diff options
Diffstat (limited to 'testing/web-platform/tests/html/anonymous-iframe/worker-cookies.tentative.https.window.js')
| -rw-r--r-- | testing/web-platform/tests/html/anonymous-iframe/worker-cookies.tentative.https.window.js | 70 |
1 files changed, 70 insertions, 0 deletions
diff --git a/testing/web-platform/tests/html/anonymous-iframe/worker-cookies.tentative.https.window.js b/testing/web-platform/tests/html/anonymous-iframe/worker-cookies.tentative.https.window.js new file mode 100644 index 0000000000..8c25306baf --- /dev/null +++ b/testing/web-platform/tests/html/anonymous-iframe/worker-cookies.tentative.https.window.js @@ -0,0 +1,70 @@ +// META: timeout=long +// META: variant=?worker=dedicated_worker +// META: variant=?worker=shared_worker +// META: variant=?worker=service_worker +// META: script=/common/get-host-info.sub.js +// META: script=/common/utils.js +// META: script=/common/dispatcher/dispatcher.js +// META: script=/html/cross-origin-embedder-policy/credentialless/resources/common.js +// META: script=./resources/common.js + +// Execute the same set of tests for every type of worker. +// - DedicatedWorkers +// - SharedWorkers +// - ServiceWorkers. +const params = new URLSearchParams(document.location.search); +const worker_param = params.get("worker") || "dedicated_worker"; + +const cookie_key = token(); +const cookie_value = "cookie_value"; +const cookie_origin = get_host_info().HTTPS_REMOTE_ORIGIN; + +// Create worker spawned from `context` and return its uuid. +const workerFrom = context => { + const reply = token(); + send(context, ` + for(deps of [ + "/common/utils.js", + "/resources/testharness.js", + "/html/cross-origin-embedder-policy/credentialless/resources/common.js", + ]) { + await new Promise(resolve => { + const script = document.createElement("script"); + script.src = deps; + script.onload = resolve; + document.body.appendChild(script); + }); + } + + const worker_constructor = environments["${worker_param}"]; + const headers = ""; + const [worker, error] = worker_constructor(headers); + send("${reply}", worker); + `); + return receive(reply); +}; + +// Set a cookie from a top-level document. +promise_test(async test => { + await setCookie(cookie_origin, cookie_key, cookie_value); +}, "set cookies"); + +// Control: iframe is not credentialless. The worker can access cookies. +promise_test(async test => { + const headers = token(); + send(await workerFrom(newIframe(cookie_origin)), ` + fetch("${showRequestHeaders(cookie_origin, headers)}"); + `); + const cookie = parseCookies(JSON.parse(await receive(headers))); + assert_equals(cookie[cookie_key], cookie_value) +}, "Worker spawned from normal iframe can access global cookies"); + +// Experiment: iframe is credentialless. +promise_test(async test => { + const headers = token(); + send(await workerFrom(newIframeCredentialless(cookie_origin)), ` + fetch("${showRequestHeaders(cookie_origin, headers)}"); + `); + const cookie = parseCookies(JSON.parse(await receive(headers))); + assert_equals(cookie[cookie_key], undefined) +}, "Worker spawned from credentialless iframe can't access global cookies"); |