Add initial support for 'Cross-Origin-Options' HTTP response header
[WebKit-https.git] / LayoutTests / http / wpt / cross-origin-options / allow-postmessage.html
1 <!DOCTYPE html>
2 <html>
3 <head>
4 <meta charset="utf-8">
5 <title>Tests that postMessage() works when 'Cross-Origin-Options: allow-postmessage' HTTP header is served</title>
6 <script src="/resources/testharness.js"></script>
7 <script src="/resources/testharnessreport.js"></script>
8 <script src="/common/utils.js"></script>
9 <script src="/common/get-host-info.sub.js"></script>
10 <script src="resources/utils.js"></script>
11 </head>
12 <body>
13 <script>
14
15 promise_test(function(test) {
16     return withIframe("cross-origin-options-allow-postmessage-pong.html", true /* isCrossOrigin */).then((f) => {
17         return new Promise((resolve) => {
18             window.onmessage = (msg) => {
19                 window.onmessage = null;
20                 assert_equals(msg.data, "PONG");
21                 assert_equals(msg.source, f.contentWindow);
22                 resolve();
23             };
24             assert_throws("SecurityError", function() { f.contentWindow.length }, "length property access");
25             f.contentWindow.postMessage("PING", "*");
26         });
27     });
28 }, "postMessage() on Cross-origin iframe with 'Cross-Origin-Options: allow-postmessage' HTTP header");
29
30 promise_test(function(test) {
31     return withPopup("cross-origin-options-allow-postmessage-pong.html", true /* isCrossOrigin */).then((result) => {
32         return new Promise((resolve) => {
33             window.onmessage = (msg) => {
34                 window.onmessage = null;
35                 assert_equals(msg.data, "PONG");
36                 assert_equals(msg.source, result.window);
37                 resolve();
38             };
39             assert_throws("SecurityError", function() { result.window.length }, "length property access");
40             result.window.postMessage("PING", "*");
41         });
42     });
43 }, "postMessage() on Cross-origin popup with 'Cross-Origin-Options: allow-postmessage' HTTP header");
44
45 </script>
46 </body>
47 </html>