82 lines
3 KiB
JavaScript
82 lines
3 KiB
JavaScript
// META: timeout=long
|
|
// META: script=/common/get-host-info.sub.js
|
|
// META: script=/common/utils.js
|
|
// META: script=/common/dispatcher/dispatcher.js
|
|
// META: script=/service-workers/service-worker/resources/test-helpers.sub.js
|
|
// META: script=./resources/common.js
|
|
|
|
const same_origin = get_host_info().HTTPS_ORIGIN;
|
|
const cross_origin = get_host_info().HTTPS_REMOTE_ORIGIN;
|
|
const cookie_key = "credentialless_dedicated_worker";
|
|
const cookie_same_origin = "same_origin";
|
|
const cookie_cross_origin = "cross_origin";
|
|
|
|
promise_test(async test => {
|
|
|
|
await Promise.all([
|
|
setCookie(same_origin, cookie_key, cookie_same_origin +
|
|
cookie_same_site_none),
|
|
setCookie(cross_origin, cookie_key, cookie_cross_origin +
|
|
cookie_same_site_none),
|
|
]);
|
|
|
|
let GetCookie = (response) => {
|
|
const headers_credentialless = JSON.parse(response);
|
|
return parseCookies(headers_credentialless)[cookie_key];
|
|
}
|
|
|
|
async function fetchInRemoteContext(ctx, request_url) {
|
|
// The fail might fail in when a DedicatedWorker with DIP
|
|
// isolate-and-require-corp tries to fetch a cross-origin resource. Silently
|
|
// catch the error as we're only interested in whether the cookies were sent
|
|
// with the fetch in the first place.
|
|
try {
|
|
await ctx.execute_script(
|
|
async (url) => {
|
|
await fetch(url, {mode: 'no-cors', credentials: 'include'});
|
|
}, [request_url]);
|
|
} catch(error) {}
|
|
}
|
|
|
|
const dedicatedWorkerTest = function(
|
|
description, origin, dip_for_worker,
|
|
expected_cookies) {
|
|
promise_test_parallel(async t => {
|
|
// Create one iframe with the specified DIP isolate-and-credentialless.
|
|
// Then start a DedicatedWorker. The DedicatedWorker will inherit the DIP
|
|
// of its creator.
|
|
const worker = await createDedicatedWorkerContext(test, same_origin, dip_for_worker);
|
|
const worker_context = new RemoteContext(worker[0]);
|
|
|
|
// Fetch resources with the worker.
|
|
const request_token = token();
|
|
const request_url = showRequestHeaders(origin, request_token);
|
|
|
|
await fetchInRemoteContext(worker_context, request_url);
|
|
const response_worker = await receive(request_token).then(GetCookie);
|
|
assert_equals(response_worker,
|
|
expected_cookies,
|
|
"dip => ");
|
|
}, `fetch ${description}`)
|
|
};
|
|
|
|
dedicatedWorkerTest("same-origin + credentialless worker",
|
|
same_origin, dip_credentialless,
|
|
cookie_same_origin);
|
|
|
|
dedicatedWorkerTest("same-origin + require_corp worker",
|
|
same_origin, dip_require_corp,
|
|
cookie_same_origin);
|
|
|
|
dedicatedWorkerTest("cross-origin + credentialless worker",
|
|
cross_origin, dip_credentialless,
|
|
undefined // Worker created successfully with credentialless, and fetch doesn't get credentials
|
|
);
|
|
|
|
dedicatedWorkerTest("cross-origin + require_corp worker",
|
|
cross_origin, dip_require_corp,
|
|
cookie_cross_origin // The worker's policy is require_corp, so the resource will be requested with cookies
|
|
// but the load will fail because the response does not
|
|
// have CORP cross-origin.
|
|
);
|
|
})
|