Adding upstream version 110.0.1.upstream/110.0.1 upstream

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
author: Daniel Baumann <daniel.baumann@progress-linux.org> 2024-04-07 09:22:09 +0000
committer: Daniel Baumann <daniel.baumann@progress-linux.org> 2024-04-07 09:22:09 +0000
commit: 43a97878ce14b72f0981164f87f2e35e14151312 (patch)
tree: 620249daf56c0258faa40cbdcf9cfba06de2a846 /testing/web-platform/tests/web-bundle/subresource-loading/credentials.https.tentative.sub.html
parent: Initial commit. (diff)
download: firefox-43a97878ce14b72f0981164f87f2e35e14151312.tar.xz
firefox-43a97878ce14b72f0981164f87f2e35e14151312.zip
1 files changed, 173 insertions, 0 deletions
diff --git a/testing/web-platform/tests/web-bundle/subresource-loading/credentials.https.tentative.sub.html b/testing/web-platform/tests/web-bundle/subresource-loading/credentials.https.tentative.sub.html
new file mode 100644
index 0000000000..37efc37e6d
--- /dev/null
+++ b/testing/web-platform/tests/web-bundle/subresource-loading/credentials.https.tentative.sub.html
@@ -0,0 +1,173 @@
+<!DOCTYPE html>
+<title>Credentials in WebBundle subresource loading</title>
+<link
+  rel="help"
+  href="https://github.com/WICG/webpackage/blob/main/explainers/subresource-loading.md#requests-mode-and-credentials-mode"
+/>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+<script src="../resources/test-helpers.js"></script>
+<body>
+  <script>
+    // In this wpt, we test a request's credential mode, which controls
+    // whether UA sends a credential or not to fetch a bundle.
+
+    // If UA sends a credential, check-cookie-and-return-{cross-oriigin}-bundle.py
+    // returns a valid format webbundle. Then, a subresource fetch should be successful.
+    // Otherwise, a subresource fetch should be rejected.
+
+    setup(() => {
+      assert_true(HTMLScriptElement.supports("webbundle"));
+    });
+
+    document.cookie = "milk=1; path=/";
+
+    // Make sure to set a cookie for a cross-origin domain from where a cross
+    // origin bundle is served.
+    const setCookiePromise = fetch(
+      "https://{{domains[www1]}}:{{ports[https][0]}}/cookies/resources/set-cookie.py?name=milk&path=/web-bundle/resources/",
+      {
+        mode: "no-cors",
+        credentials: "include",
+      }
+    );
+
+    const same_origin_bundle = "../resources/check-cookie-and-return-bundle.py";
+    const cross_origin_bundle =
+      "https://{{domains[www1]}}:{{ports[https][0]}}/web-bundle/resources/check-cookie-and-return-bundle.py?bundle=cross-origin";
+
+    const same_origin_bundle_subresource = "../resources/wbn/root.js";
+    const cross_origin_bundle_subresource =
+      "https://{{domains[www1]}}:{{ports[https][0]}}/web-bundle/resources/wbn/simple-cross-origin.txt";
+
+    async function assertSubresourceCanBeFetched() {
+      const response = await fetch(same_origin_bundle_subresource);
+      const text = await response.text();
+      assert_equals(text, "export * from './submodule.js';\n");
+    }
+
+    async function assertCrossOriginSubresourceCanBeFetched() {
+      const response = await fetch(cross_origin_bundle_subresource);
+      const text = await response.text();
+      assert_equals(text, "hello from simple-cross-origin.txt");
+    }
+
+    function createScriptWebBundle(credentials) {
+      const options = {};
+      if (credentials) {
+        options.credentials = credentials;
+      }
+      return createWebBundleElement(
+        same_origin_bundle,
+        [same_origin_bundle_subresource],
+        options
+      );
+    }
+
+    function createScriptWebBundleCrossOrigin(credentials) {
+      const options = {};
+      if (credentials) {
+        options.credentials = credentials;
+      }
+      return createWebBundleElement(
+        cross_origin_bundle,
+        [cross_origin_bundle_subresource],
+        options
+      );
+    }
+
+    promise_test(async (t) => {
+      const script = createScriptWebBundle();
+      document.body.append(script);
+      t.add_cleanup(() => script.remove());
+
+      await assertSubresourceCanBeFetched();
+    }, "The default should send a credential to a same origin bundle");
+
+    promise_test(async (t) => {
+      const script = createScriptWebBundle("invalid");
+      document.body.append(script);
+      t.add_cleanup(() => script.remove());
+
+      await assertSubresourceCanBeFetched();
+    }, "An invalid value should send a credential to a same origin bundle");
+
+    promise_test(async (t) => {
+      const script = createScriptWebBundle("omit");
+      document.body.append(script);
+      t.add_cleanup(() => script.remove());
+
+      return promise_rejects_js(
+        t,
+        TypeError,
+        fetch(same_origin_bundle_subresource)
+      );
+    }, "'omit' should not send a credential to a same origin bundle");
+
+    promise_test(async (t) => {
+      const script = createScriptWebBundle("same-origin");
+      document.body.append(script);
+      t.add_cleanup(() => script.remove());
+
+      await assertSubresourceCanBeFetched();
+    }, "'same-origin' should send a credential to a same origin bundle");
+
+    promise_test(async (t) => {
+      const script = createScriptWebBundle("include");
+      document.body.append(script);
+      t.add_cleanup(() => script.remove());
+
+      await assertSubresourceCanBeFetched();
+    }, "'include' should send a credential to a same origin bundle");
+
+    promise_test(async (t) => {
+      await setCookiePromise;
+
+      const script = createScriptWebBundleCrossOrigin("omit");
+      document.body.append(script);
+      t.add_cleanup(() => script.remove());
+
+      return promise_rejects_js(
+        t,
+        TypeError,
+        fetch(cross_origin_bundle_subresource)
+      );
+    }, "'omit' should not send a credential to a cross origin bundle");
+
+    promise_test(async (t) => {
+      await setCookiePromise;
+
+      const script = createScriptWebBundleCrossOrigin("same-origin");
+      document.body.append(script);
+      t.add_cleanup(() => script.remove());
+
+      return promise_rejects_js(
+        t,
+        TypeError,
+        fetch(cross_origin_bundle_subresource)
+      );
+    }, "'same-origin' should not send a credential to a cross origin bundle");
+
+    promise_test(async (t) => {
+      await setCookiePromise;
+
+      const script = createScriptWebBundleCrossOrigin("include");
+      document.body.append(script);
+      t.add_cleanup(() => script.remove());
+
+      await assertCrossOriginSubresourceCanBeFetched();
+    }, "'include' should send a credential to a cross origin bundle");
+
+    promise_test(async (t) => {
+      const script = createScriptWebBundleCrossOrigin("invalid");
+      document.body.append(script);
+      t.add_cleanup(() => script.remove());
+
+      return promise_rejects_js(
+        t,
+        TypeError,
+        fetch(cross_origin_bundle_subresource)
+      );
+    }, "An invalid value should not send a credential to a cross origin bundle");
+  </script>
+</body>
author	Daniel Baumann <daniel.baumann@progress-linux.org>	2024-04-07 09:22:09 +0000
committer	Daniel Baumann <daniel.baumann@progress-linux.org>	2024-04-07 09:22:09 +0000
commit	43a97878ce14b72f0981164f87f2e35e14151312 (patch)
tree	620249daf56c0258faa40cbdcf9cfba06de2a846 /testing/web-platform/tests/web-bundle/subresource-loading/credentials.https.tentative.sub.html
parent	Initial commit. (diff)
download	firefox-43a97878ce14b72f0981164f87f2e35e14151312.tar.xz firefox-43a97878ce14b72f0981164f87f2e35e14151312.zip