Adding upstream version 124.0.1.upstream/124.0.1

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>

1 files changed, 106 insertions, 0 deletions

diff --git a/testing/web-platform/tests/fetch/private-network-access/service-worker-update.tentative.https.window.js b/testing/web-platform/tests/fetch/private-network-access/service-worker-update.tentative.https.window.js
new file mode 100644
index 0000000000..4882d235bb
--- /dev/null
+++ b/testing/web-platform/tests/fetch/private-network-access/service-worker-update.tentative.https.window.js
@@ -0,0 +1,106 @@
+// META: script=/common/utils.js
+// META: script=resources/support.sub.js
+//
+// Spec: https://wicg.github.io/private-network-access/#integration-fetch
+//
+// These tests check that `ServiceWorker` script update fetches are exempt from
+// Private Network Access checks because they are always same-origin and the
+// origin is potentially trustworthy. The client of the fetch, for PNA purposes,
+// is taken to be the previous script.
+//
+// The tests is carried out by instantiating a service worker from a resource
+// that carries the `Content-Security-Policy: treat-as-public-address` header,
+// such that the registration is placed in the public IP address space. When
+// the script is fetched for an update, the client is thus considered public,
+// yet the same-origin fetch observes that the server's IP endpoint is not
+// necessarily in the public IP address space.
+//
+// See also: worker.https.window.js
+
+// Results that may be expected in tests.
+const TestResult = {
+  SUCCESS: { updated: true },
+  FAILURE: { error: "TypeError" },
+};
+
+async function makeTest(t, { target, expected }) {
+  // The bridge must be same-origin with the service worker script.
+  const bridgeUrl = resolveUrl(
+      "resources/service-worker-bridge.html",
+      sourceResolveOptions({ server: target.server }));
+
+  const scriptUrl = preflightUrl(target);
+  scriptUrl.searchParams.append("treat-as-public-once", token());
+  scriptUrl.searchParams.append("mime-type", "application/javascript");
+  scriptUrl.searchParams.append("file", "service-worker.js");
+  scriptUrl.searchParams.append("random-js-prefix", true);
+
+  const iframe = await appendIframe(t, document, bridgeUrl);
+
+  const request = (message) => {
+    const reply = futureMessage();
+    iframe.contentWindow.postMessage(message, "*");
+    return reply;
+  };
+
+  {
+    const { error, loaded } = await request({
+      action: "register",
+      url: scriptUrl.href,
+    });
+
+    assert_equals(error, undefined, "register error");
+    assert_true(loaded, "response loaded");
+  }
+
+  try {
+    let { controlled, numControllerChanges } = await request({
+      action: "wait",
+      numControllerChanges: 1,
+    });
+
+    assert_equals(numControllerChanges, 1, "controller change");
+    assert_true(controlled, "bridge script is controlled");
+
+    const { error, updated } = await request({ action: "update" });
+
+    assert_equals(error, expected.error, "update error");
+    assert_equals(updated, expected.updated, "registration updated");
+
+    // Stop here if we do not expect the update to succeed.
+    if (!expected.updated) {
+      return;
+    }
+
+    ({ controlled, numControllerChanges } = await request({
+      action: "wait",
+      numControllerChanges: 2,
+    }));
+
+    assert_equals(numControllerChanges, 2, "controller change");
+    assert_true(controlled, "bridge script still controlled");
+  } finally {
+    const { error, unregistered } = await request({
+      action: "unregister",
+      scope: new URL("./", scriptUrl).href,
+    });
+
+    assert_equals(error, undefined, "unregister error");
+    assert_true(unregistered, "unregistered");
+  }
+}
+
+promise_test(t => makeTest(t, {
+  target: { server: Server.HTTPS_LOCAL },
+  expected: TestResult.SUCCESS,
+}), "update public to local: success.");
+
+promise_test(t => makeTest(t, {
+  target: { server: Server.HTTPS_PRIVATE },
+  expected: TestResult.SUCCESS,
+}), "update public to private: success.");
+
+promise_test(t => makeTest(t, {
+  target: { server: Server.HTTPS_PUBLIC },
+  expected: TestResult.SUCCESS,
+}), "update public to public: success.");