Index: third_party/WebKit/LayoutTests/external/wpt/service-workers/service-worker/insecure-parent-window.https.html |
diff --git a/third_party/WebKit/LayoutTests/external/wpt/service-workers/service-worker/insecure-parent-window.https.html b/third_party/WebKit/LayoutTests/external/wpt/service-workers/service-worker/insecure-parent-window.https.html |
new file mode 100644 |
index 0000000000000000000000000000000000000000..851139a99a1924aa677403e23af9fd46786f603e |
--- /dev/null |
+++ b/third_party/WebKit/LayoutTests/external/wpt/service-workers/service-worker/insecure-parent-window.https.html |
@@ -0,0 +1,106 @@ |
+<!DOCTYPE html> |
+<meta charset="utf-8"> |
+<script src="/resources/testharness.js"></script> |
+<script src="/resources/testharnessreport.js"></script> |
+<script src="/common/get-host-info.sub.js"></script> |
+<script src="resources/test-helpers.sub.js"></script> |
+<title>Insecure parent window test</title> |
+<body></body> |
+<script> |
+// Asks |worker| to call clients.claim. Returns a promise that resolves when |
+// the worker acks that claim finished. |
+function wait_for_claim(worker) { |
+ var saw_message = new Promise(resolve => { |
+ var channel = new MessageChannel(); |
+ channel.port1.onmessage = (e => resolve(e.data)); |
+ worker.postMessage({port: channel.port2}, [channel.port2]); |
+ }); |
+ |
+ return saw_message.then(data => { |
+ assert_equals(data, 'PASS', 'claim should finish'); |
+ }); |
+} |
+ |
+// Asks |win| whether it has a controller. Returns a promise that resolves if |
+// controller was null. |
+function assert_no_controller(win, description) { |
+ var saw_message = new Promise(resolve => { |
+ window.onmessage = (e => resolve(e.data)); |
+ win.postMessage('', '*'); |
+ }); |
+ |
+ return saw_message.then(data => assert_equals(data, 'PASS', description)); |
+} |
+ |
+function with_window(url) { |
+ return new Promise(function(resolve) { |
+ var win = open(url); |
+ window.addEventListener('message', function onLoad(event) { |
+ if (event.source !== win) { |
+ return; |
+ } |
+ |
+ window.removeEventListener('message', onload); |
+ // Reference must be boxed so that internal Promise mechanism does |
+ // not trigger error when referencing the `then` property of the |
+ // resolution value. |
+ resolve([win]); |
+ }, false); |
+ }); |
+} |
+ |
+// This test creates HTTPS iframes inside insecure HTTP windows. It registers a |
+// service worker that should not control the in-scope iframes. The iframes |
+// communicate whether they have a controller to their parent, which forwards |
+// the message to the top-level test document. |
+promise_test(t => { |
+ var script = 'resources/claim-worker.js'; |
+ var scope = 'resources/insecure-inscope'; |
+ var registration; |
+ var insecure_url = get_host_info().UNAUTHENTICATED_ORIGIN + |
+ '/service-workers/service-worker/resources/insecure-parent-window.html'; |
+ var pre_registration_window; |
+ var post_registration_window; |
+ |
+ return navigator.serviceWorker.getRegistration(scope) |
+ // Unregister. |
+ .then(reg => { |
+ if (reg) { |
+ return reg.unregister(); |
+ } |
+ }) |
+ |
+ // Create a window prior to registration. |
+ .then(() => with_window(insecure_url)) |
+ |
+ // Register. |
+ .then(boxed_window => { |
+ pre_registration_window = boxed_window[0]; |
+ t.add_cleanup(() => pre_registration_window.close()); |
+ return navigator.serviceWorker.register(script, {scope:scope}); |
+ }) |
+ .then(reg => { |
+ registration = reg; |
+ return wait_for_state(t, registration.installing, 'activated'); |
+ }) |
+ |
+ // Create a window after registration. |
+ .then(() => with_window(insecure_url)) |
+ .then(boxed_window => { |
+ post_registration_window = boxed_window[0]; |
+ t.add_cleanup(() => post_registration_window.close()); |
+ }) |
+ // Check that no window is controlled. |
+ .then(() => assert_no_controller(pre_registration_window, |
+ 'pre_registration_window should not be controlled')) |
+ .then(() => assert_no_controller(post_registration_window, |
+ 'post_registration_window should not be controlled')) |
+ |
+ // Attempt to claim. The windows should still have no controllers. |
+ .then(() => wait_for_claim(registration.active)) |
+ .then(() => assert_no_controller(pre_registration_window, |
+ 'pre_registration_window should not be claimed')) |
+ .then(() => assert_no_controller(post_registration_window, |
+ 'post_registration_window should not be claimed')); |
+ }, 'Service worker does not control a subframe of an insecure window'); |
+</script> |