Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(4)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: third_party/WebKit/LayoutTests/http/tests/serviceworker/chromium/sandboxed-iframe-fetch-event.html

Issue 1745083002: CORS-RFC1918: Force preflights for external requests in DocumentThreadableLoader. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Test. Created 4 years, 7 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « third_party/WebKit/LayoutTests/http/tests/security/cors-rfc1918/resources/preflight.php ('k') | third_party/WebKit/LayoutTests/http/tests/xmlhttprequest/access-control-basic-allow-access-control-origin-header-data-url.html » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 <!DOCTYPE html> 1 <!DOCTYPE html>
2 <title>ServiceWorker FetchEvent for sandboxed iframe.</title> 2 <title>ServiceWorker FetchEvent for sandboxed iframe.</title>
3 <script src="../../resources/testharness.js"></script> 3 <script src="../../resources/testharness.js"></script>
4 <script src="../../resources/testharnessreport.js"></script> 4 <script src="../../resources/testharnessreport.js"></script>
5 <script src="../resources/test-helpers.js"></script> 5 <script src="../resources/test-helpers.js"></script>
6 <body> 6 <body>
7 <script> 7 <script>
8 var lastCallbackId = 0; 8 if (window.location.hostname == "127.0.0.1") {
9 var callbacks = {}; 9 window.location.href = "https://example.test:8443" + window.location.pathnam e;
10 function postMassageAndWaitResult(frame) { 10 } else {
11 return new Promise(function(resolve) { 11 var lastCallbackId = 0;
12 var id = ++lastCallbackId; 12 var callbacks = {};
13 callbacks[id] = resolve; 13 function postMassageAndWaitResult(frame) {
14 frame.contentWindow.postMessage({id:id}, '*'); 14 return new Promise(function(resolve) {
15 }); 15 var id = ++lastCallbackId;
16 callbacks[id] = resolve;
17 frame.contentWindow.postMessage({id:id}, '*');
18 });
19 }
20
21 window.onmessage = function (e) {
22 message = e.data;
23 var id = message['id'];
24 var calback = callbacks[id];
25 delete callbacks[id];
26 calback(message['result']);
27 };
28
29 promise_test(function(t) {
30 var SCOPE = 'resources/sandboxed-iframe-fetch-event-iframe.html';
31 var SCRIPT = 'resources/sandboxed-iframe-fetch-event-worker.js';
32 var frames = [];
33 var worker;
34 return service_worker_unregister_and_register(t, SCRIPT, SCOPE)
35 .then(function(registration) {
36 worker = registration.installing;
37 return wait_for_state(t, registration.installing, 'activated');
38 })
39 .then(function() {
40 return with_iframe(SCOPE + '?iframe');
41 })
42 .then(function(frame) {
43 frames.push(frame);
44 return postMassageAndWaitResult(frame);
45 })
46 .then(function(result) {
47 assert_equals(result, 'done');
48 return with_sandboxed_iframe(SCOPE + '?script', 'allow-scripts');
49 })
50 .then(function(frame) {
51 frames.push(frame);
52 return postMassageAndWaitResult(frame);
53 })
54 .then(function(result) {
55 assert_equals(result, 'done');
56 return with_sandboxed_iframe(SCOPE + '?script-origin',
57 'allow-scripts allow-same-origin');
58 })
59 .then(function(frame) {
60 frames.push(frame);
61 return postMassageAndWaitResult(frame);
62 })
63 .then(function(result) {
64 assert_equals(result, 'done');
65 return new Promise(function(resolve) {
66 var channel = new MessageChannel();
67 channel.port1.onmessage = function(msg) {
68 resolve(msg);
69 };
70 worker.postMessage({port: channel.port2}, [channel.port2]);
71 });
72 })
73 .then(function(msg) {
74 for (var frame of frames) {
75 frame.remove();
76 }
77 var expected_base_url = new URL(SCOPE, location.href).href;
78 var request_set = {};
79 for (var request of msg.data.requests) {
80 request_set[request] = true;
81 }
82 assert_true(
83 expected_base_url + '?iframe' in request_set,
84 'The request for normal iframe should be handled by SW.');
85 assert_true(
86 expected_base_url + '?iframe_fetch' in request_set,
87 'The fetch request from normal iframe should be handled by SW. ');
88 assert_true(
89 expected_base_url + '?iframe_iframe' in request_set,
90 'The request for normal iframe inside normal iframe should be ' +
91 'handled by SW.');
92 assert_false(
93 expected_base_url + '?iframe_script' in request_set,
94 'The request for sandboxed iframe with allow-scripts flag ' +
95 'inside normal iframe should not be handled by SW.');
96 assert_true(
97 expected_base_url + '?iframe_script-origin' in request_set,
98 'The request for sandboxed iframe with allow-scripts and ' +
99 'allow-same-origin flag inside normal iframe should be handled ' +
100 'by SW.');
101 assert_false(
102 expected_base_url + '?script' in request_set,
103 'The request for sandboxed iframe with allow-scripts flag ' +
104 'should not be handled by SW.');
105 assert_false(
106 expected_base_url + '?script_fetch' in request_set,
107 'The fetch request from sandboxed iframe with allow-scripts ' +
108 'flag should not be handled by SW.');
109 assert_false(
110 expected_base_url + '?script_iframe' in request_set,
111 'The request for normal iframe inside sandboxed iframe with ' +
112 'allow-scripts flag should not be handled by SW.');
113 assert_false(
114 expected_base_url + '?script_script' in request_set,
115 'The request for sandboxed iframe with allow-scripts flag ' +
116 'inside sandboxed iframe with allow-scripts flag should not be ' +
117 'handled by SW.');
118 assert_false(
119 expected_base_url + '?script_script-origin' in request_set,
120 'The request for sandboxed iframe with allow-scripts and ' +
121 'allow-same-origin flag inside sandboxed iframe with ' +
122 'allow-scripts flag should not be handled by SW.');
123 assert_true(
124 expected_base_url + '?script-origin' in request_set,
125 'The request for sandboxed iframe with allow-scripts and ' +
126 'allow-same-origin flag should be handled by SW.');
127 assert_true(
128 expected_base_url + '?script-origin_fetch' in request_set,
129 'The fetch request from sandboxed iframe with allow-scripts ' +
130 'and allow-same-origin flag should be handled by SW.');
131 assert_true(
132 expected_base_url + '?script-origin_iframe' in request_set,
133 'The request for normal iframe inside sandboxed iframe with ' +
134 'allow-scripts and allow-same-origin flag should be handled by ' +
135 'SW.');
136 assert_false(
137 expected_base_url + '?script-origin_script' in request_set,
138 'The request for sandboxed iframe with allow-scripts flag ' +
139 'inside sandboxed iframe with allow-scripts and ' +
140 'allow-same-origin flag should be handled by SW.');
141 assert_true(
142 expected_base_url + '?script-origin_script-origin' in request_ set,
143 'The request for sandboxed iframe with allow-scripts and' +
144 'allow-same-origin flag inside sandboxed iframe with ' +
145 'allow-scripts and allow-same-origin flag should be handled by ' +
146 'SW.');
147
148 var client_set = {};
149 for (var client of msg.data.clients) {
150 client_set[client] = true;
151 }
152 assert_true(
153 expected_base_url + '?iframe' in client_set,
154 'The normal iframe should be controlled by SW.');
155 assert_true(
156 expected_base_url + '?iframe_iframe' in client_set,
157 'The normal iframe inside normal iframe should be controlled ' +
158 'by SW.');
159 assert_false(
160 expected_base_url + '?iframe_script' in client_set,
161 'The sandboxed iframe with allow-scripts flag inside normal ' +
162 'iframe should not be controlled by SW.');
163 assert_true(
164 expected_base_url + '?iframe_script-origin' in client_set,
165 'The sandboxed iframe with allow-scripts and allow-same-origin ' +
166 'flag inside normal iframe should be controlled by SW.');
167 assert_false(
168 expected_base_url + '?script' in client_set,
169 'The sandboxed iframe with allow-scripts flag should not be ' +
170 'controlled by SW.');
171 assert_false(
172 expected_base_url + '?script_iframe' in client_set,
173 'The normal iframe inside sandboxed iframe with allow-scripts' +
174 'flag should not be controlled by SW.');
175 assert_false(
176 expected_base_url + '?script_script' in client_set,
177 'The sandboxed iframe with allow-scripts flag inside sandboxed ' +
178 'iframe with allow-scripts flag should not be controlled by SW .');
179 assert_false(
180 expected_base_url + '?script_script-origin' in client_set,
181 'The sandboxed iframe with allow-scripts and allow-same-origin ' +
182 'flag inside sandboxed iframe with allow-scripts flag should ' +
183 'not be controlled by SW.');
184 assert_true(
185 expected_base_url + '?script-origin' in client_set,
186 'The sandboxed iframe with allow-scripts and allow-same-origin ' +
187 'flag should be controlled by SW.');
188 assert_true(
189 expected_base_url + '?script-origin_iframe' in client_set,
190 'The normal iframe inside sandboxed iframe with allow-scripts ' +
191 'and allow-same-origin flag should be controlled by SW.');
192 assert_false(
193 expected_base_url + '?script-origin_script' in client_set,
194 'The sandboxed iframe with allow-scripts flag inside sandboxed ' +
195 'iframe with allow-scripts and allow-same-origin flag should ' +
196 'be controlled by SW.');
197 assert_true(
198 expected_base_url + '?script-origin_script-origin' in client_s et,
199 'The sandboxed iframe with allow-scripts and allow-same-origin ' +
200 'flag inside sandboxed iframe with allow-scripts and ' +
201 'allow-same-origin flag should be controlled by SW.');
202 return service_worker_unregister_and_done(t, SCOPE);
203 });
204 }, 'ServiceWorker FetchEvent for sandboxed iframe.');
16 } 205 }
17
18 window.onmessage = function (e) {
19 message = e.data;
20 var id = message['id'];
21 var calback = callbacks[id];
22 delete callbacks[id];
23 calback(message['result']);
24 };
25
26 promise_test(function(t) {
27 var SCOPE = 'resources/sandboxed-iframe-fetch-event-iframe.html';
28 var SCRIPT = 'resources/sandboxed-iframe-fetch-event-worker.js';
29 var frames = [];
30 var worker;
31 return service_worker_unregister_and_register(t, SCRIPT, SCOPE)
32 .then(function(registration) {
33 worker = registration.installing;
34 return wait_for_state(t, registration.installing, 'activated');
35 })
36 .then(function() {
37 return with_iframe(SCOPE + '?iframe');
38 })
39 .then(function(frame) {
40 frames.push(frame);
41 return postMassageAndWaitResult(frame);
42 })
43 .then(function(result) {
44 assert_equals(result, 'done');
45 return with_sandboxed_iframe(SCOPE + '?script', 'allow-scripts');
46 })
47 .then(function(frame) {
48 frames.push(frame);
49 return postMassageAndWaitResult(frame);
50 })
51 .then(function(result) {
52 assert_equals(result, 'done');
53 return with_sandboxed_iframe(SCOPE + '?script-origin',
54 'allow-scripts allow-same-origin');
55 })
56 .then(function(frame) {
57 frames.push(frame);
58 return postMassageAndWaitResult(frame);
59 })
60 .then(function(result) {
61 assert_equals(result, 'done');
62 return new Promise(function(resolve) {
63 var channel = new MessageChannel();
64 channel.port1.onmessage = function(msg) {
65 resolve(msg);
66 };
67 worker.postMessage({port: channel.port2}, [channel.port2]);
68 });
69 })
70 .then(function(msg) {
71 for (var frame of frames) {
72 frame.remove();
73 }
74 var expected_base_url = new URL(SCOPE, location.href).href;
75 var request_set = {};
76 for (var request of msg.data.requests) {
77 request_set[request] = true;
78 }
79 assert_true(
80 expected_base_url + '?iframe' in request_set,
81 'The request for normal iframe should be handled by SW.');
82 assert_true(
83 expected_base_url + '?iframe_fetch' in request_set,
84 'The fetch request from normal iframe should be handled by SW.');
85 assert_true(
86 expected_base_url + '?iframe_iframe' in request_set,
87 'The request for normal iframe inside normal iframe should be ' +
88 'handled by SW.');
89 assert_false(
90 expected_base_url + '?iframe_script' in request_set,
91 'The request for sandboxed iframe with allow-scripts flag ' +
92 'inside normal iframe should not be handled by SW.');
93 assert_true(
94 expected_base_url + '?iframe_script-origin' in request_set,
95 'The request for sandboxed iframe with allow-scripts and ' +
96 'allow-same-origin flag inside normal iframe should be handled ' +
97 'by SW.');
98 assert_false(
99 expected_base_url + '?script' in request_set,
100 'The request for sandboxed iframe with allow-scripts flag ' +
101 'should not be handled by SW.');
102 assert_false(
103 expected_base_url + '?script_fetch' in request_set,
104 'The fetch request from sandboxed iframe with allow-scripts ' +
105 'flag should not be handled by SW.');
106 assert_false(
107 expected_base_url + '?script_iframe' in request_set,
108 'The request for normal iframe inside sandboxed iframe with ' +
109 'allow-scripts flag should not be handled by SW.');
110 assert_false(
111 expected_base_url + '?script_script' in request_set,
112 'The request for sandboxed iframe with allow-scripts flag ' +
113 'inside sandboxed iframe with allow-scripts flag should not be ' +
114 'handled by SW.');
115 assert_false(
116 expected_base_url + '?script_script-origin' in request_set,
117 'The request for sandboxed iframe with allow-scripts and ' +
118 'allow-same-origin flag inside sandboxed iframe with ' +
119 'allow-scripts flag should not be handled by SW.');
120 assert_true(
121 expected_base_url + '?script-origin' in request_set,
122 'The request for sandboxed iframe with allow-scripts and ' +
123 'allow-same-origin flag should be handled by SW.');
124 assert_true(
125 expected_base_url + '?script-origin_fetch' in request_set,
126 'The fetch request from sandboxed iframe with allow-scripts ' +
127 'and allow-same-origin flag should be handled by SW.');
128 assert_true(
129 expected_base_url + '?script-origin_iframe' in request_set,
130 'The request for normal iframe inside sandboxed iframe with ' +
131 'allow-scripts and allow-same-origin flag should be handled by' +
132 'SW.');
133 assert_false(
134 expected_base_url + '?script-origin_script' in request_set,
135 'The request for sandboxed iframe with allow-scripts flag ' +
136 'inside sandboxed iframe with allow-scripts and ' +
137 'allow-same-origin flag should be handled by SW.');
138 assert_true(
139 expected_base_url + '?script-origin_script-origin' in request_set,
140 'The request for sandboxed iframe with allow-scripts and' +
141 'allow-same-origin flag inside sandboxed iframe with ' +
142 'allow-scripts and allow-same-origin flag should be handled by' +
143 'SW.');
144
145 var client_set = {};
146 for (var client of msg.data.clients) {
147 client_set[client] = true;
148 }
149 assert_true(
150 expected_base_url + '?iframe' in client_set,
151 'The normal iframe should be controlled by SW.');
152 assert_true(
153 expected_base_url + '?iframe_iframe' in client_set,
154 'The normal iframe inside normal iframe should be controlled ' +
155 'by SW.');
156 assert_false(
157 expected_base_url + '?iframe_script' in client_set,
158 'The sandboxed iframe with allow-scripts flag inside normal ' +
159 'iframe should not be controlled by SW.');
160 assert_true(
161 expected_base_url + '?iframe_script-origin' in client_set,
162 'The sandboxed iframe with allow-scripts and allow-same-origin' +
163 'flag inside normal iframe should be controlled by SW.');
164 assert_false(
165 expected_base_url + '?script' in client_set,
166 'The sandboxed iframe with allow-scripts flag should not be ' +
167 'controlled by SW.');
168 assert_false(
169 expected_base_url + '?script_iframe' in client_set,
170 'The normal iframe inside sandboxed iframe with allow-scripts' +
171 'flag should not be controlled by SW.');
172 assert_false(
173 expected_base_url + '?script_script' in client_set,
174 'The sandboxed iframe with allow-scripts flag inside sandboxed ' +
175 'iframe with allow-scripts flag should not be controlled by SW.');
176 assert_false(
177 expected_base_url + '?script_script-origin' in client_set,
178 'The sandboxed iframe with allow-scripts and allow-same-origin ' +
179 'flag inside sandboxed iframe with allow-scripts flag should ' +
180 'not be controlled by SW.');
181 assert_true(
182 expected_base_url + '?script-origin' in client_set,
183 'The sandboxed iframe with allow-scripts and allow-same-origin ' +
184 'flag should be controlled by SW.');
185 assert_true(
186 expected_base_url + '?script-origin_iframe' in client_set,
187 'The normal iframe inside sandboxed iframe with allow-scripts ' +
188 'and allow-same-origin flag should be controlled by SW.');
189 assert_false(
190 expected_base_url + '?script-origin_script' in client_set,
191 'The sandboxed iframe with allow-scripts flag inside sandboxed ' +
192 'iframe with allow-scripts and allow-same-origin flag should ' +
193 'be controlled by SW.');
194 assert_true(
195 expected_base_url + '?script-origin_script-origin' in client_set,
196 'The sandboxed iframe with allow-scripts and allow-same-origin ' +
197 'flag inside sandboxed iframe with allow-scripts and ' +
198 'allow-same-origin flag should be controlled by SW.');
199 return service_worker_unregister_and_done(t, SCOPE);
200 });
201 }, 'ServiceWorker FetchEvent for sandboxed iframe.');
202 </script> 206 </script>
203 </body> 207 </body>
OLDNEW
« no previous file with comments | « third_party/WebKit/LayoutTests/http/tests/security/cors-rfc1918/resources/preflight.php ('k') | third_party/WebKit/LayoutTests/http/tests/xmlhttprequest/access-control-basic-allow-access-control-origin-header-data-url.html » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698