Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(184)

Side by Side Diff: third_party/WebKit/LayoutTests/http/tests/serviceworker/insecure-parent-frame.html

Issue 2071433003: Reland: service worker: Don't control a subframe of an insecure context (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: revised Created 4 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
OLDNEW
(Empty)
1 <!DOCTYPE html>
2 <meta charset="utf-8">
3 <script src="../resources/testharness.js"></script>
4 <script src="../resources/testharnessreport.js"></script>
5 <script src="../resources/get-host-info.js?pipe=sub"></script>
6 <script src="resources/test-helpers.js"></script>
7 <title>Insecure parent frame test</title>
8 <body></body>
9 <script>
10 // Asks |worker| to call clients.claim. Returns a promise that resolves when
11 // the worker acks that claim finished.
12 function wait_for_claim(worker) {
13 var saw_message = new Promise(resolve => {
14 var channel = new MessageChannel();
15 channel.port1.onmessage = (e => resolve(e.data));
16 worker.postMessage({port: channel.port2}, [channel.port2]);
17 });
18
19 return saw_message.then(data => {
20 assert_equals(data, 'PASS', 'claim should finish');
21 });
22 }
23
24 // Asks |frame| whether it has a controller. Returns a promise that resolves
25 // if controller was null.
26 function assert_no_controller(frame, description) {
27 var saw_message = new Promise(resolve => {
28 window.onmessage = (e => resolve(e.data));
29 frame.contentWindow.postMessage('', '*');
30 });
31
32 return saw_message.then(data => assert_equals(data, 'PASS', description));
33 }
34
35 // This test creates https iframes inside insecure http iframes. It registers a
36 // service worker that should not control the in-scope iframes. The iframes
37 // communicate whether they have a controller to the top-level frame.
38 promise_test(t => {
39 var script = 'resources/claim-worker.js';
40 var scope = 'resources/insecure-inscope';
41 var registration;
42 var insecure_url = get_host_info().UNAUTHENTICATED_ORIGIN +
43 '/serviceworker/resources/insecure-parent.html';
44 var pre_registration_frame;
45 var post_registration_frame;
46
47 return navigator.serviceWorker.getRegistration(scope)
48 // Unregister.
49 .then(reg => {
50 if (reg)
51 return reg.unregister();
52 })
53
54 // Create an iframe prior to registration.
55 .then(() => with_iframe(insecure_url))
56
57 // Register.
58 .then(frame => {
59 pre_registration_frame = frame;
60 add_result_callback(() => pre_registration_frame.remove());
61 return navigator.serviceWorker.register(script, {scope:scope});
62 })
63 .then(reg => {
64 registration = reg;
65 return wait_for_state(t, registration.installing, 'activated');
66 })
67
68 // Create an iframe after registration.
69 .then(() => with_iframe(insecure_url))
70 .then(frame => post_registration_frame = frame)
71
72 // Check that no frame is controlled.
73 .then(() => assert_no_controller(pre_registration_frame,
74 'pre_registration_frame should not be controlled'))
75 .then(() => assert_no_controller(post_registration_frame,
76 'post_registration_frame should not be controlled'))
77
78 // Attempt to claim. The iframes should still have no controllers.
79 .then(() => wait_for_claim(registration.active))
80 .then(() => assert_no_controller(pre_registration_frame,
81 'pre_registration_frame should not be claimed'))
82 .then(() => assert_no_controller(post_registration_frame,
83 'post_registration_frame should not be claimed'));
84 }, 'Service worker does not control a subframe of an insecure frame');
85 </script>
OLDNEW

Powered by Google App Engine
This is Rietveld 408576698