testing/web-platform/tests/secure-contexts/shared-worker-insecure-first.https.html

   1 <!doctype html>
   2 <html>
   3   <head>
   4     <meta charset=utf-8>
   5     <title>Test SharedWorkerGlobalScope.isSecureContext for HTTP creator</title>
   6     <meta name="help" href="https://w3c.github.io/webappsec-secure-contexts/#monkey-patching-global-object">
   7     <script src=/resources/testharness.js></script>
   8     <script src=/resources/testharnessreport.js></script>
   9     <script src="server-locations.sub.js"></script>
  10   </head>
  11   <body>
  12     <script>
  13       /*
  14        * The goal of this test is to check that we do the right thing if the
  15        * same SharedWorker is used first from an insecure context and then from
  16        * a secure context.
  17        *
  18        * To do this, we first open an insecure (http) popup, which loads a
  19        * subframe that is same-origin with us but not a secure context, since
  20        * its parent is http, not https.  Then this subframe loads a SharedWorker
  21        * and communicates back to us whether that worker and a child dedicated
  22        * worker it spawns think they are secure contexts.  Async tests t3 and t4
  23        * track these two workers.
  24        *
  25        * After we have heard from both workers in the popup, we directly load
  26        * the same exact subframe ourselves and see what the workers in it
  27        * report.  Async tests t1 and t2 track these two workers.
  28        */
  29       var t1 = async_test("Shared worker in subframe");
  30       var t2 = async_test("Nested worker in shared worker in subframe");
  31       var t3 = async_test("Shared worker in popup");
  32       var t4 = async_test("Nested worker from shared worker in popup");
  33
  34       var messageCount = 0;
  35       var popup = null;
  36       onmessage = function(e) {
  37         ++messageCount;
  38         // Make sure to not close the popup until we've run the iframe part of
  39         // the test!  We need to keep those shared workers alive.
  40         if (messageCount == 4 && popup) {
  41           popup.close();
  42         }
  43         var data = e.data;
  44         if (data.type == "shared") {
  45           // This is a message from our shared worker; check whether it's the
  46           // one in the popup or in our subframe.
  47           if (data.fromPopup) {
  48             t3.step(function() {
  49               assert_false(data.exception, "SharedWorker should not throw an exception.");
  50               assert_false(data.error, "SharedWorker connection should not generate an error.");
  51               assert_false(data.isSecureContext, "SharedWorker is not a secure context");
  52             });
  53             t3.done();
  54           } else {
  55             t1.step(function() {
  56               assert_false(data.exception, "SharedWorker should not throw an exception.");
  57               assert_true(data.error, "SharedWorker connection should generate an error.");
  58             });
  59             t1.done();
  60           }
  61         } else if (data.type == "nested") {
  62           // This is a message from our shared worker's nested dedicated worker;
  63           // check whether it's the one in the popup or in our subframe.
  64           if (data.fromPopup) {
  65             t4.step(function() {
  66               assert_false(data.exception, "SharedWorker should not throw an exception.");
  67               assert_false(data.error, "SharedWorker connection should not generate an error.");
  68               assert_false(data.isSecureContext);
  69             });
  70             t4.done();
  71           } else {
  72             t2.step(function() {
  73               assert_false(data.exception, "SharedWorker should not throw an exception.");
  74               assert_true(data.error, "SharedWorker connection should generate an error.");
  75             });
  76             t2.done();
  77           }
  78         } else {
  79           if (popup) {
  80             popup.close();
  81           }
  82           t1.step(function() {
  83             assert_unreached("Unknown message");
  84           });
  85           t1.done();
  86           t2.step(function() {
  87             assert_unreached("Unknown message");
  88           });
  89           t2.done();
  90           t3.step(function() {
  91             assert_unreached("Unknown message");
  92           });
  93           t3.done();
  94           t4.step(function() {
  95             assert_unreached("Unknown message");
  96           });
  97           t4.done();
  98         }
  99
 100         if (messageCount == 2) {
 101           // Got both messages from our popup; time to create our child.
 102           var ifr = document.createElement("iframe");
 103           ifr.src = https_dir5 + "support/https-subframe-shared.html";
 104           document.body.appendChild(ifr);
 105         }
 106       }
 107
 108       popup = window.open(http_dir + "support/shared-worker-insecure-popup.html?https_dir5");
 109     </script>
 110   </body>
 111 </html>