dom/u2f/tests/frame_appid_facet_insecure.html
author Jason Orendorff <jorendorff@mozilla.com>
Tue, 16 Oct 2018 12:17:03 -0500
changeset 496969 0e99081b5322d213fdba77a12ebbf6293f9c2a7f
parent 488353 f0c6e521429cfaff0585ec6eaf734e9fcf873f8a
child 496971 35c61888a49d69506cdd330b81885838ccf45f8c
permissions -rw-r--r--
Backed out changeset f0c6e521429c (bug 1259822) for web compat issues (bug 1498257). a=backout

<!DOCTYPE html>
<meta charset=utf-8>
<head>
  <script type="text/javascript" src="frame_utils.js"></script>
  <script type="text/javascript" src="u2futil.js"></script>
</head>
<body>
<p>Insecure AppID / FacetID behavior check</p>
<script class="testbody" type="text/javascript">
"use strict";

local_setParentOrigin("http://mochi.test:8888");

async function doTests() {
  var version = "U2F_V2";
  var challenge = new Uint8Array(16);

  local_is(window.location.origin, "http://test2.example.com", "Is loaded correctly");

  local_is('u2f' in window, false, "window.u2f must be undefined when accessed from an insecure origin");
  local_is('U2F' in window, false, "window.U2F must be undefined when accessed from an insecure origin");

  try {
    u2f.register(null, [], [], function(res) {
      local_ok(false, "Callbacks should not be called.");
    });
  } catch (err) {
    local_ok(err == "ReferenceError: u2f is not defined", "calling u2f should have thrown from an insecure origin");
  }

  try {
    window.u2f.register(null, [], [], function(res) {
      local_ok(false, "Callbacks should not be called.");
    });
  } catch (err) {
    local_ok(err == "TypeError: window.u2f is undefined", "accessing window.u2f should have thrown from an insecure origin");
  }

  try {
    await promiseU2FRegister(null, [{
      version: version,
      challenge: bytesToBase64UrlSafe(challenge),
    }], [], function(res){
      local_ok(false, "Shouldn't have gotten here on an insecure origin");
    });
  } catch (err) {
    local_ok(err == "ReferenceError: u2f is not defined", "Should have thrown from an insecure origin");
  }

  local_finished();
};

doTests();

</script>
</body>
</html>