1 files changed, 38 insertions, 0 deletions

diff --git a/testing/web-platform/tests/shared-storage/cross-origin-create-worklet-credentials-same-origin.tentative.https.sub.html b/testing/web-platform/tests/shared-storage/cross-origin-create-worklet-credentials-same-origin.tentative.https.sub.html
new file mode 100644
index 0000000000..99701d2b7d
--- /dev/null
+++ b/testing/web-platform/tests/shared-storage/cross-origin-create-worklet-credentials-same-origin.tentative.https.sub.html
@@ -0,0 +1,38 @@
+<!doctype html>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+<script src="/common/utils.js"></script>
+<script src="/shared-storage/resources/util.js"></script>
+<script src="/fenced-frame/resources/utils.js"></script>
+
+<body>
+<script>
+'use strict';
+
+promise_test(async () => {
+  const ancestor_key = token();
+  const crossOrigin = 'https://{{domains[www]}}:{{ports[https][0]}}';
+  const set_cookie_url = crossOrigin + `/cookies/resources/set-cookie.py` +
+                         `?name=key0` +
+                         `&path=/shared-storage/`;
+  const helper_url = crossOrigin +
+                     `/shared-storage/resources/credentials-test-helper.py` +
+                     `?access_control_allow_origin_header=${window.origin}` +
+                     `&token=${ancestor_key}`;
+
+  await fetch(set_cookie_url, { mode: 'no-cors', credentials: 'include' });
+
+  const worklet = await sharedStorage.createWorklet(
+    helper_url + `&action=store-cookie`,
+    { credentials: "same-origin" });
+
+  const request_cookie_fetch_response =
+    await fetch(helper_url + `&action=get-cookie`);
+
+  const request_cookie_text = await request_cookie_fetch_response.text();
+
+  assert_equals(request_cookie_text, "NO_COOKIE_HEADER");
+}, 'createWorklet() with cross-origin module script and credentials "same-origin"');
+
+</script>
+</body>