Google Git
Sign in
chromium / external / w3c / web-platform-tests / refs/tags/merge_pr_40496
commit13b304e55680cd25041ae1efec49280af3c72bc0[log] [tgz]
authorYoshi Cheng-Hao Huang <allstars.chh@gmail.com>Mon Jun 12 10:24:32 2023
committermoz-wptsync-bot <wptsync@mozilla.com>Mon Jun 12 22:18:44 2023
tree926a39331f5c13e1507bab510967b2a1d75a7354
parent7c5bebb89c041d4be30168a88e60deda08ed4bb2 [diff]
Update the WPT test for error handling behavior when worker loading a cross-origin script.

According to the spec, when a worker is trying to load a cross-origin
script, an onerror handler should be called. The detailed calling
sequence from the spec will be explained in the following paragraph. For the
legacy specification, it will be explained in the bottom.

So we look into current specification first:
(The numbers indicate the calling sequence)
= Explain the current behavior when a worker is trying to load a cross-origin script =

== 1. [run a worker](https://html.spec.whatwg.org/#run-a-worker)

14) [Fetch a classic worker script](https://html.spec.whatwg.org/#fetch-a-classic-worker-script) given url, outside settings, destination, inside settings, and with onComplete and performFetch as defined below
(Note: we use "fetch a classic worker script" as an example here)

== 2. [fetch a classic worker script](https://html.spec.whatwg.org/#fetch-a-classic-worker-script)

given a url, a fetch client settings object, a destination, a script settings object, an onComplete algorithm, and an optional perform the fetch hook performFetch

1) Let request be a new request whose ...  mode is "same-origin", ...

2) If performFetch was given, run performFetch with request, true, and with processResponseConsumeBody as defined below.

Note: Run the performFetch provided in (1),

== 3. performFetch defined in Step 14 of [run a worker](https://html.spec.whatwg.org/#run-a-worker)

...
3) [Fetch](https://fetch.spec.whatwg.org/#concept-fetch) request with processResponseConsumeBody set to the following steps given response response and null, failure, or a byte sequence bodyBytes:

== 4. [fetch](https://fetch.spec.whatwg.org/#concept-fetch)

given a request request, ..., an optional algorithm processResponseConsumeBody

7) Let fetchParams be a new fetch params whose request is request, ...,  process response consume body is processResponseConsumeBody
...
17) Run [main fetch](https://fetch.spec.whatwg.org/#concept-main-fetch) given fetchParams.

== 5. [main fetch](https://fetch.spec.whatwg.org/#concept-main-fetch)

given a fetch params fetchParams

12) If response is null, then set response to the result of running the steps corresponding to the first matching statement:

    - request’s current URL’s origin is same origin with request’s origin, and request’s response tainting is "basic":

    Note: Normal SOP script will execute this part, however in this case we are loading a script which is not the same-origin.
    So we will fallback to next statement.

    - request’s mode is "same-origin":
      - Return a network error.

== 6. processResponseConsumeBody defined in Step 2 of (2) [fetch a classic worker script](https://html.spec.whatwg.org/#fetch-a-classic-worker-script)

2) If either of the following conditions are met:
   - bodyBytes is null or failure; or
   - response's status is not an ok status,
     - then run onComplete given null, and abort these steps.

Note: Run onComplete provided in (1)

== 7. onComplete defined in Step 14 of (1) [run a worker](https://html.spec.whatwg.org/#run-a-worker)

1) If script is null or if script's error to rethrow is non-null, then:
   1) Queue a global task on the DOM manipulation task source given worker's relevant global object to fire an event named error at worker.

   2) Run the environment discarding steps for inside settings.

   3) Abort these steps.

---

So when a worker loads a cross-origin script, the worker.onerror(e) should be
called, where e is a Event whose name is "error".

= Explain the legacy behavior when a worker is trying to load a cross-origin script

In the older HTML spec before 2015. Nov,
The specification was actually defined how to handle cross-origin scripts for workers,
see http://web.archive.org/web/20151106154945/https://html.spec.whatwg.org/#dom-worker, step 5:

> If the scheme component of worker URL is not "data", and the origin of worker URL
> is not the same as the origin specified by the incumbent settings object, then
> throw a SecurityError exception and abort these steps.

However, the statement was removed in https://github.com/whatwg/html/commit/24242406daa40cfe5d97cdfbac463c29e63433fd
because the SOP check should be done in Fetch API.
But WPT doesn't get updated since then, so it caused different error
handling behavior between browsers since then.

Differential Revision: https://phabricator.services.mozilla.com/D179544

bugzilla-url: https://bugzilla.mozilla.org/show_bug.cgi?id=1833891
gecko-commit: 73259a567a07812b46b8cefa04c2066f94d6724e
gecko-reviewers: dom-worker-reviewers, smaug, zcorpan
4 files changed
tree: 926a39331f5c13e1507bab510967b2a1d75a7354
  1. .github/
  2. .well-known/
  3. accelerometer/
  4. accessibility/
  5. accname/
  6. acid/
  7. ambient-light/
  8. animation-worklet/
  9. annotation-model/
  10. annotation-protocol/
  11. annotation-vocab/
  12. apng/
  13. appmanifest/
  14. attribution-reporting/
  15. audio-output/
  16. autoplay-policy-detection/
  17. avif/
  18. background-fetch/
  19. background-sync/
  20. badging/
  21. battery-status/
  22. beacon/
  23. bluetooth/
  24. browsing-topics/
  25. clear-site-data/
  26. client-hints/
  27. clipboard-apis/
  28. close-watcher/
  29. common/
  30. compat/
  31. compression/
  32. compute-pressure/
  33. conformance-checkers/
  34. console/
  35. contacts/
  36. content-dpr/
  37. content-index/
  38. content-security-policy/
  39. contenteditable/
  40. cookie-store/
  41. cookies/
  42. core-aam/
  43. cors/
  44. credential-management/
  45. css/
  46. custom-elements/
  47. custom-state-pseudo-class/
  48. delegated-ink/
  49. density-size-correction/
  50. deprecation-reporting/
  51. device-memory/
  52. direct-sockets/
  53. docs/
  54. document-picture-in-picture/
  55. document-policy/
  56. dom/
  57. domparsing/
  58. domxpath/
  59. dpub-aam/
  60. dpub-aria/
  61. ecmascript/
  62. editing/
  63. element-timing/
  64. encoding/
  65. encoding-detection/
  66. encrypted-media/
  67. entries-api/
  68. event-timing/
  69. eventsource/
  70. eyedropper/
  71. feature-policy/
  72. fenced-frame/
  73. fetch/
  74. file-system-access/
  75. FileAPI/
  76. fledge/
  77. focus/
  78. font-access/
  79. fonts/
  80. forced-colors-mode/
  81. fs/
  82. fullscreen/
  83. gamepad/
  84. generic-sensor/
  85. geolocation-API/
  86. geolocation-sensor/
  87. graphics-aam/
  88. graphics-aria/
  89. gyroscope/
  90. hr-time/
  91. html/
  92. html-aam/
  93. html-longdesc/
  94. html-media-capture/
  95. https-upgrades/
  96. idle-detection/
  97. imagebitmap-renderingcontext/
  98. images/
  99. import-maps/
  100. IndexedDB/
  101. inert/
  102. infrastructure/
  103. input-device-capabilities/
  104. input-events/
  105. installedapp/
  106. interfaces/
  107. intersection-observer/
  108. intervention-reporting/
  109. is-input-pending/
  110. js/
  111. js-self-profiling/
  112. keyboard-lock/
  113. keyboard-map/
  114. largest-contentful-paint/
  115. layout-instability/
  116. lifecycle/
  117. loading/
  118. long-animation-frame/
  119. longtask-timing/
  120. magnetometer/
  121. managed/
  122. mathml/
  123. measure-memory/
  124. media/
  125. media-capabilities/
  126. media-playback-quality/
  127. media-source/
  128. mediacapture-extensions/
  129. mediacapture-fromelement/
  130. mediacapture-handle/
  131. mediacapture-image/
  132. mediacapture-insertable-streams/
  133. mediacapture-record/
  134. mediacapture-region/
  135. mediacapture-streams/
  136. mediasession/
  137. merchant-validation/
  138. mimesniff/
  139. mixed-content/
  140. mst-content-hint/
  141. navigation-api/
  142. navigation-timing/
  143. netinfo/
  144. network-error-logging/
  145. notifications/
  146. old-tests/
  147. orientation-event/
  148. orientation-sensor/
  149. page-lifecycle/
  150. page-visibility/
  151. paint-timing/
  152. parakeet/
  153. payment-handler/
  154. payment-method-basic-card/
  155. payment-method-id/
  156. payment-request/
  157. pending-beacon/
  158. performance-timeline/
  159. periodic-background-sync/
  160. permissions/
  161. permissions-policy/
  162. permissions-request/
  163. permissions-revoke/
  164. picture-in-picture/
  165. png/
  166. pointerevents/
  167. pointerlock/
  168. portals/
  169. preload/
  170. presentation-api/
  171. private-click-measurement/
  172. proximity/
  173. push-api/
  174. quirks/
  175. referrer-policy/
  176. remote-playback/
  177. reporting/
  178. requestidlecallback/
  179. resize-observer/
  180. resource-timing/
  181. resources/
  182. sanitizer-api/
  183. savedata/
  184. scheduler/
  185. screen-capture/
  186. screen-details/
  187. screen-orientation/
  188. screen-wake-lock/
  189. scroll-animations/
  190. scroll-to-text-fragment/
  191. secure-contexts/
  192. secure-payment-confirmation/
  193. selection/
  194. serial/
  195. server-timing/
  196. service-workers/
  197. shadow-dom/
  198. shape-detection/
  199. shared-storage/
  200. shared-storage-selecturl-limit/
  201. signed-exchange/
  202. soft-navigation-heuristics/
  203. speculation-rules/
  204. speech-api/
  205. storage/
  206. storage-access-api/
  207. streams/
  208. subapps/
  209. subresource-integrity/
  210. svg/
  211. svg-aam/
  212. timing-entrytypes-registry/
  213. tools/
  214. top-level-storage-access-api/
  215. touch-events/
  216. trust-tokens/
  217. trusted-types/
  218. ua-client-hints/
  219. uievents/
  220. upgrade-insecure-requests/
  221. url/
  222. urlpattern/
  223. user-timing/
  224. vibration/
  225. video-rvfc/
  226. virtual-keyboard/
  227. visual-viewport/
  228. wai-aria/
  229. wasm/
  230. web-animations/
  231. web-bundle/
  232. web-locks/
  233. web-nfc/
  234. web-otp/
  235. web-share/
  236. webaudio/
  237. webauthn/
  238. webcodecs/
  239. WebCryptoAPI/
  240. webdriver/
  241. webgl/
  242. webgpu/
  243. webhid/
  244. webidl/
  245. webmessaging/
  246. webmidi/
  247. webnn/
  248. webrtc/
  249. webrtc-encoded-transform/
  250. webrtc-extensions/
  251. webrtc-ice/
  252. webrtc-identity/
  253. webrtc-priority/
  254. webrtc-stats/
  255. webrtc-svc/
  256. websockets/
  257. webstorage/
  258. webtransport/
  259. webusb/
  260. webvr/
  261. webvtt/
  262. webxr/
  263. window-placement/
  264. workers/
  265. worklets/
  266. x-frame-options/
  267. xhr/
  268. .azure-pipelines.yml
  269. .gitattributes
  270. .gitignore
  271. .mailmap
  272. .taskcluster.yml
  273. CODE_OF_CONDUCT.md
  274. CODEOWNERS
  275. CONTRIBUTING.md
  276. LICENSE.md
  277. lint.ignore
  278. README.md
  279. wpt
  280. wpt.py
README.md

The web-platform-tests Project

Taskcluster CI Status documentation manifest Python 3

The web-platform-tests Project is a cross-browser test suite for the Web-platform stack. Writing tests in a way that allows them to be run in all browsers gives browser projects confidence that they are shipping software that is compatible with other implementations, and that later implementations will be compatible with their implementations. This in turn gives Web authors/developers confidence that they can actually rely on the Web platform to deliver on the promise of working across browsers and devices without needing extra layers of abstraction to paper over the gaps left by specification editors and implementors.

The most important sources of information and activity are:

  • github.com/web-platform-tests/wpt: the canonical location of the project's source code revision history and the discussion forum for changes to the code
  • web-platform-tests.org: the documentation website; details how to set up the project, how to write tests, how to give and receive peer review, how to serve as an administrator, and more
  • wpt.live: a public deployment of the test suite, allowing anyone to run the tests by visiting from an Internet-enabled browser of their choice
  • wpt.fyi: an archive of test results collected from an array of web browsers on a regular basis
  • Real-time chat room: the wpt:matrix.org matrix channel; includes participants located around the world, but busiest during the European working day.
  • Mailing list: a public and low-traffic discussion list
  • RFCs: a repo for requesting comments on substantial changes that would impact other stakeholders or users; people who work on WPT infra are encouraged to watch the repo.

If you'd like clarification about anything, don't hesitate to ask in the chat room or on the mailing list.

Setting Up the Repo

Clone or otherwise get https://github.com/web-platform-tests/wpt.

Note: because of the frequent creation and deletion of branches in this repo, it is recommended to “prune” stale branches when fetching updates, i.e. use git pull --prune (or git fetch -p && git merge).

Running the Tests

See the documentation website and in particular the system setup for running tests locally.

Command Line Tools

The wpt command provides a frontend to a variety of tools for working with and running web-platform-tests. Some of the most useful commands are:

  • wpt serve - For starting the wpt http server
  • wpt run - For running tests in a browser
  • wpt lint - For running the lint against all tests
  • wpt manifest - For updating or generating a MANIFEST.json test manifest
  • wpt install - For installing the latest release of a browser or webdriver server on the local machine.
  • wpt serve-wave - For starting the wpt http server and the WAVE test runner. For more details on how to use the WAVE test runner see the documentation.

Windows Notes

On Windows wpt commands must be prefixed with python or the path to the python binary (if python is not in your %PATH%).

python wpt [command]

Alternatively, you may also use Bash on Ubuntu on Windows in the Windows 10 Anniversary Update build, then access your windows partition from there to launch wpt commands.

Please make sure git and your text editor do not automatically convert line endings, as it will cause lint errors. For git, please set git config core.autocrlf false in your working tree.

Publication

The master branch is automatically synced to wpt.live and w3c-test.org.

Contributing

Save the Web, Write Some Tests!

Absolutely everyone is welcome to contribute to test development. No test is too small or too simple, especially if it corresponds to something for which you've noted an interoperability bug in a browser.

The way to contribute is just as usual:

  • Fork this repository (and make sure you're still relatively in sync with it if you forked a while ago).
  • Create a branch for your changes: git checkout -b topic.
  • Make your changes.
  • Run ./wpt lint as described above.
  • Commit locally and push that to your repo.
  • Create a pull request based on the above.

Issues with web-platform-tests

If you spot an issue with a test and are not comfortable providing a pull request per above to fix it, please file a new issue. Thank you!