[WebOTP] Prototyping WebOTP support in cross-origin iframes
Major changes:
1. Adds a new policy-controlled feature "otp-credentials" to allow the
iframe to get credentials from its parent frame.
2. Supports parsing SMSes with format "@top.com #code @iframe.com"
3. Passes along a list of origins in the system instead of a single
origin previously.
More details on the context: https://github.com/WICG/web-otp/issues/50
Bug: 1136506
Change-Id: Ic458e51c33b721a80204abb490776b436086bff4
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2497992
Commit-Queue: Yi Gu <yigu@chromium.org>
Reviewed-by: Yaron Friedman <yfriedman@chromium.org>
Reviewed-by: Ian Clelland <iclelland@chromium.org>
Reviewed-by: Ken Buchanan <kenrb@chromium.org>
Reviewed-by: Majid Valipour <majidvp@chromium.org>
Cr-Commit-Position: refs/heads/master@{#831865}
diff --git a/credential-management/otpcredential-iframe.https.html b/credential-management/otpcredential-iframe.https.html
index 8af17b5..da3e572 100644
--- a/credential-management/otpcredential-iframe.https.html
+++ b/credential-management/otpcredential-iframe.https.html
@@ -31,11 +31,24 @@
const messageWatcher = new EventWatcher(t, window, "message");
var iframe = document.createElement("iframe");
iframe.src = remoteBaseURL + "support/otpcredential-iframe.html"
+ iframe.allow = "otp-credentials";
+ document.body.appendChild(iframe);
+
+ const message = await messageWatcher.wait_for("message");
+ assert_equals(message.data.result, "Pass");
+ assert_equals(message.data.code, "ABC123");
+
+}, "OTPCredential enabled in cross origin iframes with permissions policy");
+
+promise_test(async t => {
+ const messageWatcher = new EventWatcher(t, window, "message");
+ var iframe = document.createElement("iframe");
+ iframe.src = remoteBaseURL + "support/otpcredential-iframe.html"
document.body.appendChild(iframe);
const message = await messageWatcher.wait_for("message");
assert_equals(message.data.result, "Fail");
assert_equals(message.data.errorType, "NotAllowedError");
-}, "Test OTPCredential disabled in cross origin iframes");
+}, "OTPCredential disabled in cross origin iframes without permissions policy");
</script>