| OLD | NEW |
|---|
| 1 <!DOCTYPE html> | 1 <!DOCTYPE html> |
| 2 <html> | 2 <html> |
| 3 <head> | 3 <head> |
| 4 <title>Unauthenticated origin is insecure</title> | 4 <title>Unauthenticated origin with sandbox iframe is insecure</title> |
| 5 <script src="/resources/testharness.js"></script> | 5 <script src="/resources/testharness.js"></script> |
| 6 <script src="/resources/testharness-helpers.js"></script> | 6 <script src="/resources/testharness-helpers.js"></script> |
| 7 <script src="/resources/testharnessreport.js"></script> | 7 <script src="/resources/testharnessreport.js"></script> |
| 8 <script src="/resources/get-host-info.js"></script> | 8 <script src="/resources/get-host-info.js"></script> |
| 9 </head> | 9 </head> |
| 10 <body> | 10 <body> |
| 11 <script> | 11 <script> |
| 12 if (window.location.origin != get_host_info().UNAUTHENTICATED_ORIGIN) { | 12 if (window.location.origin != get_host_info().UNAUTHENTICATED_ORIGIN) { |
| 13 window.location = get_host_info().UNAUTHENTICATED_ORIGIN + | 13 window.location = get_host_info().UNAUTHENTICATED_ORIGIN + |
| 14 window.location.pathname; | 14 window.location.pathname; |
| 15 } else { | 15 } else { |
| 16 test(function () { | 16 test(function () { |
| 17 assert_equals(window.location.origin, get_host_info().UNAUTHENTI
CATED_ORIGIN, "Sanity check the test runner."); | 17 assert_equals(window.location.origin, get_host_info().UNAUTHENTI
CATED_ORIGIN, "Sanity check the test runner."); |
| 18 assert_false(window.isSecureContext); | 18 assert_false(window.isSecureContext); |
| 19 }, "unauthenticated origin is insecure."); | 19 }, "unauthenticated origin is insecure."); |
| 20 | 20 |
| 21 async_test(function (t) { | 21 async_test(function (t) { |
| 22 var messages = 0; | 22 var messages = 0; |
| 23 window.addEventListener("message", t.step_func(function (e) { | 23 window.addEventListener("message", t.step_func(function (e) { |
| 24 assert_false(e.data.isSecureContext); | 24 assert_false(e.data.isSecureContext); |
| 25 messages++; | 25 messages++; |
| 26 if (messages >= 2) | 26 if (messages >= 3) |
| 27 t.done(); | 27 t.done(); |
| 28 }), false); | 28 }), false); |
| 29 | 29 |
| 30 var i1 = document.createElement("iframe"); | 30 var i1 = document.createElement("iframe"); |
| 31 i1.src = get_host_info().UNAUTHENTICATED_ORIGIN + "/security/sec
ureContexts/resources/post-securecontext-status.html"; | 31 i1.srcdoc = "<iframe src='" + get_host_info().HTTP_REMOTE_ORIGIN
+ "/security/secureContexts/resources/post-securecontext-status.html" + "'></if
rame>"; |
| 32 i1.sandbox = "allow-scripts"; |
| 32 document.body.appendChild(i1); | 33 document.body.appendChild(i1); |
| 33 | 34 |
| 34 var i2 = document.createElement("iframe"); | 35 var i2 = document.createElement("iframe"); |
| 35 i2.src = get_host_info().AUTHENTICATED_ORIGIN + "/security/secur
eContexts/resources/post-securecontext-status.html"; | 36 i2.srcdoc = "<iframe src='" + get_host_info().HTTPS_REMOTE_ORIGI
N + "/security/secureContexts/resources/post-securecontext-status.html" + "'></i
frame>"; |
| 37 i2.sandbox = "allow-scripts"; |
| 36 document.body.appendChild(i2); | 38 document.body.appendChild(i2); |
| 37 }, "Frames are insecure"); | 39 |
| 40 var i3 = document.createElement("iframe"); |
| 41 i3.src = "/security/secureContexts/resources/dynamically-sandbox
-and-iframe-https.html"; |
| 42 document.body.appendChild(i3); |
| 43 }, "Frames inside sandboxed frames are insecure"); |
| 38 } | 44 } |
| 39 </script> | 45 </script> |
| 40 </body> | 46 </body> |
| 41 </html> | 47 </html> |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1723753002:
Make Document::isSecureContext() work for OOPIFs (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master