third_party/WebKit/LayoutTests/http/tests/serviceworker/fetch-response-taint.html - Issue 2856863003: Upstream service worker `fetch` test to WPT

Side by Side Diff: third_party/WebKit/LayoutTests/http/tests/serviceworker/fetch-response-taint.html

Issue 2856863003: Upstream service worker `fetch` test to WPT (Closed)

Patch Set: Incorporate review feedback Created 3 years, 7 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

« no previous file with comments | « third_party/WebKit/LayoutTests/external/wpt/service-workers/service-worker/resources/fetch-response-taint-iframe.html ('k') | third_party/WebKit/LayoutTests/http/tests/serviceworker/resources/fetch-response-taint-iframe.html » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

OLD	NEW
	(Empty)
1 <!DOCTYPE html>

2 <title>Service Worker: Tainting of responses fetched via SW.</title>

3 <script src="../resources/testharness.js"></script>

4 <script src="../resources/testharnessreport.js"></script>

5 <script src="../resources/get-host-info.js?pipe=sub"></script>

6 <script src="resources/test-helpers.js"></script>

7 <body>

8 <script>

9 var host_info = get_host_info();

10 var BASE_ORIGIN = host_info.HTTP_ORIGIN;

11 var OTHER_ORIGIN = host_info.HTTP_REMOTE_ORIGIN;

12 var BASE_URL = BASE_ORIGIN + base_path() +

13 'resources/fetch-access-control.php?';

14 var OTHER_BASE_URL = OTHER_ORIGIN + base_path() +

15 'resources/fetch-access-control.php?';

16

17 function frame_fetch(frame, url, mode, credentials) {

18 return frame.contentWindow.fetch(

19 new Request(url, {mode: mode, credentials: credentials}));

20 }

21

22 function ng_test(frame, url, mode, credentials) {

23 return frame_fetch(frame, url, mode, credentials).then(

24 function() {

25 throw new Error('fetching url:\"' + url + '\" mode:\"' + mode +

26 '\" credentials:\"' + credentials + '\" should fail.');

27 },

28 function() {});

29 }

30

31 function ok_test(frame, url, mode, credentials, expected_type,

32 expected_username) {

33 return frame_fetch(frame, url, mode, credentials)

34 .then(function(res) {

35 assert_equals(res.type, expected_type);

36 return res.text();

37 })

38 .then(function(text) {

39 if (expected_type == 'opaque') {

40 assert_equals(text, '');

41 } else {

42 return new Promise(function(resolve) {

43 var report = resolve;

44 // text must contain report() call.

45 eval(text);

46 })

47 .then(function(result) {

48 assert_equals(result.username, expected_username);

49 });

50 }

51 })

52 .catch(function(reason) {

53 throw new Error('fetching url:\"' + url + '\" mode:\"' + mode +

54 '\" credentials:\"' + credentials + '\" should ' +

55 'success. - ' + reason.message);

56 });

57 }

58

59 function build_rewrite_url(origin, url, mode, credentials) {

60 return origin + '/?url=' + encodeURIComponent(url) + '&mode=' + mode +

61 '&credentials=' + credentials + '&';

62 }

63

64 function for_each_origin_mode_credentials(callback) {

65 [BASE_ORIGIN, OTHER_ORIGIN].forEach(function(origin) {

66 ['same-origin', 'no-cors', 'cors'].forEach(function(mode) {

67 ['omit', 'same-origin', 'include'].forEach(function(credentials) {

68 callback(origin, mode, credentials);

69 });

70 });

71 });

72 }

73

74 promise_test(function(t) {

75 var SCOPE = 'resources/fetch-response-taint-iframe.html';

76 var SCRIPT = 'resources/fetch-rewrite-worker.js';

77 var frame = undefined;

78

79 return login(t, host_info.HTTP_ORIGIN, host_info.HTTP_REMOTE_ORIGIN)

80 .then(function() {

81 return service_worker_unregister_and_register(t, SCRIPT, SCOPE);

82 })

83 .then(function(registration) {

84 return wait_for_state(t, registration.installing, 'activated');

85 })

86 .then(function() { return with_iframe(SCOPE); })

87 .then(function(f) {

88 frame = f;

89 var promises = [

90 ok_test(f, BASE_URL, 'same-origin', 'omit', 'basic', 'undefined'),

91 ok_test(f, BASE_URL, 'same-origin', 'same-origin', 'basic',

92 'username1'),

93 ok_test(f, BASE_URL, 'same-origin', 'include', 'basic',

94 'username1'),

95 ok_test(f, BASE_URL, 'no-cors', 'omit', 'basic', 'undefined'),

96 ok_test(f, BASE_URL, 'no-cors', 'same-origin', 'basic',

97 'username1'),

98 ok_test(f, BASE_URL, 'no-cors', 'include', 'basic', 'username1'),

99 ok_test(f, BASE_URL, 'cors', 'omit', 'basic', 'undefined'),

100 ok_test(f, BASE_URL, 'cors', 'same-origin', 'basic', 'username1'),

101 ok_test(f, BASE_URL, 'cors', 'include', 'basic', 'username1'),

102 ng_test(f, OTHER_BASE_URL, 'same-origin', 'omit'),

103 ng_test(f, OTHER_BASE_URL, 'same-origin', 'same-origin'),

104 ng_test(f, OTHER_BASE_URL, 'same-origin', 'include'),

105 ok_test(f, OTHER_BASE_URL, 'no-cors', 'omit', 'opaque'),

106 ok_test(f, OTHER_BASE_URL, 'no-cors', 'same-origin', 'opaque'),

107 ok_test(f, OTHER_BASE_URL, 'no-cors', 'include', 'opaque'),

108 ng_test(f, OTHER_BASE_URL, 'cors', 'omit'),

109 ng_test(f, OTHER_BASE_URL, 'cors', 'same-origin'),

110 ng_test(f, OTHER_BASE_URL, 'cors', 'include'),

111 ok_test(f, OTHER_BASE_URL + 'ACAOrigin=*', 'cors', 'omit', 'cors',

112 'undefined'),

113 ok_test(f, OTHER_BASE_URL + 'ACAOrigin=*', 'cors', 'same-origin',

114 'cors', 'undefined'),

115 ng_test(f, OTHER_BASE_URL + 'ACAOrigin=*', 'cors', 'include'),

116 ok_test(f,

117 OTHER_BASE_URL + 'ACAOrigin=' + BASE_ORIGIN +

118 '&ACACredentials=true',

119 'cors', 'include', 'cors', 'username2')

120 ];

121

122 for_each_origin_mode_credentials(function(origin, mode, credentials) {

123 var url = build_rewrite_url(

124 origin, BASE_URL, 'same-origin', 'omit');

125 // Fetch to the other origin with same-origin mode should fail.

126 if (origin == OTHER_ORIGIN && mode == 'same-origin')

127 return promises.push(ng_test(f, url, mode, credentials));

128 // The response type from the SW should be basic

129 promises.push(

130 ok_test(f, url, mode, credentials, 'basic', 'undefined'));

131 });

132

133 for_each_origin_mode_credentials(function(origin, mode, credentials) {

134 var url = build_rewrite_url(

135 origin, BASE_URL, 'same-origin', 'same-origin');

136 // Fetch to the other origin with same-origin mode should fail.

137 if (origin == OTHER_ORIGIN && mode == 'same-origin')

138 return promises.push(ng_test(f, url, mode, credentials));

139 // The response type from the SW should be basic.

140 promises.push(

141 ok_test(f, url, mode, credentials, 'basic', 'username1'));

142 });

143

144 for_each_origin_mode_credentials(function(origin, mode, credentials) {

145 var url = build_rewrite_url(

146 origin, OTHER_BASE_URL, 'same-origin', 'omit');

147 // The response from the SW should be an error.

148 promises.push(ng_test(f, url, mode, credentials));

149 });

150

151 for_each_origin_mode_credentials(function(origin, mode, credentials) {

152 var url = build_rewrite_url(

153 origin, OTHER_BASE_URL, 'no-cors', 'omit');

154 // SW can respond only to no-cors requests.

155 if (mode != 'no-cors')

156 return promises.push(ng_test(f, url, mode, credentials));

157 // The response type from the SW should be opaque.

158 promises.push(ok_test(f, url, mode, credentials, 'opaque'));

159 });

160

161 for_each_origin_mode_credentials(function(origin, mode, credentials) {

162 var url = build_rewrite_url(

163 origin, OTHER_BASE_URL + 'ACAOrigin=*', 'cors', 'omit');

164 // Fetch to the other origin with same-origin mode should fail.

165 if (origin == OTHER_ORIGIN && mode == 'same-origin')

166 return promises.push(ng_test(f, url, mode, credentials));

167 // The response from the SW should be cors.

168 promises.push(

169 ok_test(f, url, mode, credentials, 'cors', 'undefined'));

170 });

171

172 for_each_origin_mode_credentials(function(origin, mode, credentials) {

173 var url = build_rewrite_url(

174 origin,

175 OTHER_BASE_URL + 'ACAOrigin=' + BASE_ORIGIN +

176 '&ACACredentials=true',

177 'cors', 'include');

178 // Fetch to the other origin with same-origin mode should fail.

179 if (origin == OTHER_ORIGIN && mode == 'same-origin')

180 return promises.push(ng_test(f, url, mode, credentials));

181 // The response from the SW should be cors.

182 promises.push(

183 ok_test(f, url, mode, credentials, 'cors', 'username2'));

184 });

185 return Promise.all(promises);

186 })

187 .then(function(f) {

188 frame.remove()

189 })

190 .catch(unreached_rejection(t));

191 }, 'Verify the tainting of responses fetched via SW');

192 </script>

193 </body>

OLD	NEW