-
Notifications
You must be signed in to change notification settings - Fork 6.7k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
[SPC] Require user activation for cross-origin enrollment
This adds a user activation check and consumption for the enrollment of a credential with the payment extension in a cross-origin frame. Test coverage is added to the SPC iframe enrollment WPTs, and the existing SPC authentication WPTs validate that this does not apply to same-origin credential enrollments. Also tested manually on https://rsolomakhin.github.io/pr/spc-iframe-no-ph/. Intent to ship: https://groups.google.com/a/chromium.org/g/blink-dev/c/GSoWLFb_jF0 Bug: 1322603 Change-Id: I5bca6d3fdf9a8687fa5d9d08b162287e1e7e4f98 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3584295 Commit-Queue: Nick Burris <nburris@chromium.org> Reviewed-by: Stephen McGruer <smcgruer@chromium.org> Reviewed-by: Ken Buchanan <kenrb@chromium.org> Cr-Commit-Position: refs/heads/main@{#1002052}
- Loading branch information
1 parent
31f8a10
commit de11fb8
Showing
5 changed files
with
115 additions
and
10 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
24 changes: 19 additions & 5 deletions
24
...rty/blink/web_tests/external/wpt/secure-payment-confirmation/resources/iframe-enroll.html
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,14 +1,28 @@ | ||
<!DOCTYPE html> | ||
<meta charset="utf-8"> | ||
<title>SPC Enrollment iframe</title> | ||
<script src="/resources/testdriver.js"></script> | ||
<script src="/resources/testdriver-vendor.js"></script> | ||
<script src="../utils.sub.js"></script> | ||
<script> | ||
'use strict'; | ||
|
||
// Assume that our parent has already created a virtual authenticator device. | ||
createCredential().then(credential => { | ||
parent.postMessage({id: credential.id, rawId: credential.rawId}, '*'); | ||
}).catch(e => { | ||
parent.postMessage({error: e}, '*'); | ||
// Setup the listener first, to avoid race conditions. | ||
window.addEventListener('message', async function handler(evt) { | ||
window.removeEventListener('message', handler); | ||
|
||
if (evt.data.userActivation) { | ||
test_driver.set_test_context(window.parent); | ||
await test_driver.bless('user activation'); | ||
} | ||
// Assume that our parent has already created a virtual authenticator device. | ||
await createCredential().then(credential => { | ||
parent.postMessage({id: credential.id, rawId: credential.rawId, error: null}, '*'); | ||
}).catch(e => { | ||
parent.postMessage({error: e}, '*'); | ||
}); | ||
}); | ||
|
||
// Now let our parent know that we are ready to enroll. | ||
window.parent.postMessage({ type: 'loaded' }, '*'); | ||
</script> |
3 changes: 2 additions & 1 deletion
3
...eric/external/wpt/secure-payment-confirmation/enrollment-in-iframe.sub.https-expected.txt
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,5 +1,6 @@ | ||
This is a testharness.js-based test. | ||
FAIL SPC enrollment in cross-origin iframe assert_own_property: expected property "id" missing | ||
FAIL SPC enrollment in cross-origin iframe assert_equals: expected null but got object "NotSupportedError: The user agent does not support public key credentials." | ||
PASS SPC enrollment in cross-origin iframe fails without user activation | ||
PASS SPC enrollment in cross-origin iframe without payment permission | ||
Harness: the test ran to completion. | ||
|