Source code

Revision control

Copy as Markdown

Other Tools

Test Info:

  • This WPT test may be referenced by the following Test IDs:
    • /shared-storage/cross-origin-create-worklet-failure-missing-access-control-allow-credentials.tentative.https.sub.html - WPT Dashboard Interop Dashboard
<!doctype html>
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
<script src="/common/utils.js"></script>
<script src="/shared-storage/resources/util.js"></script>
<script src="/fenced-frame/resources/utils.js"></script>
<body>
<script>
'use strict';
promise_test(async t => {
const ancestor_key = token();
const helper_url = crossOrigin +
`/shared-storage/resources/credentials-test-helper.py` +
`?access_control_allow_origin_header=${window.origin}` +
`&token=${ancestor_key}`;
return promise_rejects_dom(t, "OperationError",
sharedStorage.createWorklet(
helper_url + `&action=store-cookie`,
{ credentials: "include" }));
}, 'createWorklet() with cross-origin module script, credentials ' +
'"include", default data origin (context origin), and without the ' +
'Access-Control-Allow-Credentials response header');
promise_test(async t => {
const ancestor_key = token();
const helper_url = crossOrigin +
`/shared-storage/resources/credentials-test-helper.py` +
`?access_control_allow_origin_header=${window.origin}` +
`&token=${ancestor_key}`;
return promise_rejects_dom(t, "OperationError",
sharedStorage.createWorklet(
helper_url + `&action=store-cookie`,
{ credentials: "include", dataOrigin: "context-origin" }));
}, 'createWorklet() with cross-origin module script, credentials ' +
'"include", "context-origin" as dataOrigin, and without the ' +
'Access-Control-Allow-Credentials response header');
promise_test(async t => {
const ancestor_key = token();
const helper_url = crossOrigin +
`/shared-storage/resources/credentials-test-helper.py` +
`?access_control_allow_origin_header=${window.origin}` +
`&shared_storage_cross_origin_worklet_allowed_header=?1` +
`&token=${ancestor_key}`;
return promise_rejects_dom(t, "OperationError",
sharedStorage.createWorklet(
helper_url + `&action=store-cookie`,
{ credentials: "include", dataOrigin: "script-origin" }));
}, 'createWorklet() with cross-origin module script, credentials ' +
'"include", "script-origin" as dataOrigin, and without the ' +
'Access-Control-Allow-Credentials response header');
</script>
</body>