| Index: third_party/WebKit/LayoutTests/external/wpt/service-workers/service-worker/fetch-response-taint.https.html
|
| diff --git a/third_party/WebKit/LayoutTests/http/tests/serviceworker/fetch-response-taint.html b/third_party/WebKit/LayoutTests/external/wpt/service-workers/service-worker/fetch-response-taint.https.html
|
| similarity index 15%
|
| rename from third_party/WebKit/LayoutTests/http/tests/serviceworker/fetch-response-taint.html
|
| rename to third_party/WebKit/LayoutTests/external/wpt/service-workers/service-worker/fetch-response-taint.https.html
|
| index de93c03ba9ebd7bfc2bd5c51615a94620439f713..a6e7f984ea24499d5540048faee574172aa9ec44 100644
|
| --- a/third_party/WebKit/LayoutTests/http/tests/serviceworker/fetch-response-taint.html
|
| +++ b/third_party/WebKit/LayoutTests/external/wpt/service-workers/service-worker/fetch-response-taint.https.html
|
| @@ -1,59 +1,104 @@
|
| <!DOCTYPE html>
|
| <title>Service Worker: Tainting of responses fetched via SW.</title>
|
| -<script src="../resources/testharness.js"></script>
|
| -<script src="../resources/testharnessreport.js"></script>
|
| -<script src="../resources/get-host-info.js?pipe=sub"></script>
|
| -<script src="resources/test-helpers.js"></script>
|
| +<!-- This test makes a large number of requests sequentially. -->
|
| +<meta name="timeout" content="long">
|
| +<script src="/resources/testharness.js"></script>
|
| +<script src="/resources/testharnessreport.js"></script>
|
| +<script src="/common/get-host-info.sub.js"></script>
|
| +<script src="resources/test-helpers.sub.js"></script>
|
| <body>
|
| <script>
|
| var host_info = get_host_info();
|
| -var BASE_ORIGIN = host_info.HTTP_ORIGIN;
|
| -var OTHER_ORIGIN = host_info.HTTP_REMOTE_ORIGIN;
|
| +var BASE_ORIGIN = host_info.HTTPS_ORIGIN;
|
| +var OTHER_ORIGIN = host_info.HTTPS_REMOTE_ORIGIN;
|
| var BASE_URL = BASE_ORIGIN + base_path() +
|
| - 'resources/fetch-access-control.php?';
|
| + 'resources/fetch-access-control.py?';
|
| var OTHER_BASE_URL = OTHER_ORIGIN + base_path() +
|
| - 'resources/fetch-access-control.php?';
|
| + 'resources/fetch-access-control.py?';
|
|
|
| function frame_fetch(frame, url, mode, credentials) {
|
| - return frame.contentWindow.fetch(
|
| - new Request(url, {mode: mode, credentials: credentials}));
|
| + var foreignPromise = frame.contentWindow.fetch(
|
| + new Request(url, {mode: mode, credentials: credentials}))
|
| +
|
| + // Event loops should be shared between contexts of similar origin, not all
|
| + // browsers adhere to this expectation at the time of this writing. Incorrect
|
| + // behavior in this regard can interfere with test execution when the
|
| + // provided iframe is removed from the document.
|
| + //
|
| + // WPT maintains a test dedicated the expected treatment of event loops, so
|
| + // the following workaround is acceptable in this context.
|
| + return Promise.resolve(foreignPromise);
|
| }
|
|
|
| -function ng_test(frame, url, mode, credentials) {
|
| - return frame_fetch(frame, url, mode, credentials).then(
|
| - function() {
|
| - throw new Error('fetching url:\"' + url + '\" mode:\"' + mode +
|
| - '\" credentials:\"' + credentials + '\" should fail.');
|
| - },
|
| - function() {});
|
| +var login_and_register;
|
| +promise_test(function(t) {
|
| + var SCOPE = 'resources/fetch-response-taint-iframe.html';
|
| + var SCRIPT = 'resources/fetch-rewrite-worker.js';
|
| + var registration;
|
| +
|
| + login_and_register = login_https(t, host_info.HTTPS_ORIGIN, host_info.HTTPS_REMOTE_ORIGIN)
|
| + .then(function() {
|
| + return service_worker_unregister_and_register(t, SCRIPT, SCOPE);
|
| + })
|
| + .then(function(r) {
|
| + registration = r;
|
| + return wait_for_state(t, registration.installing, 'activated');
|
| + })
|
| + .then(function() { return with_iframe(SCOPE); })
|
| + .then(function(f) {
|
| + // This test should not be considered complete until after the
|
| + // service worker has been unregistered. Currently, `testharness.js`
|
| + // does not support asynchronous global "tear down" logic, so this
|
| + // must be expressed using a dedicated `promise_test`. Because the
|
| + // other sub-tests in this file are declared synchronously, this
|
| + // test will be the final test executed.
|
| + promise_test(function(t) {
|
| + f.remove();
|
| + return registration.unregister();
|
| + }, 'restore global state');
|
| +
|
| + return f;
|
| + });
|
| + return login_and_register;
|
| + }, 'initialize global state');
|
| +
|
| +function ng_test(url, mode, credentials) {
|
| + promise_test(function(t) {
|
| + return login_and_register
|
| + .then(function(frame) {
|
| + var fetchRequest = frame_fetch(frame, url, mode, credentials);
|
| + return promise_rejects(t, new TypeError(), fetchRequest);
|
| + });
|
| + }, 'url:\"' + url + '\" mode:\"' + mode +
|
| + '\" credentials:\"' + credentials + '\" should fail.');
|
| }
|
|
|
| -function ok_test(frame, url, mode, credentials, expected_type,
|
| - expected_username) {
|
| - return frame_fetch(frame, url, mode, credentials)
|
| - .then(function(res) {
|
| - assert_equals(res.type, expected_type);
|
| - return res.text();
|
| - })
|
| - .then(function(text) {
|
| - if (expected_type == 'opaque') {
|
| - assert_equals(text, '');
|
| - } else {
|
| - return new Promise(function(resolve) {
|
| - var report = resolve;
|
| - // text must contain report() call.
|
| - eval(text);
|
| - })
|
| - .then(function(result) {
|
| - assert_equals(result.username, expected_username);
|
| - });
|
| - }
|
| - })
|
| - .catch(function(reason) {
|
| - throw new Error('fetching url:\"' + url + '\" mode:\"' + mode +
|
| +function ok_test(url, mode, credentials, expected_type, expected_username) {
|
| + promise_test(function() {
|
| + return login_and_register.then(function(frame) {
|
| + return frame_fetch(frame, url, mode, credentials)
|
| + })
|
| + .then(function(res) {
|
| + assert_equals(res.type, expected_type, 'response type');
|
| + return res.text();
|
| + })
|
| + .then(function(text) {
|
| + if (expected_type == 'opaque') {
|
| + assert_equals(text, '');
|
| + } else {
|
| + return new Promise(function(resolve) {
|
| + var report = resolve;
|
| + // text must contain report() call.
|
| + eval(text);
|
| + })
|
| + .then(function(result) {
|
| + assert_equals(result.username, expected_username);
|
| + });
|
| + }
|
| + });
|
| + }, 'fetching url:\"' + url + '\" mode:\"' + mode +
|
| '\" credentials:\"' + credentials + '\" should ' +
|
| - 'success. - ' + reason.message);
|
| - });
|
| + 'succeed.');
|
| }
|
|
|
| function build_rewrite_url(origin, url, mode, credentials) {
|
| @@ -71,123 +116,102 @@ function for_each_origin_mode_credentials(callback) {
|
| });
|
| }
|
|
|
| -promise_test(function(t) {
|
| - var SCOPE = 'resources/fetch-response-taint-iframe.html';
|
| - var SCRIPT = 'resources/fetch-rewrite-worker.js';
|
| - var frame = undefined;
|
| +ok_test(BASE_URL, 'same-origin', 'omit', 'basic', 'undefined');
|
| +ok_test(BASE_URL, 'same-origin', 'same-origin', 'basic', 'username2s');
|
| +ok_test(BASE_URL, 'same-origin', 'include', 'basic', 'username2s');
|
| +ok_test(BASE_URL, 'no-cors', 'omit', 'basic', 'undefined');
|
| +ok_test(BASE_URL, 'no-cors', 'same-origin', 'basic', 'username2s');
|
| +ok_test(BASE_URL, 'no-cors', 'include', 'basic', 'username2s');
|
| +ok_test(BASE_URL, 'cors', 'omit', 'basic', 'undefined');
|
| +ok_test(BASE_URL, 'cors', 'same-origin', 'basic', 'username2s');
|
| +ok_test(BASE_URL, 'cors', 'include', 'basic', 'username2s');
|
| +ng_test(OTHER_BASE_URL, 'same-origin', 'omit');
|
| +ng_test(OTHER_BASE_URL, 'same-origin', 'same-origin');
|
| +ng_test(OTHER_BASE_URL, 'same-origin', 'include');
|
| +ok_test(OTHER_BASE_URL, 'no-cors', 'omit', 'opaque');
|
| +ok_test(OTHER_BASE_URL, 'no-cors', 'same-origin', 'opaque');
|
| +ok_test(OTHER_BASE_URL, 'no-cors', 'include', 'opaque');
|
| +ng_test(OTHER_BASE_URL, 'cors', 'omit');
|
| +ng_test(OTHER_BASE_URL, 'cors', 'same-origin');
|
| +ng_test(OTHER_BASE_URL, 'cors', 'include');
|
| +ok_test(OTHER_BASE_URL + 'ACAOrigin=*', 'cors', 'omit', 'cors', 'undefined');
|
| +ok_test(OTHER_BASE_URL + 'ACAOrigin=*', 'cors', 'same-origin', 'cors',
|
| + 'undefined');
|
| +ng_test(OTHER_BASE_URL + 'ACAOrigin=*', 'cors', 'include');
|
| +ok_test(OTHER_BASE_URL + 'ACAOrigin=' + BASE_ORIGIN + '&ACACredentials=true',
|
| + 'cors', 'include', 'cors', 'username1s')
|
|
|
| - return login(t, host_info.HTTP_ORIGIN, host_info.HTTP_REMOTE_ORIGIN)
|
| - .then(function() {
|
| - return service_worker_unregister_and_register(t, SCRIPT, SCOPE);
|
| - })
|
| - .then(function(registration) {
|
| - return wait_for_state(t, registration.installing, 'activated');
|
| - })
|
| - .then(function() { return with_iframe(SCOPE); })
|
| - .then(function(f) {
|
| - frame = f;
|
| - var promises = [
|
| - ok_test(f, BASE_URL, 'same-origin', 'omit', 'basic', 'undefined'),
|
| - ok_test(f, BASE_URL, 'same-origin', 'same-origin', 'basic',
|
| - 'username1'),
|
| - ok_test(f, BASE_URL, 'same-origin', 'include', 'basic',
|
| - 'username1'),
|
| - ok_test(f, BASE_URL, 'no-cors', 'omit', 'basic', 'undefined'),
|
| - ok_test(f, BASE_URL, 'no-cors', 'same-origin', 'basic',
|
| - 'username1'),
|
| - ok_test(f, BASE_URL, 'no-cors', 'include', 'basic', 'username1'),
|
| - ok_test(f, BASE_URL, 'cors', 'omit', 'basic', 'undefined'),
|
| - ok_test(f, BASE_URL, 'cors', 'same-origin', 'basic', 'username1'),
|
| - ok_test(f, BASE_URL, 'cors', 'include', 'basic', 'username1'),
|
| - ng_test(f, OTHER_BASE_URL, 'same-origin', 'omit'),
|
| - ng_test(f, OTHER_BASE_URL, 'same-origin', 'same-origin'),
|
| - ng_test(f, OTHER_BASE_URL, 'same-origin', 'include'),
|
| - ok_test(f, OTHER_BASE_URL, 'no-cors', 'omit', 'opaque'),
|
| - ok_test(f, OTHER_BASE_URL, 'no-cors', 'same-origin', 'opaque'),
|
| - ok_test(f, OTHER_BASE_URL, 'no-cors', 'include', 'opaque'),
|
| - ng_test(f, OTHER_BASE_URL, 'cors', 'omit'),
|
| - ng_test(f, OTHER_BASE_URL, 'cors', 'same-origin'),
|
| - ng_test(f, OTHER_BASE_URL, 'cors', 'include'),
|
| - ok_test(f, OTHER_BASE_URL + 'ACAOrigin=*', 'cors', 'omit', 'cors',
|
| - 'undefined'),
|
| - ok_test(f, OTHER_BASE_URL + 'ACAOrigin=*', 'cors', 'same-origin',
|
| - 'cors', 'undefined'),
|
| - ng_test(f, OTHER_BASE_URL + 'ACAOrigin=*', 'cors', 'include'),
|
| - ok_test(f,
|
| - OTHER_BASE_URL + 'ACAOrigin=' + BASE_ORIGIN +
|
| - '&ACACredentials=true',
|
| - 'cors', 'include', 'cors', 'username2')
|
| - ];
|
| -
|
| - for_each_origin_mode_credentials(function(origin, mode, credentials) {
|
| - var url = build_rewrite_url(
|
| - origin, BASE_URL, 'same-origin', 'omit');
|
| - // Fetch to the other origin with same-origin mode should fail.
|
| - if (origin == OTHER_ORIGIN && mode == 'same-origin')
|
| - return promises.push(ng_test(f, url, mode, credentials));
|
| - // The response type from the SW should be basic
|
| - promises.push(
|
| - ok_test(f, url, mode, credentials, 'basic', 'undefined'));
|
| - });
|
| +for_each_origin_mode_credentials(function(origin, mode, credentials) {
|
| + var url = build_rewrite_url(
|
| + origin, BASE_URL, 'same-origin', 'omit');
|
| + // Fetch to the other origin with same-origin mode should fail.
|
| + if (origin == OTHER_ORIGIN && mode == 'same-origin') {
|
| + ng_test(url, mode, credentials);
|
| + } else {
|
| + // The response type from the SW should be basic
|
| + ok_test(url, mode, credentials, 'basic', 'undefined');
|
| + }
|
| +});
|
|
|
| - for_each_origin_mode_credentials(function(origin, mode, credentials) {
|
| - var url = build_rewrite_url(
|
| - origin, BASE_URL, 'same-origin', 'same-origin');
|
| - // Fetch to the other origin with same-origin mode should fail.
|
| - if (origin == OTHER_ORIGIN && mode == 'same-origin')
|
| - return promises.push(ng_test(f, url, mode, credentials));
|
| - // The response type from the SW should be basic.
|
| - promises.push(
|
| - ok_test(f, url, mode, credentials, 'basic', 'username1'));
|
| - });
|
| +for_each_origin_mode_credentials(function(origin, mode, credentials) {
|
| + var url = build_rewrite_url(
|
| + origin, BASE_URL, 'same-origin', 'same-origin');
|
|
|
| - for_each_origin_mode_credentials(function(origin, mode, credentials) {
|
| - var url = build_rewrite_url(
|
| - origin, OTHER_BASE_URL, 'same-origin', 'omit');
|
| - // The response from the SW should be an error.
|
| - promises.push(ng_test(f, url, mode, credentials));
|
| - });
|
| + // Fetch to the other origin with same-origin mode should fail.
|
| + if (origin == OTHER_ORIGIN && mode == 'same-origin') {
|
| + ng_test(url, mode, credentials);
|
| + } else {
|
| + // The response type from the SW should be basic.
|
| + ok_test(url, mode, credentials, 'basic', 'username2s');
|
| + }
|
| +});
|
|
|
| - for_each_origin_mode_credentials(function(origin, mode, credentials) {
|
| - var url = build_rewrite_url(
|
| - origin, OTHER_BASE_URL, 'no-cors', 'omit');
|
| - // SW can respond only to no-cors requests.
|
| - if (mode != 'no-cors')
|
| - return promises.push(ng_test(f, url, mode, credentials));
|
| - // The response type from the SW should be opaque.
|
| - promises.push(ok_test(f, url, mode, credentials, 'opaque'));
|
| - });
|
| +for_each_origin_mode_credentials(function(origin, mode, credentials) {
|
| + var url = build_rewrite_url(
|
| + origin, OTHER_BASE_URL, 'same-origin', 'omit');
|
| + // The response from the SW should be an error.
|
| + ng_test(url, mode, credentials);
|
| +});
|
|
|
| - for_each_origin_mode_credentials(function(origin, mode, credentials) {
|
| - var url = build_rewrite_url(
|
| - origin, OTHER_BASE_URL + 'ACAOrigin=*', 'cors', 'omit');
|
| - // Fetch to the other origin with same-origin mode should fail.
|
| - if (origin == OTHER_ORIGIN && mode == 'same-origin')
|
| - return promises.push(ng_test(f, url, mode, credentials));
|
| - // The response from the SW should be cors.
|
| - promises.push(
|
| - ok_test(f, url, mode, credentials, 'cors', 'undefined'));
|
| - });
|
| +for_each_origin_mode_credentials(function(origin, mode, credentials) {
|
| + var url = build_rewrite_url(
|
| + origin, OTHER_BASE_URL, 'no-cors', 'omit');
|
|
|
| - for_each_origin_mode_credentials(function(origin, mode, credentials) {
|
| - var url = build_rewrite_url(
|
| - origin,
|
| - OTHER_BASE_URL + 'ACAOrigin=' + BASE_ORIGIN +
|
| - '&ACACredentials=true',
|
| - 'cors', 'include');
|
| - // Fetch to the other origin with same-origin mode should fail.
|
| - if (origin == OTHER_ORIGIN && mode == 'same-origin')
|
| - return promises.push(ng_test(f, url, mode, credentials));
|
| - // The response from the SW should be cors.
|
| - promises.push(
|
| - ok_test(f, url, mode, credentials, 'cors', 'username2'));
|
| - });
|
| - return Promise.all(promises);
|
| - })
|
| - .then(function(f) {
|
| - frame.remove()
|
| - })
|
| - .catch(unreached_rejection(t));
|
| - }, 'Verify the tainting of responses fetched via SW');
|
| + // SW can respond only to no-cors requests.
|
| + if (mode != 'no-cors') {
|
| + ng_test(url, mode, credentials);
|
| + } else {
|
| + // The response type from the SW should be opaque.
|
| + ok_test(url, mode, credentials, 'opaque');
|
| + }
|
| +});
|
| +
|
| +for_each_origin_mode_credentials(function(origin, mode, credentials) {
|
| + var url = build_rewrite_url(
|
| + origin, OTHER_BASE_URL + 'ACAOrigin=*', 'cors', 'omit');
|
| +
|
| + // Fetch to the other origin with same-origin mode should fail.
|
| + if (origin == OTHER_ORIGIN && mode == 'same-origin') {
|
| + ng_test(url, mode, credentials);
|
| + } else {
|
| + // The response from the SW should be cors.
|
| + ok_test(url, mode, credentials, 'cors', 'undefined');
|
| + }
|
| +});
|
| +
|
| +for_each_origin_mode_credentials(function(origin, mode, credentials) {
|
| + var url = build_rewrite_url(
|
| + origin,
|
| + OTHER_BASE_URL + 'ACAOrigin=' + BASE_ORIGIN +
|
| + '&ACACredentials=true',
|
| + 'cors', 'include');
|
| + // Fetch to the other origin with same-origin mode should fail.
|
| + if (origin == OTHER_ORIGIN && mode == 'same-origin') {
|
| + ng_test(url, mode, credentials);
|
| + } else {
|
| + // The response from the SW should be cors.
|
| + ok_test(url, mode, credentials, 'cors', 'username1s');
|
| + }
|
| +});
|
| </script>
|
| </body>
|
|
|
Chromium Code Reviews
Issue 2856863003:
Upstream service worker `fetch` test to WPT (Closed)
