1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
|
<!DOCTYPE html>
<title>Test that local scheme workers inherit COEP: require-corp from the creating document</title>
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
<script>
promise_test(async t => {
let sameOrigin = "{{location[server]}}";
let crossOrigin = "https://{{hosts[][www]}}:{{ports[https][1]}}";
let testHarness = await fetch(`${sameOrigin}/resources/testharness.js`)
.then(r => r.text());
// Test that fetching same-origin is allowed by COEP.
let same_origin_allowed_test = testName => `
promise_test(async t => {
return fetch("${sameOrigin}/common/blank.html", { mode: "no-cors" });
}, "${testName}: Same origin should be allowed.");
`;
// For data URLs, since everything is cross-origin in that case.
let same_origin_blocked_test = testName => `
promise_test(t => {
return promise_rejects_js(
t, TypeError,
fetch("${sameOrigin}/common/blank.html", { mode: "no-cors" }));
}, "${testName}: Same origin should be blocked.");
`;
// Test that fetching cross-origin is blocked by COEP.
let cross_origin_blocked_test = testName => `
promise_test(t => {
return promise_rejects_js(
t, TypeError,
fetch("${crossOrigin}/common/blank.html", { mode: "no-cors" }));
}, "${testName}: Cross origin should be blocked.");
`;
let blob_string = testName => testHarness +
same_origin_allowed_test(testName) +
cross_origin_blocked_test(testName) + "done();";
let data_string = testName => testHarness +
same_origin_blocked_test(testName) +
cross_origin_blocked_test(testName) + "done();";
let blob_url = context => {
let blob = new Blob([blob_string(`blob URL ${context}`)],
{ type: 'application/javascript' });
return URL.createObjectURL(blob);
};
await fetch_tests_from_worker(new Worker(blob_url("dedicated worker")));
await fetch_tests_from_worker(new SharedWorker(blob_url("shared worker")));
let data_url = context => `data:application/javascript,` +
`${encodeURIComponent(data_string("data URL " + context))}`;
await fetch_tests_from_worker(new Worker(data_url("dedicated worker")));
await fetch_tests_from_worker(new Worker(data_url("shared worker")));
});
</script>
|
