credentialless-service-worker.https.tentative.window.js (4105B)
1 // META: timeout=long 2 // META: script=/common/get-host-info.sub.js 3 // META: script=/common/utils.js 4 // META: script=/common/dispatcher/dispatcher.js 5 // META: script=/service-workers/service-worker/resources/test-helpers.sub.js 6 // META: script=./resources/common.js 7 8 const same_origin = get_host_info().HTTPS_ORIGIN; 9 const cross_origin = get_host_info().HTTPS_REMOTE_ORIGIN; 10 const cookie_key = "credentialless_service_worker"; 11 const cookie_same_origin = "same_origin"; 12 const cookie_cross_origin = "cross_origin"; 13 14 promise_test(async t => { 15 await Promise.all([ 16 setCookie(same_origin, cookie_key, cookie_same_origin + 17 cookie_same_site_none), 18 setCookie(cross_origin, cookie_key, cookie_cross_origin + 19 cookie_same_site_none), 20 ]); 21 22 // One iframe with DIP:none. (control) 23 const w_control_token = token(); 24 const w_control_url = same_origin + executor_path + 25 dip_none + `&uuid=${w_control_token}` 26 const w_control = document.createElement("iframe"); 27 w_control.src = w_control_url; 28 document.body.appendChild(w_control); 29 30 // One iframe with DIP:credentialless. (experiment) 31 const w_credentialless_token = token(); 32 const w_credentialless_url = same_origin + executor_path + 33 dip_credentialless + `&uuid=${w_credentialless_token}`; 34 const w_credentialless = document.createElement("iframe"); 35 w_credentialless.src = w_credentialless_url; 36 document.body.appendChild(w_credentialless); 37 38 const serviceWorkerTest = function( 39 description, origin, dip_for_worker, 40 expected_cookies_control, 41 expected_cookies_credentialless) 42 { 43 promise_test(async test => { 44 // Create workers for both window. 45 const control_worker_token = token(); 46 const credentialless_worker_token = token(); 47 48 const w_control_worker_src = same_origin + executor_worker_path + 49 dip_for_worker + `&uuid=${control_worker_token}`; 50 const w_control_worker_reg = 51 await service_worker_unregister_and_register( 52 test, w_control_worker_src, w_control_url); 53 54 const w_credentialless_worker_src = same_origin + executor_worker_path + 55 dip_for_worker + `&uuid=${credentialless_worker_token}`; 56 const w_credentialless_worker_reg = 57 await service_worker_unregister_and_register( 58 test, w_credentialless_worker_src, w_credentialless_url); 59 60 // Fetch resources from the workers. 61 const control_request_token = token(); 62 const credentialless_request_token = token(); 63 const control_request_url = showRequestHeaders(origin, control_request_token); 64 const credentialless_request_url = showRequestHeaders(origin, credentialless_request_token); 65 send(control_worker_token, ` 66 fetch("${control_request_url}", { 67 mode: 'no-cors', 68 credentials: 'include' 69 }) 70 `); 71 send(credentialless_worker_token, ` 72 fetch("${credentialless_request_url}", { 73 mode: 'no-cors', 74 credentials: 'include' 75 }) 76 `); 77 78 // Retrieve the resource request headers. 79 const headers_control = JSON.parse(await receive(control_request_token)); 80 const headers_credentialless = JSON.parse(await receive(credentialless_request_token)); 81 82 assert_equals(parseCookies(headers_control)[cookie_key], 83 expected_cookies_control, 84 "dip:none => "); 85 assert_equals(parseCookies(headers_credentialless)[cookie_key], 86 expected_cookies_credentialless, 87 "dip:credentialless => "); 88 89 w_control_worker_reg.unregister(); 90 w_credentialless_worker_reg.unregister(); 91 }, `fetch ${description}`) 92 }; 93 94 serviceWorkerTest("same-origin", 95 same_origin, dip_none, 96 cookie_same_origin, 97 cookie_same_origin); 98 99 serviceWorkerTest("same-origin + credentialless worker", 100 same_origin, dip_credentialless, 101 cookie_same_origin, 102 cookie_same_origin); 103 104 serviceWorkerTest("cross-origin", 105 cross_origin, dip_none, 106 cookie_cross_origin, 107 cookie_cross_origin); 108 109 serviceWorkerTest("cross-origin + credentialless worker", 110 cross_origin, dip_credentialless, 111 undefined, 112 undefined); 113 })