coep-on-response-from-service-worker.https.html (3832B)
1 <!doctype html> 2 <html> 3 <script src=/resources/testharness.js></script> 4 <script src=/resources/testharnessreport.js></script> 5 <script src="/common/get-host-info.sub.js"></script> 6 <script src="/service-workers/service-worker/resources/test-helpers.sub.js"></script> 7 <script> 8 const FRAME_URL = 'resources/coep-frame.html' 9 const SCOPE = new URL(FRAME_URL, location).pathname; 10 const SCRIPT = 'resources/sw.js?'; 11 12 // This is similar to 13 // none-sw-from-require-corp.https.html, but there is one difference: 14 // In this file, the frame controlled by the service worker comes from 15 // the service worker, but on none-sw-from-require-corp.https.html 16 // the main document comes from the network directly. Hence the tests 17 // here test whether COEP is set correctly for documents coming from 18 // service workers. 19 20 function remote(path) { 21 const REMOTE_ORIGIN = get_host_info().HTTPS_REMOTE_ORIGIN; 22 return new URL(path, REMOTE_ORIGIN + '/html/cross-origin-embedder-policy/'); 23 } 24 25 let registration; 26 let frame; 27 28 promise_test(async (t) => { 29 registration = await service_worker_unregister_and_register(t, SCRIPT, SCOPE); 30 await wait_for_state(t, registration.installing, 'activated') 31 frame = await with_iframe(FRAME_URL); 32 }, 'setup'); 33 34 35 promise_test(async (t) => { 36 const w = frame.contentWindow; 37 await w.fetch('resources/nothing-same-origin-corp.txt', {mode: 'no-cors'}); 38 }, 'making a same-origin request for CORP: same-origin'); 39 40 promise_test(async (t) => { 41 const w = frame.contentWindow; 42 await w.fetch('/common/blank.html', {mode: 'no-cors'}); 43 }, 'making a same-origin request for no CORP'); 44 45 promise_test(async (t) => { 46 const w = frame.contentWindow; 47 await w.fetch('resources/nothing-cross-origin-corp.js', {mode: 'no-cors'}); 48 }, 'making a same-origin request for CORP: cross-origin'); 49 50 promise_test(async (t) => { 51 const w = frame.contentWindow; 52 await promise_rejects_js( 53 t, w.TypeError, 54 w.fetch(remote('resources/nothing-same-origin-corp.txt'), {mode: 'no-cors'})); 55 }, 'making a cross-origin request for CORP: same-origin'); 56 57 promise_test(async (t) => { 58 const w = frame.contentWindow; 59 await promise_rejects_js( 60 t, w.TypeError, w.fetch(remote('/common/blank.html'), {mode: 'no-cors'})); 61 }, 'making a cross-origin request for no CORP'); 62 63 promise_test(async (t) => { 64 const w = frame.contentWindow; 65 await w.fetch( 66 remote('resources/nothing-cross-origin-corp.js'), 67 {mode: 'no-cors'}); 68 }, 'making a cross-origin request for CORP: cross-origin'); 69 70 promise_test(async (t) => { 71 const w = frame.contentWindow; 72 await promise_rejects_js( 73 t, w.TypeError, 74 w.fetch(remote('resources/nothing-same-origin-corp.txt?passthrough'), 75 {mode: 'no-cors'})); 76 }, 'making a cross-origin request for CORP: same-origin [PASS THROUGH]'); 77 78 promise_test(async (t) => { 79 const w = frame.contentWindow; 80 await promise_rejects_js( 81 t, w.TypeError, 82 w.fetch(remote('/common/blank.html?passthrough'), {mode: 'no-cors'})); 83 }, 'making a cross-origin request for no CORP [PASS THROUGH]'); 84 85 promise_test(async (t) => { 86 const w = frame.contentWindow; 87 await w.fetch( 88 remote('resources/nothing-cross-origin-corp.js?passthrough'), 89 {mode: 'no-cors'}); 90 }, 'making a cross-origin request for CORP: cross-origin [PASS THROUGH]'); 91 92 promise_test(async (t) => { 93 const w = frame.contentWindow; 94 await promise_rejects_js( 95 t, w.TypeError, w.fetch(remote('/common/blank.html'), {mode: 'cors'})); 96 }, 'making a cross-origin request with CORS without ACAO'); 97 98 promise_test(async (t) => { 99 const w = frame.contentWindow; 100 const URL = remote( 101 '/common/blank.html?pipe=header(access-control-allow-origin,*'); 102 await w.fetch(URL, {mode: 'cors'}); 103 }, 'making a cross-origin request with CORS'); 104 105 promise_test(async () => { 106 frame.remove(); 107 await registration.unregister(); 108 }, 'teardown'); 109 110 </script> 111 </html>