forked from web-platform-tests/wpt
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
[Credentialless] Add tests for shared workers.
Bug: 1199282,1200233 Change-Id: I860e24884ed083fcde4426f6b1a606e2a311c531 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2825940 Reviewed-by: Arthur Sonzogni <[email protected]> Commit-Queue: Yifan Luo <[email protected]> Cr-Commit-Position: refs/heads/master@{#874180}
- Loading branch information
1 parent
51b49f2
commit 5e4fb1f
Showing
1 changed file
with
107 additions
and
0 deletions.
There are no files selected for viewing
107 changes: 107 additions & 0 deletions
107
...-embedder-policy/credentialless/cors-or-credentialless/shared-worker.tentative.https.html
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,107 @@ | ||
| <!doctype html> | ||
| <title>CORS or Credentialless and Shared worker</title> | ||
| <meta name="timeout" content="long"> | ||
| <script src=/resources/testharness.js></script> | ||
| <script src=/resources/testharnessreport.js></script> | ||
| <script src="/common/get-host-info.sub.js"></script> | ||
| <script src="/common/utils.js"></script> | ||
| <script src="../resources/common.js"></script> | ||
| <script src="../resources/dispatcher.js"></script> | ||
| <script> | ||
|
|
||
| const same_origin = get_host_info().HTTPS_ORIGIN; | ||
| const cross_origin = get_host_info().HTTPS_REMOTE_ORIGIN; | ||
| const cookie_key = "credentialless_shared_worker"; | ||
| const cookie_same_origin = "same_origin"; | ||
| const cookie_cross_origin = "cross_origin"; | ||
|
|
||
| promise_test(async test => { | ||
| await Promise.all([ | ||
| setCookie(same_origin, cookie_key, cookie_same_origin), | ||
| setCookie(cross_origin, cookie_key, cookie_cross_origin), | ||
| ]); | ||
|
|
||
| // One window with COEP:none. (control) | ||
| const w_control_token = token(); | ||
| const w_control_url = same_origin + executor_path + | ||
| coep_none + `&uuid=${w_control_token}` | ||
| const w_control = window.open(w_control_url); | ||
| add_completion_callback(() => w_control.close()); | ||
|
|
||
| // One window with COEP:credentialless. (experiment) | ||
| const w_credentialless_token = token(); | ||
| const w_credentialless_url = same_origin + executor_path + | ||
| coep_credentialless + `&uuid=${w_credentialless_token}`; | ||
| const w_credentialless = window.open(w_credentialless_url); | ||
| add_completion_callback(() => w_credentialless.close()); | ||
|
|
||
| const sharedWorkerTest = function( | ||
| description, origin, coep_for_worker, | ||
| expected_cookies_control, | ||
| expected_cookies_credentialless) | ||
| { | ||
| promise_test_parallel(async t => { | ||
| // Create workers for both window. | ||
| const worker_token_1 = token(); | ||
| const worker_token_2 = token(); | ||
|
|
||
| const w_worker_src_1 = same_origin + executor_js_path + | ||
| coep_for_worker + `&uuid=${worker_token_1}`; | ||
| send(w_control_token, `new SharedWorker("${w_worker_src_1}", {});`); | ||
|
|
||
| const w_worker_src_2 = same_origin + executor_js_path + | ||
| coep_for_worker + `&uuid=${worker_token_2}`; | ||
| send(w_credentialless_token, `new SharedWorker("${w_worker_src_2}", {});`); | ||
|
|
||
| // Fetch resources with the workers. | ||
| const request_token_1 = token(); | ||
| const request_token_2 = token(); | ||
| const request_url_1 = showRequestHeaders(origin, request_token_1); | ||
| const request_url_2 = showRequestHeaders(origin, request_token_2); | ||
| send(worker_token_1, | ||
| `fetch("${request_url_1}", {mode: 'no-cors', credentials: 'include'})`); | ||
| send(worker_token_2, | ||
| `fetch("${request_url_2}", {mode: 'no-cors', credentials: 'include'})`); | ||
|
|
||
| // Retrieve the resource request info. | ||
| const headers_control = JSON.parse(await receive(request_token_1)); | ||
| const headers_credentialless = JSON.parse(await receive(request_token_2)); | ||
|
|
||
| assert_equals(parseCookies(headers_control)[cookie_key], | ||
| expected_cookies_control, | ||
| "coep:none => "); | ||
| assert_equals(parseCookies(headers_credentialless)[cookie_key], | ||
| expected_cookies_credentialless, | ||
| "coep:credentialless => "); | ||
| }, `fetch ${description}`) | ||
| }; | ||
|
|
||
| // TODO(https://crbug.com/1200233). A COEP:cors-or-credentialless document | ||
| // shouldn't be able to load COEP:none SharedWorker. The sharedWorkerTest | ||
| // should listen for worker.onerror events and the expectations updated. | ||
| sharedWorkerTest("same-origin", | ||
| same_origin, coep_none, | ||
| cookie_same_origin, | ||
| cookie_same_origin); | ||
|
|
||
| sharedWorkerTest("same-origin + credentialless worker", | ||
| same_origin, coep_credentialless, | ||
| cookie_same_origin, | ||
| cookie_same_origin); | ||
|
|
||
| // TODO(https://crbug.com/1200233). A COEP:cors-or-credentialless document | ||
| // shouldn't be able to load COEP:none SharedWorker. The sharedWorkerTest | ||
| // should listen for worker.onerror events and the expectations updated. | ||
| sharedWorkerTest("cross-origin", | ||
| cross_origin, coep_none, | ||
| cookie_cross_origin, | ||
| cookie_cross_origin); | ||
|
|
||
| sharedWorkerTest("cross-origin + credentialless worker", | ||
| cross_origin, coep_credentialless, | ||
| undefined, | ||
| undefined); | ||
| }) | ||
|
|
||
|
|
||
| </script> |