requestStorageAccess-dedicated-worker.sub.https.window.js (3830B)
1 // META: script=helpers.js 2 // META: script=/cookies/resources/cookie-helper.sub.js 3 // META: script=/resources/testdriver.js 4 // META: script=/resources/testdriver-vendor.js 5 'use strict'; 6 7 (function() { 8 const altRoot = "https://{{hosts[alt][]}}:{{ports[https][0]}}"; 9 10 const responderPath = "/storage-access-api/resources/script-with-cookie-header.py?script=embedded_responder.js"; 11 const echoCookiesPath = `/storage-access-api/resources/echo-cookie-header.py`; 12 13 const altRootResponder = `${altRoot}${responderPath}`; 14 const altRootEchoCookies = `${altRoot}${echoCookiesPath}`; 15 16 async function SetUpResponderFrame(t, url) { 17 const frame = await CreateFrame(url); 18 19 await SetPermissionInFrame(frame, [{ name: 'storage-access' }, 'granted']); 20 t.add_cleanup(async () => { 21 await test_driver.delete_all_cookies(); 22 await SetPermissionInFrame(frame, [{ name: 'storage-access' }, 'prompt']); 23 await MaybeSetStorageAccess("*", "*", "allowed"); 24 }); 25 26 return frame; 27 } 28 29 promise_test(async (t) => { 30 await MaybeSetStorageAccess("*", "*", "blocked"); 31 await SetFirstPartyCookie(altRoot); 32 33 const frame = await SetUpResponderFrame(t, altRootResponder); 34 if (CanAccessCookiesViaJS()) { 35 // Nothing to test here, as cookies are not blocked in cross-site frames. 36 // See https://github.com/privacycg/storage-access/issues/162. 37 return; 38 } 39 assert_true(await RequestStorageAccessInFrame(frame), "requestStorageAccess resolves without requiring a gesture."); 40 assert_true(await FrameHasStorageAccess(frame), "frame has storage access after request."); 41 assert_true(await HasUnpartitionedCookie(frame), "frame has access to cookies after request."); 42 43 await StartDedicatedWorker(frame); 44 45 assert_true(cookieStringHasCookie("cookie", "unpartitioned", 46 await MessageWorker(frame, {command: "load"})), 47 "Worker's load was credentialed."); 48 assert_false(cookieStringHasCookie("cookie", "unpartitioned", 49 await MessageWorker(frame, {command: "fetch", url: altRootEchoCookies})), 50 "Worker's fetch is uncredentialed."); 51 }, "Workers don't inherit storage access"); 52 53 promise_test(async (t) => { 54 await MaybeSetStorageAccess("*", "*", "blocked"); 55 await SetFirstPartyCookie(altRoot); 56 57 const frame = await SetUpResponderFrame(t, altRootResponder); 58 if (CanAccessCookiesViaJS()) { 59 // Nothing to test here, as cookies are not blocked in cross-site frames. 60 return; 61 } 62 assert_false(await FrameHasStorageAccess(frame), "frame lacks storage access before request."); 63 assert_false(await HasUnpartitionedCookie(frame), "frame lacks access to cookies before request."); 64 65 await StartDedicatedWorker(frame); 66 assert_false(cookieStringHasCookie("cookie", "unpartitioned", 67 await MessageWorker(frame, {command: "load"})), 68 "Worker's load was uncredentialed."); 69 assert_false(cookieStringHasCookie("cookie", "unpartitioned", 70 await MessageWorker(frame, {command: "fetch", url: altRootEchoCookies})), 71 "Worker's first fetch is uncredentialed."); 72 73 // Since the parent document obtains storage access *after* having created 74 // the worker, this should have no effect on the worker. 75 assert_true(await RequestStorageAccessInFrame(frame), "requestStorageAccess resolves without requiring a gesture."); 76 assert_true(await FrameHasStorageAccess(frame), "frame has storage access after request."); 77 assert_true(await HasUnpartitionedCookie(frame), "frame has access to cookies after request."); 78 79 assert_false(cookieStringHasCookie("cookie", "unpartitioned", 80 await MessageWorker(frame, {command: "fetch", url: altRootEchoCookies})), 81 "Worker's second fetch is uncredentialed."); 82 }, "Workers don't observe parent's storage access"); 83 84 }());