OLD | NEW |
| (Empty) |
1 <!DOCTYPE html> | |
2 <title>Service Worker: CSP control of fetch()</title> | |
3 <script src="../resources/testharness.js"></script> | |
4 <script src="../resources/testharnessreport.js"></script> | |
5 <script src="../resources/get-host-info.js?pipe=sub"></script> | |
6 <script src="resources/test-helpers.js"></script> | |
7 <script> | |
8 | |
9 function assert_resolves(promise, description) { | |
10 return promise.catch(function(reason) { | |
11 throw new Error(description + ' - ' + reason.message); | |
12 }); | |
13 } | |
14 | |
15 function assert_rejects(promise, description) { | |
16 return promise.then( | |
17 function() { throw new Error(description); }, | |
18 function() {}); | |
19 } | |
20 | |
21 promise_test(function(t) { | |
22 var SCOPE = 'resources/fetch-csp-iframe.html'; | |
23 var SCRIPT = 'resources/fetch-rewrite-worker.js'; | |
24 var host_info = get_host_info(); | |
25 var IMAGE_PATH = | |
26 base_path() + 'resources/fetch-access-control.php?PNGIMAGE'; | |
27 var IMAGE_URL = host_info['HTTP_ORIGIN'] + IMAGE_PATH; | |
28 var REMOTE_IMAGE_URL = host_info['HTTP_REMOTE_ORIGIN'] + IMAGE_PATH; | |
29 var REDIRECT_URL = | |
30 host_info['HTTP_ORIGIN'] + base_path() + 'resources/redirect.php'; | |
31 var frame; | |
32 | |
33 return service_worker_unregister_and_register(t, SCRIPT, SCOPE) | |
34 .then(function(registration) { | |
35 return wait_for_state(t, registration.installing, 'activated'); | |
36 }) | |
37 .then(function() { | |
38 return with_iframe( | |
39 SCOPE + '?' + | |
40 encodeURIComponent('img-src ' + host_info['HTTP_ORIGIN'] + | |
41 '; script-src \'unsafe-inline\'')); | |
42 }) | |
43 .then(function(f) { | |
44 frame = f; | |
45 return assert_resolves( | |
46 frame.contentWindow.load_image(IMAGE_URL), | |
47 'Allowed scope image resource should be loaded.'); | |
48 }) | |
49 .then(function() { | |
50 return assert_rejects( | |
51 frame.contentWindow.load_image(REMOTE_IMAGE_URL), | |
52 'Disallowed scope image resource should not be loaded.'); | |
53 }) | |
54 .then(function() { | |
55 return assert_resolves( | |
56 frame.contentWindow.load_image( | |
57 // The request for IMAGE_URL will be fetched in SW. | |
58 './dummy?url=' + encodeURIComponent(IMAGE_URL)), | |
59 'Allowed scope image resource which was fetched via SW should ' + | |
60 'be loaded.'); | |
61 }) | |
62 .then(function() { | |
63 return assert_rejects( | |
64 frame.contentWindow.load_image( | |
65 // The request for REMOTE_IMAGE_URL will be fetched in SW. | |
66 './dummy?mode=no-cors&url=' + | |
67 encodeURIComponent(REMOTE_IMAGE_URL)), | |
68 'Disallowed scope image resource which was fetched via SW ' + | |
69 'should not be loaded.'); | |
70 }) | |
71 .then(function() { | |
72 frame.remove(); | |
73 return with_iframe( | |
74 SCOPE + '?' + | |
75 encodeURIComponent( | |
76 'img-src ' + REDIRECT_URL + | |
77 '; script-src \'unsafe-inline\'')); | |
78 }) | |
79 .then(function(f) { | |
80 frame = f; | |
81 return assert_resolves( | |
82 frame.contentWindow.load_image( | |
83 // Set 'ignore' not to call respondWith() in the SW. | |
84 REDIRECT_URL + '?ignore&Redirect=' + | |
85 encodeURIComponent(IMAGE_URL)), | |
86 'When the request was redirected, CSP match algorithm should ' + | |
87 'ignore the path component of the URL.'); | |
88 }) | |
89 .then(function() { | |
90 return assert_resolves( | |
91 frame.contentWindow.load_image( | |
92 // This request will be fetched via SW and redirected by | |
93 // redirect.php. | |
94 REDIRECT_URL + '?Redirect=' + encodeURIComponent(IMAGE_URL)), | |
95 'When the request was redirected via SW, CSP match algorithm ' + | |
96 'should ignore the path component of the URL.'); | |
97 }) | |
98 .then(function() { | |
99 return assert_resolves( | |
100 frame.contentWindow.load_image( | |
101 // The request for IMAGE_URL will be fetched in SW. | |
102 REDIRECT_URL + '?url=' + encodeURIComponent(IMAGE_URL)), | |
103 'When the request was fetched via SW, CSP match algorithm ' + | |
104 'should ignore the path component of the URL.'); | |
105 }) | |
106 .then(function() { | |
107 frame.remove(); | |
108 service_worker_unregister_and_done(t, SCOPE); | |
109 }); | |
110 }, 'Verify CSP control of fetch() in a Service Worker'); | |
111 </script> | |
OLD | NEW |