Source code
Revision control
Copy as Markdown
Other Tools
Test Info: Warnings
- This test has a WPT meta file that expects 1 subtest issues.
- This WPT test may be referenced by the following Test IDs:
- /html/anonymous-iframe/require-corp-embed-anonymous-iframe.tentative.https.window.html - WPT Dashboard Interop Dashboard
// META: script=/common/utils.js
promise_test(async t => {
let iframe_allowed = (iframe) => new Promise(async resolve => {
window.addEventListener("message", t.step_func(msg => {
if (msg.source !== iframe.contentWindow) return;
assert_equals(msg.data, "loaded",
"Unexpected message from broadcast channel.");
resolve(true);
}));
// To see whether the iframe was blocked, we check whether it
// becomes cross-origin (since error pages are loaded cross-origin).
await t.step_wait(() => {
try {
// Accessing contentWindow.location.href cross-origin throws.
iframe.contentWindow.location.href === null;
return false;
} catch {
return true;
}
});
resolve(false);
});
// Create a credentialless child iframe.
const child = document.createElement("iframe");
child.credentialless = true;
t.add_cleanup(() => child.remove());
child.src = "/html/cross-origin-embedder-policy/resources/" +
"navigate-none.sub.html?postMessageTo=top";
document.body.append(child);
assert_true(await iframe_allowed(child),
"The credentialless iframe should be allowed.");
// Create a child of the credentialless iframe. Even if the grandchild
// does not have the 'credentialless' attribute set, it inherits the
// credentialless property from the parent.
const grandchild = child.contentDocument.createElement("iframe");
grandchild.src = "/html/cross-origin-embedder-policy/resources/" +
"navigate-none.sub.html?postMessageTo=top";
child.contentDocument.body.append(grandchild);
assert_true(await iframe_allowed(grandchild),
"The child of the credentialless iframe should be allowed.");
}, 'Loading a credentialless iframe with COEP: require-corp is allowed.');