<!doctype html><metacharset=utf-8><title>Ensure service worker is bypassed in insecure contexts</title><scriptsrc="/resources/testharness.js"></script><scriptsrc="/resources/testharnessreport.js"></script><scriptsrc="/common/get-host-info.sub.js"></script><scriptsrc="resources/test-helpers.sub.js"></script><body><script>// This test checks that an HTTPS iframe embedded in an HTTP document is not// loaded via a service worker, since it's not a secure context. To that end, we// first register a service worker, wait for its activation, and create an// iframe that is controlled by said service worker. We use the iframe as a// way to receive messages from the service worker.// The bulk of the test begins by opening an HTTP window with the noopener// option, installing a message event handler, and embedding an HTTPS iframe. If// the browser behaves correctly then the iframe will be loaded from the network// and will contain a script that posts a message to the parent window,// informing it that it was loaded from the network. If, however, the iframe is// intercepted, the service worker will return a page with a script that posts a// message to the parent window, informing it that it was intercepted.// Upon getting either result, the window will report the result to the service// worker by navigating to a reporting URL. The service worker will then inform// all clients about the result, including the controlled iframe from the// beginning of the test. The message event handler will verify that the result// is as expected, concluding the test.promise_test(t=>{constSCRIPT="resources/secure-context-service-worker.js";constSCOPE="resources/";constHTTP_IFRAME_URL=get_host_info().HTTP_ORIGIN+base_path()+SCOPE+"secure-context/window.html";returnservice_worker_unregister_and_register(t,SCRIPT,SCOPE).then(registration=>{t.add_cleanup(()=>{returnregistration.unregister();});returnwait_for_state(t,registration.installing,'activated');}).then(()=>{returnwith_iframe(SCOPE+"blank.html");}).then(iframe=>{t.add_cleanup(()=>{iframe.remove();});returnnewPromise(resolve=>{iframe.contentWindow.navigator.serviceWorker.onmessage=t.step_func(event=>{assert_equals(event.data,'network');resolve();});window.open(HTTP_IFRAME_URL,'MyWindow','noopener');});});})</script></body>