tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

cross-origin-isolated-permission-worker.https.window.js (5943B)

      1 // META: script=/common/get-host-info.sub.js
      2 // META: script=/common/utils.js
      3 // META: script=/common/dispatcher/dispatcher.js
      4 // META: script=./credentialless/resources/common.js
      5 // META: script=./resources/common.js
      6 
      7 const cors_coep_headers = coep_require_corp + corp_cross_origin;
      8 const same_origin = get_host_info().HTTPS_ORIGIN;
      9 const cross_origin = get_host_info().HTTPS_REMOTE_ORIGIN;
     10 const dedicatedWorkerPostMessage = `
     11  self.addEventListener('message', (e) => {
     12    e.data.port.postMessage(self.crossOriginIsolated);
     13  });
     14 `;
     15 
     16 const postMessageIsWorkerCrossOriginIsolated = async (
     17  test,
     18  frame,
     19  worker_url
     20 ) => {
     21  const worker = new frame.contentWindow.Worker(worker_url);
     22  const mc = new MessageChannel();
     23  worker.postMessage({port: mc.port2}, [mc.port2]);
     24  worker.onerror = test.unreached_func('cannot create dedicated worker');
     25  return (await new Promise(r => mc.port1.onmessage = r)).data;
     26 }
     27 
     28 const isDataDedicatedWorkerCrossOriginIsolated = async (
     29  test,
     30  parent_headers
     31 ) => {
     32  const [future_child, future_error] =
     33    await createIsolatedFrame('', parent_headers);
     34  future_error.then(test.unreached_func('cannot create isolated iframe'));
     35 
     36  const child = await future_child;
     37  add_completion_callback(() => child.remove());
     38 
     39  const worker_url =
     40    `data:application/javascript;base64,${btoa(dedicatedWorkerPostMessage)}`;
     41  return postMessageIsWorkerCrossOriginIsolated(test, child, worker_url);
     42 }
     43 
     44 const isBlobURLDedicatedWorkerCrossOriginIsolated = async(
     45  test,
     46  parent_headers
     47 ) => {
     48  const [future_child, future_error] =
     49    await createIsolatedFrame("", parent_headers);
     50  future_error.then(test.unreached_func('cannot create isolated iframe'));
     51 
     52  const child = await future_child;
     53  add_completion_callback(() => child.remove());
     54 
     55  const blob =
     56    new Blob([dedicatedWorkerPostMessage], {type: 'text/plaintext'});
     57  const workerURL = URL.createObjectURL(blob);
     58  return postMessageIsWorkerCrossOriginIsolated(test, child, workerURL)
     59 }
     60 
     61 const isHTTPSDedicatedWorkerCrossOriginIsolated = async(
     62  test,
     63  parent_headers
     64 ) => {
     65  const [future_child, future_error] =
     66    await createIsolatedFrame("", parent_headers);
     67  future_error.then(test.unreached_func('cannot create isolated iframe'));
     68 
     69  const child = await future_child;
     70  add_completion_callback(() => child.remove());
     71 
     72  const worker_token = token();
     73  const workerURL =
     74    `${executor_worker_path}${cors_coep_headers}&uuid=${worker_token}`;
     75  const worker = new child.contentWindow.Worker(workerURL);
     76  return IsCrossOriginIsolated(worker_token);
     77 }
     78 
     79 const sharedWorkerIsCrossOriginIsolated = async(
     80  test,
     81  withCoopCoep
     82 ) => {
     83  const [worker, future_error] =
     84    environments.shared_worker(withCoopCoep ? cors_coep_headers : "");
     85  future_error.then(test.unreached_func('cannot create shared worker.'));
     86  return IsCrossOriginIsolated(worker);
     87 }
     88 
     89 const serviceWorkerIsCrossOriginIsolated = async(
     90  test,
     91  withCoopCoep
     92 ) => {
     93  const [worker, future_error] =
     94    environments.service_worker(withCoopCoep ? cors_coep_headers : "");
     95  future_error.then(test.unreached_func('cannot create service worker.'));
     96  return IsCrossOriginIsolated(worker);
     97 }
     98 
     99 const dedicatedWorkerIsCrossOriginIsolated = async (
    100  test,
    101  scheme,
    102  parent_permission_coi
    103 ) => {
    104  let parent_headers = cors_coep_headers;
    105  if (parent_permission_coi !== undefined) {
    106    // Escape right parenthesis in WPT cors_coep_headers:
    107    parent_permission_coi = parent_permission_coi.replace(')', '\\)');
    108    parent_headers += `|header(permissions-policy,` +
    109                      `cross-origin-isolated=${parent_permission_coi})`;
    110  }
    111  switch (scheme) {
    112    case 'https':
    113      return isHTTPSDedicatedWorkerCrossOriginIsolated(test, parent_headers);
    114    case 'data':
    115      return isDataDedicatedWorkerCrossOriginIsolated(test, parent_headers);
    116    case 'blob':
    117      return isBlobURLDedicatedWorkerCrossOriginIsolated(test, parent_headers);
    118    default:
    119      assert_unreached("wrong scheme for dedicated worker test.");
    120  }
    121 }
    122 
    123 const generate_shared_worker_test = async (withCoopCoep, expected) => {
    124  promise_test_parallel(async (test) => {
    125  const isCrossOriginIsolated =
    126    await sharedWorkerIsCrossOriginIsolated(test, withCoopCoep);
    127  assert_equals(isCrossOriginIsolated, expected)
    128  }, `shared_worker (withCoopCoep: ${withCoopCoep}) ` +
    129     `cross origin isolated permission test`);
    130 }
    131 
    132 const generate_dedicated_worker_test = async (
    133  scheme,
    134  parent_permission_coi,
    135  expected
    136 ) => {
    137  promise_test_parallel(async (test) => {
    138  const isCrossOriginIsolated =
    139    await dedicatedWorkerIsCrossOriginIsolated(test, scheme, parent_permission_coi);
    140  assert_equals(isCrossOriginIsolated, expected)
    141  }, `dedicated_worker (scheme: ${scheme}) cross origin ` +
    142     `isolated (${parent_permission_coi}) permission test`);
    143 }
    144 
    145 const generate_service_worker_test = async (withCoopCoep, expected) => {
    146  promise_test_parallel(async (test) => {
    147  const isCrossOriginIsolated =
    148    await serviceWorkerIsCrossOriginIsolated(test, withCoopCoep);
    149  assert_equals(isCrossOriginIsolated, expected)
    150  }, `service_worker (withCoopCoep: ${withCoopCoep}) ` +
    151     `cross origin isolated permission test`);
    152 }
    153 
    154 generate_shared_worker_test(false, false);
    155 generate_shared_worker_test(true, true);
    156 
    157 generate_dedicated_worker_test('https', undefined, true);
    158 generate_dedicated_worker_test('https', '*', true);
    159 generate_dedicated_worker_test('https', 'self', true);
    160 generate_dedicated_worker_test('https', '()', false);
    161 generate_dedicated_worker_test('data', undefined, false);
    162 generate_dedicated_worker_test('data', '*', false);
    163 generate_dedicated_worker_test('data', 'self', false);
    164 generate_dedicated_worker_test('blob', undefined, true);
    165 generate_dedicated_worker_test('blob', '*', true);
    166 generate_dedicated_worker_test('blob', 'self', true);
    167 generate_dedicated_worker_test('blob', '()', false);
    168 
    169 generate_service_worker_test(false, false);
    170 generate_service_worker_test(true, true);