OLD | NEW |
(Empty) | |
| 1 <!DOCTYPE html> |
| 2 <meta charset="utf-8"> |
| 3 <script src="/resources/testharness.js"></script> |
| 4 <script src="/resources/testharnessreport.js"></script> |
| 5 <script src="/common/get-host-info.sub.js"></script> |
| 6 <script src="resources/test-helpers.sub.js"></script> |
| 7 <title>Insecure parent window test</title> |
| 8 <body></body> |
| 9 <script> |
| 10 // Asks |worker| to call clients.claim. Returns a promise that resolves when |
| 11 // the worker acks that claim finished. |
| 12 function wait_for_claim(worker) { |
| 13 var saw_message = new Promise(resolve => { |
| 14 var channel = new MessageChannel(); |
| 15 channel.port1.onmessage = (e => resolve(e.data)); |
| 16 worker.postMessage({port: channel.port2}, [channel.port2]); |
| 17 }); |
| 18 |
| 19 return saw_message.then(data => { |
| 20 assert_equals(data, 'PASS', 'claim should finish'); |
| 21 }); |
| 22 } |
| 23 |
| 24 // Asks |win| whether it has a controller. Returns a promise that resolves if |
| 25 // controller was null. |
| 26 function assert_no_controller(win, description) { |
| 27 var saw_message = new Promise(resolve => { |
| 28 window.onmessage = (e => resolve(e.data)); |
| 29 win.postMessage('', '*'); |
| 30 }); |
| 31 |
| 32 return saw_message.then(data => assert_equals(data, 'PASS', description)); |
| 33 } |
| 34 |
| 35 function with_window(url) { |
| 36 return new Promise(function(resolve) { |
| 37 var win = open(url); |
| 38 window.addEventListener('message', function onLoad(event) { |
| 39 if (event.source !== win) { |
| 40 return; |
| 41 } |
| 42 |
| 43 window.removeEventListener('message', onload); |
| 44 // Reference must be boxed so that internal Promise mechanism does |
| 45 // not trigger error when referencing the `then` property of the |
| 46 // resolution value. |
| 47 resolve([win]); |
| 48 }, false); |
| 49 }); |
| 50 } |
| 51 |
| 52 // This test creates HTTPS iframes inside insecure HTTP windows. It registers a |
| 53 // service worker that should not control the in-scope iframes. The iframes |
| 54 // communicate whether they have a controller to their parent, which forwards |
| 55 // the message to the top-level test document. |
| 56 promise_test(t => { |
| 57 var script = 'resources/claim-worker.js'; |
| 58 var scope = 'resources/insecure-inscope'; |
| 59 var registration; |
| 60 var insecure_url = get_host_info().UNAUTHENTICATED_ORIGIN + |
| 61 '/service-workers/service-worker/resources/insecure-parent-window.
html'; |
| 62 var pre_registration_window; |
| 63 var post_registration_window; |
| 64 |
| 65 return navigator.serviceWorker.getRegistration(scope) |
| 66 // Unregister. |
| 67 .then(reg => { |
| 68 if (reg) { |
| 69 return reg.unregister(); |
| 70 } |
| 71 }) |
| 72 |
| 73 // Create a window prior to registration. |
| 74 .then(() => with_window(insecure_url)) |
| 75 |
| 76 // Register. |
| 77 .then(boxed_window => { |
| 78 pre_registration_window = boxed_window[0]; |
| 79 t.add_cleanup(() => pre_registration_window.close()); |
| 80 return navigator.serviceWorker.register(script, {scope:scope}); |
| 81 }) |
| 82 .then(reg => { |
| 83 registration = reg; |
| 84 return wait_for_state(t, registration.installing, 'activated'); |
| 85 }) |
| 86 |
| 87 // Create a window after registration. |
| 88 .then(() => with_window(insecure_url)) |
| 89 .then(boxed_window => { |
| 90 post_registration_window = boxed_window[0]; |
| 91 t.add_cleanup(() => post_registration_window.close()); |
| 92 }) |
| 93 // Check that no window is controlled. |
| 94 .then(() => assert_no_controller(pre_registration_window, |
| 95 'pre_registration_window should not be controlled')) |
| 96 .then(() => assert_no_controller(post_registration_window, |
| 97 'post_registration_window should not be controlled')) |
| 98 |
| 99 // Attempt to claim. The windows should still have no controllers. |
| 100 .then(() => wait_for_claim(registration.active)) |
| 101 .then(() => assert_no_controller(pre_registration_window, |
| 102 'pre_registration_window should not be claimed')) |
| 103 .then(() => assert_no_controller(post_registration_window, |
| 104 'post_registration_window should not be claimed')); |
| 105 }, 'Service worker does not control a subframe of an insecure window'); |
| 106 </script> |
OLD | NEW |