tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

cross-origin-create-worklet-credentials-same-origin.tentative.https.sub.html (2842B)

      1 <!doctype html>
      2 <script src="/resources/testharness.js"></script>
      3 <script src="/resources/testharnessreport.js"></script>
      4 <script src="/common/utils.js"></script>
      5 <script src="/shared-storage/resources/util.js"></script>
      6 <script src="/fenced-frame/resources/utils.js"></script>
      7 
      8 <body>
      9 <script>
     10 'use strict';
     11 
     12 async function verifyStoreCookieCrossOriginCreateWorkletSameOriginCredentials(
     13    helper_url_params, data_origin_option) {
     14  const ancestor_key = token();
     15  const crossOrigin = 'https://{{domains[www]}}:{{ports[https][0]}}';
     16  const set_cookie_url = crossOrigin + `/cookies/resources/set-cookie.py` +
     17                         `?name=key0` +
     18                         `&path=/shared-storage/`;
     19  const helper_url = crossOrigin +
     20                     `/shared-storage/resources/credentials-test-helper.py` +
     21                     helper_url_params + `&token=${ancestor_key}`;
     22 
     23  await fetch(set_cookie_url, { mode: 'no-cors', credentials: 'include' });
     24 
     25  const options = (data_origin_option === '') ? { credentials: "same-origin" }
     26        : { credentials: "same-origin", dataOrigin: data_origin_option };
     27 
     28  const worklet = await sharedStorage.createWorklet(
     29    helper_url + `&action=store-cookie`, options);
     30 
     31  const request_cookie_fetch_response =
     32    await fetch(helper_url + `&action=get-cookie`);
     33 
     34  const request_cookie_text = await request_cookie_fetch_response.text();
     35 
     36  assert_equals(request_cookie_text, "NO_COOKIE_HEADER");
     37 }
     38 
     39 promise_test(async () => {
     40  const helper_url_params =
     41      `?access_control_allow_origin_header=${window.origin}` +
     42      `&access_control_allow_credentials_header=true`;
     43 
     44  await verifyStoreCookieCrossOriginCreateWorkletSameOriginCredentials(
     45      helper_url_params, /*data_origin_option=*/'');
     46 }, 'createWorklet() with cross-origin module script, credentials "same-origin",'
     47   + 'and default data origin (context origin).');
     48 
     49 promise_test(async () => {
     50  const helper_url_params =
     51      `?access_control_allow_origin_header=${window.origin}` +
     52      `&access_control_allow_credentials_header=true`;
     53 
     54  await verifyStoreCookieCrossOriginCreateWorkletSameOriginCredentials(
     55      helper_url_params, /*data_origin_option=*/'context-origin');
     56 }, 'createWorklet() with cross-origin module script, credentials "same-origin",'
     57   + 'and "context-origin" as dataOrigin.');
     58 
     59 promise_test(async () => {
     60  const helper_url_params =
     61      `?access_control_allow_origin_header=${window.origin}` +
     62      `&access_control_allow_credentials_header=true` +
     63      `&shared_storage_cross_origin_worklet_allowed_header=?1`;
     64 
     65  await verifyStoreCookieCrossOriginCreateWorkletSameOriginCredentials(
     66      helper_url_params, /*data_origin_option=*/'script-origin');
     67 }, 'createWorklet() with cross-origin module script, credentials "same-origin",'
     68   + 'and "script-origin" as dataOrigin.');
     69 
     70 </script>
     71 </body>