horok/firefox
1
0
Fork 0
Code Activity
firefox/testing/web-platform/tests/web-bundle/subresource-loading/coep.https.tentative.html
Daniel Baumann 5e9a113729
Adding upstream version 140.0. 
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
2025-06-25 09:37:52 +02:00

84 lines
3.2 KiB
HTML
Raw Permalink Blame History

<!DOCTYPE html>
<title>COEP for WebBundle subresource loading</title>
<link
rel="help"
href="https://github.com/WICG/webpackage/blob/main/explainers/subresource-loading.md"
/>
<link
rel="help"
href="https://html.spec.whatwg.org/multipage/origin.html#coep"
/>
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
<script src="../resources/test-helpers.js"></script>
<body>
<!--
This wpt should run on an origin different from https://www1.web-platform.test:8444/,
from where cross-orign WebBundles are served.
This test uses a cross-origin WebBundle,
https://www1.web-platform.test:8444/web-bundle/resources/wbn/cors/corp.wbn,
which is served with an Access-Control-Allow-Origin response header.
`corp.wbn` includes three subresources:
a. `no-corp.js`, which doesn't include a Cross-Origin-Resource-Policy response header.
b. `corp-same-origin.js`, which includes a Cross-Origin-Resource-Policy: same-origin response header.
c. `corp-cross-origin.js`, which includes a Cross-Origin-Resource-Policy: cross-origin response header.
-->
<script type="webbundle">
{
"source": "https://www1.web-platform.test:8444/web-bundle/resources/wbn/cors/corp.wbn",
"resources": [
"https://www1.web-platform.test:8444/web-bundle/resources/wbn/cors/no-corp.js",
"https://www1.web-platform.test:8444/web-bundle/resources/wbn/cors/corp-same-origin.js",
"https://www1.web-platform.test:8444/web-bundle/resources/wbn/cors/corp-cross-origin.js"
]
}
</script>
<script>
setup(() => {
assert_true(HTMLScriptElement.supports("webbundle"));
});
async function expectCOEPReport(func) {
const reportsPromise = new Promise((resolve) => {
const observer = new ReportingObserver((reports) => {
observer.disconnect();
resolve(reports.map((r) => r.toJSON()));
});
observer.observe();
});
await func();
const reports = await reportsPromise;
assert_equals(reports.length, 1);
assert_equals(reports[0].type, "coep");
assert_equals(reports[0].url, location.href);
return reports[0];
}
const prefix =
"https://www1.web-platform.test:8444/web-bundle/resources/wbn/cors/";
promise_test(async () => {
const report = await expectCOEPReport(async () => {
await addScriptAndWaitForError(prefix + "no-corp.js");
});
assert_equals(report.body.blockedURL, prefix + "no-corp.js");
assert_equals(report.body.type, "corp");
assert_equals(report.body.disposition, "enforce");
assert_equals(report.body.destination, "script");
}, "Cross-origin subresource without Cross-Origin-Resource-Policy: header should be blocked and generate a report.");
promise_test(async () => {
await addScriptAndWaitForError(prefix + "corp-same-origin.js");
}, "Cross-origin subresource with Cross-Origin-Resource-Policy: same-origin should be blocked.");
promise_test(async () => {
await addScriptAndWaitForExecution(prefix + "corp-cross-origin.js");
}, "Cross-origin subresource with Cross-Origin-Resource-Policy: cross-origin should be loaded.");
</script>
</body>
View git blame Copy permalink