Bug 1456045 [wpt PR 10569] - service worker: Upstream Service-Worker-Allowed test to WPT., a=testonly

mfalken · moz-wptsync-bot · commit 8abb55c6fc60 · 2018-04-30T14:36:01.000Z
Automatic update from web-platform-testsservice worker: Upstream Service-Worker-Allowed test to WPT. Also add test cases for Service-Worker-Allowed header values that are absolute URLs. Currently Chrome accepts SWA header values that are cross-origin to the script URL since it seems to only care about the path of the URL. It seems strange but that seems to agree with the spec: w3c/ServiceWorker#1307 Bug: 688116 Change-Id: I6dca55ea8525803efd2e55bf4166c863d62d31fa Reviewed-on: https://chromium-review.googlesource.com/1023672 Reviewed-by: Hiroki Nakagawa <nhiroki@chromium.org> Commit-Queue: Matt Falkenhagen <falken@chromium.org> Cr-Commit-Position: refs/heads/master@{#552639} -- wpt-commits: a8a8377b1ecb700709c923f3e72b513eedb3c0c2 wpt-pr: 10569
diff --git a/testing/web-platform/meta/MANIFEST.json b/testing/web-platform/meta/MANIFEST.json
@@ -363421,6 +363421,12 @@
      }
     ]
    ],
+   "service-workers/service-worker/Service-Worker-Allowed-header.https.html": [
+    [
+     "/service-workers/service-worker/Service-Worker-Allowed-header.https.html",
+     {}
+    ]
+   ],
    "service-workers/service-worker/ServiceWorkerGlobalScope/close.https.html": [
     [
      "/service-workers/service-worker/ServiceWorkerGlobalScope/close.https.html",
@@ -597736,6 +597742,10 @@
    "85ba3f00328e9c5a0e4c9935d10921ea1c1afe86",
    "testharness"
   ],
+  "service-workers/service-worker/Service-Worker-Allowed-header.https.html": [
+   "9a2b7e696629dabf7a0b2f68b07c8358c1c103d6",
+   "testharness"
+  ],
   "service-workers/service-worker/ServiceWorkerGlobalScope/close.https.html": [
    "5037b0f564f3d23c0733ae7b4d59b5353eca8d45",
    "testharness"
diff --git a/testing/web-platform/tests/service-workers/service-worker/Service-Worker-Allowed-header.https.html b/testing/web-platform/tests/service-workers/service-worker/Service-Worker-Allowed-header.https.html
@@ -0,0 +1,104 @@
+<!DOCTYPE html>
+<title>Service Worker: Service-Worker-Allowed header</title>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+<script src="/common/get-host-info.sub.js"></script>
+<script src="resources/test-helpers.sub.js"></script>
+<script>
+
+const host_info = get_host_info();
+
+// Returns a URL for a service worker script whose Service-Worker-Allowed
+// header value is set to |allowed_path|. If |origin| is specified, that origin
+// is used.
+function build_script_url(allowed_path, origin) {
+  const script = 'resources/empty-worker.js';
+  const url = origin ? `${origin}${base_path()}${script}` : script;
+  return `${url}?pipe=header(Service-Worker-Allowed,${allowed_path})`;
+}
+
+promise_test(async t => {
+  const script = build_script_url('/allowed-path');
+  const scope = '/allowed-path';
+  const registration = await service_worker_unregister_and_register(
+      t, script, scope);
+  assert_true(registration instanceof ServiceWorkerRegistration, 'registered');
+  assert_equals(registration.scope, normalizeURL(scope));
+  return registration.unregister();
+}, 'Registering within Service-Worker-Allowed path');
+
+promise_test(async t => {
+  const script = build_script_url(new URL('/allowed-path', document.location));
+  const scope = '/allowed-path';
+  const registration = await service_worker_unregister_and_register(
+      t, script, scope);
+  assert_true(registration instanceof ServiceWorkerRegistration, 'registered');
+  assert_equals(registration.scope, normalizeURL(scope));
+  return registration.unregister();
+}, 'Registering within Service-Worker-Allowed path (absolute URL)');
+
+promise_test(async t => {
+  const script = build_script_url('../allowed-path-with-parent');
+  const scope = 'allowed-path-with-parent';
+  const registration = await service_worker_unregister_and_register(
+      t, script, scope);
+  assert_true(registration instanceof ServiceWorkerRegistration, 'registered');
+  assert_equals(registration.scope, normalizeURL(scope));
+  return registration.unregister();
+}, 'Registering within Service-Worker-Allowed path with parent reference');
+
+promise_test(async t => {
+  const script = build_script_url('../allowed-path');
+  const scope = '/disallowed-path';
+  await service_worker_unregister(t, scope);
+  return promise_rejects(t,
+      'SecurityError',
+      navigator.serviceWorker.register(script, {scope: scope}),
+      'register should fail');
+}, 'Registering outside Service-Worker-Allowed path');
+
+promise_test(async t => {
+  const script = build_script_url('../allowed-path-with-parent');
+  const scope = '/allowed-path-with-parent';
+  await service_worker_unregister(t, scope);
+  return promise_rejects(t,
+      'SecurityError',
+      navigator.serviceWorker.register(script, {scope: scope}),
+      'register should fail');
+}, 'Registering outside Service-Worker-Allowed path with parent reference');
+
+promise_test(async t => {
+  const script = build_script_url(
+      host_info.HTTPS_REMOTE_ORIGIN + '/');
+  const scope = 'resources/this-scope-is-normally-allowed'
+  const registration = await service_worker_unregister_and_register(
+      t, script, scope);
+  assert_true(registration instanceof ServiceWorkerRegistration, 'registered');
+  assert_equals(registration.scope, normalizeURL(scope));
+  return registration.unregister();
+}, 'Service-Worker-Allowed is cross-origin to script, registering on a normally allowed scope');
+
+promise_test(async t => {
+  const script = build_script_url(
+      host_info.HTTPS_REMOTE_ORIGIN + '/');
+  const scope = '/this-scope-is-normally-disallowed'
+  const registration = await service_worker_unregister_and_register(
+      t, script, scope);
+  assert_true(registration instanceof ServiceWorkerRegistration, 'registered');
+  assert_equals(registration.scope, normalizeURL(scope));
+  return registration.unregister();
+}, 'Service-Worker-Allowed is cross-origin to script, registering on a normally disallowed scope');
+
+promise_test(async t => {
+  const script = build_script_url(
+      host_info.HTTPS_REMOTE_ORIGIN + '/cross-origin/',
+      host_info.HTTPS_REMOTE_ORIGIN);
+  const scope = '/cross-origin/';
+  await service_worker_unregister(t, scope);
+  return promise_rejects(t,
+      'SecurityError',
+      navigator.serviceWorker.register(script, {scope: scope}),
+      'register should fail');
+}, 'Service-Worker-Allowed is cross-origin to page, same-origin to script');
+
+</script>
