tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

service-worker-coep-none-proxy.https.tentative.window.js (3204B)

      1 // META: script=/common/get-host-info.sub.js
      2 // META: script=/common/utils.js
      3 // META: script=/common/dispatcher/dispatcher.js
      4 // META: script=./resources/common.js
      5 // META: script=/service-workers/service-worker/resources/test-helpers.sub.js
      6 
      7 const same_origin = get_host_info().HTTPS_ORIGIN;
      8 const cross_origin = get_host_info().HTTPS_REMOTE_ORIGIN;
      9 
     10 promise_test(async test => {
     11  const this_token_1 = token();
     12  const this_token_2 = token();
     13 
     14  // Register a COEP:none ServiceWorker.
     15  const sw_token = token();
     16  const sw_url = executor_service_worker_path + coep_none + `&uuid=${sw_token}`;
     17  // Executors should be controlled by the service worker.
     18  const scope = executor_path;
     19  const sw_registration =
     20    await service_worker_unregister_and_register(test, sw_url, scope);
     21  test.add_cleanup(() => sw_registration.unregister());
     22  await wait_for_state(test, sw_registration.installing, 'activated');
     23 
     24  // Configure the ServiceWorker to proxy the fetch requests. Wait for the
     25  // worker to be installed and activated.
     26  send(sw_token, `
     27    fetchHandler = event => {
     28      if (!event.request.url.includes("/proxied"))
     29        return;
     30 
     31      send("${this_token_1}", "ServiceWorker: Proxying");
     32 
     33      // Response with a cross-origin no-cors resource.
     34      const url = "${cross_origin}" + "/common/blank.html";
     35 
     36      event.respondWith(new Promise(async resolve => {
     37        try {
     38          let response = await fetch(url, {
     39            mode: "no-cors",
     40            credentials: "include"
     41          });
     42          send("${this_token_1}", "ServiceWorker: Fetch success");
     43          resolve(response);
     44        } catch (error) {
     45          send("${this_token_1}", "ServiceWorker: Fetch failure");
     46          resolve(new Response("", {status: 400}));
     47        }
     48      }));
     49    }
     50 
     51    await clients.claim();
     52 
     53    send("${this_token_1}", serviceWorker.state);
     54  `)
     55  assert_equals(await receive(this_token_1), "activated");
     56 
     57  // Create a DIP:credentialless document.
     58  const document_token = environments["document"](dip_credentialless)[0];
     59 
     60  // The document fetches a same-origin no-cors resource. The requests needs to
     61  // be same-origin to be handled by the ServiceWorker.
     62  send(document_token, `
     63    try {
     64      const response = await fetch("/proxied", {
     65        mode: "no-cors",
     66        credentials: "include"
     67      });
     68 
     69      send("${this_token_2}", "Document: Fetch success");
     70    } catch (error) {
     71      send("${this_token_2}", "Document: Fetch error");
     72    }
     73  `);
     74 
     75  // The COEP:unsafe-none ServiceWorker is able to handle the cross-origin
     76  // no-cors request, requested with credentials.
     77  assert_equals(await receive(this_token_1), "ServiceWorker: Proxying");
     78  assert_equals(await receive(this_token_1), "ServiceWorker: Fetch success");
     79 
     80  // However, the DIP:credentialless Document is disallowed by CORP to get it.
     81  assert_equals(await receive(this_token_2), "Document: Fetch error");
     82 
     83  // test.add_cleanup doesn't allow waiting for a promise. Unregistering a
     84  // ServiceWorker is an asynchronous operation. It might not be completed on
     85  // time for the next test. Do it here for extra flakiness safety.
     86  await sw_registration.unregister()
     87 }, "COEP:unsafe-none ServiceWorker");