author Alexandru Michis <malexandru@mozilla.com>
Wed, 04 Aug 2021 12:35:44 +0300
changeset 587733 69d1fe6262a0c316e8c1b2ad49c0af10bbca522b
parent 515182 88d4932e7da4b199cd3761e286f9a6b25bac5f0f
permissions -rw-r--r--
Merge autoland to mozilla-central. a=merge

<!doctype html>
<title> Retrieve resources from CacheStorage with Cross-Origin-Embedder-Policy: require-corp</title>
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
<script src="/common/get-host-info.sub.js"></script>
<script src="/service-workers/service-worker/resources/test-helpers.sub.js"></script>

  This document has the header Cross-Origin-Embedder-Policy: require-corp.
  Cross-Origin Embedder Policy Editor's draft: https://mikewest.github.io/corpp/

  This test is retrieving same-origin and cross-origin resources from the
  CacheStorage. The resources are generated from the ServiceWorker or from the
  network with the header Cross-Origin-Resource-Policy being one of:
    - 'same-origin'
    - 'cross-origin'
    - <undefined>

promise_test(async (t) => {
  const SCOPE = new URL(location.href).pathname;
  const SCRIPT =
    'resources/sw-store-to-cache-storage.js?' +

  const reg = await service_worker_unregister_and_register(t, SCRIPT, SCOPE);
  add_completion_callback(() => reg.unregister());
  await new Promise(resolve => {
    navigator.serviceWorker.addEventListener('controllerchange', resolve);
}, 'setting up');

function remote(path) {
  const REMOTE_ORIGIN = get_host_info().HTTPS_REMOTE_ORIGIN;
  return new URL(path, REMOTE_ORIGIN);

function local(path) {
  return new URL(path, location.origin);

// Send a message to the currently active ServiceWorker and wait for its
// response.
function executeCommandInServiceWorker(command) {
  return new Promise(resolve => {
    navigator.serviceWorker.addEventListener('message', e => resolve(e.data));

// Try loading an image from a |response|. Return a Promise resolving or
// rejecting depending on the image loading result.
const loadFailure = {name: "Image.onerror"};
function readImageFromResponse(response) {
  return new Promise((resolve, reject) => {
    const img = document.createElement("img");
    img.onload = resolve.bind(this, "");
    img.onerror = reject.bind(this, loadFailure);
    response.blob().then(blob => {
      img.src = URL.createObjectURL(blob);

const image_path = "/images/blue.png?pipe=";

const corp_header = {
  "corp-undefined": "",
  "corp-same-origin": "|header(Cross-Origin-Resource-Policy,same-origin)",
  "corp-cross-origin": "|header(Cross-Origin-Resource-Policy,cross-origin)",

const cors_header = {
  "cors-disabled": "",
  "cors-enabled": "|header(Access-Control-Allow-Origin,*)",

function test(
  // Test parameters:
  request_source, request_origin, request_mode, response_cors, response_corp,
  // Test expectations:
  response_stored, response_type) {
  promise_test(async (t) => {
    // 0. Start from an empty CacheStorage.
    await caches.delete("v1");

    // 1. Store a cross-origin no-cors response generated from the SW into the
    //    CacheStorage.
    const path = image_path +
      corp_header[response_corp] +
    const url = (request_origin === "same-origin" ? local : remote)(path);
    const command = {
      url: url.href,
      mode: request_mode,
      source: request_source,

    assert_equals(await executeCommandInServiceWorker(command), response_stored);
    if (response_stored === "not-stored") {

    // 2. Retrieve it from the CacheStorage.
    const cache = await caches.open('v1');

    if (response_type === 'error') {
      await promise_rejects_js(t, TypeError, cache.match(url));

    const response = await cache.match(url);

    assert_equals(response.type, response_type);

    if (request_source === "service-worker") {
      assert_equals("foo", await response.text());

    // Opaque response can't be read from the document.
    if (response_type === "opaque") {
      await promise_rejects_exactly(t, loadFailure, readImageFromResponse(response));

    await readImageFromResponse(response);
  }, `Fetch ${request_origin} ${request_mode} ${response_cors} ${response_corp} from ${request_source} and CacheStorage.`)

// Responses generated from the ServiceWorker.
  test("service-worker", "cross-origin", "cors", "", "", "stored", "default");
  test("service-worker", "cross-origin", "no-cors", "", "", "stored", "default");
  test("service-worker", "same-origin", "cors", "", "", "stored", "default");
  test("service-worker", "same-origin", "no-cors", "", "", "stored", "default");

// Responses generated from a same-origin server.
  const t = test.bind(this, "network", "same-origin");
  t("cors", "cors-disabled", "corp-cross-origin", "stored", "basic");
  t("cors", "cors-disabled", "corp-same-origin", "stored", "basic");
  t("cors", "cors-disabled", "corp-undefined", "stored", "basic");
  t("cors", "cors-enabled", "corp-cross-origin", "stored", "basic");
  t("cors", "cors-enabled", "corp-same-origin", "stored", "basic");
  t("cors", "cors-enabled", "corp-undefined", "stored", "basic");
  t("no-cors", "cors-disabled", "corp-cross-origin", "stored", "basic");
  t("no-cors", "cors-disabled", "corp-same-origin", "stored", "basic");
  t("no-cors", "cors-disabled", "corp-undefined", "stored", "basic");
  t("no-cors", "cors-enabled", "corp-cross-origin", "stored", "basic");
  t("no-cors", "cors-enabled", "corp-same-origin", "stored", "basic");
  t("no-cors", "cors-enabled", "corp-undefined", "stored", "basic");

// Responses generated from a cross-origin server.
  const t = test.bind(this, "network", "cross-origin");
  t("cors", "cors-disabled", "corp-cross-origin", "not-stored");
  t("cors", "cors-disabled", "corp-same-origin", "not-stored");
  t("cors", "cors-disabled", "corp-undefined", "not-stored");
  t("cors", "cors-enabled", "corp-cross-origin", "stored", "cors");
  t("cors", "cors-enabled", "corp-same-origin", "stored", "cors");
  t("cors", "cors-enabled", "corp-undefined", "stored", "cors");
  t("no-cors", "cors-disabled", "corp-cross-origin", "stored", "opaque");
  t("no-cors", "cors-disabled", "corp-same-origin", "not-stored");
  t("no-cors", "cors-disabled", "corp-undefined", "stored", "error");
  t("no-cors", "cors-enabled", "corp-cross-origin", "stored", "opaque");
  t("no-cors", "cors-enabled", "corp-same-origin", "not-stored");
  t("no-cors", "cors-enabled", "corp-undefined", "stored", "error");