basic-dedicated-worker.html (3631B)
1 <!doctype html> 2 <html> 3 <head> 4 <meta charset=utf-8> 5 <title>Test WorkerGlobalScope.isSecureContext for HTTP creator</title> 6 <meta name="help" href="https://w3c.github.io/webappsec-secure-contexts/#monkey-patching-global-object"> 7 <script src=/resources/testharness.js></script> 8 <script src=/resources/testharnessreport.js></script> 9 <script src="server-locations.sub.js"></script> 10 </head> 11 <body> 12 <script> 13 var t1 = async_test("HTTP worker"); 14 var t2 = async_test("HTTPS worker"); 15 var t3 = async_test("HTTP nested worker"); 16 var t4 = async_test("HTTPS nested worker"); 17 var t5 = async_test("HTTP worker from HTTPS subframe"); 18 var t6 = async_test("HTTPS worker from HTTPS subframe"); 19 var t7 = async_test("Worker from data URL"); 20 21 var w1 = new Worker(http_dir + "support/dedicated-worker-script.js"); 22 w1.onmessage = t1.step_func_done(function(e) { 23 assert_false(e.data); 24 }); 25 w1.onerror = t1.step_func_done(function(e) { 26 assert_unreached("isSecureContext should be supported"); 27 }); 28 29 try { 30 var w2 = new Worker(https_dir + "support/dedicated-worker-script.js"); 31 w2.onmessage = t2.step_func_done(function(e) { 32 assert_unreached("cross-origin workers should not be loaded"); 33 }); 34 w2.onerror = t2.step_func_done(function(e) { 35 e.preventDefault(); 36 }); 37 } catch (e) { 38 // Some browsers throw for cross-origin URLs. This violates the Worker spec, 39 // but isn't actually relevant to what we're testing here. 40 t2.done(); 41 } 42 43 var w3 = new Worker(http_dir + "support/parent-dedicated-worker-script.js"); 44 w3.onmessage = t3.step_func_done(function(e) { 45 assert_false(e.data); 46 }); 47 w3.onerror = t3.step_func_done(function(e) { 48 assert_unreached("isSecureContext should be supported"); 49 }); 50 51 try { 52 var w4 = new Worker(https_dir + "support/parent-dedicated-worker-script.js"); 53 w4.onmessage = t4.step_func_done(function(e) { 54 assert_unreached("cross-origin workers should not be loaded"); 55 }); 56 w4.onerror = t4.step_func_done(function(e) { 57 e.preventDefault(); 58 }); 59 } catch (e) { 60 // Some browsers throw for cross-origin URLs. This violates the Worker spec, 61 // but isn't actually relevant to what we're testing here. 62 t4.done(); 63 } 64 65 onmessage = function(e) { 66 var data = e.data; 67 if (data.type == "http") { 68 t5.step(function() { 69 assert_true(data.error); 70 }); 71 t5.done(); 72 } else if (data.type == "https") { 73 t6.step(function() { 74 assert_false(data.error, "error"); 75 assert_false(data.isSecureContext, "isSecureContext"); 76 }); 77 t6.done(); 78 } else { 79 t5.step(function() { 80 assert_unreached("Unknown message"); 81 }); 82 t5.done(); 83 t6.step(function() { 84 assert_unreached("Unknown message"); 85 }); 86 t6.done(); 87 } 88 } 89 90 var ifr = document.createElement("iframe"); 91 ifr.src = https_dir + "support/https-subframe-dedicated.html"; 92 document.body.appendChild(ifr); 93 94 var w7 = new Worker("data:text/javascript,postMessage(isSecureContext);"); 95 w7.onmessage = t7.step_func_done(function(e) { 96 assert_false(e.data); 97 }); 98 w7.onerror = t7.step_func_done(function(e) { 99 assert_unreached("isSecureContext should be supported"); 100 }); 101 </script> 102 </body> 103 </html>