Source code
Revision control
Copy as Markdown
Other Tools
Test Info: Warnings
- This test has a WPT meta file that expects 1 subtest issues.
- This WPT test may be referenced by the following Test IDs:
- /fetch/fetch-later/quota/same-origin-iframe/sandboxed-iframe.https.window.html - WPT Dashboard Interop Dashboard
// META: script=/common/get-host-info.sub.js
// META: script=/common/utils.js
// META: script=/fetch/fetch-later/resources/fetch-later-helper.js
// META: script=/fetch/fetch-later/quota/resources/helper.js
'use strict';
const {HTTPS_ORIGIN} = get_host_info();
// Skips FormData & URLSearchParams, as browser adds extra bytes to them
// in addition to the user-provided content. It is difficult to test a
// request right at the quota limit.
// Skips File & Blob as it's difficult to estimate what additional data are
// added into them.
const dataType = BeaconDataType.String;
// Request headers are counted into total request size.
const headers = new Headers({'Content-Type': 'text/plain;charset=UTF-8'});
const requestUrl = `${HTTPS_ORIGIN}/`;
const quota = getRemainingQuota(QUOTA_PER_ORIGIN, requestUrl, headers);
const SMALL_REQUEST_BODY_SIZE = 4 * 1024; // 4KB.
// This test validates the correct behavior for a sandboxed iframe that includes
// the 'allow-same-origin' token.
//
// Such an iframe should be treated as same-origin. Therefore, it should share
// the parent document's primary 64KB quota pool for fetchLater() requests.
//
// The test works by first having the parent document consume its entire quota.
// Then, it creates the 'allow-same-origin' sandboxed iframe and attempts to
// send a small request.
//
// The expected result is that the iframe's request is REJECTED with a
// QuotaExceededError, proving that it is correctly sharing the parent's
// (already exhausted) quota.
promise_test(async test => {
const controller = new AbortController();
test.add_cleanup(() => controller.abort());
// Step 1: Exhaust the parent frame's entire fetchLater() quota.
fetchLater(requestUrl, {
method: 'POST',
signal: controller.signal,
body: makeBeaconData(generatePayload(quota), dataType),
referrer: '', // Referrer is part of the quota, so we control it.
});
// Step 2: From a sandboxed 'allow-same-origin' iframe, attempt to send a
// small request. This should fail as the shared quota is already gone.
await loadFetchLaterIframe(
HTTPS_ORIGIN, // The iframe's src is same-origin.
{
targetUrl: requestUrl,
activateAfter: 0,
method: 'POST',
bodyType: dataType,
bodySize: SMALL_REQUEST_BODY_SIZE,
referrer: '',
sandbox: 'allow-scripts allow-same-origin',
expect: new FetchLaterIframeExpectation(
FetchLaterExpectationType.ERROR_DOM, 'QuotaExceededError'),
});
}, `A sandboxed iframe with 'allow-same-origin' should be treated as same-origin and share the parent's quota.`);