summaryrefslogtreecommitdiffstats
path: root/testing/web-platform/tests/html/anonymous-iframe/worker-cookies.tentative.https.window.js
diff options
context:
space:
mode:
Diffstat (limited to 'testing/web-platform/tests/html/anonymous-iframe/worker-cookies.tentative.https.window.js')
-rw-r--r--testing/web-platform/tests/html/anonymous-iframe/worker-cookies.tentative.https.window.js70
1 files changed, 70 insertions, 0 deletions
diff --git a/testing/web-platform/tests/html/anonymous-iframe/worker-cookies.tentative.https.window.js b/testing/web-platform/tests/html/anonymous-iframe/worker-cookies.tentative.https.window.js
new file mode 100644
index 0000000000..8c25306baf
--- /dev/null
+++ b/testing/web-platform/tests/html/anonymous-iframe/worker-cookies.tentative.https.window.js
@@ -0,0 +1,70 @@
+// META: timeout=long
+// META: variant=?worker=dedicated_worker
+// META: variant=?worker=shared_worker
+// META: variant=?worker=service_worker
+// META: script=/common/get-host-info.sub.js
+// META: script=/common/utils.js
+// META: script=/common/dispatcher/dispatcher.js
+// META: script=/html/cross-origin-embedder-policy/credentialless/resources/common.js
+// META: script=./resources/common.js
+
+// Execute the same set of tests for every type of worker.
+// - DedicatedWorkers
+// - SharedWorkers
+// - ServiceWorkers.
+const params = new URLSearchParams(document.location.search);
+const worker_param = params.get("worker") || "dedicated_worker";
+
+const cookie_key = token();
+const cookie_value = "cookie_value";
+const cookie_origin = get_host_info().HTTPS_REMOTE_ORIGIN;
+
+// Create worker spawned from `context` and return its uuid.
+const workerFrom = context => {
+ const reply = token();
+ send(context, `
+ for(deps of [
+ "/common/utils.js",
+ "/resources/testharness.js",
+ "/html/cross-origin-embedder-policy/credentialless/resources/common.js",
+ ]) {
+ await new Promise(resolve => {
+ const script = document.createElement("script");
+ script.src = deps;
+ script.onload = resolve;
+ document.body.appendChild(script);
+ });
+ }
+
+ const worker_constructor = environments["${worker_param}"];
+ const headers = "";
+ const [worker, error] = worker_constructor(headers);
+ send("${reply}", worker);
+ `);
+ return receive(reply);
+};
+
+// Set a cookie from a top-level document.
+promise_test(async test => {
+ await setCookie(cookie_origin, cookie_key, cookie_value);
+}, "set cookies");
+
+// Control: iframe is not credentialless. The worker can access cookies.
+promise_test(async test => {
+ const headers = token();
+ send(await workerFrom(newIframe(cookie_origin)), `
+ fetch("${showRequestHeaders(cookie_origin, headers)}");
+ `);
+ const cookie = parseCookies(JSON.parse(await receive(headers)));
+ assert_equals(cookie[cookie_key], cookie_value)
+}, "Worker spawned from normal iframe can access global cookies");
+
+// Experiment: iframe is credentialless.
+promise_test(async test => {
+ const headers = token();
+ send(await workerFrom(newIframeCredentialless(cookie_origin)), `
+ fetch("${showRequestHeaders(cookie_origin, headers)}");
+ `);
+ const cookie = parseCookies(JSON.parse(await receive(headers)));
+ assert_equals(cookie[cookie_key], undefined)
+}, "Worker spawned from credentialless iframe can't access global cookies");