third_party/WebKit/LayoutTests/http/tests/serviceworker/fetch-response-taint.html - Issue 1762893002: Reland of Set the request mode and the credentials mode of FetchEvent in the service worker correct…

Side by Side Diff: third_party/WebKit/LayoutTests/http/tests/serviceworker/fetch-response-taint.html

Issue 1762893002: Reland of Set the request mode and the credentials mode of FetchEvent in the service worker correct… (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: incorporated tyoshino's comment Created 4 years, 9 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

« no previous file with comments | « third_party/WebKit/LayoutTests/http/tests/serviceworker/fetch-request-resources.html ('k') | third_party/WebKit/LayoutTests/http/tests/serviceworker/resources/fetch-request-resources-iframe.html » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

OLD	NEW
(Empty)
	1 <!DOCTYPE html>

	2 <title>Service Worker: Tainting of responses fetched via SW.</title>

	3 <script src="../resources/testharness.js"></script>

	4 <script src="../resources/testharnessreport.js"></script>

	5 <script src="../resources/get-host-info.js?pipe=sub"></script>

	6 <script src="resources/test-helpers.js"></script>

	7 <body>

	8 <script>

	9 var host_info = get_host_info();

	10 var BASE_ORIGIN = host_info.HTTP_ORIGIN;

	11 var OTHER_ORIGIN = host_info.HTTP_REMOTE_ORIGIN;

	12 var BASE_URL = BASE_ORIGIN + base_path() +

	13 'resources/fetch-access-control.php?';

	14 var OTHER_BASE_URL = OTHER_ORIGIN + base_path() +

	15 'resources/fetch-access-control.php?';

	16

	17 function frame_fetch(frame, url, mode, credentials) {

	18 return frame.contentWindow.fetch(

	19 new Request(url, {mode: mode, credentials: credentials}));

	20 }

	21

	22 function ng_test(frame, url, mode, credentials) {

	23 return frame_fetch(frame, url, mode, credentials).then(

	24 function() {

	25 throw new Error('fetching url:\"' + url + '\" mode:\"' + mode +

	26 '\" credentials:\"' + credentials + '\" should fail.');

	27 },

	28 function() {});

	29 }

	30

	31 function ok_test(frame, url, mode, credentials, expected_type,

	32 expected_username) {

	33 return frame_fetch(frame, url, mode, credentials)

	34 .then(function(res) {

	35 assert_equals(res.type, expected_type);

	36 return res.text();

	37 })

	38 .then(function(text) {

	39 if (expected_type == 'opaque') {

	40 assert_equals(text, '');

	41 } else {

	42 return new Promise(function(resolve) {

	43 var report = resolve;

	44 // text must contain report() call.

	45 eval(text);

	46 })

	47 .then(function(result) {

	48 assert_equals(result.username, expected_username);

	49 });

	50 }

	51 })

	52 .catch(function(reason) {

	53 throw new Error('fetching url:\"' + url + '\" mode:\"' + mode +

	54 '\" credentials:\"' + credentials + '\" should ' +

	55 'success. - ' + reason.message);

	56 });

	57 }

	58

	59 function build_rewrite_url(origin, url, mode, credentials) {

	60 return origin + '/?url=' + encodeURIComponent(url) + '&mode=' + mode +

	61 '&credentials=' + credentials + '&';

	62 }

	63

	64 function for_each_origin_mode_credentials(callback) {

	65 [BASE_ORIGIN, OTHER_ORIGIN].forEach(function(origin) {

	66 ['same-origin', 'no-cors', 'cors'].forEach(function(mode) {

	67 ['omit', 'same-origin', 'include'].forEach(function(credentials) {

	68 callback(origin, mode, credentials);

	69 });

	70 });

	71 });

	72 }

	73

	74 promise_test(function(t) {

	75 var SCOPE = 'resources/fetch-response-taint-iframe.html';

	76 var SCRIPT = 'resources/fetch-rewrite-worker.js';

	77 var frame = undefined;

	78

	79 return login(t, host_info.HTTP_ORIGIN, host_info.HTTP_REMOTE_ORIGIN)

	80 .then(function() {

	81 return service_worker_unregister_and_register(t, SCRIPT, SCOPE);

	82 })

	83 .then(function(registration) {

	84 return wait_for_state(t, registration.installing, 'activated');

	85 })

	86 .then(function() { return with_iframe(SCOPE); })

	87 .then(function(f) {

	88 frame = f;

	89 var promises = [

	90 ok_test(f, BASE_URL, 'same-origin', 'omit', 'basic', 'undefined'),

	91 ok_test(f, BASE_URL, 'same-origin', 'same-origin', 'basic',

	92 'username1'),

	93 ok_test(f, BASE_URL, 'same-origin', 'include', 'basic',

	94 'username1'),

	95 ok_test(f, BASE_URL, 'no-cors', 'omit', 'basic', 'undefined'),

	96 ok_test(f, BASE_URL, 'no-cors', 'same-origin', 'basic',

	97 'username1'),

	98 ok_test(f, BASE_URL, 'no-cors', 'include', 'basic', 'username1'),

	99 ok_test(f, BASE_URL, 'cors', 'omit', 'basic', 'undefined'),

	100 ok_test(f, BASE_URL, 'cors', 'same-origin', 'basic', 'username1'),

	101 ok_test(f, BASE_URL, 'cors', 'include', 'basic', 'username1'),

	102 ng_test(f, OTHER_BASE_URL, 'same-origin', 'omit'),

	103 ng_test(f, OTHER_BASE_URL, 'same-origin', 'same-origin'),

	104 ng_test(f, OTHER_BASE_URL, 'same-origin', 'include'),

	105 ok_test(f, OTHER_BASE_URL, 'no-cors', 'omit', 'opaque'),

	106 ok_test(f, OTHER_BASE_URL, 'no-cors', 'same-origin', 'opaque'),

	107 ok_test(f, OTHER_BASE_URL, 'no-cors', 'include', 'opaque'),

	108 ng_test(f, OTHER_BASE_URL, 'cors', 'omit'),

	109 ng_test(f, OTHER_BASE_URL, 'cors', 'same-origin'),

	110 ng_test(f, OTHER_BASE_URL, 'cors', 'include'),

	111 ok_test(f, OTHER_BASE_URL + 'ACAOrigin=*', 'cors', 'omit', 'cors',

	112 'undefined'),

	113 ok_test(f, OTHER_BASE_URL + 'ACAOrigin=*', 'cors', 'same-origin',

	114 'cors', 'undefined'),

	115 ng_test(f, OTHER_BASE_URL + 'ACAOrigin=*', 'cors', 'include'),

	116 ok_test(f,

	117 OTHER_BASE_URL + 'ACAOrigin=' + BASE_ORIGIN +

	118 '&ACACredentials=true',

	119 'cors', 'include', 'cors', 'username2')

	120 ];

	121

	122 for_each_origin_mode_credentials(function(origin, mode, credentials) {

	123 var url = build_rewrite_url(

	124 origin, BASE_URL, 'same-origin', 'omit');

	125 // Fetch to the other origin with same-origin mode should fail.

	126 if (origin == OTHER_ORIGIN && mode == 'same-origin')

	127 return promises.push(ng_test(f, url, mode, credentials));

	128 // The response type from the SW should be basic

	129 promises.push(

	130 ok_test(f, url, mode, credentials, 'basic', 'undefined'));

	131 });

	132

	133 for_each_origin_mode_credentials(function(origin, mode, credentials) {

	134 var url = build_rewrite_url(

	135 origin, BASE_URL, 'same-origin', 'same-origin');

	136 // Fetch to the other origin with same-origin mode should fail.

	137 if (origin == OTHER_ORIGIN && mode == 'same-origin')

	138 return promises.push(ng_test(f, url, mode, credentials));

	139 // The response type from the SW should be basic.

	140 promises.push(

	141 ok_test(f, url, mode, credentials, 'basic', 'username1'));

	142 });

	143

	144 for_each_origin_mode_credentials(function(origin, mode, credentials) {

	145 var url = build_rewrite_url(

	146 origin, OTHER_BASE_URL, 'same-origin', 'omit');

	147 // The response from the SW should be an error.

	148 promises.push(ng_test(f, url, mode, credentials));

	149 });

	150

	151 for_each_origin_mode_credentials(function(origin, mode, credentials) {

	152 var url = build_rewrite_url(

	153 origin, OTHER_BASE_URL, 'no-cors', 'omit');

	154 // SW can respond only to no-cors requests.

	155 if (mode != 'no-cors')

	156 return promises.push(ng_test(f, url, mode, credentials));

	157 // The response type from the SW should be opaque.

	158 promises.push(ok_test(f, url, mode, credentials, 'opaque'));

	159 });

	160

	161 for_each_origin_mode_credentials(function(origin, mode, credentials) {

	162 var url = build_rewrite_url(

	163 origin, OTHER_BASE_URL + 'ACAOrigin=*', 'cors', 'omit');

	164 // Fetch to the other origin with same-origin mode should fail.

	165 if (origin == OTHER_ORIGIN && mode == 'same-origin')

	166 return promises.push(ng_test(f, url, mode, credentials));

	167 // The response from the SW should be cors.

	168 promises.push(

	169 ok_test(f, url, mode, credentials, 'cors', 'undefined'));

	170 });

	171

	172 for_each_origin_mode_credentials(function(origin, mode, credentials) {

	173 var url = build_rewrite_url(

	174 origin,

	175 OTHER_BASE_URL + 'ACAOrigin=' + BASE_ORIGIN +

	176 '&ACACredentials=true',

	177 'cors', 'include');

	178 // Fetch to the other origin with same-origin mode should fail.

	179 if (origin == OTHER_ORIGIN && mode == 'same-origin')

	180 return promises.push(ng_test(f, url, mode, credentials));

	181 // The response from the SW should be cors.

	182 promises.push(

	183 ok_test(f, url, mode, credentials, 'cors', 'username2'));

	184 });

	185 return Promise.all(promises);

	186 })

	187 .then(function(f) {

	188 frame.remove()

	189 })

	190 .catch(unreached_rejection(t));

	191 }, 'Verify the tainting of responses fetched via SW');

	192 </script>

	193 </body>

OLD	NEW