[ tor-browser ].git.dasho

dedicated-worker-options-credentials.html (12129B)
      1 <!DOCTYPE html>
      2 <title>DedicatedWorker: WorkerOptions 'credentials'</title>
      3 <meta name="timeout" content="long">
      4 <script src="/resources/testharness.js"></script>
      5 <script src="/resources/testharnessreport.js"></script>
      6 <script src="/common/get-host-info.sub.js"></script>
      7 <script>
      8 host_info = get_host_info();
      9 
     10 // Determines the expected cookie value to be reported by a dedicated worker
     11 // based on the given option. The worker reports an empty string as the actual
     12 // cookie value if the cookie wasn't sent to the server. Otherwise, it's the
     13 // value set by the headers file:
     14 // "dedicated-worker-options-credentials.html.headers"
     15 function DetermineExpectedCookieValue(options, config) {
     16  // Valid WorkerOptions and test config checking.
     17  if (config.origin !== 'same' && config.origin !== 'remote')
     18    assert_unreached('Invalid config.origin was specified: ' + config.origin);
     19  if (options.credentials && options.credentials !== 'omit' &&
     20      options.credentials !== 'same-origin' &&
     21      options.credentials !== 'include') {
     22    assert_unreached('Invalid credentials option was specified: ' +
     23                      options.credentials);
     24  }
     25  if (options.type !== 'classic' && options.type !== 'module')
     26    assert_unreached('Invalid type option was specified: ' + options.type);
     27 
     28  if (options.type === 'classic')
     29    return (config.origin === 'same') ? '1' : '';
     30 
     31  if (options.credentials === 'omit')
     32    return '';
     33  else if (options.credentials === 'include')
     34    return '1';
     35  else
     36    return (config.origin === 'same') ? '1' : '';
     37 }
     38 
     39 // Runs a credentials test with the given WorkerOptions.
     40 //
     41 // |options| is a WorkerOptions dict.
     42 // |config| has options as follows:
     43 //
     44 //   config = {
     45 //     fetchType: 'top-level' or 'descendant-static' or 'descendant-dynamic'
     46 //     origin: 'remote' or 'same'
     47 //   };
     48 //
     49 // - |config.fetchType| indicates the type of script to load for the test.
     50 // - |config.origin| indicates same-origin-ness of the script to load.
     51 function credentials_test(options, config, description) {
     52  promise_test(async () => {
     53    let workerURL, origin = config.origin;
     54    if (config.fetchType === 'top-level') {
     55      workerURL = 'resources/postmessage-credentials.py';
     56    } else if (config.fetchType === 'descendant-static') {
     57      workerURL =
     58        `resources/static-import-${origin}-origin-credentials-checker-worker.${origin === 'same' ? '' : 'sub.'}js`;
     59    } else if (config.fetchType === 'descendant-dynamic') {
     60      workerURL =
     61        `resources/dynamic-import-${origin}-origin-credentials-checker-worker.${origin === 'same' ? '' : 'sub.'}js`;
     62    } else {
     63      assert_unreached('Invalid config.fetchType: ' + config.fetchType);
     64    }
     65 
     66    const worker = new Worker(workerURL, options);
     67 
     68    // Wait until the worker sends the actual cookie value.
     69    const msg_event = await new Promise(resolve => worker.onmessage = resolve);
     70 
     71    const expectedCookieValue = DetermineExpectedCookieValue(options, config);
     72    assert_equals(msg_event.data, expectedCookieValue);
     73  }, description);
     74 }
     75 
     76 function init() {
     77  // Same-origin cookie is set up in the .headers file in this directory.
     78  promise_test(async () => {
     79    return fetch(
     80      `${host_info.HTTP_REMOTE_ORIGIN}/cookies/resources/set-cookie.py?name=COOKIE_NAME&path=/workers/modules/`,
     81      {
     82        mode: 'no-cors',
     83        credentials: 'include'
     84      });
     85  }, 'Test initialization: setting up cross-origin cookie');
     86 }
     87 
     88 init();
     89 
     90 // Tests for module workers.
     91 
     92 credentials_test(
     93    { type: 'module' },
     94    { fetchType: 'top-level', origin: 'same' },
     95    'new Worker() with type=module and default credentials option should ' +
     96    'behave as credentials=same-origin and send the credentials');
     97 
     98 credentials_test(
     99    { credentials: 'omit', type: 'module' },
    100    { fetchType: 'top-level', origin: 'same' },
    101    'new Worker() with type=module and credentials=omit should not send the ' +
    102    'credentials');
    103 
    104 credentials_test(
    105    { credentials: 'same-origin', type: 'module' },
    106    { fetchType: 'top-level', origin: 'same' },
    107    'new Worker() with type=module and credentials=same-origin should send ' +
    108    'the credentials');
    109 
    110 credentials_test(
    111    { credentials: 'include', type: 'module' },
    112    { fetchType: 'top-level', origin: 'same' },
    113    'new Worker() with type=module and credentials=include should send the ' +
    114    'credentials');
    115 
    116 // Tests for module worker static imports.
    117 
    118 credentials_test(
    119    { type: 'module' },
    120    { fetchType: 'descendant-static', origin: 'same' },
    121    'new Worker() with type=module and default credentials option should ' +
    122    'behave as credentials=same-origin and send the credentials for ' +
    123    'same-origin static imports');
    124 
    125 credentials_test(
    126    { credentials: 'omit', type: 'module' },
    127    { fetchType: 'descendant-static', origin: 'same' },
    128    'new Worker() with type=module and credentials=omit should not send the ' +
    129    'credentials for same-origin static imports');
    130 
    131 credentials_test(
    132    { credentials: 'same-origin', type: 'module' },
    133    { fetchType: 'descendant-static', origin: 'same' },
    134    'new Worker() with type=module and credentials=same-origin should send ' +
    135    'the credentials for same-origin static imports');
    136 
    137 credentials_test(
    138    { credentials: 'include', type: 'module' },
    139    { fetchType: 'descendant-static', origin: 'same' },
    140    'new Worker() with type=module and credentials=include should send the ' +
    141    'credentials for same-origin static imports');
    142 
    143 credentials_test(
    144    { type: 'module' },
    145    { fetchType: 'descendant-static', origin: 'remote' },
    146    'new Worker() with type=module and default credentials option should ' +
    147    'behave as credentials=same-origin and not send the credentials for ' +
    148    'cross-origin static imports');
    149 
    150 credentials_test(
    151    { credentials: 'omit', type: 'module' },
    152    { fetchType: 'descendant-static', origin: 'remote' },
    153    'new Worker() with type-module credentials=omit should not send the ' +
    154    'credentials for cross-origin static imports');
    155 
    156 credentials_test(
    157    { credentials: 'same-origin', type: 'module' },
    158    { fetchType: 'descendant-static', origin: 'remote' },
    159    'new Worker() with type=module and credentials=same-origin should not ' +
    160    'send the credentials for cross-origin static imports');
    161 
    162 credentials_test(
    163    { credentials: 'include', type: 'module' },
    164    { fetchType: 'descendant-static', origin: 'remote' },
    165    'new Worker() with type=module and credentials=include should send the ' +
    166    'credentials for cross-origin static imports');
    167 
    168 // Tests for module worker dynamic imports.
    169 
    170 credentials_test(
    171    { type: 'module' },
    172    { fetchType: 'descendant-dynamic', origin: 'same' },
    173    'new Worker() with type=module and default credentials option should ' +
    174    'behave as credentials=same-origin and send the credentials for ' +
    175    'same-origin dynamic imports');
    176 
    177 credentials_test(
    178    { credentials: 'omit', type: 'module' },
    179    { fetchType: 'descendant-dynamic', origin: 'same' },
    180    'new Worker() with type=module and credentials=omit should not send the ' +
    181    'credentials for same-origin dynamic imports');
    182 
    183 credentials_test(
    184    { credentials: 'same-origin', type: 'module' },
    185    { fetchType: 'descendant-dynamic', origin: 'same' },
    186    'new Worker() with type=module and credentials=same-origin should send ' +
    187    'the credentials for same-origin dynamic imports');
    188 
    189 credentials_test(
    190    { credentials: 'include', type: 'module' },
    191    { fetchType: 'descendant-dynamic', origin: 'same' },
    192    'new Worker() with type=module and credentials=include should send the ' +
    193    'credentials for same-origin dynamic imports');
    194 
    195 credentials_test(
    196    { type: 'module'},
    197    { fetchType: 'descendant-dynamic', origin: 'remote' },
    198    'new Worker() with type=module and default credentials option should ' +
    199    'behave as credentials=same-origin and not send the credentials for ' +
    200    'cross-origin dynamic imports');
    201 
    202 credentials_test(
    203    { credentials: 'omit', type: 'module' },
    204    { fetchType: 'descendant-dynamic', origin: 'remote' },
    205    'new Worker() with type-module credentials=omit should not send the ' +
    206    'credentials for cross-origin dynamic imports');
    207 
    208 credentials_test(
    209    { credentials: 'same-origin', type: 'module' },
    210    { fetchType: 'descendant-dynamic', origin: 'remote' },
    211    'new Worker() with type=module and credentials=same-origin should not ' +
    212    'send the credentials for cross-origin dynamic imports');
    213 
    214 credentials_test(
    215    { credentials: 'include', type: 'module' },
    216    { fetchType: 'descendant-dynamic', origin: 'remote' },
    217    'new Worker() with type=module and credentials=include should send the ' +
    218    'credentials for cross-origin dynamic imports');
    219 
    220 // Tests for classic workers.
    221 // TODO(domfarolino): Maybe move classic worker tests up a directory?
    222 
    223 credentials_test(
    224    { type: 'classic' },
    225    { fetchType: 'top-level', origin: 'same' },
    226    'new Worker() with type=classic should always send the credentials ' +
    227    'regardless of the credentials option (default).');
    228 
    229 credentials_test(
    230    { credentials: 'omit', type: 'classic' },
    231    { fetchType: 'top-level', origin: 'same' },
    232    'new Worker() with type=classic should always send the credentials ' +
    233    'regardless of the credentials option (omit).');
    234 
    235 credentials_test(
    236    { credentials: 'same-origin', type: 'classic' },
    237    { fetchType: 'top-level', origin: 'same' },
    238    'new Worker() with type=classic should always send the credentials ' +
    239    'regardless of the credentials option (same-origin).');
    240 
    241 credentials_test(
    242    { credentials: 'include', type: 'classic' },
    243    { fetchType: 'top-level', origin: 'same' },
    244    'new Worker() with type=classic should always send the credentials ' +
    245    'regardless of the credentials option (include).');
    246 
    247 // Tests for classic worker dynamic imports.
    248 
    249 credentials_test(
    250    { type: 'classic' },
    251    { fetchType: 'descendant-dynamic', origin: 'same' },
    252    'new Worker() with type=classic should always send the credentials for ' +
    253    'same-origin dynamic imports regardless of the credentials option ' +
    254    '(default).');
    255 
    256 credentials_test(
    257    { credentials: 'omit', type: 'classic' },
    258    { fetchType: 'descendant-dynamic', origin: 'same' },
    259    'new Worker() with type=classic should always send the credentials for ' +
    260    'same-origin dynamic imports regardless of the credentials option (omit).');
    261 
    262 credentials_test(
    263    { credentials: 'same-origin', type: 'classic' },
    264    { fetchType: 'descendant-dynamic', origin: 'same' },
    265    'new Worker() with type=classic should always send the credentials for ' +
    266    'same-origin dynamic imports regardless of the credentials option ' +
    267    '(same-origin).');
    268 
    269 credentials_test(
    270    { credentials: 'include', type: 'classic' },
    271    { fetchType: 'descendant-dynamic', origin: 'same' },
    272    'new Worker() with type=classic should always send the credentials for ' +
    273    'same-origin dynamic imports regardless of the credentials option ' +
    274    '(include).');
    275 
    276 credentials_test(
    277    { type: 'classic' },
    278    { fetchType: 'descendant-dynamic', origin: 'remote' },
    279    'new Worker() with type=classic should never send the credentials for ' +
    280    'cross-origin dynamic imports regardless of the credentials option ' +
    281    '(default).');
    282 
    283 credentials_test(
    284    { credentials: 'omit', type: 'classic' },
    285    { fetchType: 'descendant-dynamic', origin: 'remote' },
    286    'new Worker() with type=classic should never send the credentials for ' +
    287    'cross-origin dynamic imports regardless of the credentials option ' +
    288    '(omit).');
    289 
    290 credentials_test(
    291    { credentials: 'same-origin', type: 'classic' },
    292    { fetchType: 'descendant-dynamic', origin: 'remote' },
    293    'new Worker() with type=classic should never send the credentials for ' +
    294    'cross-origin dynamic imports regardless of the credentials option ' +
    295    '(same-origin).');
    296 
    297 credentials_test(
    298    { credentials: 'include', type: 'classic' },
    299    { fetchType: 'descendant-dynamic', origin: 'remote' },
    300    'new Worker() with type=classic should never send the credentials for ' +
    301    'cross-origin dynamic imports regardless of the credentials option ' +
    302    '(include).');
    303 
    304 </script>
	tor-browser The Tor Browser
	git clone https://git.dasho.dev/tor-browser.git
	Log \| Files \| Refs \| README \| LICENSE