Bug 1625893 [wpt PR 22526] - DedicatedWorker should reject script w/o…

… COEP when its parent has COEP, a=testonly Automatic update from web-platform-tests DedicatedWorker should reject script w/o COEP when its parent has COEP [1] is changing how COEP is set to (dedicated) worker top-level scripts. Before the change it inherited the parent policy. After the change it gets the policy from the HTTP headers in the response, but the loading is blocked when the parent has COEP: require-corp but the child doesn't have COEP: require-corp. As described in [2], this can be solved by a project called PlzDedicatedWorker, but it will take time to ship it. As a short-term fix, this implements the blocking part. No reporting is implemented. This fix is important because this is a breaking change. We would like to land this by M83. 1: WICG/cross-origin-embedder-policy#13 2: https://docs.google.com/document/d/1eB34zYLuQHshN_Tt8BbLSehHyvxqWupVdB09CCbn7g4/edit Bug: 1064920 Change-Id: I55fa951f18692d642c747cff168d8239de69efb6 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2126652 Commit-Queue: Yutaka Hirano <yhirano@chromium.org> Reviewed-by: Kinuko Yasuda <kinuko@chromium.org> Reviewed-by: Hiroki Nakagawa <nhiroki@chromium.org> Cr-Commit-Position: refs/heads/master@{#755782} -- wpt-commits: 9446a9251cd68c7abdee377fe5a9ad8f40db5c44 wpt-pr: 22526
xeonchen · Apr 6, 2020 · 4142c0e · 4142c0e
1 parent 1a9f308
commit 4142c0e
Show file tree

Hide file tree

Showing 2 changed files with 20 additions and 20 deletions.
diff --git a/...sts/html/cross-origin-embedder-policy/cache-storage-reporting-dedicated-worker.https.html b/...sts/html/cross-origin-embedder-policy/cache-storage-reporting-dedicated-worker.https.html
@@ -16,7 +16,7 @@
 <script>
 
 promise_test(async (t) => {
-  const worker_url = local(encode(worker_path));
+  const worker_url = local(encode(worker_path + header_coep));
   const iframe_url =
     local(encode(iframe_path + header_coep + header_report_to));
   dedicated_worker_script = `
@@ -35,7 +35,7 @@
 }, "COEP support on DedicatedWorker.")
 
 promise_test(async (t) => {
-  const worker_url = local(encode(worker_path));
+  const worker_url = local(encode(worker_path + header_coep_report_only));
   const iframe_url =
     local(encode(iframe_path + header_coep_report_only + header_report_to));
   dedicated_worker_script = `

diff --git a/...latform/tests/html/cross-origin-embedder-policy/dedicated-worker-cache-storage.https.html b/...latform/tests/html/cross-origin-embedder-policy/dedicated-worker-cache-storage.https.html
@@ -39,22 +39,21 @@
 // - |response_corp| the CORP header of the response.
 //
 // Test expectations:
-// |loaded| is true whenever the worker is able to fetch the response from
-// the CacheStorage. According to the specification:
+// |result|
+//   - "success" when the worker is able to fetch the response from the
+//     CacheStorage,
+//   - "failure" when the worker is not able to fetch the response from the
+//     CacheStorage, and
+//   - "error" when it is unable to create a worker.
 // https://mikewest.github.io/corpp/#initialize-embedder-policy-for-global
-// it must be false when:
-// - |iframe_coep| is 'coep-require-corp' and
-// - |response-corp| is 'corp-undefined'.
-//
-// |worker_coep| must be ignored.
 function check(
   // Test parameters:
   iframe_coep,
   worker_coep,
   response_corp,
 
   // Test expectations:
-  loaded) {
+  result) {
 
   promise_test(async (t) => {
     // 1) Fetch a response from a document with COEP:none. Store it in the
@@ -79,7 +78,7 @@
           const response = await cache.match(request);
           postMessage('success');
         } catch(error) {
-          postMessage('error');
+          postMessage('failure');
         }
       })()
     `;
@@ -89,6 +88,7 @@
       (async function() {
         const w = new Worker('${worker_url}');
         const worker_response = new Promise(resolve => w.onmessage = resolve);
+        w.onerror = () => parent.postMessage('error');
         w.postMessage(\`${worker_eval}\`);
         const response = await worker_response;
         parent.postMessage(response.data);
@@ -108,21 +108,21 @@
     iframe.contentWindow.postMessage(iframe_eval);
 
     const {data} = await iframe_response;
-    assert_equals(data === "success", loaded);
+    assert_equals(data, result);
   }, `${iframe_coep} ${worker_coep} ${response_corp}`)
 }
 
 // -----------------------------------------------------------------------------
 //    iframe_coep         , worker_coep         , response_corp       , loaded
 // -----------------------------------------------------------------------------
-check("coep-none"         , "coep-none"         , "corp-cross-origin" , true);
-check("coep-none"         , "coep-none"         , "corp-undefined"    , true);
-check("coep-none"         , "coep-require-corp" , "corp-cross-origin" , true);
-check("coep-none"         , "coep-require-corp" , "corp-undefined"    , true);
-check("coep-require-corp" , "coep-none"         , "corp-cross-origin" , true);
-check("coep-require-corp" , "coep-none"         , "corp-undefined"    , false);
-check("coep-require-corp" , "coep-require-corp" , "corp-cross-origin" , true);
-check("coep-require-corp" , "coep-require-corp" , "corp-undefined"    , false);
+check("coep-none"         , "coep-none"         , "corp-cross-origin" , "success");
+check("coep-none"         , "coep-none"         , "corp-undefined"    , "success");
+check("coep-none"         , "coep-require-corp" , "corp-cross-origin" , "success");
+check("coep-none"         , "coep-require-corp" , "corp-undefined"    , "failure");
+check("coep-require-corp" , "coep-none"         , "corp-cross-origin" , "error");
+check("coep-require-corp" , "coep-none"         , "corp-undefined"    , "error");
+check("coep-require-corp" , "coep-require-corp" , "corp-cross-origin" , "success");
+check("coep-require-corp" , "coep-require-corp" , "corp-undefined"    , "failure");
 
 </script>
 </html>