// META: timeout=long
// META: variant=?worker=dedicated_worker
// META: variant=?worker=shared_worker
// META: variant=?worker=service_worker
// META: script=/common/get-host-info.sub.js
// META: script=/common/utils.js
// META: script=/common/dispatcher/dispatcher.js
// META: script=/html/cross-origin-embedder-policy/credentialless/resources/common.js
// META: script=./resources/common.js
// Execute the same set of tests for every type of worker.
// - DedicatedWorkers
// - SharedWorkers
// - ServiceWorkers.
const params = new URLSearchParams(document.location.search);
const worker_param = params.get("worker") || "dedicated_worker";
const cookie_key = token();
const cookie_value = "cookie_value";
const cookie_origin = get_host_info().HTTPS_REMOTE_ORIGIN;
// Create worker spawned from `context` and return its uuid.
const workerFrom = context => {
const reply = token();
send(context, `
for(deps of [
"/common/utils.js",
"/resources/testharness.js",
"/html/cross-origin-embedder-policy/credentialless/resources/common.js",
]) {
await new Promise(resolve => {
const script = document.createElement("script");
script.src = deps;
script.onload = resolve;
document.body.appendChild(script);
});
}
const worker_constructor = environments["${worker_param}"];
const headers = "";
const [worker, error] = worker_constructor(headers);
send("${reply}", worker);
`);
return receive(reply);
};
// Set a cookie from a top-level document.
promise_test(async test => {
await setCookie(cookie_origin, cookie_key, cookie_value);
}, "set cookies");
// Control: iframe is not credentialless. The worker can access cookies.
promise_test(async test => {
const headers = token();
send(await workerFrom(newIframe(cookie_origin)), `
fetch("${showRequestHeaders(cookie_origin, headers)}");
`);
const cookie = parseCookies(JSON.parse(await receive(headers)));
assert_equals(cookie[cookie_key], cookie_value)
}, "Worker spawned from normal iframe can access global cookies");
// Experiment: iframe is credentialless.
promise_test(async test => {
const headers = token();
send(await workerFrom(newIframeCredentialless(cookie_origin)), `
fetch("${showRequestHeaders(cookie_origin, headers)}");
`);
const cookie = parseCookies(JSON.parse(await receive(headers)));
assert_equals(cookie[cookie_key], undefined)
}, "Worker spawned from credentialless iframe can't access global cookies");
Codebase Browser
chromium