diff options
Diffstat (limited to 'testing/web-platform/tests/background-fetch/mixed-content-and-allowed-schemes.https.window.js')
-rw-r--r-- | testing/web-platform/tests/background-fetch/mixed-content-and-allowed-schemes.https.window.js | 51 |
1 files changed, 51 insertions, 0 deletions
diff --git a/testing/web-platform/tests/background-fetch/mixed-content-and-allowed-schemes.https.window.js b/testing/web-platform/tests/background-fetch/mixed-content-and-allowed-schemes.https.window.js new file mode 100644 index 0000000000..b5efd4b916 --- /dev/null +++ b/testing/web-platform/tests/background-fetch/mixed-content-and-allowed-schemes.https.window.js @@ -0,0 +1,51 @@ +// META: script=/service-workers/service-worker/resources/test-helpers.sub.js +// META: script=resources/utils.js +'use strict'; + +// Tests that Mixed Content requests are blocked. +// https://w3c.github.io/webappsec-mixed-content/#should-block-fetch +// https://w3c.github.io/webappsec-mixed-content/#a-priori-authenticated-url +// https://w3c.github.io/webappsec-secure-contexts/#is-origin-trustworthy + +// With an additional restriction that only https:// and loopback http:// +// requests are allowed. Hence the wss:, file:, data:, etc schemes are blocked. +// https://github.com/WICG/background-fetch/issues/44 + +// This is not a comprehensive test of mixed content blocking - it is just +// intended to check that blocking is enabled. + +backgroundFetchTest((t, bgFetch) => { + return bgFetch.fetch(uniqueId(), 'https://example.com'); +}, 'https: fetch should register ok'); + +backgroundFetchTest((t, bgFetch) => { + return bgFetch.fetch(uniqueId(), 'http://127.0.0.1'); +}, 'loopback IPv4 http: fetch should register ok'); + +backgroundFetchTest((t, bgFetch) => { + return bgFetch.fetch(uniqueId(), 'http://[::1]'); +}, 'loopback IPv6 http: fetch should register ok'); + +backgroundFetchTest((t, bgFetch) => { + return bgFetch.fetch(uniqueId(), 'http://localhost'); +}, 'localhost http: fetch should register ok'); + +backgroundFetchTest((t, bgFetch) => { + return promise_rejects_js(t, TypeError, + bgFetch.fetch(uniqueId(), 'wss:127.0.0.1')); +}, 'wss: fetch should reject'); + +backgroundFetchTest((t, bgFetch) => { + return promise_rejects_js(t, TypeError, + bgFetch.fetch(uniqueId(), 'file:///')); +}, 'file: fetch should reject'); + +backgroundFetchTest((t, bgFetch) => { + return promise_rejects_js(t, TypeError, + bgFetch.fetch(uniqueId(), 'data:text/plain,foo')); +}, 'data: fetch should reject'); + +backgroundFetchTest((t, bgFetch) => { + return promise_rejects_js(t, TypeError, + bgFetch.fetch(uniqueId(), 'foobar:bazqux')); +}, 'unknown scheme fetch should reject'); |