web-bundle/subresource-loading/subresource-loading-cross-origin.tentative.html

<!DOCTYPE html>
<title>Cross-origin WebBundle subresource loading</title>
<link
  rel="help"
  href="https://github.com/WICG/webpackage/blob/master/explainers/subresource-loading.md"
/>
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
<body>
  <!--
       This wpt should run on an origin different from https://web-platform.test:8444/,
       from where cross-orign WebBundles are served.

       This test uses the two cross-origin WebBundles:

       1. https://web-platform.test:8444/web-bundle/resources/wbn/cors/cross-origin.wbn,
          which is served with an Access-Control-Allow-Origin response header.
       2. http://web-platform.test:8444/web-bundle/resources/wbn/no-cors/cross-origin.wbn,
          which is served *without* an Access-Control-Allow-Origin response header.

       Each `cross-origin.wbn` includes two subresources:
       a. `resource.cors.json`, which includes an Access-Control-Allow-Origin response header.
       b. `resource.no-cors.json`, which doesn't include an Access-Control-Allow-Origin response header.
  -->
  <link
    rel="webbundle"
    href="https://web-platform.test:8444/web-bundle/resources/wbn/cors/cross-origin.wbn"
    resources="https://web-platform.test:8444/web-bundle/resources/wbn/cors/resource.cors.json
         https://web-platform.test:8444/web-bundle/resources/wbn/cors/resource.no-cors.json"
  />
  <script>
    promise_test(async () => {
      const response = await fetch(
        "https://web-platform.test:8444/web-bundle/resources/wbn/cors/resource.cors.json"
      );
      assert_true(response.ok);
      const text = await response.text();
      assert_equals(text, "{ cors: 1 }");
    }, "A subresource which includes an Access-Control-Allow-Origin response header can be fetched");

    promise_test(async (t) => {
      return promise_rejects_js(
        t,
        TypeError,
        fetch(
          "https://web-platform.test:8444/web-bundle/resources/wbn/cors/resource.no-cors.json"
        )
      );
    }, "A subresource which does not include an Access-Control-Allow-Origin response header can not be fetched");

    promise_test(async (t) => {
      const prefix =
        "http://web-platform.test:8444/web-bundle/resources/wbn/no-cors/";
      const resources = [
        prefix + "resource.cors.json",
        prefix + "resource.no-cors.json",
      ]
      // Should fire an error event on loading webbundle.
      await addLinkAndWaitForError(prefix + "cross-origin.wbn", resources);
      // A fetch should fail for any subresource specified in resources attribute.
      for (const url of resources) {
        await fetchAndWaitForReject(url);
      }
    }, "A cross-origin WebBundle which does not include an Access-Control-Allow-Origin response header should fire an error event on load, and a fetch should fail for any subresource");

    function addLinkAndWaitForError(url, resources) {
      return new Promise((resolve, reject) => {
        const link = document.createElement("link");
        link.rel = "webbundle";
        link.href = url;
        for (const resource of resources) {
          link.resources.add(resource);
        }
        link.onload = reject;
        link.onerror = () => resolve(link);
        document.body.appendChild(link);
      });
    }

    function fetchAndWaitForReject(url) {
      return new Promise((resolve, reject) => {
        fetch(url)
          .then(() => {
            reject();
          })
          .catch(() => {
           resolve();
          });
      });
    }

  </script>
</body>