File: cross-origin-create-worklet-failure-missing-access-control-allow-credentials.tentative.https.sub.html

package info (click to toggle)
firefox 144.0-1
  • links: PTS, VCS
  • area: main
  • in suites: sid
  • size: 4,637,504 kB
  • sloc: cpp: 7,576,692; javascript: 6,430,831; ansic: 3,748,119; python: 1,398,978; xml: 628,810; asm: 438,679; java: 186,194; sh: 63,212; makefile: 19,159; objc: 13,086; perl: 12,986; yacc: 4,583; cs: 3,846; pascal: 3,448; lex: 1,720; ruby: 1,003; exp: 762; php: 436; lisp: 258; awk: 247; sql: 66; sed: 53; csh: 10
file content (61 lines) | stat: -rw-r--r-- 2,497 bytes parent folder | download | duplicates (10) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
 
<!doctype html>
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
<script src="/common/utils.js"></script>
<script src="/shared-storage/resources/util.js"></script>
<script src="/fenced-frame/resources/utils.js"></script>

<body>
<script>
'use strict';

const crossOrigin = 'https://{{domains[www]}}:{{ports[https][0]}}';

promise_test(async t => {
  const ancestor_key = token();
  const helper_url = crossOrigin +
                     `/shared-storage/resources/credentials-test-helper.py` +
                     `?access_control_allow_origin_header=${window.origin}` +
                     `&token=${ancestor_key}`;

  return promise_rejects_dom(t, "OperationError",
    sharedStorage.createWorklet(
      helper_url + `&action=store-cookie`,
      { credentials: "include" }));
}, 'createWorklet() with cross-origin module script, credentials ' +
   '"include", default data origin (context origin), and without the ' +
   'Access-Control-Allow-Credentials response header');

promise_test(async t => {
  const ancestor_key = token();
  const helper_url = crossOrigin +
                     `/shared-storage/resources/credentials-test-helper.py` +
                     `?access_control_allow_origin_header=${window.origin}` +
                     `&token=${ancestor_key}`;

  return promise_rejects_dom(t, "OperationError",
    sharedStorage.createWorklet(
      helper_url + `&action=store-cookie`,
      { credentials: "include", dataOrigin: "context-origin" }));
}, 'createWorklet() with cross-origin module script, credentials ' +
   '"include", "context-origin" as dataOrigin, and without the ' +
   'Access-Control-Allow-Credentials response header');

promise_test(async t => {
  const ancestor_key = token();
  const helper_url = crossOrigin +
                     `/shared-storage/resources/credentials-test-helper.py` +
                     `?access_control_allow_origin_header=${window.origin}` +
                     `&shared_storage_cross_origin_worklet_allowed_header=?1` +
                     `&token=${ancestor_key}`;

  return promise_rejects_dom(t, "OperationError",
    sharedStorage.createWorklet(
      helper_url + `&action=store-cookie`,
      { credentials: "include", dataOrigin: "script-origin" }));
}, 'createWorklet() with cross-origin module script, credentials ' +
   '"include", "script-origin" as dataOrigin, and without the ' +
   'Access-Control-Allow-Credentials response header');

</script>
</body>