| OLD | NEW |
|---|
| 1 <!DOCTYPE html> | 1 <!DOCTYPE html> |
| 2 <script src="../resources/testharness.js"></script> | 2 <script src="../resources/testharness.js"></script> |
| 3 <script src="../resources/testharnessreport.js"></script> | 3 <script src="../resources/testharnessreport.js"></script> |
| 4 <script src="../resources/get-host-info.js"></script> |
| 4 <script src="resources/test-helpers.js"></script> | 5 <script src="resources/test-helpers.js"></script> |
| 5 <body> | 6 <body> |
| 6 <script> | 7 <script> |
| 8 var host_info = get_host_info(); |
| 9 |
| 7 function worker_for_origins(origins) { | 10 function worker_for_origins(origins) { |
| 8 var worker = 'resources/foreign-fetch-worker.js?'; | 11 var worker = 'foreign-fetch-worker.js?'; |
| 9 return worker + encodeURIComponent(JSON.stringify(origins)); | 12 var params = {origins: origins, relscopes: ['/intercept']}; |
| 13 return worker + encodeURIComponent(JSON.stringify(params)); |
| 14 } |
| 15 |
| 16 function worker_for_scopes(relative_scopes) { |
| 17 var worker = 'foreign-fetch-worker.js?'; |
| 18 var params = {relscopes: relative_scopes}; |
| 19 return worker + encodeURIComponent(JSON.stringify(params)); |
| 20 } |
| 21 |
| 22 function install_cross_origin_worker(t, worker, scope) { |
| 23 return with_iframe(host_info.HTTPS_REMOTE_ORIGIN + |
| 24 '/serviceworker/resources/install-worker-helper.html') |
| 25 .then(frame => new Promise((resolve, reject) => { |
| 26 var channel = new MessageChannel(); |
| 27 frame.contentWindow.postMessage({worker: worker, |
| 28 options: {scope: scope}, |
| 29 port: channel.port1}, |
| 30 '*', [channel.port1]); |
| 31 channel.port2.onmessage = reply => { |
| 32 if (reply.data == 'success') resolve(); |
| 33 else reject(reply.data); |
| 34 }; |
| 35 })); |
| 36 } |
| 37 |
| 38 function intercepted_url(scope) { |
| 39 return host_info.HTTPS_REMOTE_ORIGIN + '/serviceworker/resources/' + |
| 40 scope + '/intercept/foo?basic'; |
| 41 } |
| 42 |
| 43 function non_intercepted_url(scope) { |
| 44 return host_info.HTTPS_REMOTE_ORIGIN + '/serviceworker/resources/' + |
| 45 scope + '/foo?basic'; |
| 10 } | 46 } |
| 11 | 47 |
| 12 promise_test(t => { | 48 promise_test(t => { |
| 13 var scope = 'resources/foreign-fetch/scope'; | 49 var scope = 'foreign-fetch/scope/wildcard'; |
| 14 return service_worker_unregister_and_register( | 50 return install_cross_origin_worker(t, worker_for_origins(['*']), scope) |
| 15 t, worker_for_origins(['*']), scope) | 51 .then(() => promise_rejects(t, new TypeError(), |
| 16 .then(r => { | 52 fetch(non_intercepted_url(scope)))) |
| 17 add_completion_callback(() => r.unregister()); | 53 .then(() => fetch(intercepted_url(scope))) |
| 18 return wait_for_state(t, r.installing, 'activated'); | |
| 19 }) | |
| 20 .then(() => fetch(scope + '/foo')) | |
| 21 .then(response => { | |
| 22 assert_equals(response.status, 404); | |
| 23 return fetch(scope + '/intercept/foo'); | |
| 24 }) | |
| 25 .then(response => response.text()) | 54 .then(response => response.text()) |
| 26 .then(response_text => { | 55 .then(response_text => { |
| 27 assert_equals(response_text, 'Foreign Fetch'); | 56 assert_equals(response_text, 'Foreign Fetch'); |
| 28 }); | 57 }); |
| 29 }, 'Service Worker intercepts fetches in scope with wildcard origin.'); | 58 }, 'Service Worker intercepts fetches in scope with wildcard origin.'); |
| 30 | 59 |
| 31 promise_test(t => { | 60 promise_test(t => { |
| 32 var scope = 'resources/foreign-fetch/scope/match-origin'; | 61 var scope = 'foreign-fetch/scope/match-origin'; |
| 33 return service_worker_unregister_and_register( | 62 return install_cross_origin_worker( |
| 34 t, worker_for_origins([location.origin]), scope) | 63 t, worker_for_origins([location.origin]), scope) |
| 35 .then(r => { | 64 .then(() => fetch(intercepted_url(scope))) |
| 36 add_completion_callback(() => r.unregister()); | |
| 37 return wait_for_state(t, r.installing, 'activated'); | |
| 38 }) | |
| 39 .then(() => fetch(scope + '/intercept/foo')) | |
| 40 .then(response => response.text()) | 65 .then(response => response.text()) |
| 41 .then(response_text => { | 66 .then(response_text => { |
| 42 assert_equals(response_text, 'Foreign Fetch'); | 67 assert_equals(response_text, 'Foreign Fetch'); |
| 43 }); | 68 }); |
| 44 }, 'Service Worker intercepts fetches in scope with explicit origin.'); | 69 }, 'Service Worker intercepts fetches in scope with explicit origin.'); |
| 45 | 70 |
| 46 promise_test(t => { | 71 promise_test(t => { |
| 47 var scope = 'resources/foreign-fetch/scope/nomatch-origin'; | 72 var scope = 'foreign-fetch/scope/nomatch-origin'; |
| 48 return service_worker_unregister_and_register( | 73 return install_cross_origin_worker( |
| 49 t, worker_for_origins(['https://example.com']), scope) | 74 t, worker_for_origins(['https://example.com']), scope) |
| 50 .then(r => { | 75 .then(() => promise_rejects(t, new TypeError(), |
| 51 add_completion_callback(() => r.unregister()); | 76 fetch(non_intercepted_url(scope)))); |
| 52 return wait_for_state(t, r.installing, 'activated'); | |
| 53 }) | |
| 54 .then(() => fetch(scope + '/intercept/foo')) | |
| 55 .then(response => { | |
| 56 assert_equals(response.status, 404); | |
| 57 }); | |
| 58 }, 'Service Worker doesn\'t intercept fetches with non matching origin.'); | 77 }, 'Service Worker doesn\'t intercept fetches with non matching origin.'); |
| 59 | 78 |
| 60 promise_test(t => { | 79 promise_test(t => { |
| 61 var scope = 'resources/foreign-fetch/scope/origin-list'; | 80 var scope = 'foreign-fetch/scope/origin-list'; |
| 62 return service_worker_unregister_and_register( | 81 return install_cross_origin_worker( |
| 63 t, worker_for_origins([location.origin, 'https://example.com']), scope) | 82 t, worker_for_origins([location.origin, 'https://example.com']), scope) |
| 64 .then(r => { | 83 .then(() => fetch(intercepted_url(scope))) |
| 65 add_completion_callback(() => r.unregister()); | |
| 66 return wait_for_state(t, r.installing, 'activated'); | |
| 67 }) | |
| 68 .then(() => fetch(scope + '/intercept/foo')) | |
| 69 .then(response => response.text()) | 84 .then(response => response.text()) |
| 70 .then(response_text => { | 85 .then(response_text => { |
| 71 assert_equals(response_text, 'Foreign Fetch'); | 86 assert_equals(response_text, 'Foreign Fetch'); |
| 72 }); | 87 }); |
| 73 }, 'Service Worker intercepts fetches in scope with explicit origin list.'); | 88 }, 'Service Worker intercepts fetches in scope with explicit origin list.'); |
| 74 | 89 |
| 90 promise_test(t => { |
| 91 var scope = 'resources/foreign-fetch/same-origin'; |
| 92 return service_worker_unregister_and_register( |
| 93 t, 'resources/' + worker_for_origins(['*']), scope) |
| 94 .then(r => { |
| 95 add_completion_callback(() => r.unregister()); |
| 96 return wait_for_state(t, r.installing, 'activated'); |
| 97 }) |
| 98 .then(() => fetch(scope + '/intercept/foo?basic')) |
| 99 .then(response => { |
| 100 assert_equals(response.status, 404); |
| 101 }); |
| 102 }, 'Service Worker does not intercept same origin fetches.'); |
| 103 |
| 104 promise_test(t => { |
| 105 var scope = 'reply-to-message.html?onmessage'; |
| 106 var remote_url = |
| 107 host_info.HTTPS_REMOTE_ORIGIN + '/serviceworker/resources/' + scope; |
| 108 return install_cross_origin_worker(t, worker_for_scopes(['']), scope) |
| 109 .then(() => with_iframe(remote_url)) |
| 110 .then(frame => new Promise(resolve => { |
| 111 var channel = new MessageChannel(); |
| 112 frame.contentWindow.postMessage('ping', '*', [channel.port1]); |
| 113 channel.port2.onmessage = reply => resolve(reply.data); |
| 114 })) |
| 115 .then(reply => { |
| 116 assert_equals(reply, 'ping'); |
| 117 }); |
| 118 }, 'Service Worker does not intercept navigations.'); |
| 119 |
| 75 </script> | 120 </script> |
| 76 </body> | 121 </body> |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1870743002:
Foreign fetch should not intercept same origin or main resource requests. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master