File: shared-workers.https.html

package info (click to toggle)
firefox-esr 91.13.0esr-1~deb11u1
  • links: PTS, VCS
  • area: main
  • in suites: bullseye
  • size: 3,375,652 kB
  • sloc: cpp: 5,762,054; javascript: 5,481,714; ansic: 3,121,191; python: 851,492; asm: 331,172; xml: 178,949; java: 155,554; sh: 63,704; makefile: 20,127; perl: 12,825; yacc: 4,583; cs: 3,846; objc: 3,026; lex: 1,720; exp: 762; pascal: 635; php: 436; lisp: 260; awk: 231; ruby: 103; sed: 53; sql: 46; csh: 45
file content (132 lines) | stat: -rw-r--r-- 4,530 bytes parent folder | download | duplicates (4) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
 
<!doctype html>
<html>
<meta charset="utf-8">
<title>COEP - policy derivation for Shared Workers</title>
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
<script src="/common/get-host-info.sub.js"></script>
<body>
<p>Verify the Cross-Origin Embedder Policy for Shared Workers by performing a
cross-domain "fetch" request for a resource that does not specify a COEP. Only
Shared Workers with the default COEP should be able to successfully perform
this operation.</p>
<script>
'use strict';

const {ORIGIN, REMOTE_ORIGIN} = get_host_info();
const BASE = new URL("resources", location).pathname
const testUrl = `${REMOTE_ORIGIN}${BASE}/empty-coep.py`;
const workerHttpUrl = `${ORIGIN}${BASE}/shared-worker-fetch.js.py`;
let workerBlobUrl;
let workerDataUrl;

promise_setup(() => {
  return fetch(workerHttpUrl)
    .then((response) => response.text())
    .then((text) => {
      workerDataUrl = 'data:text/javascript;base64,' + btoa(text);
      workerBlobUrl = URL.createObjectURL(
        new Blob([text], { 'Content-Type': 'text/javascript' })
      );
    });
});

/**
 * Create a Shared Worker within an iframe
 *
 * @param {object} t - a testharness.js subtest instance (used to reset global
 *                     state)
 * @param {string} ownerCoep - the Cross-Origin Embedder Policy of the iframe
 * @param {string} workerUrl - the URL from which the Shared Worker should be
 *                             created
 */
function create(t, ownerCoep, workerUrl) {
  const iframe = document.createElement('iframe');
  iframe.src = 'resources/empty-coep.py' +
    (ownerCoep ? '?value=' + ownerCoep : '');

  return new Promise((resolve, reject) => {
      document.body.appendChild(iframe);
      t.add_cleanup(() => iframe.remove());
      iframe.onload = () => resolve(iframe);
    })
    .then((iframe) => {
      const sw = new iframe.contentWindow.SharedWorker(workerUrl);

      return new Promise((resolve) => {
        sw.port.addEventListener('message', () => resolve(sw), { once: true });
        sw.port.start();
      });
    });
}

/**
 * Instruct a Shared Worker to fetch from a specified URL and report on the
 * success of the operation.
 *
 * @param {SharedWorker} worker
 * @param {string} url - the URL that the worker should fetch
 */
function fetchFromWorker(worker, url) {
  return new Promise((resolve) => {
    worker.port.postMessage(url);
    worker.port.addEventListener(
      'message', (event) => resolve(event.data), { once: true }
    );
  });
};

promise_test((t) => {
  return create(t, null, workerHttpUrl)
    .then((worker) => fetchFromWorker(worker, testUrl))
    .then((result) => assert_equals(result, 'success'));
}, 'default policy (derived from response)');

promise_test((t) => {
  return create(t, null, workerHttpUrl + '?value=require-corp')
    .then((worker) => fetchFromWorker(worker, testUrl))
    .then((result) => assert_equals(result, 'failure'));
}, '"require-corp" (derived from response)');

promise_test((t) => {
  return Promise.all([
      create(t, null, workerBlobUrl),
      create(t, null, workerBlobUrl),
      create(t, null, workerBlobUrl)
    ])
    .then((workers) => fetchFromWorker(workers[0], testUrl))
    .then((result) => assert_equals(result, 'success'));
}, 'default policy (derived from owner set due to use of local scheme - blob URL)');

promise_test((t) => {
  return Promise.all([
      create(t, null, workerBlobUrl),
      create(t, 'require-corp', workerBlobUrl),
      create(t, null, workerBlobUrl)
    ])
    .then((workers) => fetchFromWorker(workers[0], testUrl))
    .then((result) => assert_equals(result, 'failure'));
}, '"require-corp" (derived from owner set due to use of local scheme - blob URL)');

promise_test((t) => {
  return Promise.all([
      create(t, null, workerDataUrl),
      create(t, null, workerDataUrl),
      create(t, null, workerDataUrl)
    ])
    .then((workers) => fetchFromWorker(workers[0], testUrl))
    .then((result) => assert_equals(result, 'success'));
}, 'default policy (derived from owner set due to use of local scheme - data URL)');

promise_test((t) => {
  return Promise.all([
      create(t, null, workerDataUrl),
      create(t, 'require-corp', workerDataUrl),
      create(t, null, workerDataUrl)
    ])
    .then((workers) => fetchFromWorker(workers[0], testUrl))
    .then((result) => assert_equals(result, 'failure'));
}, '"require-corp" (derived from owner set due to use of local scheme - data URL)');
</script>
</body>
</html>