shared-worker.https.window.js

mozilla-central/testing/web-platform/tests/html/cross-origin-embedder-policy/credentialless/shared-worker.https.window.js (file symbol)

Enable keyboard shortcuts

Source code

File a bug in Core :: DOM: Core & HTML

Revision control

Copy as Markdown

Other Tools

Test Info:

This WPT test may be referenced by the following Test IDs:
- /html/cross-origin-embedder-policy/credentialless/shared-worker.https.window.html?request_origin=cross_origin&worker_coep=credentialless&window_coep=credentialless - WPT Dashboard Interop Dashboard
- /html/cross-origin-embedder-policy/credentialless/shared-worker.https.window.html?request_origin=cross_origin&worker_coep=credentialless&window_coep=none - WPT Dashboard Interop Dashboard
- /html/cross-origin-embedder-policy/credentialless/shared-worker.https.window.html?request_origin=cross_origin&worker_coep=none&window_coep=credentialless - WPT Dashboard Interop Dashboard
- /html/cross-origin-embedder-policy/credentialless/shared-worker.https.window.html?request_origin=cross_origin&worker_coep=none&window_coep=none - WPT Dashboard Interop Dashboard
- /html/cross-origin-embedder-policy/credentialless/shared-worker.https.window.html?request_origin=same_origin&worker_coep=credentialless&window_coep=credentialless - WPT Dashboard Interop Dashboard
- /html/cross-origin-embedder-policy/credentialless/shared-worker.https.window.html?request_origin=same_origin&worker_coep=credentialless&window_coep=none - WPT Dashboard Interop Dashboard
- /html/cross-origin-embedder-policy/credentialless/shared-worker.https.window.html?request_origin=same_origin&worker_coep=none&window_coep=credentialless - WPT Dashboard Interop Dashboard
- /html/cross-origin-embedder-policy/credentialless/shared-worker.https.window.html?request_origin=same_origin&worker_coep=none&window_coep=none - WPT Dashboard Interop Dashboard

// META: variant=?request_origin=same_origin&worker_coep=none&window_coep=none

// META: variant=?request_origin=same_origin&worker_coep=none&window_coep=credentialless

// META: variant=?request_origin=same_origin&worker_coep=credentialless&window_coep=none

// META: variant=?request_origin=same_origin&worker_coep=credentialless&window_coep=credentialless

// META: variant=?request_origin=cross_origin&worker_coep=none&window_coep=none

// META: variant=?request_origin=cross_origin&worker_coep=none&window_coep=credentialless

// META: variant=?request_origin=cross_origin&worker_coep=credentialless&window_coep=none

// META: variant=?request_origin=cross_origin&worker_coep=credentialless&window_coep=credentialless

// META: timeout=long

// META: script=/common/get-host-info.sub.js

// META: script=/common/utils.js

// META: script=/common/dispatcher/dispatcher.js

// META: script=./resources/common.js

// Test description:

//   Request a resource from a SharedWorker. Check the request's cookies.

//

// Variant:

//   - The Window COEP policy: none or credentialless.

//   - The SharedWorker COEP policy: none or credentialless.

//   - The SharedWorker's request URL origin: same-origin or cross-origin.

const same_origin = get_host_info().HTTPS_ORIGIN;

const cross_origin = get_host_info().HTTPS_REMOTE_ORIGIN;

const cookie_key = token();

const cookie_same_origin = "same_origin";

const cookie_cross_origin = "cross_origin";

const variants = new URLSearchParams(window.location.search);

const window_coep = variants.get('window_coep') == 'none'

  ? coep_none

  : coep_credentialless;

const worker_coep = variants.get('worker_coep') == 'none'

  ? coep_none

  : coep_credentialless;

const request_origin = variants.get('request_origin') == 'same-origin'

  ? same_origin

  : cross_origin;

// When using COEP:credentialless: cross-origin no-cors request do not include

// credentials. Note: This must not depend on the window's COEP policy.

const worker_expected_cookie =

  request_origin == same_origin

  ? cookie_same_origin

  : (worker_coep == coep_credentialless

    ? undefined

    : cookie_cross_origin);

// From a JSON representing the `response` HTTP headers key-values, return the

// cookie corresponding to the `cookie_key`.

const get_cookie = (response) => {

  const headers_credentialless = JSON.parse(response);

  return parseCookies(headers_credentialless)[cookie_key];

promise_test(async test => {

  // 0. Populate cookies for the two origins.

  await Promise.all([

    setCookie(same_origin, cookie_key, cookie_same_origin +

      cookie_same_site_none),

    setCookie(cross_origin, cookie_key, cookie_cross_origin +

      cookie_same_site_none),

]);

  // 1. Create the popup with the `window_coep` COEP policy:

  const popup = environments.document(window_coep)[0];

  // 2. Create the worker with the `worker_coep` COEP policy:

  const worker_token = token();

  const worker_error = token();

  const worker_src = same_origin + executor_worker_path + worker_coep +

    `&uuid=${worker_token}`;

  send(popup, `

    let worker = new SharedWorker("${worker_src}", {});

    worker.onerror = () => {

      send("${worker_error}", "Worker blocked");

`);

  // 3. Request the resource from the worker, with the `request_origin` origin.

  const request_token = token();

  const request_url = showRequestHeaders(request_origin, request_token);

  send(worker_token, `fetch("${request_url}", {

    mode: 'no-cors',

    credentials: 'include',

  })`);

  const request_cookie = await Promise.race([

    receive(worker_error),

    receive(request_token).then(get_cookie)

]);

  assert_equals(request_cookie, worker_expected_cookie);

})