Add WPT for COEP inheritance in local scheme workers
This change adds a Web Platform Test checking inheritance of Cross
Origin Embedder Policy to dedicated/shared workers with blob or data
URL.
Change-Id: If307db134c6cfbcf8b8c768c57f3c6fbbee74b78
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2984381
Reviewed-by: Domenic Denicola <domenic@chromium.org>
Commit-Queue: Antonio Sartori <antoniosartori@chromium.org>
Cr-Commit-Position: refs/heads/master@{#896862}
diff --git a/html/cross-origin-embedder-policy/worker-inheritance.sub.https.html b/html/cross-origin-embedder-policy/worker-inheritance.sub.https.html
new file mode 100644
index 0000000..e96c7f7
--- /dev/null
+++ b/html/cross-origin-embedder-policy/worker-inheritance.sub.https.html
@@ -0,0 +1,61 @@
+<!DOCTYPE html>
+<title>Test that local scheme workers inherit COEP: require-corp from the creating document</title>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+<script>
+ promise_test(async t => {
+ let sameOrigin = "{{location[server]}}";
+ let crossOrigin = "https://{{hosts[][www]}}:{{ports[https][1]}}";
+
+ let testHarness = await fetch(`${sameOrigin}/resources/testharness.js`)
+ .then(r => r.text());
+
+ // Test that fetching same-origin is allowed by COEP.
+ let same_origin_allowed_test = testName => `
+ promise_test(async t => {
+ return fetch("${sameOrigin}/common/blank.html", { mode: "no-cors" });
+ }, "${testName}: Same origin should be allowed.");
+ `;
+
+ // For data URLs, since everything is cross-origin in that case.
+ let same_origin_blocked_test = testName => `
+ promise_test(t => {
+ return promise_rejects_js(
+ t, TypeError,
+ fetch("${sameOrigin}/common/blank.html", { mode: "no-cors" }));
+ }, "${testName}: Same origin should be blocked.");
+ `;
+
+ // Test that fetching cross-origin is blocked by COEP.
+ let cross_origin_blocked_test = testName => `
+ promise_test(t => {
+ return promise_rejects_js(
+ t, TypeError,
+ fetch("${crossOrigin}/common/blank.html", { mode: "no-cors" }));
+ }, "${testName}: Cross origin should be blocked.");
+ `;
+
+ let blob_string = testName => testHarness +
+ same_origin_allowed_test(testName) +
+ cross_origin_blocked_test(testName) + "done();";
+
+ let data_string = testName => testHarness +
+ same_origin_blocked_test(testName) +
+ cross_origin_blocked_test(testName) + "done();";
+
+ let blob_url = context => {
+ let blob = new Blob([blob_string(`blob URL ${context}`)],
+ { type: 'application/javascript' });
+ return URL.createObjectURL(blob);
+ };
+
+ await fetch_tests_from_worker(new Worker(blob_url("dedicated worker")));
+ await fetch_tests_from_worker(new SharedWorker(blob_url("shared worker")));
+
+ let data_url = context => `data:application/javascript,` +
+ `${encodeURIComponent(data_string("data URL " + context))}`;
+
+ await fetch_tests_from_worker(new Worker(data_url("dedicated worker")));
+ await fetch_tests_from_worker(new Worker(data_url("shared worker")));
+ });
+</script>
diff --git a/html/cross-origin-embedder-policy/worker-inheritance.sub.https.html.headers b/html/cross-origin-embedder-policy/worker-inheritance.sub.https.html.headers
new file mode 100644
index 0000000..6604450
--- /dev/null
+++ b/html/cross-origin-embedder-policy/worker-inheritance.sub.https.html.headers
@@ -0,0 +1 @@
+Cross-Origin-Embedder-Policy: require-corp