dom/fetch/tests/browser_origin_trial_coep_credentialless_worker.js

   1 const TOP_LEVEL_URL =
   2   getRootDirectory(gTestPath).replace(
   3     "chrome://mochitests/content",
   4     "https://example.com"
   5   ) + "open_credentialless_document.sjs";
   6
   7 const WORKER_URL =
   8   getRootDirectory(gTestPath).replace(
   9     "chrome://mochitests/content",
  10     "https://example.com"
  11   ) + "credentialless_worker.sjs";
  12
  13 const GET_STATE_URL =
  14   getRootDirectory(gTestPath).replace(
  15     "chrome://mochitests/content",
  16     "https://example.com"
  17   ) + "store_header.sjs?getstate";
  18
  19 const SAME_ORIGIN = "https://example.com";
  20 const CROSS_ORIGIN = "https://test1.example.com";
  21
  22 const WORKER_USES_CREDENTIALLESS = "credentialless";
  23 const WORKER_NOT_USE_CREDENTIALLESS = "";
  24
  25 async function addCookieToOrigin(origin) {
  26   const fetchRequestURL =
  27     getRootDirectory(gTestPath).replace("chrome://mochitests/content", origin) +
  28     "store_header.sjs?addcookie";
  29
  30   const addcookieTab = await BrowserTestUtils.openNewForegroundTab(
  31     gBrowser,
  32     fetchRequestURL
  33   );
  34
  35   await SpecialPowers.spawn(addcookieTab.linkedBrowser, [], async function () {
  36     content.document.cookie = "coep=credentialless; SameSite=None; Secure";
  37   });
  38   await BrowserTestUtils.removeTab(addcookieTab);
  39 }
  40
  41 async function testOrigin(
  42   fetchOrigin,
  43   isCredentialless,
  44   workerUsesCredentialless,
  45   expectedCookieResult
  46 ) {
  47   let topLevelUrl = TOP_LEVEL_URL;
  48   if (isCredentialless) {
  49     topLevelUrl += "?credentialless";
  50   }
  51   const noCredentiallessTab = await BrowserTestUtils.openNewForegroundTab(
  52     gBrowser,
  53     topLevelUrl
  54   );
  55
  56   const fetchRequestURL =
  57     getRootDirectory(gTestPath).replace(
  58       "chrome://mochitests/content",
  59       fetchOrigin
  60     ) + "store_header.sjs?checkheader";
  61
  62   let workerScriptURL = WORKER_URL + "?" + workerUsesCredentialless;
  63
  64   await SpecialPowers.spawn(
  65     noCredentiallessTab.linkedBrowser,
  66     [fetchRequestURL, GET_STATE_URL, workerScriptURL, expectedCookieResult],
  67     async function (
  68       fetchRequestURL,
  69       getStateURL,
  70       workerScriptURL,
  71       expectedCookieResult
  72     ) {
  73       const worker = new content.Worker(workerScriptURL, {});
  74
  75       // When the worker receives this message, it'll send
  76       // a fetch request to fetchRequestURL, and fetchRequestURL
  77       // will store whether it has received the cookie as a
  78       // shared state.
  79       worker.postMessage(fetchRequestURL);
  80
  81       if (expectedCookieResult == "error") {
  82         await new Promise(r => {
  83           worker.onerror = function () {
  84             ok(true, "worker has error");
  85             r();
  86           };
  87         });
  88       } else {
  89         await new Promise(r => {
  90           worker.addEventListener("message", async function () {
  91             // This request is used to get the saved state from the
  92             // previous fetch request.
  93             const response = await content.fetch(getStateURL, {
  94               mode: "cors",
  95             });
  96             const text = await response.text();
  97             is(text, expectedCookieResult);
  98             r();
  99           });
 100         });
 101       }
 102     }
 103   );
 104   await BrowserTestUtils.removeTab(noCredentiallessTab);
 105 }
 106
 107 async function dedicatedWorkerTest(
 108   origin,
 109   workerCOEP,
 110   expectedCookieResultForNoCredentialless,
 111   expectedCookieResultForCredentialless
 112 ) {
 113   await testOrigin(
 114     origin,
 115     false,
 116     workerCOEP,
 117     expectedCookieResultForNoCredentialless
 118   );
 119   await testOrigin(
 120     origin,
 121     true,
 122     workerCOEP,
 123     expectedCookieResultForCredentialless
 124   );
 125 }
 126
 127 add_task(async function () {
 128   await SpecialPowers.pushPrefEnv({
 129     set: [
 130       ["browser.tabs.remote.coep.credentialless", false], // Explicitly set credentialless to false because we want to test origin trial
 131       ["dom.origin-trials.enabled", true],
 132       ["dom.origin-trials.test-key.enabled", true],
 133     ],
 134   });
 135
 136   await addCookieToOrigin(SAME_ORIGIN);
 137   await addCookieToOrigin(CROSS_ORIGIN);
 138
 139   await dedicatedWorkerTest(
 140     SAME_ORIGIN,
 141     WORKER_NOT_USE_CREDENTIALLESS,
 142     "hasCookie",
 143     "error"
 144   );
 145   await dedicatedWorkerTest(
 146     SAME_ORIGIN,
 147     WORKER_USES_CREDENTIALLESS,
 148     "hasCookie",
 149     "hasCookie"
 150   );
 151
 152   await dedicatedWorkerTest(
 153     CROSS_ORIGIN,
 154     WORKER_NOT_USE_CREDENTIALLESS,
 155     "hasCookie",
 156     "error"
 157   );
 158   await dedicatedWorkerTest(
 159     CROSS_ORIGIN,
 160     WORKER_USES_CREDENTIALLESS,
 161     "noCookie",
 162     "noCookie"
 163   );
 164 });