summaryrefslogtreecommitdiffstats
path: root/testing/web-platform/tests/html/cross-origin-embedder-policy/worker-inheritance.sub.https.html
diff options
context:
space:
mode:
Diffstat (limited to 'testing/web-platform/tests/html/cross-origin-embedder-policy/worker-inheritance.sub.https.html')
-rw-r--r--testing/web-platform/tests/html/cross-origin-embedder-policy/worker-inheritance.sub.https.html61
1 files changed, 61 insertions, 0 deletions
diff --git a/testing/web-platform/tests/html/cross-origin-embedder-policy/worker-inheritance.sub.https.html b/testing/web-platform/tests/html/cross-origin-embedder-policy/worker-inheritance.sub.https.html
new file mode 100644
index 0000000000..e96c7f7e5d
--- /dev/null
+++ b/testing/web-platform/tests/html/cross-origin-embedder-policy/worker-inheritance.sub.https.html
@@ -0,0 +1,61 @@
+<!DOCTYPE html>
+<title>Test that local scheme workers inherit COEP: require-corp from the creating document</title>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+<script>
+ promise_test(async t => {
+ let sameOrigin = "{{location[server]}}";
+ let crossOrigin = "https://{{hosts[][www]}}:{{ports[https][1]}}";
+
+ let testHarness = await fetch(`${sameOrigin}/resources/testharness.js`)
+ .then(r => r.text());
+
+ // Test that fetching same-origin is allowed by COEP.
+ let same_origin_allowed_test = testName => `
+ promise_test(async t => {
+ return fetch("${sameOrigin}/common/blank.html", { mode: "no-cors" });
+ }, "${testName}: Same origin should be allowed.");
+ `;
+
+ // For data URLs, since everything is cross-origin in that case.
+ let same_origin_blocked_test = testName => `
+ promise_test(t => {
+ return promise_rejects_js(
+ t, TypeError,
+ fetch("${sameOrigin}/common/blank.html", { mode: "no-cors" }));
+ }, "${testName}: Same origin should be blocked.");
+ `;
+
+ // Test that fetching cross-origin is blocked by COEP.
+ let cross_origin_blocked_test = testName => `
+ promise_test(t => {
+ return promise_rejects_js(
+ t, TypeError,
+ fetch("${crossOrigin}/common/blank.html", { mode: "no-cors" }));
+ }, "${testName}: Cross origin should be blocked.");
+ `;
+
+ let blob_string = testName => testHarness +
+ same_origin_allowed_test(testName) +
+ cross_origin_blocked_test(testName) + "done();";
+
+ let data_string = testName => testHarness +
+ same_origin_blocked_test(testName) +
+ cross_origin_blocked_test(testName) + "done();";
+
+ let blob_url = context => {
+ let blob = new Blob([blob_string(`blob URL ${context}`)],
+ { type: 'application/javascript' });
+ return URL.createObjectURL(blob);
+ };
+
+ await fetch_tests_from_worker(new Worker(blob_url("dedicated worker")));
+ await fetch_tests_from_worker(new SharedWorker(blob_url("shared worker")));
+
+ let data_url = context => `data:application/javascript,` +
+ `${encodeURIComponent(data_string("data URL " + context))}`;
+
+ await fetch_tests_from_worker(new Worker(data_url("dedicated worker")));
+ await fetch_tests_from_worker(new Worker(data_url("shared worker")));
+ });
+</script>
generated by cgit v1.2.3 (git 2.39.1) at 2024-09-06 16:34:41 +0000