<!doctype html>
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
<script src="/common/utils.js"></script>
<script src="/shared-storage/resources/util.js"></script>
<script src="/fenced-frame/resources/utils.js"></script>
<body>
<script>
'use strict';
async function verifyStoreCookieCrossOriginCreateWorkletIncludeCredentials(
helper_url_params, data_origin_option) {
const ancestor_key = token();
const crossOrigin = 'https://{{domains[www]}}:{{ports[https][0]}}';
const set_cookie_url = crossOrigin + `/cookies/resources/set-cookie.py` +
`?name=key0` +
`&path=/shared-storage/`;
const helper_url = crossOrigin +
`/shared-storage/resources/credentials-test-helper.py` +
helper_url_params + `&token=${ancestor_key}`;
await fetch(set_cookie_url, { mode: 'no-cors', credentials: 'include' });
const options = (data_origin_option === '') ? { credentials: "include" }
: { credentials: "include", dataOrigin: data_origin_option };
const worklet = await sharedStorage.createWorklet(
helper_url + `&action=store-cookie`, options);
const request_cookie_fetch_response =
await fetch(helper_url + `&action=get-cookie`);
const request_cookie_text = await request_cookie_fetch_response.text();
assert_equals(request_cookie_text, "key0=1");
}
promise_test(async () => {
const helper_url_params =
`?access_control_allow_origin_header=${window.origin}` +
`&access_control_allow_credentials_header=true`;
await verifyStoreCookieCrossOriginCreateWorkletIncludeCredentials(
helper_url_params, /*data_origin_option=*/'');
}, 'createWorklet() with cross-origin module script, credentials "include",'
+ 'and default data origin (context origin).');
promise_test(async () => {
const helper_url_params =
`?access_control_allow_origin_header=${window.origin}` +
`&access_control_allow_credentials_header=true`;
await verifyStoreCookieCrossOriginCreateWorkletIncludeCredentials(
helper_url_params, /*data_origin_option=*/'context-origin');
}, 'createWorklet() with cross-origin module script, credentials "include",'
+ 'and "context-origin" as dataOrigin.');
promise_test(async () => {
const helper_url_params =
`?access_control_allow_origin_header=${window.origin}` +
`&access_control_allow_credentials_header=true` +
`&shared_storage_cross_origin_worklet_allowed_header=?1`;
await verifyStoreCookieCrossOriginCreateWorkletIncludeCredentials(
helper_url_params, /*data_origin_option=*/'script-origin');
}, 'createWorklet() with cross-origin module script, credentials "include",'
+ 'and "script-origin" as dataOrigin.');
</script>
</body>