gecko-dev/dom/u2f/tests/frame_appid_facet_insecure....

57 строки
1.7 KiB
HTML

<!DOCTYPE html>
<meta charset=utf-8>
<head>
<script type="text/javascript" src="frame_utils.js"></script>
<script type="text/javascript" src="u2futil.js"></script>
</head>
<body>
<p>Insecure AppID / FacetID behavior check</p>
<script class="testbody" type="text/javascript">
"use strict";
local_setParentOrigin("http://mochi.test:8888");
async function doTests() {
var version = "U2F_V2";
var challenge = new Uint8Array(16);
local_is(window.location.origin, "http://test2.example.com", "Is loaded correctly");
local_is('u2f' in window, false, "window.u2f must be undefined when accessed from an insecure origin");
local_is('U2F' in window, false, "window.U2F must be undefined when accessed from an insecure origin");
try {
u2f.register(null, [], [], function(res) {
local_ok(false, "Callbacks should not be called.");
});
} catch (err) {
local_ok(err == "ReferenceError: u2f is not defined", "calling u2f should have thrown from an insecure origin");
}
try {
window.u2f.register(null, [], [], function(res) {
local_ok(false, "Callbacks should not be called.");
});
} catch (err) {
local_ok(err == "TypeError: window.u2f is undefined", "accessing window.u2f should have thrown from an insecure origin");
}
try {
await promiseU2FRegister(null, [{
version: version,
challenge: bytesToBase64UrlSafe(challenge),
}], [], function(res){
local_ok(false, "Shouldn't have gotten here on an insecure origin");
});
} catch (err) {
local_ok(err == "ReferenceError: u2f is not defined", "Should have thrown from an insecure origin");
}
local_finished();
};
doTests();
</script>
</body>
</html>