-
Notifications
You must be signed in to change notification settings - Fork 3k
/
service-worker-sandbox.https.html
75 lines (67 loc) · 2.82 KB
/
service-worker-sandbox.https.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
<!DOCTYPE html>
<meta charset="utf-8">
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
<script src="/service-workers/service-worker/resources/test-helpers.sub.js"></script>
<body>
<script>
let frame = null;
let worker = null;
const scope = 'support/empty.html';
const script = 'support/sandboxed-service-worker.js';
// Global setup: this must be the first promise_test.
promise_test(async (t) => {
const registration =
await service_worker_unregister_and_register(t, script, scope);
worker = registration.installing;
await wait_for_state(t, worker, 'activated');
frame = await with_iframe(scope);
}, 'global setup');
promise_test(async (t) => {
const r = await frame.contentWindow.fetch('/get-origin', {mode: 'cors'});
const j = await r.json();
assert_equals(j.origin, 'null', 'Origin should be opaque');
}, 'Origin of sandboxed service worker');
promise_test(async (t) => {
const r = await frame.contentWindow.fetch('/get-origin', {mode: 'same-origin'});
const j = await r.json();
assert_equals(j.origin, 'null', 'Origin should be opaque');
}, 'Response generated by sandboxed service worker can be fetched as same-origin');
promise_test(t => {
return promise_rejects_js(
t,
frame.contentWindow.TypeError,
frame.contentWindow.fetch(
'/fetch?url=' + encodeURIComponent(location.origin + '/fetch/api/resources/top.txt?hash=' + Math.random()),
{mode: 'same-origin'}));
}, 'Fetch by sandboxed service worker should fail because of opaque origin (mode: same-origin)');
promise_test(t => {
return promise_rejects_js(
t,
frame.contentWindow.TypeError,
frame.contentWindow.fetch(
'/fetch?url=' + encodeURIComponent(location.origin + '/fetch/api/resources/top.txt?hash=' + Math.random()),
{mode: 'cors'}));
}, 'Fetch by sandboxed service worker should fail because of opaque origin (mode: cors)');
promise_test(t => {
return promise_rejects_js(
t,
frame.contentWindow.TypeError,
frame.contentWindow.fetch(
'/fetch?url=' + encodeURIComponent(location.origin + '/fetch/api/resources/cors-top.txt?hash=' + Math.random()),
{mode: 'same-origin'}));
}, 'Fetch by sandboxed service worker should fail because of opaque origin (mode: same-origin, with ACAOrigin)');
promise_test(async (t) => {
const r = await frame.contentWindow.fetch(
'/fetch?url=' + encodeURIComponent(location.origin + '/fetch/api/resources/cors-top.txt?hash=' + Math.random()),
{mode: 'cors'});
const text = await r.text();
assert_equals(text, 'top');
}, 'Fetch by sandboxed service worker should succeed (mode: cors, with ACAOrigin)');
// Global cleanup: the final promise_test.
promise_test(async (t) => {
if (frame)
frame.remove();
await service_worker_unregister(t, scope);
}, 'global cleanup');
</script>