Bug 1456045 [wpt PR 10569] - service worker: Upstream Service-Worker-Allowed test to WPT., a=testonly
authorMatt Falkenhagen <falken@chromium.org>
Sun, 29 Apr 2018 20:30:01 +0000
changeset 472369 f6395e92c3b3c723ed033ffdd201059bf91ab9ab
parent 472368 abb301076495a5f40d4cfb2bc9c9f588ec57ecc7
child 472370 35ae8db858a063e0f99c160f8111d5ee0df75a91
push id1728
push userjlund@mozilla.com
push dateMon, 18 Jun 2018 21:12:27 +0000
treeherdermozilla-release@c296fde26f5f [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewerstestonly
bugs1456045, 10569, 688116, 1023672, 552639
milestone61.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1456045 [wpt PR 10569] - service worker: Upstream Service-Worker-Allowed test to WPT., a=testonly Automatic update from web-platform-testsservice worker: Upstream Service-Worker-Allowed test to WPT. Also add test cases for Service-Worker-Allowed header values that are absolute URLs. Currently Chrome accepts SWA header values that are cross-origin to the script URL since it seems to only care about the path of the URL. It seems strange but that seems to agree with the spec: https://github.com/w3c/ServiceWorker/issues/1307 Bug: 688116 Change-Id: I6dca55ea8525803efd2e55bf4166c863d62d31fa Reviewed-on: https://chromium-review.googlesource.com/1023672 Reviewed-by: Hiroki Nakagawa <nhiroki@chromium.org> Commit-Queue: Matt Falkenhagen <falken@chromium.org> Cr-Commit-Position: refs/heads/master@{#552639} -- wpt-commits: a8a8377b1ecb700709c923f3e72b513eedb3c0c2 wpt-pr: 10569
testing/web-platform/meta/MANIFEST.json
testing/web-platform/tests/service-workers/service-worker/Service-Worker-Allowed-header.https.html
--- a/testing/web-platform/meta/MANIFEST.json
+++ b/testing/web-platform/meta/MANIFEST.json
@@ -363416,16 +363416,22 @@
    "service-workers/cache-storage/worker/cache-storage.https.html": [
     [
      "/service-workers/cache-storage/worker/cache-storage.https.html",
      {
       "timeout": "long"
      }
     ]
    ],
+   "service-workers/service-worker/Service-Worker-Allowed-header.https.html": [
+    [
+     "/service-workers/service-worker/Service-Worker-Allowed-header.https.html",
+     {}
+    ]
+   ],
    "service-workers/service-worker/ServiceWorkerGlobalScope/close.https.html": [
     [
      "/service-workers/service-worker/ServiceWorkerGlobalScope/close.https.html",
      {}
     ]
    ],
    "service-workers/service-worker/ServiceWorkerGlobalScope/extendable-message-event-constructor.https.html": [
     [
@@ -597731,16 +597737,20 @@
   "service-workers/cache-storage/worker/cache-storage-match.https.html": [
    "575c735110d89eeddfbe0b46b1eee315b95aa9f4",
    "testharness"
   ],
   "service-workers/cache-storage/worker/cache-storage.https.html": [
    "85ba3f00328e9c5a0e4c9935d10921ea1c1afe86",
    "testharness"
   ],
+  "service-workers/service-worker/Service-Worker-Allowed-header.https.html": [
+   "9a2b7e696629dabf7a0b2f68b07c8358c1c103d6",
+   "testharness"
+  ],
   "service-workers/service-worker/ServiceWorkerGlobalScope/close.https.html": [
    "5037b0f564f3d23c0733ae7b4d59b5353eca8d45",
    "testharness"
   ],
   "service-workers/service-worker/ServiceWorkerGlobalScope/extendable-message-event-constructor.https.html": [
    "8885728d0bf1fb912ecad87d238257f68d71a7b3",
    "testharness"
   ],
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/service-workers/service-worker/Service-Worker-Allowed-header.https.html
@@ -0,0 +1,104 @@
+<!DOCTYPE html>
+<title>Service Worker: Service-Worker-Allowed header</title>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+<script src="/common/get-host-info.sub.js"></script>
+<script src="resources/test-helpers.sub.js"></script>
+<script>
+
+const host_info = get_host_info();
+
+// Returns a URL for a service worker script whose Service-Worker-Allowed
+// header value is set to |allowed_path|. If |origin| is specified, that origin
+// is used.
+function build_script_url(allowed_path, origin) {
+  const script = 'resources/empty-worker.js';
+  const url = origin ? `${origin}${base_path()}${script}` : script;
+  return `${url}?pipe=header(Service-Worker-Allowed,${allowed_path})`;
+}
+
+promise_test(async t => {
+  const script = build_script_url('/allowed-path');
+  const scope = '/allowed-path';
+  const registration = await service_worker_unregister_and_register(
+      t, script, scope);
+  assert_true(registration instanceof ServiceWorkerRegistration, 'registered');
+  assert_equals(registration.scope, normalizeURL(scope));
+  return registration.unregister();
+}, 'Registering within Service-Worker-Allowed path');
+
+promise_test(async t => {
+  const script = build_script_url(new URL('/allowed-path', document.location));
+  const scope = '/allowed-path';
+  const registration = await service_worker_unregister_and_register(
+      t, script, scope);
+  assert_true(registration instanceof ServiceWorkerRegistration, 'registered');
+  assert_equals(registration.scope, normalizeURL(scope));
+  return registration.unregister();
+}, 'Registering within Service-Worker-Allowed path (absolute URL)');
+
+promise_test(async t => {
+  const script = build_script_url('../allowed-path-with-parent');
+  const scope = 'allowed-path-with-parent';
+  const registration = await service_worker_unregister_and_register(
+      t, script, scope);
+  assert_true(registration instanceof ServiceWorkerRegistration, 'registered');
+  assert_equals(registration.scope, normalizeURL(scope));
+  return registration.unregister();
+}, 'Registering within Service-Worker-Allowed path with parent reference');
+
+promise_test(async t => {
+  const script = build_script_url('../allowed-path');
+  const scope = '/disallowed-path';
+  await service_worker_unregister(t, scope);
+  return promise_rejects(t,
+      'SecurityError',
+      navigator.serviceWorker.register(script, {scope: scope}),
+      'register should fail');
+}, 'Registering outside Service-Worker-Allowed path');
+
+promise_test(async t => {
+  const script = build_script_url('../allowed-path-with-parent');
+  const scope = '/allowed-path-with-parent';
+  await service_worker_unregister(t, scope);
+  return promise_rejects(t,
+      'SecurityError',
+      navigator.serviceWorker.register(script, {scope: scope}),
+      'register should fail');
+}, 'Registering outside Service-Worker-Allowed path with parent reference');
+
+promise_test(async t => {
+  const script = build_script_url(
+      host_info.HTTPS_REMOTE_ORIGIN + '/');
+  const scope = 'resources/this-scope-is-normally-allowed'
+  const registration = await service_worker_unregister_and_register(
+      t, script, scope);
+  assert_true(registration instanceof ServiceWorkerRegistration, 'registered');
+  assert_equals(registration.scope, normalizeURL(scope));
+  return registration.unregister();
+}, 'Service-Worker-Allowed is cross-origin to script, registering on a normally allowed scope');
+
+promise_test(async t => {
+  const script = build_script_url(
+      host_info.HTTPS_REMOTE_ORIGIN + '/');
+  const scope = '/this-scope-is-normally-disallowed'
+  const registration = await service_worker_unregister_and_register(
+      t, script, scope);
+  assert_true(registration instanceof ServiceWorkerRegistration, 'registered');
+  assert_equals(registration.scope, normalizeURL(scope));
+  return registration.unregister();
+}, 'Service-Worker-Allowed is cross-origin to script, registering on a normally disallowed scope');
+
+promise_test(async t => {
+  const script = build_script_url(
+      host_info.HTTPS_REMOTE_ORIGIN + '/cross-origin/',
+      host_info.HTTPS_REMOTE_ORIGIN);
+  const scope = '/cross-origin/';
+  await service_worker_unregister(t, scope);
+  return promise_rejects(t,
+      'SecurityError',
+      navigator.serviceWorker.register(script, {scope: scope}),
+      'register should fail');
+}, 'Service-Worker-Allowed is cross-origin to page, same-origin to script');
+
+</script>