shared-workers.https.html (6821B)
1 <!doctype html> 2 <html> 3 <meta charset="utf-8"> 4 <title>COEP - policy derivation for Shared Workers</title> 5 <script src="/resources/testharness.js"></script> 6 <script src="/resources/testharnessreport.js"></script> 7 <script src="/common/get-host-info.sub.js"></script> 8 <script src="resources/worker-support.js"></script> 9 <body> 10 <p>Verify the Cross-Origin Embedder Policy for Shared Workers by performing a 11 cross-domain "fetch" request for a resource that does not specify a COEP. Only 12 Shared Workers with the default COEP should be able to successfully perform 13 this operation.</p> 14 <script> 15 'use strict'; 16 17 const testUrl = resolveUrl("resources/empty-coep.py", { 18 host: get_host_info().REMOTE_HOST, 19 }).href; 20 21 function makeWorkerUrl(options) { 22 return resolveUrl("resources/shared-worker-fetch.js.py", options); 23 } 24 25 /** 26 * Create a Shared Worker within an iframe 27 * 28 * @param {object} t - a testharness.js subtest instance (used to reset global 29 * state) 30 * @param {string} url - the URL from which the Shared Worker should be 31 * created 32 * @param {string} options.ownerCoep - the Cross-Origin Embedder Policy of the 33 iframe 34 */ 35 async function createWorker(t, url, options) { 36 const { ownerCoep } = options || {}; 37 const frameUrl = resolveUrl("/common/blank.html", { coep: ownerCoep }); 38 39 const iframe = await withIframe(t, frameUrl); 40 41 const sw = new iframe.contentWindow.SharedWorker(url); 42 sw.onerror = t.unreached_func('SharedWorker.onerror should not be called'); 43 44 await new Promise((resolve) => { 45 sw.port.addEventListener('message', resolve, { once: true }); 46 sw.port.start(); 47 }); 48 49 return sw; 50 } 51 52 /** 53 * Instruct a Shared Worker to fetch from a specified URL and report on the 54 * success of the operation. 55 * 56 * @param {SharedWorker} worker 57 * @param {string} url - the URL that the worker should fetch 58 */ 59 function fetchFromWorker(worker, url) { 60 return new Promise((resolve) => { 61 worker.port.postMessage(url); 62 worker.port.addEventListener( 63 'message', (event) => resolve(event.data), { once: true } 64 ); 65 }); 66 }; 67 68 promise_test(async (t) => { 69 const worker = await createWorker(t, makeWorkerUrl()); 70 const result = await fetchFromWorker(worker, testUrl); 71 assert_equals(result, 'success'); 72 }, 'default policy (derived from response)'); 73 74 promise_test(async (t) => { 75 const worker = await createWorker(t, makeWorkerUrl({ coep: 'require-corp' })); 76 const result = await fetchFromWorker(worker, testUrl); 77 assert_equals(result, 'failure'); 78 }, '"require-corp" (derived from response)'); 79 80 promise_test(async (t) => { 81 const blobUrl = await createLocalUrl(t, { 82 url: makeWorkerUrl(), 83 scheme: "blob", 84 }); 85 86 const workers = await Promise.all([ 87 createWorker(t, blobUrl), 88 createWorker(t, blobUrl), 89 createWorker(t, blobUrl), 90 ]); 91 92 const result = await fetchFromWorker(workers[0], testUrl); 93 assert_equals(result, 'success'); 94 }, 'default policy (derived from owner set due to use of local scheme - blob URL)'); 95 96 promise_test(async (t) => { 97 const blobUrl = await createLocalUrl(t, { 98 url: makeWorkerUrl(), 99 creatorCoep: "require-corp", 100 scheme: "blob", 101 }); 102 103 const workers = await Promise.all([ 104 createWorker(t, blobUrl), 105 createWorker(t, blobUrl), 106 createWorker(t, blobUrl), 107 ]); 108 109 const result = await fetchFromWorker(workers[0], testUrl); 110 assert_equals(result, 'failure'); 111 }, 'require-corp (derived from blob URL creator)'); 112 113 promise_test(async (t) => { 114 const blobUrl = await createLocalUrl(t, { 115 url: makeWorkerUrl(), 116 scheme: "blob", 117 }); 118 119 const workers = await Promise.all([ 120 createWorker(t, blobUrl), 121 createWorker(t, blobUrl, { ownerCoep: 'require-corp' }), 122 createWorker(t, blobUrl), 123 ]); 124 125 const result = await fetchFromWorker(workers[0], testUrl); 126 assert_equals(result, 'failure'); 127 }, '"require-corp" (derived from owner set due to use of local scheme - blob URL)'); 128 129 promise_test(async (t) => { 130 const dataUrl = await createLocalUrl(t, { 131 url: makeWorkerUrl(), 132 scheme: "data", 133 }); 134 135 const workers = await Promise.all([ 136 createWorker(t, dataUrl), 137 createWorker(t, dataUrl), 138 createWorker(t, dataUrl), 139 ]); 140 141 const result = await fetchFromWorker(workers[0], testUrl); 142 assert_equals(result, 'success'); 143 }, 'default policy (derived from owner set due to use of local scheme - data URL)'); 144 145 promise_test(async (t) => { 146 const dataUrl = await createLocalUrl(t, { 147 url: makeWorkerUrl(), 148 creatorCoep: "require-corp", 149 scheme: "data", 150 }); 151 152 const workers = await Promise.all([ 153 createWorker(t, dataUrl), 154 createWorker(t, dataUrl), 155 createWorker(t, dataUrl), 156 ]); 157 158 const result = await fetchFromWorker(workers[0], testUrl); 159 assert_equals(result, 'success'); 160 }, 'default policy (not derived from data URL creator)'); 161 162 promise_test(async (t) => { 163 const dataUrl = await createLocalUrl(t, { 164 url: makeWorkerUrl(), 165 scheme: "data", 166 }); 167 168 const workers = await Promise.all([ 169 createWorker(t, dataUrl), 170 createWorker(t, dataUrl, { ownercoep: 'require-corp' }), 171 createWorker(t, dataUrl), 172 ]); 173 174 const result = await fetchFromWorker(workers[0], testUrl); 175 assert_equals(result, 'failure'); 176 }, '"require-corp" (derived from owner set due to use of local scheme - data URL)'); 177 178 promise_test(async (t) => { 179 const filesystemUrl = await createLocalUrl(t, { 180 url: makeWorkerUrl(), 181 scheme: "filesystem", 182 }); 183 184 const workers = await Promise.all([ 185 createWorker(t, filesystemUrl), 186 createWorker(t, filesystemUrl), 187 createWorker(t, filesystemUrl), 188 ]); 189 190 const result = await fetchFromWorker(workers[0], testUrl); 191 assert_equals(result, 'success'); 192 }, 'default policy (derived from owner set due to use of local scheme - filesystem URL)'); 193 194 promise_test(async (t) => { 195 const filesystemUrl = await createLocalUrl(t, { 196 url: makeWorkerUrl(), 197 creatorCoep: "require-corp", 198 scheme: "filesystem", 199 }); 200 201 const workers = await Promise.all([ 202 createWorker(t, filesystemUrl), 203 createWorker(t, filesystemUrl), 204 createWorker(t, filesystemUrl), 205 ]); 206 207 const result = await fetchFromWorker(workers[0], testUrl); 208 assert_equals(result, 'failure'); 209 }, 'require-corp (derived from filesystem URL creator)'); 210 211 promise_test(async (t) => { 212 const filesystemUrl = await createLocalUrl(t, { 213 url: makeWorkerUrl(), 214 scheme: "filesystem", 215 }); 216 217 const workers = await Promise.all([ 218 createWorker(t, filesystemUrl), 219 createWorker(t, filesystemUrl, { ownerCoep: 'require-corp' }), 220 createWorker(t, filesystemUrl), 221 ]); 222 223 const result = await fetchFromWorker(workers[0], testUrl); 224 assert_equals(result, 'failure'); 225 }, '"require-corp" (derived from owner set due to use of local scheme - filesystem URL)'); 226 </script> 227 </body> 228 </html>