tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

workerStart-tao-protected.https.html (2470B)

      1 <!DOCTYPE html>
      2 <html>
      3 <head>
      4 <meta charset="utf-8" />
      5 <title>Resource Timing - Check that workerStart is TAO protected</title>
      6 <link rel="author" title="Google" href="http://www.google.com/" />
      7 <link rel="help"
      8  href="https://www.w3.org/TR/resource-timing-2/#sec-performanceresourcetiming">
      9 <script src="/resources/testharness.js"></script>
     10 <script src="/resources/testharnessreport.js"></script>
     11 <script src="/common/get-host-info.sub.js"></script>
     12 <script src="resources/entry-invariants.js"></script>
     13 <script src="resources/resource-loaders.js"></script>
     14 </head>
     15 <body>
     16 <script>
     17 
     18 const {HTTPS_REMOTE_ORIGIN} = get_host_info();
     19 
     20 const worker_has_unregistered = new Promise(resolve => {
     21  addEventListener("message", e => {
     22    if (e.data === "unregistered") {
     23      resolve();
     24    }
     25  });
     26 });
     27 
     28 // Open window to remote origin with a SW install.
     29 let openee;
     30 const service_worker_has_installed = new Promise(resolve => {
     31  addEventListener("message", e => {
     32    if (e.data === 'installed') {
     33      resolve();
     34    }
     35  });
     36  openee = window.open(HTTPS_REMOTE_ORIGIN +
     37    "/resource-timing/resources/sw-install.html");
     38 });
     39 
     40 const load_after_sw_install = async path => {
     41  await service_worker_has_installed;
     42  return load.iframe(path);
     43 }
     44 
     45 attribute_test(load_after_sw_install,
     46  `${HTTPS_REMOTE_ORIGIN}/resource-timing/resources/green.html`,
     47  entry => {
     48    assert_equals(entry.workerStart, 0, "workerStart must be zero");
     49    invariants.assert_tao_failure_resource(entry);
     50  },
     51  "A resource from a cross-origin service worker must not expose workerStart " +
     52  "when there is a TAO failure");
     53 
     54 attribute_test(load_after_sw_install,
     55  `${HTTPS_REMOTE_ORIGIN}/resource-timing/resources/blank-with-tao.html`,
     56  entry => {
     57    assert_greater_than(entry.workerStart, 0,
     58      "workerStart must be greater than zero");
     59    // TODO(crbug.com/925239): need to add coverage for transferSize,
     60    // encoded/decodedBodySize but that's broken right now.
     61    // TODO(crbug.com/1171767): need to add coverage for SW-handled resources
     62    // that redirect. Should workerStart be non-zero if any piece of the
     63    // redirect chain is handled by a SW?
     64  },
     65  "A resource from a cross-origin service worker must expose workerStart " +
     66  "when there is a TAO match");
     67 
     68 promise_test(async () => {
     69  openee.postMessage("unregister", "*");
     70  await worker_has_unregistered;
     71  openee.close();
     72 }, "Not a test - needed to unregister the SW and close its embedder");
     73 
     74 </script>
     75 </body>
     76 </html>