From e5f396158b7e7b7ec7d6efdb5b2cb9ff1624f052 Mon Sep 17 00:00:00 2001 From: Marco Castelluccio Date: Mon, 15 Mar 2021 23:20:48 +0000 Subject: [PATCH] Bug 1695941 [wpt PR 27857] - WPT: `Sec-Fetch-*` headers aren't accessible in service workers., a=testonly Automatic update from web-platform-tests WPT: `Sec-Fetch-*` headers aren't accessible in service workers. As requested in https://github.com/whatwg/fetch/pull/993. Change-Id: Ie6096154ad9f6af73e2c26e0bb0c8f72a2a7a99a Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2727263 Reviewed-by: Matt Falkenhagen Commit-Queue: Mike West Cr-Commit-Position: refs/heads/master{#859345} -- wpt-commits: df6a144d964283f2929eeb937af2806d9aafec62 wpt-pr: 27857 UltraBlame original commit: cc8aa5885f9fc1c5d8b014047501861d5af169e6 --- .../serviceworker-accessors-frame.html | 24 ++ .../resources/serviceworker-accessors.sw.js | 143 +++++++ .../serviceworker-accessors.https.sub.html | 392 ++++++++++++++++++ 3 files changed, 559 insertions(+) create mode 100644 testing/web-platform/tests/fetch/metadata/resources/serviceworker-accessors-frame.html create mode 100644 testing/web-platform/tests/fetch/metadata/resources/serviceworker-accessors.sw.js create mode 100644 testing/web-platform/tests/fetch/metadata/serviceworker-accessors.https.sub.html diff --git a/testing/web-platform/tests/fetch/metadata/resources/serviceworker-accessors-frame.html b/testing/web-platform/tests/fetch/metadata/resources/serviceworker-accessors-frame.html new file mode 100644 index 0000000000000..70d7faca2b417 --- /dev/null +++ b/testing/web-platform/tests/fetch/metadata/resources/serviceworker-accessors-frame.html @@ -0,0 +1,24 @@ +< +! +DOCTYPE +html +> +< +meta +charset += +" +utf +- +8 +" +> +< +title +> +Page +Title +< +/ +title +> diff --git a/testing/web-platform/tests/fetch/metadata/resources/serviceworker-accessors.sw.js b/testing/web-platform/tests/fetch/metadata/resources/serviceworker-accessors.sw.js new file mode 100644 index 0000000000000..148442efaa3fc --- /dev/null +++ b/testing/web-platform/tests/fetch/metadata/resources/serviceworker-accessors.sw.js @@ -0,0 +1,143 @@ +addEventListener +( +" +fetch +" +event += +> +{ +event +. +waitUntil +( +async +function +( +) +{ +if +( +! +event +. +clientId +) +return +; +const +client += +await +clients +. +get +( +event +. +clientId +) +; +if +( +! +client +) +return +; +client +. +postMessage +( +{ +" +dest +" +: +event +. +request +. +headers +. +get +( +" +sec +- +fetch +- +dest +" +) +" +mode +" +: +event +. +request +. +headers +. +get +( +" +sec +- +fetch +- +mode +" +) +" +site +" +: +event +. +request +. +headers +. +get +( +" +sec +- +fetch +- +site +" +) +" +user +" +: +event +. +request +. +headers +. +get +( +" +sec +- +fetch +- +user +" +) +} +) +; +} +( +) +) +; +} +) +; diff --git a/testing/web-platform/tests/fetch/metadata/serviceworker-accessors.https.sub.html b/testing/web-platform/tests/fetch/metadata/serviceworker-accessors.https.sub.html new file mode 100644 index 0000000000000..04a7cefa7124c --- /dev/null +++ b/testing/web-platform/tests/fetch/metadata/serviceworker-accessors.https.sub.html @@ -0,0 +1,392 @@ +< +! +DOCTYPE +html +> +< +! +- +- +This +test +verifies +that +Fetch +Metadata +headers +are +not +exposed +to +Service +Workers +via +the +request +' +s +headers +accessor +. +- +- +> +< +meta +charset += +" +utf +- +8 +" +/ +> +< +script +src += +/ +resources +/ +testharness +. +js +> +< +/ +script +> +< +script +src += +/ +resources +/ +testharnessreport +. +js +> +< +/ +script +> +< +script +src += +/ +fetch +/ +metadata +/ +resources +/ +helper +. +js +> +< +/ +script +> +< +script +src += +/ +service +- +workers +/ +service +- +worker +/ +resources +/ +test +- +helpers +. +sub +. +js +> +< +/ +script +> +< +script +src += +/ +common +/ +utils +. +js +> +< +/ +script +> +< +script +> +const +SCOPE += +' +resources +/ +serviceworker +- +accessors +- +frame +. +html +' +; +const +SCRIPT += +' +resources +/ +serviceworker +- +accessors +. +sw +. +js +' +; +function +assert_headers_not_seen_in_service_worker +( +frame +) +{ +return +new +Promise +( +( +resolve +reject +) += +> +{ +frame +. +contentWindow +. +fetch +( +SCOPE +{ +mode +: +' +no +- +cors +' +} +) +; +frame +. +contentWindow +. +navigator +. +serviceWorker +. +addEventListener +( +' +message +' +e += +> +{ +assert_header_equals +( +e +. +data +{ +" +dest +" +: +null +" +mode +" +: +null +" +site +" +: +null +" +user +" +: +null +} +) +; +resolve +( +) +; +} +) +; +} +) +; +} +promise_test +( +async +function +( +t +) +{ +const +reg += +await +service_worker_unregister_and_register +( +t +SCRIPT +SCOPE +) +; +t +. +add_cleanup +( +async +( +) += +> +{ +if +( +reg +) +await +reg +. +unregister +( +) +; +} +) +; +await +wait_for_state +( +t +reg +. +installing +' +activated +' +) +; +const +frame += +await +with_iframe +( +SCOPE +) +; +t +. +add_cleanup +( +async +( +) += +> +{ +if +( +frame +) +frame +. +remove +( +) +; +} +) +; +/ +/ +Trigger +a +fetch +that +will +go +through +the +service +worker +and +validate +/ +/ +the +visible +headers +. +await +assert_headers_not_seen_in_service_worker +( +frame +) +; +} +' +Sec +- +Fetch +headers +in +Service +Worker +fetch +handler +. +' +) +; +< +/ +script +>