mirror of
https://github.com/nodejs/node.git
synced 2024-11-21 10:59:27 +00:00
3d09e579d3
This commit introduces an experimental implementation of the Web Storage API using SQLite as the backing data store. PR-URL: https://github.com/nodejs/node/pull/52435 Reviewed-By: Yagiz Nizipli <yagiz.nizipli@sentry.io> Reviewed-By: Matteo Collina <matteo.collina@gmail.com> Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Ethan Arrowood <ethan@arrowood.dev>
74 lines
3.2 KiB
HTML
74 lines
3.2 KiB
HTML
<!doctype html>
|
|
<meta charset=utf-8>
|
|
<title>sessionStorage: partitioned storage test</title>
|
|
<meta name=help href="https://privacycg.github.io/storage-partitioning/">
|
|
<script src="/resources/testharness.js"></script>
|
|
<script src="/resources/testharnessreport.js"></script>
|
|
<iframe id="shared-iframe" src="http://{{host}}:{{ports[http][0]}}/webstorage/resources/sessionStorage-about-blank-partitioned-iframe.html"></iframe>
|
|
<body>
|
|
<script>
|
|
// Here's the set-up for this test:
|
|
// Step 1. (main window) set up messaging and same-site iframe load listeners.
|
|
// Step 2. (same-site iframe) loads, requests sessionStorage for "userID".
|
|
// Step 3. (same-site iframe) receives the message, gets or allocates sessionStorage,
|
|
// and returns the generated ID to the main frame.
|
|
// Step 4. (main window) receives "storage got set" message from same-site iframe.
|
|
// Step 5. (main window) opens a new cross-site window with the shared-iframe inside.
|
|
// Step 6. (cross-site iframe) loads, requests sessionStorage for "userID", gets or
|
|
// allocates that sessionStorage, and returns the generated ID to the main frame.
|
|
// Step 7. (main window) asserts that the generated IDs should be different, as
|
|
// they should have a different StorageKey.
|
|
const altOrigin = "http://{{hosts[alt][]}}:{{ports[http][0]}}";
|
|
|
|
async_test(t => {
|
|
let crossSiteWindow;
|
|
let crossSiteID;
|
|
let sameSiteID;
|
|
// Retrieve the iframe we created in the HTML above.
|
|
const iframe = document.getElementById("shared-iframe");
|
|
|
|
// Once the iframe loads, we request sessionStorage.
|
|
iframe.addEventListener("load", t.step_func(e => {
|
|
const payload = {
|
|
command: "create ID",
|
|
key: "userID",
|
|
};
|
|
iframe.contentWindow.postMessage(payload, iframe.origin);
|
|
}), {once: true});
|
|
|
|
window.addEventListener("message", t.step_func(e => {
|
|
// Once we get or allocate the sessionStorage, we expect the iframe
|
|
// to message us back with the generated ID.
|
|
if (e.data.message === "ID created") {
|
|
sameSiteID = e.data.userID;
|
|
assert_true(typeof sameSiteID === "string");
|
|
|
|
// Now that same-site storage has been secured, we need to open a
|
|
// new cross-site window that contains our shared-iframe to repeat
|
|
// the process in a cross-site environment.
|
|
if (location.origin !== altOrigin) {
|
|
crossSiteWindow = window.open(`${altOrigin}/webstorage/sessionStorage-basic-partitioned.tentative.sub.html`, "", "noopener=false");
|
|
t.add_cleanup(() => crossSiteWindow.close());
|
|
}
|
|
}
|
|
|
|
// We expect that once the cross-site iframe requests sessionStorage,
|
|
// it will message us back with the generated ID.
|
|
if (e.data.message === "cross-site window iframe loaded") {
|
|
crossSiteID = e.data.userID;
|
|
t.step(() => {
|
|
// Same and cross-site iframes should have different generated IDs.
|
|
assert_true(typeof crossSiteID === "string");
|
|
assert_true(sameSiteID !== crossSiteID, "IDs pulled from two partitioned iframes are different.")
|
|
});
|
|
|
|
// Clear storage state to clean up after the test.
|
|
iframe.contentWindow.sessionStorage.clear();
|
|
crossSiteWindow.postMessage({command: "clearStorage"}, altOrigin);
|
|
t.done();
|
|
};
|
|
}));
|
|
}, "Simple test for partitioned sessionStorage");
|
|
</script>
|
|
</body>
|