851352daca75c5c105b687374edff5c42eeea8d3

[WebOTP] Prototyping WebOTP support in cross-origin iframes

Major changes:
1. Adds a new policy-controlled feature "otp-credentials" to allow the
  iframe to get credentials from its parent frame.
2. Supports parsing SMSes with format "@top.com #code @iframe.com"
3. Passes along a list of origins in the system instead of a single
  origin previously.

More details on the context: https://github.com/WICG/web-otp/issues/50

Bug: 1136506
Change-Id: Ic458e51c33b721a80204abb490776b436086bff4
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2497992
Commit-Queue: Yi Gu <yigu@chromium.org>
Reviewed-by: Yaron Friedman <yfriedman@chromium.org>
Reviewed-by: Ian Clelland <iclelland@chromium.org>
Reviewed-by: Ken Buchanan <kenrb@chromium.org>
Reviewed-by: Majid Valipour <majidvp@chromium.org>
Cr-Commit-Position: refs/heads/master@{#831865}

credential-management/otpcredential-iframe.https.html

diff --git a/credential-management/otpcredential-iframe.https.html b/credential-management/otpcredential-iframe.https.html
index 8af17b5..da3e572 100644
--- a/credential-management/otpcredential-iframe.https.html
+++ b/credential-management/otpcredential-iframe.https.html
@@ -31,11 +31,24 @@
   const messageWatcher = new EventWatcher(t, window, "message");
   var iframe = document.createElement("iframe");
   iframe.src = remoteBaseURL + "support/otpcredential-iframe.html"
+  iframe.allow = "otp-credentials";
+  document.body.appendChild(iframe);
+
+  const message = await messageWatcher.wait_for("message");
+  assert_equals(message.data.result, "Pass");
+  assert_equals(message.data.code, "ABC123");
+
+}, "OTPCredential enabled in cross origin iframes with permissions policy");
+
+promise_test(async t => {
+  const messageWatcher = new EventWatcher(t, window, "message");
+  var iframe = document.createElement("iframe");
+  iframe.src = remoteBaseURL + "support/otpcredential-iframe.html"
   document.body.appendChild(iframe);
 
   const message = await messageWatcher.wait_for("message");
   assert_equals(message.data.result, "Fail");
   assert_equals(message.data.errorType, "NotAllowedError");
 
-}, "Test OTPCredential disabled in cross origin iframes");
+}, "OTPCredential disabled in cross origin iframes without permissions policy");
 </script>