1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
|
<!doctype html>
<meta charset=utf-8>
<title>Ensure service worker is bypassed in insecure contexts</title>
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
<script src="/common/get-host-info.sub.js"></script>
<script src="resources/test-helpers.sub.js"></script>
<body>
<script>
// This test checks that an HTTPS iframe embedded in an HTTP document is not
// loaded via a service worker, since it's not a secure context. To that end, we
// first register a service worker, wait for its activation, and create an
// iframe that is controlled by said service worker. We use the iframe as a
// way to receive messages from the service worker.
// The bulk of the test begins by opening an HTTP window with the noopener
// option, installing a message event handler, and embedding an HTTPS iframe. If
// the browser behaves correctly then the iframe will be loaded from the network
// and will contain a script that posts a message to the parent window,
// informing it that it was loaded from the network. If, however, the iframe is
// intercepted, the service worker will return a page with a script that posts a
// message to the parent window, informing it that it was intercepted.
// Upon getting either result, the window will report the result to the service
// worker by navigating to a reporting URL. The service worker will then inform
// all clients about the result, including the controlled iframe from the
// beginning of the test. The message event handler will verify that the result
// is as expected, concluding the test.
promise_test(t => {
const SCRIPT = "resources/secure-context-service-worker.js";
const SCOPE = "resources/";
const HTTP_IFRAME_URL = get_host_info().HTTP_ORIGIN + base_path() + SCOPE + "secure-context/window.html";
return service_worker_unregister_and_register(t, SCRIPT, SCOPE)
.then(registration => {
t.add_cleanup(() => {
return registration.unregister();
});
return wait_for_state(t, registration.installing, 'activated');
})
.then(() => {
return with_iframe(SCOPE + "blank.html");
})
.then(iframe => {
t.add_cleanup(() => {
iframe.remove();
});
return new Promise(resolve => {
iframe.contentWindow.navigator.serviceWorker.onmessage = t.step_func(event => {
assert_equals(event.data, 'network');
resolve();
});
window.open(HTTP_IFRAME_URL, 'MyWindow', 'noopener');
});
});
})
</script>
</body>
|