File: credentialless-dedicated-worker.https.tentative.window.js

package info (click to toggle)
firefox 144.0-1
  • links: PTS, VCS
  • area: main
  • in suites: sid
  • size: 4,637,504 kB
  • sloc: cpp: 7,576,692; javascript: 6,430,831; ansic: 3,748,119; python: 1,398,978; xml: 628,810; asm: 438,679; java: 186,194; sh: 63,212; makefile: 19,159; objc: 13,086; perl: 12,986; yacc: 4,583; cs: 3,846; pascal: 3,448; lex: 1,720; ruby: 1,003; exp: 762; php: 436; lisp: 258; awk: 247; sql: 66; sed: 53; csh: 10
file content (82 lines) | stat: -rw-r--r-- 3,110 bytes parent folder | download | duplicates (11) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
 
// META: timeout=long
// META: script=/common/get-host-info.sub.js
// META: script=/common/utils.js
// META: script=/common/dispatcher/dispatcher.js
// META: script=/service-workers/service-worker/resources/test-helpers.sub.js
// META: script=./resources/common.js

const same_origin = get_host_info().HTTPS_ORIGIN;
const cross_origin = get_host_info().HTTPS_REMOTE_ORIGIN;
const cookie_key = "credentialless_dedicated_worker";
const cookie_same_origin = "same_origin";
const cookie_cross_origin = "cross_origin";

promise_test(async test => {

  await Promise.all([
    setCookie(same_origin, cookie_key, cookie_same_origin +
      cookie_same_site_none),
    setCookie(cross_origin, cookie_key, cookie_cross_origin +
      cookie_same_site_none),
  ]);

  let GetCookie = (response) => {
    const headers_credentialless = JSON.parse(response);
    return parseCookies(headers_credentialless)[cookie_key];
  }

  async function fetchInRemoteContext(ctx, request_url) {
    // The fail might fail in when a DedicatedWorker with DIP
    // isolate-and-require-corp tries to fetch a cross-origin resource. Silently
    // catch the error as we're only interested in whether the cookies were sent
    // with the fetch in the first place.
    try {
    await ctx.execute_script(
        async (url) => {
          await fetch(url, {mode: 'no-cors', credentials: 'include'});
        }, [request_url]);
    } catch(error) {}
  }

  const dedicatedWorkerTest = function(
    description, origin, dip_for_worker,
    expected_cookies) {
    promise_test_parallel(async t => {
      // Create one iframe with the specified DIP isolate-and-credentialless.
      // Then start a DedicatedWorker. The DedicatedWorker will inherit the DIP
      // of its creator.
      const worker = await createDedicatedWorkerContext(test, same_origin, dip_for_worker);
      const worker_context = new RemoteContext(worker[0]);

      // Fetch resources with the worker.
      const request_token = token();
      const request_url = showRequestHeaders(origin, request_token);

      await fetchInRemoteContext(worker_context, request_url);
      const response_worker = await receive(request_token).then(GetCookie);
      assert_equals(response_worker,
        expected_cookies,
        "dip => ");
    }, `fetch ${description}`)
  };

  dedicatedWorkerTest("same-origin + credentialless worker",
    same_origin, dip_credentialless,
    cookie_same_origin);

  dedicatedWorkerTest("same-origin + require_corp worker",
    same_origin, dip_require_corp,
    cookie_same_origin);

  dedicatedWorkerTest("cross-origin + credentialless worker",
    cross_origin, dip_credentialless,
    undefined // Worker created successfully with credentialless, and fetch doesn't get credentials
  );

  dedicatedWorkerTest("cross-origin + require_corp worker",
    cross_origin, dip_require_corp,
    cookie_cross_origin // The worker's policy is require_corp, so the resource will be requested with cookies
                        // but the load will fail because the response does not
                        // have CORP cross-origin.
  );
})