credentialless-dedicated-worker.https.tentative.window.js

Enable keyboard shortcuts

// META: timeout=long

// META: script=/common/get-host-info.sub.js

// META: script=/common/utils.js

// META: script=/common/dispatcher/dispatcher.js

// META: script=/service-workers/service-worker/resources/test-helpers.sub.js

// META: script=./resources/common.js

const same_origin = get_host_info().HTTPS_ORIGIN;

const cross_origin = get_host_info().HTTPS_REMOTE_ORIGIN;

const cookie_key = "credentialless_dedicated_worker";

const cookie_same_origin = "same_origin";

const cookie_cross_origin = "cross_origin";

promise_test(async test => {

  await Promise.all([

    setCookie(same_origin, cookie_key, cookie_same_origin +

      cookie_same_site_none),

    setCookie(cross_origin, cookie_key, cookie_cross_origin +

      cookie_same_site_none),

]);

  let GetCookie = (response) => {

    const headers_credentialless = JSON.parse(response);

    return parseCookies(headers_credentialless)[cookie_key];

  async function fetchInRemoteContext(ctx, request_url) {

    // The fail might fail in when a DedicatedWorker with DIP

    // isolate-and-require-corp tries to fetch a cross-origin resource. Silently

    // catch the error as we're only interested in whether the cookies were sent

    // with the fetch in the first place.

    try {

    await ctx.execute_script(

        async (url) => {

          await fetch(url, {mode: 'no-cors', credentials: 'include'});

        }, [request_url]);

    } catch(error) {}

  const dedicatedWorkerTest = function(

    description, origin, dip_for_worker,

    expected_cookies) {

    promise_test_parallel(async t => {

      // Create one iframe with the specified DIP isolate-and-credentialless.

      // Then start a DedicatedWorker. The DedicatedWorker will inherit the DIP

      // of its creator.

      const worker = await createDedicatedWorkerContext(test, same_origin, dip_for_worker);

      const worker_context = new RemoteContext(worker[0]);

      // Fetch resources with the worker.

      const request_token = token();

      const request_url = showRequestHeaders(origin, request_token);

      await fetchInRemoteContext(worker_context, request_url);

      const response_worker = await receive(request_token).then(GetCookie);

      assert_equals(response_worker,

        expected_cookies,

        "dip => ");

    }, `fetch ${description}`)

};

  dedicatedWorkerTest("same-origin + credentialless worker",

    same_origin, dip_credentialless,

    cookie_same_origin);

  dedicatedWorkerTest("same-origin + require_corp worker",

    same_origin, dip_require_corp,

    cookie_same_origin);

  dedicatedWorkerTest("cross-origin + credentialless worker",

    cross_origin, dip_credentialless,

    undefined // Worker created successfully with credentialless, and fetch doesn't get credentials

);

  dedicatedWorkerTest("cross-origin + require_corp worker",

    cross_origin, dip_require_corp,

    cookie_cross_origin // The worker's policy is require_corp, so the resource will be requested with cookies

                        // but the load will fail because the response does not

                        // have CORP cross-origin.

);

})