dom/u2f/tests/frame_appid_facet_insecure.html
author ffxbld <ffxbld@mozilla.com>
Mon, 03 Aug 2020 10:13:16 +0000
changeset 605813 0e0faa02ce530adccb4b358a56bca24d26548853
parent 575993 e8d220dbe0299d90441b3dce6587a5b174f24644
permissions -rw-r--r--
No Bug, mozilla-release repo-update remote-settings - a=repo-update r=RyanVM Differential Revision: https://phabricator.services.mozilla.com/D85739

<!DOCTYPE html>
<meta charset=utf-8>
<head>
  <script type="text/javascript" src="frame_utils.js"></script>
  <script type="text/javascript" src="u2futil.js"></script>
</head>
<body>
<p>Insecure AppID / FacetID behavior check</p>
<script class="testbody" type="text/javascript">
"use strict";

local_setParentOrigin("http://mochi.test:8888");

async function doTests() {
  var version = "U2F_V2";
  var challenge = new Uint8Array(16);

  local_is(window.location.origin, "http://test2.example.com", "Is loaded correctly");

  local_is('u2f' in window, false, "window.u2f must be undefined when accessed from an insecure origin");
  local_is('U2F' in window, false, "window.U2F must be undefined when accessed from an insecure origin");

  try {
    u2f.register(null, [], [], function(res) {
      local_ok(false, "Callbacks should not be called.");
    });
  } catch (err) {
    local_ok(err == "ReferenceError: u2f is not defined", "calling u2f should have thrown from an insecure origin");
  }

  try {
    window.u2f.register(null, [], [], function(res) {
      local_ok(false, "Callbacks should not be called.");
    });
  } catch (err) {
    local_is(err.constructor.name, 'TypeError',
             "accessing window.u2f should have thrown from an insecure origin");
    local_ok(err.message.endsWith("window.u2f is undefined"),
             "accessing window.u2f should have thrown from an insecure origin");
  }

  try {
    await promiseU2FRegister(null, [{
      version,
      challenge: bytesToBase64UrlSafe(challenge),
    }], [], function(res){
      local_ok(false, "Shouldn't have gotten here on an insecure origin");
    });
  } catch (err) {
    local_ok(err == "ReferenceError: u2f is not defined", "Should have thrown from an insecure origin");
  }

  local_finished();
};

doTests();

</script>
</body>
</html>