OLD | NEW |
| (Empty) |
1 <!DOCTYPE html> | |
2 <meta charset="utf-8"> | |
3 <script src="../resources/testharness.js"></script> | |
4 <script src="../resources/testharnessreport.js"></script> | |
5 <script src="../resources/get-host-info.js?pipe=sub"></script> | |
6 <script src="resources/test-helpers.js"></script> | |
7 <title>Insecure parent frame test</title> | |
8 <body></body> | |
9 <script> | |
10 // Asks |worker| to call clients.claim. Returns a promise that resolves when | |
11 // the worker acks that claim finished. | |
12 function wait_for_claim(worker) { | |
13 var saw_message = new Promise(resolve => { | |
14 var channel = new MessageChannel(); | |
15 channel.port1.onmessage = (e => resolve(e.data)); | |
16 worker.postMessage({port: channel.port2}, [channel.port2]); | |
17 }); | |
18 | |
19 return saw_message.then(data => { | |
20 assert_equals(data, 'PASS', 'claim should finish'); | |
21 }); | |
22 } | |
23 | |
24 // Asks |frame| whether it has a controller. Returns a promise that resolves | |
25 // if controller was null. | |
26 function assert_no_controller(frame, description) { | |
27 var saw_message = new Promise(resolve => { | |
28 window.onmessage = (e => resolve(e.data)); | |
29 frame.contentWindow.postMessage('', '*'); | |
30 }); | |
31 | |
32 return saw_message.then(data => assert_equals(data, 'PASS', description)); | |
33 } | |
34 | |
35 // This test creates https iframes inside insecure http iframes. It registers a | |
36 // service worker that should not control the in-scope iframes. The iframes | |
37 // communicate whether they have a controller to the top-level frame. | |
38 promise_test(t => { | |
39 var script = 'resources/claim-worker.js'; | |
40 var scope = 'resources/insecure-inscope'; | |
41 var registration; | |
42 var insecure_url = get_host_info().UNAUTHENTICATED_ORIGIN + | |
43 '/serviceworker/resources/insecure-parent.html'; | |
44 var pre_registration_frame; | |
45 var post_registration_frame; | |
46 | |
47 return navigator.serviceWorker.getRegistration(scope) | |
48 // Unregister. | |
49 .then(reg => { | |
50 if (reg) | |
51 return reg.unregister(); | |
52 }) | |
53 | |
54 // Create an iframe prior to registration. | |
55 .then(() => with_iframe(insecure_url)) | |
56 | |
57 // Register. | |
58 .then(frame => { | |
59 pre_registration_frame = frame; | |
60 add_result_callback(() => pre_registration_frame.remove()); | |
61 return navigator.serviceWorker.register(script, {scope:scope}); | |
62 }) | |
63 .then(reg => { | |
64 registration = reg; | |
65 return wait_for_state(t, registration.installing, 'activated'); | |
66 }) | |
67 | |
68 // Create an iframe after registration. | |
69 .then(() => with_iframe(insecure_url)) | |
70 .then(frame => post_registration_frame = frame) | |
71 | |
72 // Check that no frame is controlled. | |
73 .then(() => assert_no_controller(pre_registration_frame, | |
74 'pre_registration_frame should not be controlled')) | |
75 .then(() => assert_no_controller(post_registration_frame, | |
76 'post_registration_frame should not be controlled')) | |
77 | |
78 // Attempt to claim. The iframes should still have no controllers. | |
79 .then(() => wait_for_claim(registration.active)) | |
80 .then(() => assert_no_controller(pre_registration_frame, | |
81 'pre_registration_frame should not be claimed')) | |
82 .then(() => assert_no_controller(post_registration_frame, | |
83 'post_registration_frame should not be claimed')); | |
84 }, 'Service worker does not control a subframe of an insecure frame'); | |
85 </script> | |
OLD | NEW |