| <!DOCTYPE html> |
| <meta charset="utf-8"> |
| <title>Tests the Trust Token API's hasTrustToken function (tentative: the API is a prototype).</title> |
| <link rel="help" href="https://github.com/WICG/trust-token-api#trust-token-redemption" /> |
| <script src="/resources/testharness.js"></script> |
| <script src="/resources/testharnessreport.js"></script> |
| |
| <script> |
| 'use strict'; |
| |
| promise_test((t) => { |
| return promise_rejects_js(t, TypeError, document.hasTrustToken( |
| "http://not-a-secure-url.example")); |
| }, |
| 'hasTrustToken requires a secure URL as its issuer argument.'); |
| |
| promise_test((t) => { |
| return promise_rejects_js(t, TypeError, document.hasTrustToken( |
| "file:///")); |
| }, |
| 'hasTrustToken requires a HTTP(S) URL as its issuer argument.'); |
| |
| // These hasTrustToken calls all affect global state: each call in the form |
| // of hasTrustToken(issuer) will result in |issuer| becoming associated in |
| // persistent storage with the calling top frame's origin. |
| // |
| // TODO(davidvc, crbug.com/1063140): Once it's possible to write WPTs that |
| // result in a trust token being deposited in storage, this should be |
| // expanded to cover the case where the user _does_ have a token. |
| promise_test(async (t) => { |
| t.add_cleanup(async () => { |
| if (window.testRunner) |
| await new Promise(res => window.testRunner.clearTrustTokenState(res)); |
| }); |
| |
| let result = await document.hasTrustToken("https://issuer.example/"); |
| assert_false(result, "The client should not possess any trust tokens for " + |
| "https://issuer.example since it has not executed an issuance operation" + |
| " against that issuer."); |
| |
| result = await document.hasTrustToken("https://issuer2.example/"); |
| assert_false(result, "The client should not possess any trust tokens for" + |
| " https://issuer2.example since it has not executed an issuance " + |
| "operation against that issuer."); |
| |
| await promise_rejects_dom(t, "OperationError", document.hasTrustToken( |
| "https://issuer3.example/"), |
| "The first two hasTrustToken operations associated this top-level" + |
| " origin with the maximum number of issuers (2), so an attempt to " + |
| " execute hasTrustToken against another issuer should fail."); |
| |
| result = await document.hasTrustToken("https://issuer2.example/"); |
| assert_false(result, "Since this top-level origin is already associated " + |
| "with https://issuer2.example, subsequent hasTrustToken operations should " + |
| "not error out even though the top-level origin is at its " + |
| "number-of-issuers limit."); |
| |
| if (window.testRunner) { |
| await new Promise(res => |
| window.testRunner.clearTrustTokenState(res) |
| ); |
| result = await document.hasTrustToken("https://issuer3.example/"); |
| assert_false(result, "Since state was cleared, it should be possible to" + |
| "run hasTrustToken against more issuers."); |
| } |
| }, "When given a valid, secure origin, hasTrustToken should succeed " + |
| "unless associating that origin with the top-level domain would exceed " + |
| "the top-level origin's number-of-associated-issuers limit."); |
| </script> |