Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(115)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: third_party/WebKit/LayoutTests/http/tests/serviceworker/foreign-fetch-basics.html

Issue 2032653003: Limit foreign fetch to only intercept requests made from secure contexts. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: properly initialize new ResourceRequest member Created 4 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « content/renderer/render_frame_impl.cc ('k') | third_party/WebKit/LayoutTests/http/tests/serviceworker/resources/foreign-fetch-helper-iframe.html » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: third_party/WebKit/LayoutTests/http/tests/serviceworker/foreign-fetch-basics.html
diff --git a/third_party/WebKit/LayoutTests/http/tests/serviceworker/foreign-fetch-basics.html b/third_party/WebKit/LayoutTests/http/tests/serviceworker/foreign-fetch-basics.html
index 4c97bdcb84fb63dc5da1e991a0aa8eed5e9cbb6a..f6392ffd3afde54abbdb74682cf2f6e22c8dcdc6 100644
--- a/third_party/WebKit/LayoutTests/http/tests/serviceworker/foreign-fetch-basics.html
+++ b/third_party/WebKit/LayoutTests/http/tests/serviceworker/foreign-fetch-basics.html
@@ -157,5 +157,31 @@ promise_test(t => {
});
}, 'Referrer and origin are set correctly in ForeignFetchEvent.');
+function fetch_from_iframe(origin, url) {
+ return with_iframe(origin +
+ '/serviceworker/resources/foreign-fetch-helper-iframe.html')
+ .then(frame => new Promise((resolve) => {
+ var channel = new MessageChannel();
+ frame.contentWindow.postMessage({url: url,
+ port: channel.port1},
+ '*', [channel.port1]);
+ channel.port2.onmessage = reply => resolve(reply.data);
+ }));
+}
+
+promise_test(t => {
+ var scope = 'simple.txt?basic_insecure';
+ var remote_url =
+ host_info.AUTHENTICATED_ORIGIN + '/serviceworker/resources/' + scope;
+ return install_cross_origin_worker(t, worker_for_scopes(['']), scope,
+ host_info.AUTHENTICATED_ORIGIN)
+ .then(() => fetch_from_iframe(host_info.HTTPS_REMOTE_ORIGIN, remote_url))
+ .then(response => assert_equals(response, 'Success: Foreign Fetch'))
+ .then(() => fetch_from_iframe(host_info.UNAUTHENTICATED_ORIGIN,
+ remote_url))
+ .then(response => assert_equals(response,
+ 'Error: TypeError: Failed to fetch'));
+ }, 'Service Worker does not intercept fetches from an insecure context.');
+
</script>
</body>
« no previous file with comments | « content/renderer/render_frame_impl.cc ('k') | third_party/WebKit/LayoutTests/http/tests/serviceworker/resources/foreign-fetch-helper-iframe.html » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698