summaryrefslogtreecommitdiffstats
path: root/testing/web-platform/tests/secure-contexts/shared-worker-insecure-first.https.html
diff options
context:
space:
mode:
Diffstat (limited to 'testing/web-platform/tests/secure-contexts/shared-worker-insecure-first.https.html')
-rw-r--r--testing/web-platform/tests/secure-contexts/shared-worker-insecure-first.https.html111
1 files changed, 111 insertions, 0 deletions
diff --git a/testing/web-platform/tests/secure-contexts/shared-worker-insecure-first.https.html b/testing/web-platform/tests/secure-contexts/shared-worker-insecure-first.https.html
new file mode 100644
index 000000000..074b21c10
--- /dev/null
+++ b/testing/web-platform/tests/secure-contexts/shared-worker-insecure-first.https.html
@@ -0,0 +1,111 @@
+<!doctype html>
+<html>
+ <head>
+ <meta charset=utf-8>
+ <title>Test SharedWorkerGlobalScope.isSecureContext for HTTP creator</title>
+ <meta name="help" href="https://w3c.github.io/webappsec-secure-contexts/#monkey-patching-global-object">
+ <script src=/resources/testharness.js></script>
+ <script src=/resources/testharnessreport.js></script>
+ <script src="server-locations.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ /*
+ * The goal of this test is to check that we do the right thing if the
+ * same SharedWorker is used first from an insecure context and then from
+ * a secure context.
+ *
+ * To do this, we first open an insecure (http) popup, which loads a
+ * subframe that is same-origin with us but not a secure context, since
+ * its parent is http, not https. Then this subframe loads a SharedWorker
+ * and communicates back to us whether that worker and a child dedicated
+ * worker it spawns think they are secure contexts. Async tests t3 and t4
+ * track these two workers.
+ *
+ * After we have heard from both workers in the popup, we directly load
+ * the same exact subframe ourselves and see what the workers in it
+ * report. Async tests t1 and t2 track these two workers.
+ */
+ var t1 = async_test("Shared worker in subframe");
+ var t2 = async_test("Nested worker in shared worker in subframe");
+ var t3 = async_test("Shared worker in popup");
+ var t4 = async_test("Nested worker from shared worker in popup");
+
+ var messageCount = 0;
+ var popup = null;
+ onmessage = function(e) {
+ ++messageCount;
+ // Make sure to not close the popup until we've run the iframe part of
+ // the test! We need to keep those shared workers alive.
+ if (messageCount == 4 && popup) {
+ popup.close();
+ }
+ var data = e.data;
+ if (data.type == "shared") {
+ // This is a message from our shared worker; check whether it's the
+ // one in the popup or in our subframe.
+ if (data.fromPopup) {
+ t3.step(function() {
+ assert_false(data.exception);
+ assert_false(data.error);
+ assert_false(data.isSecureContext);
+ });
+ t3.done();
+ } else {
+ t1.step(function() {
+ assert_false(data.exception);
+ assert_true(data.error);
+ });
+ t1.done();
+ }
+ } else if (data.type == "nested") {
+ // This is a message from our shared worker's nested dedicated worker;
+ // check whether it's the one in the popup or in our subframe.
+ if (data.fromPopup) {
+ t4.step(function() {
+ assert_false(data.exception);
+ assert_false(data.error);
+ assert_false(data.isSecureContext);
+ });
+ t4.done();
+ } else {
+ t2.step(function() {
+ assert_false(data.exception);
+ assert_true(data.error);
+ });
+ t2.done();
+ }
+ } else {
+ if (popup) {
+ popup.close();
+ }
+ t1.step(function() {
+ assert_unreached("Unknown message");
+ });
+ t1.done();
+ t2.step(function() {
+ assert_unreached("Unknown message");
+ });
+ t2.done();
+ t3.step(function() {
+ assert_unreached("Unknown message");
+ });
+ t3.done();
+ t4.step(function() {
+ assert_unreached("Unknown message");
+ });
+ t4.done();
+ }
+
+ if (messageCount == 2) {
+ // Got both messages from our popup; time to create our child.
+ var ifr = document.createElement("iframe");
+ ifr.src = https_dir5 + "support/https-subframe-shared.html";
+ document.body.appendChild(ifr);
+ }
+ }
+
+ popup = window.open(http_dir + "support/shared-worker-insecure-popup.html?https_dir5");
+ </script>
+ </body>
+</html>