1 files changed, 111 insertions, 0 deletions

diff --git a/testing/web-platform/tests/secure-contexts/shared-worker-insecure-first.https.html b/testing/web-platform/tests/secure-contexts/shared-worker-insecure-first.https.html
new file mode 100644
index 0000000000..00db9517d0
--- /dev/null
+++ b/testing/web-platform/tests/secure-contexts/shared-worker-insecure-first.https.html
@@ -0,0 +1,111 @@
+<!doctype html>
+<html>
+  <head>
+    <meta charset=utf-8>
+    <title>Test SharedWorkerGlobalScope.isSecureContext for HTTP creator</title>
+    <meta name="help" href="https://w3c.github.io/webappsec-secure-contexts/#monkey-patching-global-object">
+    <script src=/resources/testharness.js></script>
+    <script src=/resources/testharnessreport.js></script>
+    <script src="server-locations.sub.js"></script>
+  </head>
+  <body>
+    <script>
+      /*
+       * The goal of this test is to check that we do the right thing if the
+       * same SharedWorker is used first from an insecure context and then from
+       * a secure context.
+       *
+       * To do this, we first open an insecure (http) popup, which loads a
+       * subframe that is same-origin with us but not a secure context, since
+       * its parent is http, not https.  Then this subframe loads a SharedWorker
+       * and communicates back to us whether that worker and a child dedicated
+       * worker it spawns think they are secure contexts.  Async tests t3 and t4
+       * track these two workers.
+       *
+       * After we have heard from both workers in the popup, we directly load
+       * the same exact subframe ourselves and see what the workers in it
+       * report.  Async tests t1 and t2 track these two workers.
+       */
+      var t1 = async_test("Shared worker in subframe");
+      var t2 = async_test("Nested worker in shared worker in subframe");
+      var t3 = async_test("Shared worker in popup");
+      var t4 = async_test("Nested worker from shared worker in popup");
+
+      var messageCount = 0;
+      var popup = null;
+      onmessage = function(e) {
+        ++messageCount;
+        // Make sure to not close the popup until we've run the iframe part of
+        // the test!  We need to keep those shared workers alive.
+        if (messageCount == 4 && popup) {
+          popup.close();
+        }
+        var data = e.data;
+        if (data.type == "shared") {
+          // This is a message from our shared worker; check whether it's the
+          // one in the popup or in our subframe.
+          if (data.fromPopup) {
+            t3.step(function() {
+              assert_false(data.exception, "SharedWorker should not throw an exception.");
+              assert_false(data.error, "SharedWorker connection should not generate an error.");
+              assert_false(data.isSecureContext, "SharedWorker is not a secure context");
+            });
+            t3.done();
+          } else {
+            t1.step(function() {
+              assert_false(data.exception, "SharedWorker should not throw an exception.");
+              assert_true(data.error, "SharedWorker connection should generate an error.");
+            });
+            t1.done();
+          }
+        } else if (data.type == "nested") {
+          // This is a message from our shared worker's nested dedicated worker;
+          // check whether it's the one in the popup or in our subframe.
+          if (data.fromPopup) {
+            t4.step(function() {
+              assert_false(data.exception, "SharedWorker should not throw an exception.");
+              assert_false(data.error, "SharedWorker connection should not generate an error.");
+              assert_false(data.isSecureContext);
+            });
+            t4.done();
+          } else {
+            t2.step(function() {
+              assert_false(data.exception, "SharedWorker should not throw an exception.");
+              assert_true(data.error, "SharedWorker connection should generate an error.");
+            });
+            t2.done();
+          }
+        } else {
+          if (popup) {
+            popup.close();
+          }
+          t1.step(function() {
+            assert_unreached("Unknown message");
+          });
+          t1.done();
+          t2.step(function() {
+            assert_unreached("Unknown message");
+          });
+          t2.done();
+          t3.step(function() {
+            assert_unreached("Unknown message");
+          });
+          t3.done();
+          t4.step(function() {
+            assert_unreached("Unknown message");
+          });
+          t4.done();
+        }
+
+        if (messageCount == 2) {
+          // Got both messages from our popup; time to create our child.
+          var ifr = document.createElement("iframe");
+          ifr.src = https_dir5 + "support/https-subframe-shared.html";
+          document.body.appendChild(ifr);
+        }
+      }
+
+      popup = window.open(http_dir + "support/shared-worker-insecure-popup.html?https_dir5");
+    </script>
+  </body>
+</html>