summaryrefslogtreecommitdiffstats
path: root/testing/web-platform/tests/fetch/private-network-access/service-worker-update.https.window.js
blob: fe2bf58f6600470650b9a19707a98ca895b2d86c (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
// META: script=/common/utils.js
// META: script=resources/support.sub.js
//
// Spec: https://wicg.github.io/private-network-access/#integration-fetch
//
// These tests check that `ServiceWorker` script update fetches are subject to
// Private Network Access checks, just like regular `fetch()` calls. The client
// of the fetch, for PNA purposes, is taken to be the previous script.
//
// The tests is carried out by instantiating a service worker from a resource
// that carries the `Content-Security-Policy: treat-as-public-address` header,
// such that the registration is placed in the public IP address space. When
// the script is fetched for an update, the client is thus considered public,
// yet the same-origin fetch observes that the server's IP endpoint is not
// necessarily in the public IP address space.
//
// See also: worker.https.window.js

// Results that may be expected in tests.
const TestResult = {
  SUCCESS: { updated: true },
  FAILURE: { error: "TypeError" },
};

async function makeTest(t, { target, expected }) {
  // The bridge must be same-origin with the service worker script.
  const bridgeUrl = resolveUrl(
      "resources/service-worker-bridge.html",
      sourceResolveOptions({ server: target.server }));

  const scriptUrl = preflightUrl(target);
  scriptUrl.searchParams.append("treat-as-public-once", token());
  scriptUrl.searchParams.append("mime-type", "application/javascript");
  scriptUrl.searchParams.append("file", "service-worker.js");
  scriptUrl.searchParams.append("random-js-prefix", true);

  const iframe = await appendIframe(t, document, bridgeUrl);

  const request = (message) => {
    const reply = futureMessage();
    iframe.contentWindow.postMessage(message, "*");
    return reply;
  };

  {
    const { error, loaded } = await request({
      action: "register",
      url: scriptUrl.href,
    });

    assert_equals(error, undefined, "register error");
    assert_true(loaded, "response loaded");
  }

  try {
    let { controlled, numControllerChanges } = await request({
      action: "wait",
      numControllerChanges: 1,
    });

    assert_equals(numControllerChanges, 1, "controller change");
    assert_true(controlled, "bridge script is controlled");

    const { error, updated } = await request({ action: "update" });

    assert_equals(error, expected.error, "update error");
    assert_equals(updated, expected.updated, "registration updated");

    // Stop here if we do not expect the update to succeed.
    if (!expected.updated) {
      return;
    }

    ({ controlled, numControllerChanges } = await request({
      action: "wait",
      numControllerChanges: 2,
    }));

    assert_equals(numControllerChanges, 2, "controller change");
    assert_true(controlled, "bridge script still controlled");
  } finally {
    const { error, unregistered } = await request({
      action: "unregister",
      scope: new URL("./", scriptUrl).href,
    });

    assert_equals(error, undefined, "unregister error");
    assert_true(unregistered, "unregistered");
  }
}

promise_test(t => makeTest(t, {
  target: { server: Server.HTTPS_LOCAL },
  expected: TestResult.FAILURE,
}), "update public to local: failed preflight.");

promise_test(t => makeTest(t, {
  target: {
    server: Server.HTTPS_LOCAL,
    behavior: { preflight: PreflightBehavior.serviceWorkerSuccess(token()) },
  },
  expected: TestResult.SUCCESS,
}), "update public to local: success.");

promise_test(t => makeTest(t, {
  target: { server: Server.HTTPS_PRIVATE },
  expected: TestResult.FAILURE,
}), "update public to private: failed preflight.");

promise_test(t => makeTest(t, {
  target: {
    server: Server.HTTPS_PRIVATE,
    behavior: { preflight: PreflightBehavior.serviceWorkerSuccess(token()) },
  },
  expected: TestResult.SUCCESS,
}), "update public to private: success.");

promise_test(t => makeTest(t, {
  target: { server: Server.HTTPS_PUBLIC },
  expected: TestResult.SUCCESS,
}), "update public to public: success.");