File: Service-Worker-Allowed-header.https.html

package info (click to toggle)
firefox-esr 68.10.0esr-1~deb9u1
  • links: PTS, VCS
  • area: main
  • in suites: stretch
  • size: 3,143,932 kB
  • sloc: cpp: 5,227,879; javascript: 4,315,531; ansic: 2,467,042; python: 794,975; java: 349,993; asm: 232,034; xml: 228,320; sh: 82,008; lisp: 41,202; makefile: 22,347; perl: 15,555; objc: 5,277; cs: 4,725; yacc: 1,778; ada: 1,681; pascal: 1,673; lex: 1,417; exp: 527; php: 436; ruby: 225; awk: 162; sed: 53; csh: 44
file content (104 lines) | stat: -rw-r--r-- 4,426 bytes parent folder | download | duplicates (2) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
 
<!DOCTYPE html>
<title>Service Worker: Service-Worker-Allowed header</title>
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
<script src="/common/get-host-info.sub.js"></script>
<script src="resources/test-helpers.sub.js"></script>
<script>

const host_info = get_host_info();

// Returns a URL for a service worker script whose Service-Worker-Allowed
// header value is set to |allowed_path|. If |origin| is specified, that origin
// is used.
function build_script_url(allowed_path, origin) {
  const script = 'resources/empty-worker.js';
  const url = origin ? `${origin}${base_path()}${script}` : script;
  return `${url}?pipe=header(Service-Worker-Allowed,${allowed_path})`;
}

promise_test(async t => {
  const script = build_script_url('/allowed-path');
  const scope = '/allowed-path';
  const registration = await service_worker_unregister_and_register(
      t, script, scope);
  assert_true(registration instanceof ServiceWorkerRegistration, 'registered');
  assert_equals(registration.scope, normalizeURL(scope));
  return registration.unregister();
}, 'Registering within Service-Worker-Allowed path');

promise_test(async t => {
  const script = build_script_url(new URL('/allowed-path', document.location));
  const scope = '/allowed-path';
  const registration = await service_worker_unregister_and_register(
      t, script, scope);
  assert_true(registration instanceof ServiceWorkerRegistration, 'registered');
  assert_equals(registration.scope, normalizeURL(scope));
  return registration.unregister();
}, 'Registering within Service-Worker-Allowed path (absolute URL)');

promise_test(async t => {
  const script = build_script_url('../allowed-path-with-parent');
  const scope = 'allowed-path-with-parent';
  const registration = await service_worker_unregister_and_register(
      t, script, scope);
  assert_true(registration instanceof ServiceWorkerRegistration, 'registered');
  assert_equals(registration.scope, normalizeURL(scope));
  return registration.unregister();
}, 'Registering within Service-Worker-Allowed path with parent reference');

promise_test(async t => {
  const script = build_script_url('../allowed-path');
  const scope = '/disallowed-path';
  await service_worker_unregister(t, scope);
  return promise_rejects(t,
      'SecurityError',
      navigator.serviceWorker.register(script, {scope: scope}),
      'register should fail');
}, 'Registering outside Service-Worker-Allowed path');

promise_test(async t => {
  const script = build_script_url('../allowed-path-with-parent');
  const scope = '/allowed-path-with-parent';
  await service_worker_unregister(t, scope);
  return promise_rejects(t,
      'SecurityError',
      navigator.serviceWorker.register(script, {scope: scope}),
      'register should fail');
}, 'Registering outside Service-Worker-Allowed path with parent reference');

promise_test(async t => {
  const script = build_script_url(
      host_info.HTTPS_REMOTE_ORIGIN + '/');
  const scope = 'resources/this-scope-is-normally-allowed'
  const registration = await service_worker_unregister_and_register(
      t, script, scope);
  assert_true(registration instanceof ServiceWorkerRegistration, 'registered');
  assert_equals(registration.scope, normalizeURL(scope));
  return registration.unregister();
}, 'Service-Worker-Allowed is cross-origin to script, registering on a normally allowed scope');

promise_test(async t => {
  const script = build_script_url(
      host_info.HTTPS_REMOTE_ORIGIN + '/');
  const scope = '/this-scope-is-normally-disallowed'
  const registration = await service_worker_unregister_and_register(
      t, script, scope);
  assert_true(registration instanceof ServiceWorkerRegistration, 'registered');
  assert_equals(registration.scope, normalizeURL(scope));
  return registration.unregister();
}, 'Service-Worker-Allowed is cross-origin to script, registering on a normally disallowed scope');

promise_test(async t => {
  const script = build_script_url(
      host_info.HTTPS_REMOTE_ORIGIN + '/cross-origin/',
      host_info.HTTPS_REMOTE_ORIGIN);
  const scope = '/cross-origin/';
  await service_worker_unregister(t, scope);
  return promise_rejects(t,
      'SecurityError',
      navigator.serviceWorker.register(script, {scope: scope}),
      'register should fail');
}, 'Service-Worker-Allowed is cross-origin to page, same-origin to script');

</script>