service-worker-coep-credentialless-proxy.https.window.js (3182B)
1 // META: script=/common/get-host-info.sub.js 2 // META: script=/common/utils.js 3 // META: script=/common/dispatcher/dispatcher.js 4 // META: script=./resources/common.js 5 // META: script=/service-workers/service-worker/resources/test-helpers.sub.js 6 7 const same_origin = get_host_info().HTTPS_ORIGIN; 8 const cross_origin = get_host_info().HTTPS_REMOTE_ORIGIN; 9 10 promise_test(async test => { 11 const this_token_1 = token(); 12 const this_token_2 = token(); 13 14 // Register a COEP:credentialless ServiceWorker. 15 const sw_token = token(); 16 const sw_url = 17 executor_service_worker_path + coep_credentialless + `&uuid=${sw_token}`; 18 // Executors should be controlled by the service worker. 19 const scope = executor_path; 20 const sw_registration = 21 await service_worker_unregister_and_register(test, sw_url, scope); 22 test.add_cleanup(() => sw_registration.unregister()); 23 await wait_for_state(test, sw_registration.installing, 'activated'); 24 25 // Configure the ServiceWorker to proxy the fetch requests. Wait for the 26 // worker to be installed and activated. 27 send(sw_token, ` 28 fetchHandler = event => { 29 if (!event.request.url.includes("/proxied")) 30 return; 31 32 send("${this_token_1}", "ServiceWorker: Proxying"); 33 34 // Response with a cross-origin no-cors resource. 35 const url = "${cross_origin}" + "/common/blank.html"; 36 37 event.respondWith(new Promise(async resolve => { 38 try { 39 let response = await fetch(url, { 40 mode: "no-cors", 41 credentials: "include" 42 }); 43 send("${this_token_1}", "ServiceWorker: Fetch success"); 44 resolve(response); 45 } catch (error) { 46 send("${this_token_1}", "ServiceWorker: Fetch failure"); 47 resolve(new Response("", {status: 400})); 48 } 49 })); 50 } 51 52 await clients.claim(); 53 54 send("${this_token_1}", serviceWorker.state); 55 `) 56 assert_equals(await receive(this_token_1), "activated"); 57 58 // Create a COEP:credentialless document. 59 const document_token = environments["document"](coep_credentialless)[0]; 60 61 // The document fetches a same-origin no-cors resource. The requests needs to 62 // be same-origin to be handled by the ServiceWorker. 63 send(document_token, ` 64 try { 65 const response = await fetch("/proxied", { mode: "no-cors", }); 66 67 send("${this_token_2}", "Document: Fetch success"); 68 } catch (error) { 69 send("${this_token_2}", "Document: Fetch error"); 70 } 71 `); 72 73 // The COEP:credentialless ServiceWorker is able to handle the cross-origin 74 // no-cors request, requested with credentials. 75 assert_equals(await receive(this_token_1), "ServiceWorker: Proxying"); 76 assert_equals(await receive(this_token_1), "ServiceWorker: Fetch success"); 77 78 // The COEP:credentialless Document is allowed by CORP to get it. 79 assert_equals(await receive(this_token_2), "Document: Fetch success"); 80 81 // test.add_cleanup doesn't allow waiting for a promise. Unregistering a 82 // ServiceWorker is an asynchronous operation. It might not be completed on 83 // time for the next test. Do it here for extra flakiness safety. 84 await sw_registration.unregister() 85 }, "COEP:credentialless ServiceWorker");