| <!DOCTYPE html> |
| <html> |
| <head> |
| <title>Geolocation On An Secure Origin Embedded in an Insecure Origin</title> |
| <script src="/resources/testharness.js"></script> |
| <script src="/resources/testharnessreport.js"></script> |
| <script src="/resources/get-host-info.js"></script> |
| </head> |
| <body></body> |
| <script> |
| if (window.location.origin != get_host_info().UNAUTHENTICATED_ORIGIN) { |
| window.location = get_host_info().UNAUTHENTICATED_ORIGIN + |
| window.location.pathname; |
| } else { |
| var num_received = 0; |
| if (window.testRunner) |
| testRunner.overridePreference( |
| "WebKitStrictPowerfulFeatureRestrictions", true); |
| |
| async_test(function () { |
| window.addEventListener("message", this.step_func(function (event) { |
| assert_equals( |
| event.data.message, |
| 'Only secure origins are allowed ' + |
| '(see: https://goo.gl/Y0ZkNV).'); |
| num_received++; |
| if (num_received == 4) |
| this.done(); |
| })); |
| |
| var iframe = document.createElement("iframe"); |
| iframe.src = get_host_info().HTTP_ORIGIN + |
| "/security/powerfulFeatureRestrictions/" + |
| "resources/geolocation.html"; |
| iframe.allow = 'geolocation *;'; |
| document.body.appendChild(iframe); |
| |
| // A srcdoc should be skipped in the ancestor check. |
| var iframe = document.createElement("iframe"); |
| iframe.srcdoc = "<script>" + |
| "window.addEventListener('message', function(evt) {" + |
| "window.parent.postMessage(evt.data, '*'); });" + |
| "</sc" + "ript>" + |
| "<iframe src='" + get_host_info().HTTP_ORIGIN + |
| "/security/powerfulFeatureRestrictions/resources" + |
| "/geolocation.html' allow='geolocation *;'>" + |
| "</iframe>"; |
| iframe.allow = 'geolocation *;'; |
| document.body.appendChild(iframe); |
| |
| // A sandboxed iframe should use the frame's URL as the origin to |
| // check. |
| var iframe = document.createElement("iframe"); |
| iframe.sandbox = "allow-scripts allow-same-origin"; |
| iframe.src = get_host_info().HTTP_ORIGIN + |
| "/security/powerfulFeatureRestrictions/resources/" + |
| "geolocation.html"; |
| iframe.allow = 'geolocation *;'; |
| document.body.appendChild(iframe); |
| |
| // Insecure origin frames sandboxed secure origin frames secure |
| // origin. |
| var iframe = document.createElement("iframe"); |
| iframe.sandbox = "allow-scripts allow-same-origin"; |
| iframe.src = get_host_info().HTTP_ORIGIN + |
| "/security/powerfulFeatureRestrictions/resources/" + |
| "geolocation-in-iframe.html"; |
| iframe.allow = 'geolocation *;'; |
| document.body.appendChild(iframe); |
| |
| |
| }, 'getCurrentPosition in iframe'); |
| } |
| </script> |
| </html> |