diff options
Diffstat (limited to 'testing/web-platform/tests/html/cross-origin-embedder-policy/worker-inheritance.sub.https.html')
-rw-r--r-- | testing/web-platform/tests/html/cross-origin-embedder-policy/worker-inheritance.sub.https.html | 61 |
1 files changed, 61 insertions, 0 deletions
diff --git a/testing/web-platform/tests/html/cross-origin-embedder-policy/worker-inheritance.sub.https.html b/testing/web-platform/tests/html/cross-origin-embedder-policy/worker-inheritance.sub.https.html new file mode 100644 index 0000000000..e96c7f7e5d --- /dev/null +++ b/testing/web-platform/tests/html/cross-origin-embedder-policy/worker-inheritance.sub.https.html @@ -0,0 +1,61 @@ +<!DOCTYPE html> +<title>Test that local scheme workers inherit COEP: require-corp from the creating document</title> +<script src="/resources/testharness.js"></script> +<script src="/resources/testharnessreport.js"></script> +<script> + promise_test(async t => { + let sameOrigin = "{{location[server]}}"; + let crossOrigin = "https://{{hosts[][www]}}:{{ports[https][1]}}"; + + let testHarness = await fetch(`${sameOrigin}/resources/testharness.js`) + .then(r => r.text()); + + // Test that fetching same-origin is allowed by COEP. + let same_origin_allowed_test = testName => ` + promise_test(async t => { + return fetch("${sameOrigin}/common/blank.html", { mode: "no-cors" }); + }, "${testName}: Same origin should be allowed."); + `; + + // For data URLs, since everything is cross-origin in that case. + let same_origin_blocked_test = testName => ` + promise_test(t => { + return promise_rejects_js( + t, TypeError, + fetch("${sameOrigin}/common/blank.html", { mode: "no-cors" })); + }, "${testName}: Same origin should be blocked."); + `; + + // Test that fetching cross-origin is blocked by COEP. + let cross_origin_blocked_test = testName => ` + promise_test(t => { + return promise_rejects_js( + t, TypeError, + fetch("${crossOrigin}/common/blank.html", { mode: "no-cors" })); + }, "${testName}: Cross origin should be blocked."); + `; + + let blob_string = testName => testHarness + + same_origin_allowed_test(testName) + + cross_origin_blocked_test(testName) + "done();"; + + let data_string = testName => testHarness + + same_origin_blocked_test(testName) + + cross_origin_blocked_test(testName) + "done();"; + + let blob_url = context => { + let blob = new Blob([blob_string(`blob URL ${context}`)], + { type: 'application/javascript' }); + return URL.createObjectURL(blob); + }; + + await fetch_tests_from_worker(new Worker(blob_url("dedicated worker"))); + await fetch_tests_from_worker(new SharedWorker(blob_url("shared worker"))); + + let data_url = context => `data:application/javascript,` + + `${encodeURIComponent(data_string("data URL " + context))}`; + + await fetch_tests_from_worker(new Worker(data_url("dedicated worker"))); + await fetch_tests_from_worker(new Worker(data_url("shared worker"))); + }); +</script> |