storage-access-beyond-cookies-iframe.sub.html

mozilla-central/testing/web-platform/tests/storage-access-api/resources/storage-access-beyond-cookies-iframe.sub.html

Enable keyboard shortcuts

Source code

File a bug in Core :: Privacy: Anti-Tracking

Revision control

Copy as Markdown

Other Tools

<!doctype html>

<meta charset="utf-8">

<script src="/resources/testdriver.js"></script>

<script src="/resources/testdriver-vendor.js"></script>

<script src="/storage-access-api/helpers.js"></script>

<body>

<script>

window.addEventListener("message", async (e) => {

  if (e.data != "blessed") {

    return;

  test_driver.set_test_context(window.top);

  const type = (new URLSearchParams(window.location.search)).get("type");

  const id = (new URLSearchParams(window.location.search)).get("id");

  let message = "";

  // Step 4 (storage-access-api/storage-access-beyond-cookies.{}.tentative.sub.https.html)

  try {

    await MaybeSetStorageAccess("*", "*", "blocked");

    await test_driver.set_permission({ name: 'storage-access' }, 'granted');

    if (type == "cookies") {

      let hasUnpartitionedCookieAccess = await document.hasUnpartitionedCookieAccess();

      if (hasUnpartitionedCookieAccess) {

        message = "First-party cookies should not be readable before handle is loaded.";

    const handle = await test_driver.bless("fake user interaction", () => document.requestStorageAccess({all: true}));

    if (type == "cookies") {

      hasUnpartitionedCookieAccess = await document.hasUnpartitionedCookieAccess();

      if (!hasUnpartitionedCookieAccess) {

        message = "First-party cookies should be readable after handle is loaded.";

    switch (type) {

      case "none": {

        break;

      case "cookies": {

        if (document.cookie.includes("test="+id)) {

          message = "Cross-site first-party cookies should be empty";

        break;

      case "sessionStorage": {

        if (!!handle.sessionStorage.getItem("test")) {

          message = "Cross-site first-party Session Storage should be empty";

        handle.sessionStorage.setItem("test2", id);

        if (window.sessionStorage.getItem("test2") == id) {

          message = "Handle bound partitioned instead of unpartitioned Session Storage";

        handle.sessionStorage.clear();

        window.sessionStorage.clear();

        break;

      case "localStorage": {

        if (!!handle.localStorage.getItem("test")) {

          message = "Cross-site first-party Local Storage should be empty";

        handle.localStorage.setItem("test2", id);

        if (window.localStorage.getItem("test2") == id) {

          message = "Handle bound partitioned instead of unpartitioned Local Storage";

        handle.localStorage.clear();

        window.localStorage.clear();

        break;

      case "indexedDB": {

        const dbs = await handle.indexedDB.databases();

        if (dbs.length != 0) {

          message = "Cross-site first-party IndexedDB should be empty";

        break;

      case "locks": {

        const state = await handle.locks.query();

        if (state.held.length != 0) {

          message = "Cross-site first-party Web Locks should be empty";

        break;

      case "caches": {

        const has = await handle.caches.has(id);

        if (has) {

          message = "Cross-site first-party Cache Storage should be empty";

        break;

      case "getDirectory": {

        const root = await handle.getDirectory();

        let has = await root.getFileHandle(id).then(() => true, () => false);;

        if (has) {

          message = "Cross-site first-party Origin Private File System should be empty";

        break;

      case "estimate": {

        const estimate = await handle.estimate();

        if (estimate.usage > 0) {

          message = "Cross-site first-party estimate should be empty";

        break;

      case "blobStorage": {

        const blob = await fetch(atob(id)).then(

          (response) => response.text(),

          () => "");

        if (blob != "") {

          message = "Cross-site first-party blob storage should be empty";

        break;

      case "BroadcastChannel": {

        const channel = handle.BroadcastChannel(id);

        channel.postMessage("Cross-origin handle access");

        channel.close();

        break;

      case "SharedWorker": {

        const shared_worker = handle.SharedWorker("/storage-access-api/resources/shared-worker-relay.js", id);

        shared_worker.port.start();

        shared_worker.port.postMessage("Cross-origin handle access");

        break;

      default: {

        message = "Unexpected type " + type;

        break;

  } catch (_) {

    message = "Unable to load handle in cross-site context for all";

  await MaybeSetStorageAccess("*", "*", "allowed");

  await test_driver.set_permission({ name: 'storage-access' }, 'prompt');

  if (message) {

    window.top.postMessage({type: "result", message: message}, "*");

    return;

  // Step 5 (storage-access-api/storage-access-beyond-cookies.{}.tentative.sub.https.html)

  let iframe = document.createElement("iframe");

  iframe.src = "https://{{hosts[][]}}:{{ports[https][0]}}/storage-access-api/resources/storage-access-beyond-cookies-iframe-iframe.html?type=" + type + "&id=" + id;

  document.body.appendChild(iframe);

});

window.open("https://{{hosts[alt][]}}:{{ports[https][0]}}/storage-access-api/resources/bless_cross_site_permissions.html");

</script>

</body>