Make Document::isSecureContext() work for OOPIFs

third_party/WebKit/LayoutTests/http/tests/security/secureContexts/authenticated_sandbox.html

Index: third_party/WebKit/LayoutTests/http/tests/security/secureContexts/authenticated_sandbox.html
diff --git a/third_party/WebKit/LayoutTests/http/tests/security/secureContexts/authenticated.html b/third_party/WebKit/LayoutTests/http/tests/security/secureContexts/authenticated_sandbox.html
similarity index 57%
copy from third_party/WebKit/LayoutTests/http/tests/security/secureContexts/authenticated.html
copy to third_party/WebKit/LayoutTests/http/tests/security/secureContexts/authenticated_sandbox.html
index 07a070f56dea644bd9c9edd4ddbc0a94d3ade6e1..28553a1c9e2de4836f8486b0332b95f7ce20b377 100644
--- a/third_party/WebKit/LayoutTests/http/tests/security/secureContexts/authenticated.html
+++ b/third_party/WebKit/LayoutTests/http/tests/security/secureContexts/authenticated_sandbox.html
@@ -1,16 +1,14 @@
 <!DOCTYPE html>
 <html>
 <head>
-    <title>Authenticated origins are secure, both at top-level and in frames.</title>
+    <title>Authenticated origin with sandbox iframe is secure</title>
     <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharness-helpers.js"></script>
     <script src="/resources/testharnessreport.js"></script>
     <script src="/resources/get-host-info.js"></script>
 </head>
 <body>
     <script>
-        if (window.testRunner)
-            testRunner.overridePreference("WebKitAllowRunningInsecureContent", true);
-
         if (window.location.origin != get_host_info().AUTHENTICATED_ORIGIN) {
             window.location = get_host_info().AUTHENTICATED_ORIGIN +
                               window.location.pathname;
@@ -18,28 +16,27 @@
             test(function () {
                 assert_equals(window.location.origin, get_host_info().AUTHENTICATED_ORIGIN, "Sanity check the test runner.");
                 assert_true(window.isSecureContext);
-            }, "authenticated origin is secure at the top-level.");
+            }, "authenticated origin is secure.");
 
             async_test(function (t) {
                 var messages = 0;
                 window.addEventListener("message", t.step_func(function (e) {
-                    if (e.origin == get_host_info().AUTHENTICATED_ORIGIN)
-                        assert_true(e.data.isSecureContext);
-                    if (e.origin == get_host_info().UNAUTHENTICATED_ORIGIN)
-                        assert_false(e.data.isSecureContext);
+                    console.log(e);

[alexmos, 2016/03/14 22:20:36]

nit: remove?

[estark, 2016/03/15 01:04:41]

Done.

+                    assert_true(e.data.isSecureContext);
                     messages++;
                     if (messages >= 2)
                         t.done();
                 }), false);
 
                 var i1 = document.createElement("iframe");
-                i1.src = get_host_info().UNAUTHENTICATED_ORIGIN + "/security/secureContexts/resources/post-securecontext-status.html";
+                i1.srcdoc = "<iframe src='" + get_host_info().HTTPS_REMOTE_ORIGIN + "/security/secureContexts/resources/post-securecontext-status.html" + "'></iframe>";
+                i1.sandbox = "allow-scripts";
                 document.body.appendChild(i1);
 
                 var i2 = document.createElement("iframe");
-                i2.src = get_host_info().AUTHENTICATED_ORIGIN + "/security/secureContexts/resources/post-securecontext-status.html";
+                i2.src = "/security/secureContexts/resources/dynamically-sandbox-and-iframe-https.html";
                 document.body.appendChild(i2);
-            }, "Frames are either secure or insecure.");
+            }, "Frames inside sandboxed frames are secure");
         }
     </script>
 </body>