[ tor-browser ].git.dasho

shared-worker-options-credentials.html (12580B)
      1 <!DOCTYPE html>
      2 <title>SharedWorker: WorkerOptions 'credentials'</title>
      3 <meta name="timeout" content="long">
      4 <script src="/resources/testharness.js"></script>
      5 <script src="/resources/testharnessreport.js"></script>
      6 <script src="/common/get-host-info.sub.js"></script>
      7 <script>
      8 host_info = get_host_info();
      9 
     10 // Determines the expected cookie value to be reported by a shared worker
     11 // based on the given option. The worker reports an empty string as the actual
     12 // cookie value if the cookie wasn't sent to the server. Otherwise, it's the
     13 // value set by the headers file:
     14 // "shared-worker-options-credentials.html.headers"
     15 function DetermineExpectedCookieValue(options, config) {
     16  // Valid WorkerOptions and test config checking.
     17  if (config.origin !== 'same' && config.origin !== 'remote')
     18    assert_unreached('Invalid config.origin was specified: ' + config.origin);
     19  if (options.credentials && options.credentials !== 'omit' &&
     20      options.credentials !== 'same-origin' &&
     21      options.credentials !== 'include') {
     22    assert_unreached('Invalid credentials option was specified: ' +
     23                      options.credentials);
     24  }
     25  if (options.type !== 'classic' && options.type !== 'module')
     26    assert_unreached('Invalid type option was specified: ' + options.type);
     27 
     28  if (options.type === 'classic')
     29    return (config.origin === 'same') ? '1' : '';
     30 
     31  if (options.credentials === 'omit')
     32    return '';
     33  else if (options.credentials === 'include')
     34    return '1';
     35  else
     36    return (config.origin === 'same') ? '1' : '';
     37 }
     38 
     39 // Runs a credentials test with the given WorkerOptions.
     40 //
     41 // |options| is a WorkerOptions dict.
     42 // |config| has options as follows:
     43 //
     44 //   config = {
     45 //     fetchType: 'top-level' or 'descendant-static' or 'descendant-dynamic'
     46 //     origin: 'remote' or 'same'
     47 //   };
     48 //
     49 // - |config.fetchType| indicates the type of script to load for the test.
     50 // - |config.origin| indicates same-origin-ness of the script to load.
     51 function credentials_test(options, config, description) {
     52  promise_test(async () => {
     53    let workerURL, origin = config.origin;
     54    if (config.fetchType === 'top-level') {
     55      workerURL = 'resources/postmessage-credentials.py';
     56    } else if (config.fetchType === 'descendant-static') {
     57      workerURL =
     58        `resources/static-import-${origin}-origin-credentials-checker-worker.${origin === 'same' ? '' : 'sub.'}js`;
     59    } else if (config.fetchType === 'descendant-dynamic') {
     60      workerURL =
     61        `resources/dynamic-import-${origin}-origin-credentials-checker-worker.${origin === 'same' ? '' : 'sub.'}js`;
     62    } else {
     63      assert_unreached('Invalid config.fetchType: ' + config.fetchType);
     64    }
     65 
     66    // Name idetically for each test cases so that it connects to the shared
     67    // worker with specified type and credentials.
     68    options.name = `${options.type}_${options.credentials || 'default'}_${config.fetchType}_${config.origin}`;
     69 
     70    const worker = new SharedWorker(workerURL, options);
     71 
     72    // Wait until the worker sends the actual cookie value.
     73    const msg_event = await new Promise(resolve => worker.port.onmessage = resolve);
     74 
     75    const expectedCookieValue = DetermineExpectedCookieValue(options, config);
     76    assert_equals(msg_event.data, expectedCookieValue);
     77  }, description);
     78 }
     79 
     80 function init() {
     81  // Same-origin cookie is set up in the .headers file in this directory.
     82  promise_test(async () => {
     83    return fetch(
     84      `${host_info.HTTP_REMOTE_ORIGIN}/cookies/resources/set-cookie.py?name=COOKIE_NAME&path=/workers/modules/`,
     85      {
     86        mode: 'no-cors',
     87        credentials: 'include'
     88      });
     89  }, 'Test initialization: setting up cross-origin cookie');
     90 }
     91 
     92 init();
     93 
     94 // Tests for module workers.
     95 
     96 credentials_test(
     97    { type: 'module' },
     98    { fetchType: 'top-level', origin: 'same' },
     99    'new SharedWorker() with type=module and default credentials option ' +
    100    'should behave as credentials=same-origin and send the credentials');
    101 
    102 credentials_test(
    103    { credentials: 'omit', type: 'module' },
    104    { fetchType: 'top-level', origin: 'same' },
    105    'new SharedWorker() with type=module and credentials=omit should not ' +
    106    'send the credentials');
    107 
    108 credentials_test(
    109    { credentials: 'same-origin', type: 'module' },
    110    { fetchType: 'top-level', origin: 'same' },
    111    'new SharedWorker() with type=module and credentials=same-origin should ' +
    112    'send the credentials');
    113 
    114 credentials_test(
    115    { credentials: 'include', type: 'module' },
    116    { fetchType: 'top-level', origin: 'same' },
    117    'new SharedWorker() with type=module and credentials=include should send ' +
    118    'the credentials');
    119 
    120 // Tests for module worker static imports.
    121 
    122 credentials_test(
    123    { type: 'module' },
    124    { fetchType: 'descendant-static', origin: 'same' },
    125    'new SharedWorker() with type=module and default credentials option ' +
    126    'should behave as credentials=same-origin and send the credentials for ' +
    127    'same-origin static imports');
    128 
    129 credentials_test(
    130    { credentials: 'omit', type: 'module' },
    131    { fetchType: 'descendant-static', origin: 'same' },
    132    'new SharedWorker() with type=module and credentials=omit should not ' +
    133    'send the credentials for same-origin static imports');
    134 
    135 credentials_test(
    136    { credentials: 'same-origin', type: 'module' },
    137    { fetchType: 'descendant-static', origin: 'same' },
    138    'new SharedWorker() with type=module and credentials=same-origin should ' +
    139    'send the credentials for same-origin static imports');
    140 
    141 credentials_test(
    142    { credentials: 'include', type: 'module' },
    143    { fetchType: 'descendant-static', origin: 'same' },
    144    'new SharedWorker() with type=module and credentials=include should send ' +
    145    'the credentials for same-origin static imports');
    146 
    147 credentials_test(
    148    { type: 'module' },
    149    { fetchType: 'descendant-static', origin: 'remote' },
    150    'new SharedWorker() with type=module and default credentials option ' +
    151    'should behave as credentials=same-origin and not send the credentials ' +
    152    'for cross-origin static imports');
    153 
    154 credentials_test(
    155    { credentials: 'omit', type: 'module' },
    156    { fetchType: 'descendant-static', origin: 'remote' },
    157    'new SharedWorker() with type=module and credentials=omit should not ' +
    158    'send the credentials for cross-origin static imports');
    159 
    160 credentials_test(
    161    { credentials: 'same-origin', type: 'module' },
    162    { fetchType: 'descendant-static', origin: 'remote' },
    163    'new SharedWorker() with type=module and credentials=same-origin should ' +
    164    'not send the credentials for cross-origin static imports');
    165 
    166 credentials_test(
    167    { credentials: 'include', type: 'module' },
    168    { fetchType: 'descendant-static', origin: 'remote' },
    169    'new SharedWorker() with type=module and credentials=include should send ' +
    170    'the credentials for cross-origin static imports');
    171 
    172 // Tests for module worker dynamic imports.
    173 
    174 credentials_test(
    175    { type: 'module' },
    176    { fetchType: 'descendant-dynamic', origin: 'same' },
    177    'new SharedWorker() with type=module and default credentials option ' +
    178    'should behave as credentials=same-origin and send the credentials for ' +
    179    'same-origin dynamic imports');
    180 
    181 credentials_test(
    182    { credentials: 'omit', type: 'module' },
    183    { fetchType: 'descendant-dynamic', origin: 'same' },
    184    'new SharedWorker() with type=module and credentials=omit should not ' +
    185    'send the credentials for same-origin dynamic imports');
    186 
    187 credentials_test(
    188    { credentials: 'same-origin', type: 'module' },
    189    { fetchType: 'descendant-dynamic', origin: 'same' },
    190    'new SharedWorker() with type=module and credentials=same-origin should ' +
    191    'send the credentials for same-origin dynamic imports');
    192 
    193 credentials_test(
    194    { credentials: 'include', type: 'module' },
    195    { fetchType: 'descendant-dynamic', origin: 'same' },
    196    'new SharedWorker() with type=module and credentials=include should send ' +
    197    'the credentials for same-origin dynamic imports');
    198 
    199 credentials_test(
    200    { type: 'module'},
    201    { fetchType: 'descendant-dynamic', origin: 'remote' },
    202    'new SharedWorker() with type=module and default credentials option ' +
    203    'should behave as credentials=same-origin and not send the credentials ' +
    204    'for cross-origin dynamic imports');
    205 
    206 credentials_test(
    207    { credentials: 'omit', type: 'module' },
    208    { fetchType: 'descendant-dynamic', origin: 'remote' },
    209    'new SharedWorker() with type=module and credentials=omit should not ' +
    210    'send the credentials for cross-origin dynamic imports');
    211 
    212 credentials_test(
    213    { credentials: 'same-origin', type: 'module' },
    214    { fetchType: 'descendant-dynamic', origin: 'remote' },
    215    'new SharedWorker() with type=module and credentials=same-origin should ' +
    216    'not send the credentials for cross-origin dynamic imports');
    217 
    218 credentials_test(
    219    { credentials: 'include', type: 'module' },
    220    { fetchType: 'descendant-dynamic', origin: 'remote' },
    221    'new SharedWorker() with type=module and credentials=include should send ' +
    222    'the credentials for cross-origin dynamic imports');
    223 
    224 // Tests for classic workers.
    225 // TODO(domfarolino): Maybe move classic worker tests up a directory?
    226 
    227 credentials_test(
    228    { type: 'classic' },
    229    { fetchType: 'top-level', origin: 'same' },
    230    'new SharedWorker() with type=classic should always send the credentials ' +
    231    'regardless of the credentials option (default).');
    232 
    233 credentials_test(
    234    { credentials: 'omit', type: 'classic' },
    235    { fetchType: 'top-level', origin: 'same' },
    236    'new SharedWorker() with type=classic should always send the credentials ' +
    237    'regardless of the credentials option (omit).');
    238 
    239 credentials_test(
    240    { credentials: 'same-origin', type: 'classic' },
    241    { fetchType: 'top-level', origin: 'same' },
    242    'new SharedWorker() with type=classic should always send the credentials ' +
    243    'regardless of the credentials option (same-origin).');
    244 
    245 credentials_test(
    246    { credentials: 'include', type: 'classic' },
    247    { fetchType: 'top-level', origin: 'same' },
    248    'new SharedWorker() with type=classic should always send the credentials ' +
    249    'regardless of the credentials option (include).');
    250 
    251 // Tests for classic worker dynamic imports.
    252 
    253 credentials_test(
    254    { type: 'classic' },
    255    { fetchType: 'descendant-dynamic', origin: 'same' },
    256    'new SharedWorker() with type=classic should always send the credentials ' +
    257    'for same-origin dynamic imports regardless of the credentials option ' +
    258    '(default).');
    259 
    260 credentials_test(
    261    { credentials: 'omit', type: 'classic' },
    262    { fetchType: 'descendant-dynamic', origin: 'same' },
    263    'new SharedWorker() with type=classic should always send the credentials ' +
    264    'for same-origin dynamic imports regardless of the credentials option ' +
    265    '(omit).');
    266 
    267 credentials_test(
    268    { credentials: 'same-origin', type: 'classic' },
    269    { fetchType: 'descendant-dynamic', origin: 'same' },
    270    'new SharedWorker() with type=classic should always send the credentials ' +
    271    'for same-origin dynamic imports regardless of the credentials option ' +
    272    '(same-origin).');
    273 
    274 credentials_test(
    275    { credentials: 'include', type: 'classic' },
    276    { fetchType: 'descendant-dynamic', origin: 'same' },
    277    'new SharedWorker() with type=classic should always send the credentials ' +
    278    'for same-origin dynamic imports regardless of the credentials option ' +
    279    '(include).');
    280 
    281 credentials_test(
    282    { type: 'classic' },
    283    { fetchType: 'descendant-dynamic', origin: 'remote' },
    284    'new SharedWorker() with type=classic should never send the credentials ' +
    285    'for cross-origin dynamic imports regardless of the credentials option ' +
    286    '(default).');
    287 
    288 credentials_test(
    289    { credentials: 'omit', type: 'classic' },
    290    { fetchType: 'descendant-dynamic', origin: 'remote' },
    291    'new SharedWorker() with type=classic should never send the credentials ' +
    292    'for cross-origin dynamic imports regardless of the credentials option ' +
    293    '(omit).');
    294 
    295 credentials_test(
    296    { credentials: 'same-origin', type: 'classic' },
    297    { fetchType: 'descendant-dynamic', origin: 'remote' },
    298    'new SharedWorker() with type=classic should never send the credentials ' +
    299    'for cross-origin dynamic imports regardless of the credentials option ' +
    300    '(same-origin).');
    301 
    302 credentials_test(
    303    { credentials: 'include', type: 'classic' },
    304    { fetchType: 'descendant-dynamic', origin: 'remote' },
    305    'new SharedWorker() with type=classic should never send the credentials ' +
    306    'for cross-origin dynamic imports regardless of the credentials option ' +
    307    '(include).');
    308 
    309 </script>
	tor-browser The Tor Browser
	git clone https://git.dasho.dev/tor-browser.git
	Log \| Files \| Refs \| README \| LICENSE