File: dedicated-worker.https.window.js

package info (click to toggle)
thunderbird 1%3A144.0.1-1
  • links: PTS, VCS
  • area: main
  • in suites: experimental
  • size: 4,725,312 kB
  • sloc: cpp: 7,869,225; javascript: 5,974,276; ansic: 3,946,747; python: 1,421,062; xml: 654,642; asm: 474,045; java: 183,117; sh: 110,973; makefile: 20,398; perl: 14,362; objc: 13,086; yacc: 4,583; pascal: 3,448; lex: 1,720; ruby: 999; exp: 762; sql: 731; awk: 580; php: 436; lisp: 430; sed: 69; csh: 10
file content (137 lines) | stat: -rw-r--r-- 4,812 bytes parent folder | download | duplicates (21) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
 
// META: timeout=long
// META: script=/common/get-host-info.sub.js
// META: script=/common/utils.js
// META: script=/common/dispatcher/dispatcher.js
// META: script=./resources/common.js

const same_origin = get_host_info().HTTPS_ORIGIN;
const cross_origin = get_host_info().HTTPS_REMOTE_ORIGIN;
const cookie_key = "credentialless_dedicated_worker";
const cookie_same_origin = "same_origin";
const cookie_cross_origin = "cross_origin";

promise_test(async test => {

  await Promise.all([
    setCookie(same_origin, cookie_key, cookie_same_origin +
      cookie_same_site_none),
    setCookie(cross_origin, cookie_key, cookie_cross_origin +
      cookie_same_site_none),
  ]);

  // One window with COEP:none. (control)
  const w_control_token = token();
  const w_control_url = same_origin + executor_path +
    coep_none + `&uuid=${w_control_token}`
  const w_control = window.open(w_control_url);
  add_completion_callback(() => w_control.close());

  // One window with COEP:credentialless. (experiment)
  const w_credentialless_token = token();
  const w_credentialless_url = same_origin + executor_path +
    coep_credentialless + `&uuid=${w_credentialless_token}`;
  const w_credentialless = window.open(w_credentialless_url);
  add_completion_callback(() => w_credentialless.close());

  let GetCookie = (response) => {
    const headers_credentialless = JSON.parse(response);
    return parseCookies(headers_credentialless)[cookie_key];
  }

  const dedicatedWorkerTest = function(
    description, origin, coep_for_worker,
    expected_cookies_control,
    expected_cookies_credentialless) {
    promise_test_parallel(async t => {
      // Create workers for both window.
      const worker_token_1 = token();
      const worker_token_2 = token();

      // Used to check for errors creating the DedicatedWorker.
      const worker_error_1 = token();
      const worker_error_2 = token();

      const w_worker_src_1 = same_origin + executor_worker_path +
        coep_for_worker + `&uuid=${worker_token_1}`;
      send(w_control_token, `
        new Worker("${w_worker_src_1}", {});
        worker.onerror = () => {
          send("${worker_error_1}", "Worker blocked");
        }
      `);

      const w_worker_src_2 = same_origin + executor_worker_path +
        coep_for_worker + `&uuid=${worker_token_2}`;
      send(w_credentialless_token, `
        const worker = new Worker("${w_worker_src_2}", {});
        worker.onerror = () => {
          send("${worker_error_2}", "Worker blocked");
        }
      `);

      // Fetch resources with the workers.
      const request_token_1 = token();
      const request_token_2 = token();
      const request_url_1 = showRequestHeaders(origin, request_token_1);
      const request_url_2 = showRequestHeaders(origin, request_token_2);

      send(worker_token_1, `
        fetch("${request_url_1}", {mode: 'no-cors', credentials: 'include'})
      `);
      send(worker_token_2, `
        fetch("${request_url_2}", {mode: 'no-cors', credentials: 'include'});
      `);

      const response_control = await Promise.race([
        receive(worker_error_1),
        receive(request_token_1).then(GetCookie)
      ]);
      assert_equals(response_control,
        expected_cookies_control,
        "coep:none => ");

      const response_credentialless = await Promise.race([
        receive(worker_error_2),
        receive(request_token_2).then(GetCookie)
      ]);
      assert_equals(response_credentialless,
        expected_cookies_credentialless,
        "coep:credentialless => ");
    }, `fetch ${description}`)
  };

  dedicatedWorkerTest("same-origin + credentialless worker",
    same_origin, coep_credentialless,
    cookie_same_origin,
    cookie_same_origin);

  dedicatedWorkerTest("same-origin + require_corp worker",
    same_origin, coep_require_corp,
    cookie_same_origin,
    cookie_same_origin);

  dedicatedWorkerTest("same-origin",
    same_origin, coep_none,
    cookie_same_origin,
    "Worker blocked");

  dedicatedWorkerTest("cross-origin",
    cross_origin, coep_none,
    cookie_cross_origin,
    "Worker blocked" // Owner's policy is credentialles, so we can't
                     // create a worker with coep_none.
  );

  dedicatedWorkerTest("cross-origin + credentialless worker",
    cross_origin, coep_credentialless,
    undefined, // Worker created successfully with credentialless, and fetch doesn't get credentials
    undefined // Worker created successfully with credentialless, and fetch doesn't get credentials
  );

  dedicatedWorkerTest("cross-origin + require_corp worker",
    cross_origin, coep_require_corp,
    cookie_cross_origin,
    cookie_cross_origin // The worker's policy is require_corp and doing a
                        // fetch within it has nothing to do with the Owner's policy.
  );
})