[ tor-browser ].git.dasho

none-load-from-cache-storage.https.html (6444B)
      1 <!doctype html>
      2 <html>
      3 <title> Retrieve resources from CacheStorage with Cross-Origin-Embedder-Policy: require-corp</title>
      4 <script src="/resources/testharness.js"></script>
      5 <script src="/resources/testharnessreport.js"></script>
      6 <script src="/common/get-host-info.sub.js"></script>
      7 <script src="/service-workers/service-worker/resources/test-helpers.sub.js"></script>
      8 <script>
      9 
     10 /*
     11  This document does NOT define the Cross-Origin-Embedder-Policy header.
     12  Cross-Origin Embedder Policy Editor's draft: https://mikewest.github.io/corpp/
     13 
     14  This test is retrieving same-origin and cross-origin resources from the
     15  CacheStorage. The resources are generated from the ServiceWorker or from the
     16  network with the header Cross-Origin-Resource-Policy being one of:
     17    - 'same-origin'
     18    - 'cross-origin'
     19    - <undefined>
     20 */
     21 
     22 promise_test(async (t) => {
     23  const SCOPE = new URL(location.href).pathname;
     24  const SCRIPT =
     25    'resources/sw-store-to-cache-storage.js?' +
     26    `pipe=header(service-worker-allowed,${SCOPE})`;
     27 
     28  const reg = await service_worker_unregister_and_register(t, SCRIPT, SCOPE);
     29  add_completion_callback(() => reg.unregister());
     30  await new Promise(resolve => {
     31    navigator.serviceWorker.addEventListener('controllerchange', resolve);
     32  });
     33 }, 'setting up');
     34 
     35 function remote(path) {
     36  const REMOTE_ORIGIN = get_host_info().HTTPS_REMOTE_ORIGIN;
     37  return new URL(path, REMOTE_ORIGIN);
     38 }
     39 
     40 function local(path) {
     41  return new URL(path, location.origin);
     42 }
     43 
     44 // Send a message to the currently active ServiceWorker and wait for its
     45 // response.
     46 function executeCommandInServiceWorker(command) {
     47  return new Promise(resolve => {
     48    navigator.serviceWorker.addEventListener('message', e => resolve(e.data));
     49    navigator.serviceWorker.controller.postMessage(command);
     50  });
     51 }
     52 
     53 // Try loading an image from a |response|. Return a Promise resolving or
     54 // rejecting depending on the image loading result.
     55 const loadFailure = {name: "Image.onerror"};
     56 function readImageFromResponse(response) {
     57  return new Promise((resolve, reject) => {
     58    const img = document.createElement("img");
     59    img.onload = resolve.bind(this, "");
     60    img.onerror = reject.bind(this, loadFailure);
     61    response.blob().then(blob => {
     62      img.src = URL.createObjectURL(blob);
     63      document.body.appendChild(img);
     64    })
     65  })
     66 }
     67 
     68 const image_path = "/images/blue.png?pipe=";
     69 
     70 const corp_header = {
     71  "":"",
     72  "corp-undefined": "",
     73  "corp-same-origin": "|header(Cross-Origin-Resource-Policy,same-origin)",
     74  "corp-cross-origin": "|header(Cross-Origin-Resource-Policy,cross-origin)",
     75 }
     76 
     77 const cors_header = {
     78  "":"",
     79  "cors-disabled": "",
     80  "cors-enabled": "|header(Access-Control-Allow-Origin,*)",
     81 }
     82 
     83 function test(
     84  // Test parameters:
     85  request_source, request_origin, request_mode, response_cors, response_corp,
     86  // Test expectations:
     87  response_stored, response_type) {
     88  promise_test(async (t) => {
     89    // 0. Start from an empty CacheStorage.
     90    await caches.delete("v1");
     91 
     92    // 1. Make the ServiceWorker to request the ressource and store it into the
     93    //    CacheStorage.
     94    const path = image_path +
     95      corp_header[response_corp] +
     96      cors_header[response_cors];
     97    const url = (request_origin === "same-origin" ? local : remote)(path);
     98    const command = {
     99      url: url.href,
    100      mode: request_mode,
    101      source: request_source,
    102    };
    103 
    104    assert_equals(await executeCommandInServiceWorker(command), response_stored);
    105    if (response_stored === "not-stored") {
    106      return;
    107    }
    108 
    109    // 2. Make this document to retrieve it from the CacheStorage.
    110    const cache = await caches.open('v1');
    111    const response = await cache.match(url);
    112 
    113    assert_equals(response.type, response_type);
    114 
    115    if (request_source === "service-worker") {
    116      assert_equals("foo", await response.text());
    117      return;
    118    }
    119 
    120    // Opaque response are not readable.
    121    if (response_type === "opaque") {
    122      await promise_rejects_exactly(t, loadFailure, readImageFromResponse(response));
    123      return;
    124    }
    125 
    126    await readImageFromResponse(response);
    127  }, `Fetch ${request_origin} ${request_mode} ${response_cors} ${response_corp} from ${request_source} and CacheStorage.`)
    128 }
    129 
    130 // Responses generated from the ServiceWorker.
    131 {
    132  test("service-worker", "cross-origin", "cors", "", "", "stored", "default");
    133  test("service-worker", "cross-origin", "no-cors", "", "", "stored", "default");
    134  test("service-worker", "same-origin", "cors", "", "", "stored", "default");
    135  test("service-worker", "same-origin", "no-cors", "", "", "stored", "default");
    136 }
    137 
    138 // Responses generated from a same-origin server.
    139 {
    140  const t = test.bind(this, "network", "same-origin");
    141  t("cors", "cors-disabled", "corp-cross-origin", "stored", "basic");
    142  t("cors", "cors-disabled", "corp-same-origin", "stored", "basic");
    143  t("cors", "cors-disabled", "corp-undefined", "stored", "basic");
    144  t("cors", "cors-enabled", "corp-cross-origin", "stored", "basic");
    145  t("cors", "cors-enabled", "corp-same-origin", "stored", "basic");
    146  t("cors", "cors-enabled", "corp-undefined", "stored", "basic");
    147  t("no-cors", "cors-disabled", "corp-cross-origin", "stored", "basic");
    148  t("no-cors", "cors-disabled", "corp-same-origin", "stored", "basic");
    149  t("no-cors", "cors-disabled", "corp-undefined", "stored", "basic");
    150  t("no-cors", "cors-enabled", "corp-cross-origin", "stored", "basic");
    151  t("no-cors", "cors-enabled", "corp-same-origin", "stored", "basic");
    152  t("no-cors", "cors-enabled", "corp-undefined", "stored", "basic");
    153 }
    154 
    155 // Responses generated from a cross-origin server.
    156 {
    157  const t = test.bind(this, "network", "cross-origin");
    158  t("cors", "cors-disabled", "corp-cross-origin", "not-stored");
    159  t("cors", "cors-disabled", "corp-same-origin", "not-stored");
    160  t("cors", "cors-disabled", "corp-undefined", "not-stored");
    161  t("cors", "cors-enabled", "corp-cross-origin", "stored", "cors");
    162  t("cors", "cors-enabled", "corp-same-origin", "stored", "cors");
    163  t("cors", "cors-enabled", "corp-undefined", "stored", "cors");
    164  t("no-cors", "cors-disabled", "corp-cross-origin", "stored", "opaque");
    165  t("no-cors", "cors-disabled", "corp-same-origin", "not-stored");
    166  t("no-cors", "cors-disabled", "corp-undefined", "stored", "opaque");
    167  t("no-cors", "cors-enabled", "corp-cross-origin", "stored", "opaque");
    168  t("no-cors", "cors-enabled", "corp-same-origin", "not-stored");
    169  t("no-cors", "cors-enabled", "corp-undefined", "stored", "opaque");
    170 }
    171 
    172 </script>
    173 </html>
	tor-browser The Tor Browser
	git clone https://git.dasho.dev/tor-browser.git
	Log \| Files \| Refs \| README \| LICENSE