Chromium Code Reviews Chromium Code Reviews
Issue 1723753002:
Make Document::isSecureContext() work for OOPIFs (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| OLD | NEW |
|---|---|
| 1 <!DOCTYPE html> | 1 <!DOCTYPE html> |
| 2 <html> | 2 <html> |
| 3 <head> | 3 <head> |
| 4 <title>Authenticated origins are secure, both at top-level and in frames.</t itle> | 4 <title>Authenticated origin with sandbox iframe is secure</title> |
| 5 <script src="/resources/testharness.js"></script> | 5 <script src="/resources/testharness.js"></script> |
| 6 <script src="/resources/testharness-helpers.js"></script> | |
| 6 <script src="/resources/testharnessreport.js"></script> | 7 <script src="/resources/testharnessreport.js"></script> |
| 7 <script src="/resources/get-host-info.js"></script> | 8 <script src="/resources/get-host-info.js"></script> |
| 8 </head> | 9 </head> |
| 9 <body> | 10 <body> |
| 10 <script> | 11 <script> |
| 11 if (window.testRunner) | |
| 12 testRunner.overridePreference("WebKitAllowRunningInsecureContent", t rue); | |
| 13 | |
| 14 if (window.location.origin != get_host_info().AUTHENTICATED_ORIGIN) { | 12 if (window.location.origin != get_host_info().AUTHENTICATED_ORIGIN) { |
| 15 window.location = get_host_info().AUTHENTICATED_ORIGIN + | 13 window.location = get_host_info().AUTHENTICATED_ORIGIN + |
| 16 window.location.pathname; | 14 window.location.pathname; |
| 17 } else { | 15 } else { |
| 18 test(function () { | 16 test(function () { |
| 19 assert_equals(window.location.origin, get_host_info().AUTHENTICA TED_ORIGIN, "Sanity check the test runner."); | 17 assert_equals(window.location.origin, get_host_info().AUTHENTICA TED_ORIGIN, "Sanity check the test runner."); |
| 20 assert_true(window.isSecureContext); | 18 assert_true(window.isSecureContext); |
| 21 }, "authenticated origin is secure at the top-level."); | 19 }, "authenticated origin is secure."); |
| 22 | 20 |
| 23 async_test(function (t) { | 21 async_test(function (t) { |
| 24 var messages = 0; | 22 var messages = 0; |
| 25 window.addEventListener("message", t.step_func(function (e) { | 23 window.addEventListener("message", t.step_func(function (e) { |
| 26 if (e.origin == get_host_info().AUTHENTICATED_ORIGIN) | 24 console.log(e); |
|
alexmos
2016/03/14 22:20:36
nit: remove?
estark
2016/03/15 01:04:41
Done.
| |
| 27 assert_true(e.data.isSecureContext); | 25 assert_true(e.data.isSecureContext); |
| 28 if (e.origin == get_host_info().UNAUTHENTICATED_ORIGIN) | |
| 29 assert_false(e.data.isSecureContext); | |
| 30 messages++; | 26 messages++; |
| 31 if (messages >= 2) | 27 if (messages >= 2) |
| 32 t.done(); | 28 t.done(); |
| 33 }), false); | 29 }), false); |
| 34 | 30 |
| 35 var i1 = document.createElement("iframe"); | 31 var i1 = document.createElement("iframe"); |
| 36 i1.src = get_host_info().UNAUTHENTICATED_ORIGIN + "/security/sec ureContexts/resources/post-securecontext-status.html"; | 32 i1.srcdoc = "<iframe src='" + get_host_info().HTTPS_REMOTE_ORIGI N + "/security/secureContexts/resources/post-securecontext-status.html" + "'></i frame>"; |
| 33 i1.sandbox = "allow-scripts"; | |
| 37 document.body.appendChild(i1); | 34 document.body.appendChild(i1); |
| 38 | 35 |
| 39 var i2 = document.createElement("iframe"); | 36 var i2 = document.createElement("iframe"); |
| 40 i2.src = get_host_info().AUTHENTICATED_ORIGIN + "/security/secur eContexts/resources/post-securecontext-status.html"; | 37 i2.src = "/security/secureContexts/resources/dynamically-sandbox -and-iframe-https.html"; |
| 41 document.body.appendChild(i2); | 38 document.body.appendChild(i2); |
| 42 }, "Frames are either secure or insecure."); | 39 }, "Frames inside sandboxed frames are secure"); |
| 43 } | 40 } |
| 44 </script> | 41 </script> |
| 45 </body> | 42 </body> |
| 46 </html> | 43 </html> |
| OLD | NEW |
