Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(565)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: third_party/WebKit/LayoutTests/http/tests/serviceworker/foreign-fetch-cors.html

Issue 1969403004: Expose and check origin of request in response for foreign fetch. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@set-request-and-credentials-mode
Patch Set: update layouttests Created 4 years, 7 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « third_party/WebKit/LayoutTests/http/tests/serviceworker/foreign-fetch-basics.html ('k') | third_party/WebKit/LayoutTests/http/tests/serviceworker/resources/foreign-fetch-cors-worker.js » ('j') | third_party/WebKit/Source/modules/serviceworkers/ForeignFetchRespondWithObserver.cpp » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: third_party/WebKit/LayoutTests/http/tests/serviceworker/foreign-fetch-cors.html
diff --git a/third_party/WebKit/LayoutTests/http/tests/serviceworker/foreign-fetch-cors.html b/third_party/WebKit/LayoutTests/http/tests/serviceworker/foreign-fetch-cors.html
new file mode 100644
index 0000000000000000000000000000000000000000..9bd9c2c9f0d7422f89efaffabb9d5c97515550a0
--- /dev/null
+++ b/third_party/WebKit/LayoutTests/http/tests/serviceworker/foreign-fetch-cors.html
@@ -0,0 +1,222 @@
+<!DOCTYPE html>
+<script src="../resources/testharness.js"></script>
+<script src="../resources/testharnessreport.js"></script>
+<script src="../resources/get-host-info.js"></script>
+<script src="resources/test-helpers.js"></script>
+<script src="resources/foreign-fetch-helpers.js"></script>
+<body>
+<script>
+var host_info = get_host_info();
+var origin = new URL(self.location).origin;
+var wrong_origin = 'https://example.com/';
+
+function url_to_fetch(scope) {
+ return host_info.HTTPS_REMOTE_ORIGIN + '/serviceworker/resources/' + scope;
+}
+
+function worker_for_response(response) {
+ return 'foreign-fetch-cors-worker.js?' +
+ encodeURIComponent(JSON.stringify(response));
+}
+
+function scope_for_params(params) {
+ return 'simple.txt?' + encodeURIComponent(JSON.stringify(params));
+}
+
+// Method used for tests that expect to result in an opaque response.
+function verify_opaque_fetch(url, t) {
+ return promise_rejects(t, new TypeError(), fetch(url))
+ .then(() => fetch(url, {mode: 'no-cors'}))
+ .then(response => assert_equals(response.type, 'opaque'))
+ .then(() => new Promise(resolve => {
+ var request = new XMLHttpRequest();
+ request.open('GET', url);
+ request.onreadystatechange = () => {
+ if (request.readyState == 4) resolve(request);
+ };
+ request.send();
+ }))
+ .then(xhr => {
+ assert_equals(xhr.status, 0);
+ assert_equals(xhr.responseText, '');
+ });
+}
+
+// Verify that fetching an url results in a network error.
+function verify_network_error(url, t) {
+ return promise_rejects(t, new TypeError(), fetch(url))
+ .then(() => promise_rejects(t, new TypeError(),
+ fetch(url, {mode: 'no-cors'})))
+ .then(() => new Promise(resolve => {
+ var request = new XMLHttpRequest();
+ request.open('GET', url);
+ request.onreadystatechange = () => {
+ if (request.readyState == 4) resolve(request);
+ };
+ request.send();
+ }))
+ .then(xhr => {
+ assert_equals(xhr.status, 0);
+ assert_equals(xhr.responseText, '');
+ });
+}
+
+// Verifies that fetching the URL returns a readable response.
+// Also verifies that round-tripping this response through the cache doesn't
+// cause issues.
+function verify_cors_fetch(url) {
+ var response;
+ var cache;
+ return fetch(url)
+ .then(r => {
+ response = r.clone();
+ // TODO(mek): Uncomment when cors filtering is implemented.
+ // assert_equals(r.type, 'cors');
+ return r.text();
+ })
+ .then(response_text => {
+ assert_true(response_text.startsWith('report('));
+ return self.caches.open(url);
+ })
+ .then(c => {
+ cache = c;
+ return cache.put(url, response);
+ })
+ .then(() => cache.match(url))
+ .then(r => {
+ // TODO(mek): Uncomment when cors filtering is implemented.
+ // assert_equals(r.type, 'cors');
+ return r.text();
+ })
+ .then(response_text => {
+ assert_true(response_text.startsWith('report('));
+ return self.caches.delete(url);
+ })
+ .then(() => new Promise(resolve => {
+ var request = new XMLHttpRequest();
+ request.open('GET', url);
+ request.onreadystatechange = () => {
+ if (request.readyState == 4) resolve(request);
+ };
+ request.send();
+ }))
+ .then(xhr => {
+ assert_true(xhr.responseText.startsWith('report('));
+ });
+}
+
+var tests = [
+ {
+ description: 'Same origin fetch without CORS headers, not exposed',
+ params: {
+ cross_origin: false,
+ with_aceheaders: false,
+ with_acaorigin: false
+ },
+ response: {},
+ expectation: verify_opaque_fetch
+ },
+ {
+ description: 'Same origin fetch without CORS headers, origin exposed',
+ params: {
+ cross_origin: false,
+ with_aceheaders: false,
+ with_acaorigin: false
+ },
+ response: {origin: origin},
+ expectation: verify_cors_fetch
+ },
+ {
+ description:
+ 'Same origin fetch without CORS headers, exposed to wrong origin',
+ params: {
+ cross_origin: false,
+ with_aceheaders: false,
+ with_acaorigin: false
+ },
+ response: {origin: wrong_origin},
+ expectation: verify_network_error
+ },
+ {
+ description: 'Same origin fetch with CORS headers, not exposed',
+ params: {
+ cross_origin: false,
+ with_aceheaders: true,
+ with_acaorigin: true
+ },
+ response: {},
+ expectation: verify_opaque_fetch
+ },
+ {
+ description: 'Same origin fetch with CORS headers, origin exposed',
+ params: {
+ cross_origin: false,
+ with_aceheaders: true,
+ with_acaorigin: true
+ },
+ response: {origin: origin},
+ expectation: verify_cors_fetch
+ },
+ {
+ description: 'Same origin fetch with CORS headers, exposed to wrong origin',
+ params: {
+ cross_origin: false,
+ with_aceheaders: true,
+ with_acaorigin: true
+ },
+ response: {origin: wrong_origin},
+ expectation: verify_network_error
+ },
+ {
+ description: 'Cross origin fetch without CORS headers, not exposed',
+ params: {
+ cross_origin: true,
+ with_aceheaders: false,
+ with_acaorigin: false
+ },
+ response: {},
+ expectation: verify_opaque_fetch
+ },
+ {
+ description: 'Cross origin fetch with CORS headers, not exposed',
+ params: {
+ cross_origin: true,
+ with_aceheaders: true,
+ with_acaorigin: true
+ },
+ response: {},
+ expectation: verify_opaque_fetch
+ },
+ {
+ description: 'Cross origin fetch with CORS headers, origin exposed',
+ params: {
+ cross_origin: true,
+ with_aceheaders: true,
+ with_acaorigin: true
+ },
+ response: {origin: origin},
+ expectation: verify_cors_fetch
+ },
+ {
+ description:
+ 'Cross origin fetch with CORS headers, exposed to wrong origin',
+ params: {
+ cross_origin: true,
+ with_aceheaders: true,
+ with_acaorigin: true
+ },
+ response: {origin: wrong_origin},
+ expectation: verify_network_error
+ }
+];
+
+for (var i = 0; i < tests.length; ++i) (data => {
+ promise_test(t => {
+ var scope = scope_for_params(data.params);
+ var worker = worker_for_response(data.response);
+ return install_cross_origin_worker(t, worker, scope)
+ .then(() => data.expectation(url_to_fetch(scope), t));
+ }, data.description);
+})(tests[i]);
+</script>
+</body>
« no previous file with comments | « third_party/WebKit/LayoutTests/http/tests/serviceworker/foreign-fetch-basics.html ('k') | third_party/WebKit/LayoutTests/http/tests/serviceworker/resources/foreign-fetch-cors-worker.js » ('j') | third_party/WebKit/Source/modules/serviceworkers/ForeignFetchRespondWithObserver.cpp » ('J')

Powered by Google App Engine
This is Rietveld 408576698