diff options
Diffstat (limited to 'testing/web-platform/tests/shared-storage')
11 files changed, 131 insertions, 6 deletions
diff --git a/testing/web-platform/tests/shared-storage/cross-origin-create-worklet-credentials-include.tentative.https.sub.html b/testing/web-platform/tests/shared-storage/cross-origin-create-worklet-credentials-include.tentative.https.sub.html index 9c44d2a29f..4c0e91c156 100644 --- a/testing/web-platform/tests/shared-storage/cross-origin-create-worklet-credentials-include.tentative.https.sub.html +++ b/testing/web-platform/tests/shared-storage/cross-origin-create-worklet-credentials-include.tentative.https.sub.html @@ -19,6 +19,7 @@ promise_test(async () => { `/shared-storage/resources/credentials-test-helper.py` + `?access_control_allow_origin_header=${window.origin}` + `&access_control_allow_credentials_header=true` + + `&shared_storage_cross_origin_worklet_allowed_header=?1` + `&token=${ancestor_key}`; await fetch(set_cookie_url, { mode: 'no-cors', credentials: 'include' }); diff --git a/testing/web-platform/tests/shared-storage/cross-origin-create-worklet-credentials-omit.tentative.https.sub.html b/testing/web-platform/tests/shared-storage/cross-origin-create-worklet-credentials-omit.tentative.https.sub.html index ddda1809f2..86b56ce80d 100644 --- a/testing/web-platform/tests/shared-storage/cross-origin-create-worklet-credentials-omit.tentative.https.sub.html +++ b/testing/web-platform/tests/shared-storage/cross-origin-create-worklet-credentials-omit.tentative.https.sub.html @@ -18,6 +18,7 @@ promise_test(async () => { const helper_url = crossOrigin + `/shared-storage/resources/credentials-test-helper.py` + `?access_control_allow_origin_header=${window.origin}` + + `&shared_storage_cross_origin_worklet_allowed_header=?1` + `&token=${ancestor_key}`; await fetch(set_cookie_url, { mode: 'no-cors', credentials: 'include' }); diff --git a/testing/web-platform/tests/shared-storage/cross-origin-create-worklet-credentials-same-origin.tentative.https.sub.html b/testing/web-platform/tests/shared-storage/cross-origin-create-worklet-credentials-same-origin.tentative.https.sub.html index 99701d2b7d..0b8faad783 100644 --- a/testing/web-platform/tests/shared-storage/cross-origin-create-worklet-credentials-same-origin.tentative.https.sub.html +++ b/testing/web-platform/tests/shared-storage/cross-origin-create-worklet-credentials-same-origin.tentative.https.sub.html @@ -18,6 +18,7 @@ promise_test(async () => { const helper_url = crossOrigin + `/shared-storage/resources/credentials-test-helper.py` + `?access_control_allow_origin_header=${window.origin}` + + `&shared_storage_cross_origin_worklet_allowed_header=?1` + `&token=${ancestor_key}`; await fetch(set_cookie_url, { mode: 'no-cors', credentials: 'include' }); diff --git a/testing/web-platform/tests/shared-storage/cross-origin-create-worklet-unrevealed-failure-false-shared-storage-cross-origin-worklet-allowed.tentative.https.sub.html b/testing/web-platform/tests/shared-storage/cross-origin-create-worklet-unrevealed-failure-false-shared-storage-cross-origin-worklet-allowed.tentative.https.sub.html new file mode 100644 index 0000000000..f1f37b0aff --- /dev/null +++ b/testing/web-platform/tests/shared-storage/cross-origin-create-worklet-unrevealed-failure-false-shared-storage-cross-origin-worklet-allowed.tentative.https.sub.html @@ -0,0 +1,32 @@ +<!doctype html> +<script src="/resources/testharness.js"></script> +<script src="/resources/testharnessreport.js"></script> +<script src="/common/utils.js"></script> +<script src="/shared-storage/resources/util.js"></script> +<script src="/fenced-frame/resources/utils.js"></script> + +<body> +<script> +'use strict'; + +promise_test(async t => { + const ancestor_key = token(); + const crossOrigin = 'https://{{domains[www]}}:{{ports[https][0]}}'; + const helper_url = crossOrigin + + `/shared-storage/resources/credentials-test-helper.py` + + `?access_control_allow_origin_header=${window.origin}` + + `&access_control_allow_credentials_header=true` + + `&shared_storage_cross_origin_worklet_allowed_header=?0` + + `&token=${ancestor_key}`; + + // The network error for `createWorklet()` won't be revealed to the + // cross-origin caller. + await sharedStorage.createWorklet( + helper_url + `&action=store-cookie`, + { credentials: "include" }); +}, 'createWorklet() with cross-origin module script and credentials ' + + '"include", and with the Shared-Storage-Cross-Origin-Worklet-Allowed ' + + 'response header value set to false (?0)'); + +</script> +</body> diff --git a/testing/web-platform/tests/shared-storage/cross-origin-create-worklet-failure-missing-access-control-allow-credentials.tentative.https.sub.html b/testing/web-platform/tests/shared-storage/cross-origin-create-worklet-unrevealed-failure-missing-access-control-allow-credentials.tentative.https.sub.html index 598fd8f405..dd6347e463 100644 --- a/testing/web-platform/tests/shared-storage/cross-origin-create-worklet-failure-missing-access-control-allow-credentials.tentative.https.sub.html +++ b/testing/web-platform/tests/shared-storage/cross-origin-create-worklet-unrevealed-failure-missing-access-control-allow-credentials.tentative.https.sub.html @@ -15,12 +15,14 @@ promise_test(async t => { const helper_url = crossOrigin + `/shared-storage/resources/credentials-test-helper.py` + `?access_control_allow_origin_header=${window.origin}` + + `&shared_storage_cross_origin_worklet_allowed_header=?1` + `&token=${ancestor_key}`; - return promise_rejects_dom(t, "OperationError", - sharedStorage.createWorklet( + // The network error for `createWorklet()` won't be revealed to the + // cross-origin caller. + await sharedStorage.createWorklet( helper_url + `&action=store-cookie`, - { credentials: "include" })); + { credentials: "include" }); }, 'createWorklet() with cross-origin module script and credentials ' + '"include", and without the Access-Control-Allow-Credentials response ' + 'header'); diff --git a/testing/web-platform/tests/shared-storage/cross-origin-create-worklet-failure-missing-access-control-allow-origin.tentative.https.sub.html b/testing/web-platform/tests/shared-storage/cross-origin-create-worklet-unrevealed-failure-missing-access-control-allow-origin.tentative.https.sub.html index 4195d09fc0..1f3223a564 100644 --- a/testing/web-platform/tests/shared-storage/cross-origin-create-worklet-failure-missing-access-control-allow-origin.tentative.https.sub.html +++ b/testing/web-platform/tests/shared-storage/cross-origin-create-worklet-unrevealed-failure-missing-access-control-allow-origin.tentative.https.sub.html @@ -15,12 +15,14 @@ promise_test(async t => { const helper_url = crossOrigin + `/shared-storage/resources/credentials-test-helper.py` + `&access_control_allow_credentials_header=true` + + `&shared_storage_cross_origin_worklet_allowed_header=?1` + `&token=${ancestor_key}`; - return promise_rejects_dom(t, "OperationError", - sharedStorage.createWorklet( + // The network error for `createWorklet()` won't be revealed to the + // cross-origin caller. + await sharedStorage.createWorklet( helper_url + `&action=store-cookie`, - { credentials: "include" })); + { credentials: "include" }); }, 'createWorklet() with cross-origin module script and credentials ' + '"include", and without the Access-Control-Allow-Origin response header'); diff --git a/testing/web-platform/tests/shared-storage/cross-origin-create-worklet-unrevealed-failure-missing-shared-storage-cross-origin-worklet-allowed.tentative.https.sub.html b/testing/web-platform/tests/shared-storage/cross-origin-create-worklet-unrevealed-failure-missing-shared-storage-cross-origin-worklet-allowed.tentative.https.sub.html new file mode 100644 index 0000000000..f96e4d596e --- /dev/null +++ b/testing/web-platform/tests/shared-storage/cross-origin-create-worklet-unrevealed-failure-missing-shared-storage-cross-origin-worklet-allowed.tentative.https.sub.html @@ -0,0 +1,31 @@ +<!doctype html> +<script src="/resources/testharness.js"></script> +<script src="/resources/testharnessreport.js"></script> +<script src="/common/utils.js"></script> +<script src="/shared-storage/resources/util.js"></script> +<script src="/fenced-frame/resources/utils.js"></script> + +<body> +<script> +'use strict'; + +promise_test(async t => { + const ancestor_key = token(); + const crossOrigin = 'https://{{domains[www]}}:{{ports[https][0]}}'; + const helper_url = crossOrigin + + `/shared-storage/resources/credentials-test-helper.py` + + `?access_control_allow_origin_header=${window.origin}` + + `&access_control_allow_credentials_header=true` + + `&token=${ancestor_key}`; + + // The network error for `createWorklet()`` won't be revealed to the + // cross-origin caller. + await sharedStorage.createWorklet( + helper_url + `&action=store-cookie`, + { credentials: "include" }); +}, 'createWorklet() with cross-origin module script and credentials ' + + '"include", and without the Shared-Storage-Cross-Origin-Worklet-Allowed ' + + 'response header'); + +</script> +</body> diff --git a/testing/web-platform/tests/shared-storage/cross-origin-worklet-select-url-and-verify-data-origin.tentative.https.sub.html b/testing/web-platform/tests/shared-storage/cross-origin-worklet-select-url-and-verify-data-origin.tentative.https.sub.html new file mode 100644 index 0000000000..5b6b9d5f8f --- /dev/null +++ b/testing/web-platform/tests/shared-storage/cross-origin-worklet-select-url-and-verify-data-origin.tentative.https.sub.html @@ -0,0 +1,46 @@ +<!doctype html> +<script src="/resources/testharness.js"></script> +<script src="/resources/testharnessreport.js"></script> +<script src="/common/utils.js"></script> +<script src="/shared-storage/resources/util.js"></script> +<script src="/fenced-frame/resources/utils.js"></script> + +<body> +<script> +'use strict'; + +promise_test(async () => { + const crossOrigin = 'https://{{domains[www]}}:{{ports[https][0]}}'; + const script_url = crossOrigin + + `/shared-storage/resources/simple-module.js`; + + const worklet = await sharedStorage.createWorklet( + script_url, + { credentials: "omit" }); + + const ancestor_key = token(); + let url0 = generateURL("/shared-storage/resources/frame0.html", + [ancestor_key]); + + let select_url_result = await worklet.selectURL( + "test-url-selection-operation", + [{ url: url0 }], { + data: { + 'mockResult': 0, + 'setKey': 'key0', + 'setValue': 'value0' + }, + resolveToConfig: true, + keepAlive: true + }); + + assert_true(validateSelectURLResult(select_url_result, true)); + attachFencedFrame(select_url_result, 'opaque-ads'); + const result0 = await nextValueFromServer(ancestor_key); + assert_equals(result0, "frame0_loaded"); + + await verifyKeyValueForOrigin('key0', 'value0', crossOrigin); +}, 'For a cross-origin worklet, test selectURL() and verify its data origin'); + +</script> +</body> diff --git a/testing/web-platform/tests/shared-storage/resources/credentials-test-helper.py b/testing/web-platform/tests/shared-storage/resources/credentials-test-helper.py index 46fc0ea6fb..575e504e64 100644 --- a/testing/web-platform/tests/shared-storage/resources/credentials-test-helper.py +++ b/testing/web-platform/tests/shared-storage/resources/credentials-test-helper.py @@ -19,6 +19,9 @@ def main(request, response): if b"access_control_allow_origin_header" in request.GET: response.headers.append(b"Access-Control-Allow-Origin", request.GET[b"access_control_allow_origin_header"]) + if b"shared_storage_cross_origin_worklet_allowed_header" in request.GET: + response.headers.append(b"Shared-Storage-Cross-Origin-Worklet-Allowed", request.GET[b"shared_storage_cross_origin_worklet_allowed_header"]) + if action == b"store-cookie": cookie = request.headers.get(b"Cookie", b"NO_COOKIE_HEADER") request.server.stash.put(token, cookie) diff --git a/testing/web-platform/tests/shared-storage/resources/simple-module.js b/testing/web-platform/tests/shared-storage/resources/simple-module.js index 620a3592f2..11b650811d 100644 --- a/testing/web-platform/tests/shared-storage/resources/simple-module.js +++ b/testing/web-platform/tests/shared-storage/resources/simple-module.js @@ -6,6 +6,10 @@ var globalVar = 0; class TestURLSelectionOperation { async run(urls, data) { + if (data && data.hasOwnProperty('setKey') && data.hasOwnProperty('setValue')) { + await sharedStorage.set(data['setKey'], data['setValue']); + } + if (data && data.hasOwnProperty('mockResult')) { return data['mockResult']; } diff --git a/testing/web-platform/tests/shared-storage/resources/simple-module.js.headers b/testing/web-platform/tests/shared-storage/resources/simple-module.js.headers new file mode 100644 index 0000000000..cf3e03e24c --- /dev/null +++ b/testing/web-platform/tests/shared-storage/resources/simple-module.js.headers @@ -0,0 +1,2 @@ +Access-Control-Allow-Origin: * +Shared-Storage-Cross-Origin-Worklet-Allowed: ?1 |