зеркало из https://github.com/mozilla/gecko-dev.git
61 строка
1.8 KiB
HTML
61 строка
1.8 KiB
HTML
<!DOCTYPE html>
|
|
<meta charset=utf-8>
|
|
<head>
|
|
<script type="text/javascript" src="frame_utils.js"></script>
|
|
<script type="text/javascript" src="u2futil.js"></script>
|
|
</head>
|
|
<body>
|
|
<p>Insecure AppID / FacetID behavior check</p>
|
|
<script class="testbody" type="text/javascript">
|
|
"use strict";
|
|
|
|
local_setParentOrigin("http://mochi.test:8888");
|
|
|
|
async function doTests() {
|
|
var version = "U2F_V2";
|
|
var challenge = new Uint8Array(16);
|
|
|
|
local_is(window.location.origin, "http://test2.example.com", "Is loaded correctly");
|
|
|
|
local_is('u2f' in window, false, "window.u2f must be undefined when accessed from an insecure origin");
|
|
local_is('U2F' in window, false, "window.U2F must be undefined when accessed from an insecure origin");
|
|
|
|
try {
|
|
u2f.register(null, [], [], function(res) {
|
|
local_ok(false, "Callbacks should not be called.");
|
|
});
|
|
} catch (err) {
|
|
local_ok(err == "ReferenceError: u2f is not defined", "calling u2f should have thrown from an insecure origin");
|
|
}
|
|
|
|
try {
|
|
window.u2f.register(null, [], [], function(res) {
|
|
local_ok(false, "Callbacks should not be called.");
|
|
});
|
|
} catch (err) {
|
|
local_is(err.constructor.name, 'TypeError',
|
|
"accessing window.u2f should have thrown from an insecure origin");
|
|
local_ok(err.message.endsWith("window.u2f is undefined"),
|
|
"accessing window.u2f should have thrown from an insecure origin");
|
|
}
|
|
|
|
try {
|
|
await promiseU2FRegister(null, [{
|
|
version,
|
|
challenge: bytesToBase64UrlSafe(challenge),
|
|
}], [], function(res){
|
|
local_ok(false, "Shouldn't have gotten here on an insecure origin");
|
|
});
|
|
} catch (err) {
|
|
local_ok(err == "ReferenceError: u2f is not defined", "Should have thrown from an insecure origin");
|
|
}
|
|
|
|
local_finished();
|
|
};
|
|
|
|
doTests();
|
|
|
|
</script>
|
|
</body>
|
|
</html>
|