chromium/third_party/blink/web_tests/external/wpt/service-workers/service-worker/multipart-image.https.html

<!DOCTYPE html>
<title>Tests for cross-origin multipart image returned by service worker</title>
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
<script src="resources/test-helpers.sub.js"></script>

<script>
// This tests loading a multipart image via service worker. The service worker responds with
// an opaque or a non-opaque response. The content of opaque response should not be readable.

const script = 'resources/multipart-image-worker.js';
const scope = 'resources/multipart-image-iframe.html';
let frame;

function check_image_data(data) {
    assert_equals(data[0], 255);
    assert_equals(data[1], 0);
    assert_equals(data[2], 0);
    assert_equals(data[3], 255);
}

promise_test(t => {
    return service_worker_unregister_and_register(t, script, scope)
      .then(registration => {
          promise_test(() => {
              if (frame) {
                  frame.remove();
              }
              return registration.unregister();
            }, 'restore global state');

          return wait_for_state(t, registration.installing, 'activated');
        })
      .then(() => with_iframe(scope))
      .then(f => {
          frame = f;
      });
  }, 'initialize global state');

promise_test(t => {
    return frame.contentWindow.load_multipart_image('same-origin-multipart-image')
      .then(img => frame.contentWindow.get_image_data(img))
      .then(img_data => {
          check_image_data(img_data.data);
      });
  }, 'same-origin multipart image via SW should be readable');

promise_test(t => {
    return frame.contentWindow.load_multipart_image('cross-origin-multipart-image-with-cors-approved')
      .then(img => frame.contentWindow.get_image_data(img))
      .then(img_data => {
          check_image_data(img_data.data);
      });
  }, 'cross-origin multipart image via SW with approved CORS should be readable');

promise_test(t => {
    return frame.contentWindow.load_multipart_image('cross-origin-multipart-image-with-no-cors')
      .then(img => {
        assert_throws_dom('SecurityError', frame.contentWindow.DOMException,
                          () => frame.contentWindow.get_image_data(img));
      });
  }, 'cross-origin multipart image with no-cors via SW should not be readable');

promise_test(t => {
    const promise = frame.contentWindow.load_multipart_image('cross-origin-multipart-image-with-cors-rejected');
    return promise_rejects_dom(t, 'NetworkError', frame.contentWindow.DOMException, promise);
  }, 'cross-origin multipart image via SW with rejected CORS should fail to load');
</script>