Add cross-origin-embedder-policy tests with service workers (#18559)

Author: yutakahirano

html/cross-origin-embedder-policy/none-sw-from-none.https.html

@@ -0,0 +1,85 @@
+<!doctype html>
+<html>
+<script src=/resources/testharness.js></script>
+<script src=/resources/testharnessreport.js></script>
+<script src="/common/get-host-info.sub.js"></script>
+<script src="/service-workers/service-worker/resources/test-helpers.sub.js"></script>
+<script>
+const SCOPE = new URL(location.href).pathname;
+const SCRIPT =
+  'resources/sw.js?' +
+  `pipe=header(service-worker-allowed,${SCOPE})`;
+
+function remote(path) {
+  const REMOTE_ORIGIN = get_host_info().HTTPS_REMOTE_ORIGIN;
+  return new URL(path, REMOTE_ORIGIN + '/html/cross-origin-embedder-policy/');
+}
+
+promise_test(async (t) => {
+  const reg = await service_worker_unregister_and_register(t, SCRIPT, SCOPE);
+  add_completion_callback(() => {
+      reg.unregister();
+  });
+  await new Promise(resolve => {
+    navigator.serviceWorker.addEventListener('controllerchange', resolve);
+  });
+}, 'setting up');
+
+promise_test(async (t) => {
+  await fetch('resources/nothing-same-origin-corp.txt', {mode: 'no-cors'});
+}, 'making a same-origin request for CORP: same-origin');
+
+promise_test(async (t) => {
+  await fetch('/common/blank.html', {mode: 'no-cors'});
+}, 'making a same-origin request for no CORP');
+
+promise_test(async (t) => {
+  await fetch('resources/nothing-cross-origin-corp.txt', {mode: 'no-cors'});
+}, 'making a same-origin request for CORP: cross-origin');
+
+promise_test(async (t) => {
+  await promise_rejects(
+    t, TypeError(),
+    fetch(remote('resources/nothing-same-origin-corp.txt'), {mode: 'no-cors'}));
+}, 'making a cross-origin request for CORP: same-origin');
+
+promise_test(async (t) => {
+  await fetch(remote('/common/blank.html'), {mode: 'no-cors'});
+}, 'making a cross-origin request for no CORP');
+
+promise_test(async (t) => {
+  await fetch(
+    remote('resources/nothing-cross-origin-corp.txt'),
+    {mode: 'no-cors'});
+}, 'making a cross-origin request for CORP: cross-origin');
+
+promise_test(async (t) => {
+  await promise_rejects(
+    t, TypeError(),
+    fetch(remote('resources/nothing-same-origin-corp.txt?passthrough'),
+      {mode: 'no-cors'}));
+}, 'making a cross-origin request for CORP: same-origin [PASS THROUGH]');
+
+promise_test(async (t) => {
+  await fetch(remote('/common/blank.html?passthrough'), {mode: 'no-cors'});
+}, 'making a cross-origin request for no CORP [PASS THROUGH]');
+
+promise_test(async (t) => {
+  await fetch(
+    remote('resources/nothing-cross-origin-corp.txt?passthrough'),
+    {mode: 'no-cors'});
+}, 'making a cross-origin request for CORP: cross-origin [PASS THROUGH]');
+
+promise_test(async (t) => {
+  await promise_rejects(
+    t, TypeError(), fetch(remote('/common/blank.html'), {mode: 'cors'}));
+}, 'making a cross-origin request with CORS without ACAO');
+
+promise_test(async (t) => {
+  const URL = remote(
+    '/common/blank.html?pipe=header(access-control-allow-origin,*');
+  await fetch(URL, {mode: 'cors'});
+}, 'making a cross-origin request with CORS');
+
+</script>
+</html>

html/cross-origin-embedder-policy/none-sw-from-require-corp.https.html

@@ -0,0 +1,88 @@
+<!doctype html>
+<html>
+<script src=/resources/testharness.js></script>
+<script src=/resources/testharnessreport.js></script>
+<script src="/common/get-host-info.sub.js"></script>
+<script src="/service-workers/service-worker/resources/test-helpers.sub.js"></script>
+<script>
+const SCOPE = new URL(location.href).pathname;
+const SCRIPT =
+  'resources/sw.js?' +
+  `pipe=header(service-worker-allowed,${SCOPE})`;
+
+function remote(path) {
+  const REMOTE_ORIGIN = get_host_info().HTTPS_REMOTE_ORIGIN;
+  return new URL(path, REMOTE_ORIGIN + '/html/cross-origin-embedder-policy/');
+}
+
+promise_test(async (t) => {
+  const reg = await service_worker_unregister_and_register(t, SCRIPT, SCOPE);
+  add_completion_callback(() => {
+      reg.unregister();
+  });
+  await new Promise(resolve => {
+    navigator.serviceWorker.addEventListener('controllerchange', resolve);
+  });
+}, 'setting up');
+
+promise_test(async (t) => {
+  await fetch('resources/nothing-same-origin-corp.txt', {mode: 'no-cors'});
+}, 'making a same-origin request for CORP: same-origin');
+
+promise_test(async (t) => {
+  await fetch('/common/blank.html', {mode: 'no-cors'});
+}, 'making a same-origin request for no CORP');
+
+promise_test(async (t) => {
+  await fetch('resources/nothing-cross-origin-corp.txt', {mode: 'no-cors'});
+}, 'making a same-origin request for CORP: cross-origin');
+
+promise_test(async (t) => {
+  await promise_rejects(
+    t, TypeError(),
+    fetch(remote('resources/nothing-same-origin-corp.txt'), {mode: 'no-cors'}));
+}, 'making a cross-origin request for CORP: same-origin');
+
+promise_test(async (t) => {
+  await promise_rejects(
+    t, TypeError(), fetch(remote('/common/blank.html'), {mode: 'no-cors'}));
+}, 'making a cross-origin request for no CORP');
+
+promise_test(async (t) => {
+  await fetch(
+    remote('resources/nothing-cross-origin-corp.txt'),
+    {mode: 'no-cors'});
+}, 'making a cross-origin request for CORP: cross-origin');
+
+promise_test(async (t) => {
+  await promise_rejects(
+    t, TypeError(),
+    fetch(remote('resources/nothing-same-origin-corp.txt?passthrough'),
+      {mode: 'no-cors'}));
+}, 'making a cross-origin request for CORP: same-origin [PASS THROUGH]');
+
+promise_test(async (t) => {
+  await promise_rejects(
+    t, TypeError(),
+    fetch(remote('/common/blank.html?passthrough'), {mode: 'no-cors'}));
+}, 'making a cross-origin request for no CORP [PASS THROUGH]');
+
+promise_test(async (t) => {
+  await fetch(
+    remote('resources/nothing-cross-origin-corp.txt?passthrough'),
+    {mode: 'no-cors'});
+}, 'making a cross-origin request for CORP: cross-origin [PASS THROUGH]');
+
+promise_test(async (t) => {
+  await promise_rejects(
+    t, TypeError(), fetch(remote('/common/blank.html'), {mode: 'cors'}));
+}, 'making a cross-origin request with CORS without ACAO');
+
+promise_test(async (t) => {
+  const URL = remote(
+    '/common/blank.html?pipe=header(access-control-allow-origin,*');
+  await fetch(URL, {mode: 'cors'});
+}, 'making a cross-origin request with CORS');
+
+</script>
+</html>

html/cross-origin-embedder-policy/none-sw-from-require-corp.https.html.headers

@@ -0,0 +1 @@
+cross-origin-embedder-policy: require-corp

html/cross-origin-embedder-policy/require-corp-sw-from-none.https.html

@@ -0,0 +1,87 @@
+<!doctype html>
+<html>
+<script src=/resources/testharness.js></script>
+<script src=/resources/testharnessreport.js></script>
+<script src="/common/get-host-info.sub.js"></script>
+<script src="/service-workers/service-worker/resources/test-helpers.sub.js"></script>
+<script>
+const SCOPE = new URL(location.href).pathname;
+const SCRIPT =
+  'resources/sw.js?' +
+  `pipe=header(service-worker-allowed,${SCOPE})|` +
+  'header(cross-origin-embedder-policy,require-corp)';
+
+function remote(path) {
+  const REMOTE_ORIGIN = get_host_info().HTTPS_REMOTE_ORIGIN;
+  return new URL(path, REMOTE_ORIGIN + '/html/cross-origin-embedder-policy/');
+}
+
+promise_test(async (t) => {
+  const reg = await service_worker_unregister_and_register(t, SCRIPT, SCOPE);
+  add_completion_callback(() => {
+      reg.unregister();
+  });
+  await new Promise(resolve => {
+    navigator.serviceWorker.addEventListener('controllerchange', resolve);
+  });
+}, 'setting up');
+
+promise_test(async (t) => {
+  await fetch('resources/nothing-same-origin-corp.txt', {mode: 'no-cors'});
+}, 'making a same-origin request for CORP: same-origin');
+
+promise_test(async (t) => {
+  await fetch('/common/blank.html', {mode: 'no-cors'});
+}, 'making a same-origin request for no CORP');
+
+promise_test(async (t) => {
+  await fetch('resources/nothing-cross-origin-corp.txt', {mode: 'no-cors'});
+}, 'making a same-origin request for CORP: cross-origin');
+
+promise_test(async (t) => {
+  await promise_rejects(
+    t, TypeError(),
+    fetch(remote('resources/nothing-same-origin-corp.txt'), {mode: 'no-cors'}));
+}, 'making a cross-origin request for CORP: same-origin');
+
+promise_test(async (t) => {
+  await promise_rejects(
+    t, TypeError(), fetch(remote('/common/blank.html'), {mode: 'no-cors'}));
+}, 'making a cross-origin request for no CORP');
+
+promise_test(async (t) => {
+  await fetch(
+    remote('resources/nothing-cross-origin-corp.txt'),
+    {mode: 'no-cors'});
+}, 'making a cross-origin request for CORP: cross-origin');
+
+promise_test(async (t) => {
+  await promise_rejects(
+    t, TypeError(),
+    fetch(remote('resources/nothing-same-origin-corp.txt?passthrough'),
+      {mode: 'no-cors'}));
+}, 'making a cross-origin request for CORP: same-origin [PASS THROUGH]');
+
+promise_test(async (t) => {
+  await fetch(remote('/common/blank.html?passthrough'), {mode: 'no-cors'});
+}, 'making a cross-origin request for no CORP [PASS THROUGH]');
+
+promise_test(async (t) => {
+  await fetch(
+    remote('resources/nothing-cross-origin-corp.txt?passthrough'),
+    {mode: 'no-cors'});
+}, 'making a cross-origin request for CORP: cross-origin [PASS THROUGH]');
+
+promise_test(async (t) => {
+  await promise_rejects(
+    t, TypeError(), fetch(remote('/common/blank.html'), {mode: 'cors'}));
+}, 'making a cross-origin request with CORS without ACAO');
+
+promise_test(async (t) => {
+  const URL = remote(
+    '/common/blank.html?pipe=header(access-control-allow-origin,*');
+  await fetch(URL, {mode: 'cors'});
+}, 'making a cross-origin request with CORS');
+
+</script>
+</html>

html/cross-origin-embedder-policy/require-corp-sw-from-require-corp.https.html

@@ -0,0 +1,89 @@
+<!doctype html>
+<html>
+<script src=/resources/testharness.js></script>
+<script src=/resources/testharnessreport.js></script>
+<script src="/common/get-host-info.sub.js"></script>
+<script src="/service-workers/service-worker/resources/test-helpers.sub.js"></script>
+<script>
+const SCOPE = new URL(location.href).pathname;
+const SCRIPT =
+  'resources/sw.js?' +
+  `pipe=header(service-worker-allowed,${SCOPE})|` +
+  'header(cross-origin-embedder-policy,require-corp)';
+
+function remote(path) {
+  const REMOTE_ORIGIN = get_host_info().HTTPS_REMOTE_ORIGIN;
+  return new URL(path, REMOTE_ORIGIN + '/html/cross-origin-embedder-policy/');
+}
+
+promise_test(async (t) => {
+  const reg = await service_worker_unregister_and_register(t, SCRIPT, SCOPE);
+  add_completion_callback(() => {
+      reg.unregister();
+  });
+  await new Promise(resolve => {
+    navigator.serviceWorker.addEventListener('controllerchange', resolve);
+  });
+}, 'setting up');
+
+promise_test(async (t) => {
+  await fetch('resources/nothing-same-origin-corp.txt', {mode: 'no-cors'});
+}, 'making a same-origin request for CORP: same-origin');
+
+promise_test(async (t) => {
+  await fetch('/common/blank.html', {mode: 'no-cors'});
+}, 'making a same-origin request for no CORP');
+
+promise_test(async (t) => {
+  await fetch('resources/nothing-cross-origin-corp.txt', {mode: 'no-cors'});
+}, 'making a same-origin request for CORP: cross-origin');
+
+promise_test(async (t) => {
+  await promise_rejects(
+    t, TypeError(),
+    fetch(remote('resources/nothing-same-origin-corp.txt'), {mode: 'no-cors'}));
+}, 'making a cross-origin request for CORP: same-origin');
+
+promise_test(async (t) => {
+  await promise_rejects(
+    t, TypeError(), fetch(remote('/common/blank.html'), {mode: 'no-cors'}));
+}, 'making a cross-origin request for no CORP');
+
+promise_test(async (t) => {
+  await fetch(
+    remote('resources/nothing-cross-origin-corp.txt'),
+    {mode: 'no-cors'});
+}, 'making a cross-origin request for CORP: cross-origin');
+
+promise_test(async (t) => {
+  await promise_rejects(
+    t, TypeError(),
+    fetch(remote('resources/nothing-same-origin-corp.txt?passthrough'),
+      {mode: 'no-cors'}));
+}, 'making a cross-origin request for CORP: same-origin [PASS THROUGH]');
+
+promise_test(async (t) => {
+  await promise_rejects(
+    t, TypeError(),
+    fetch(remote('/common/blank.html?passthrough'), {mode: 'no-cors'}));
+}, 'making a cross-origin request for no CORP [PASS THROUGH]');
+
+promise_test(async (t) => {
+  await fetch(
+    remote('resources/nothing-cross-origin-corp.txt?passthrough'),
+    {mode: 'no-cors'});
+}, 'making a cross-origin request for CORP: cross-origin [PASS THROUGH]');
+
+promise_test(async (t) => {
+  await promise_rejects(
+    t, TypeError(), fetch(remote('/common/blank.html'), {mode: 'cors'}));
+}, 'making a cross-origin request with CORS without ACAO');
+
+promise_test(async (t) => {
+  const URL = remote(
+    '/common/blank.html?pipe=header(access-control-allow-origin,*');
+  await fetch(URL, {mode: 'cors'});
+}, 'making a cross-origin request with CORS');
+
+</script>
+</html>

html/cross-origin-embedder-policy/require-corp-sw-from-require-corp.https.html.headers

@@ -0,0 +1 @@
+cross-origin-embedder-policy: require-corp

html/cross-origin-embedder-policy/resources/nothing.txt

@@ -0,0 +1 @@
+nothing with no CORP headers

html/cross-origin-embedder-policy/resources/sw.js

@@ -0,0 +1,12 @@
+self.addEventListener('activate', (e) => {
+  e.waitUntil(clients.claim());
+});
+
+self.addEventListener('fetch', (e) => {
+  const url = new URL(e.request.url);
+  if (url.searchParams.has('passthrough')) {
+    return;
+  }
+
+  e.respondWith(fetch(e.request));
+});