| <!DOCTYPE html> |
| <title>Service Worker: Service-Worker-Allowed header</title> |
| <script src="/resources/testharness.js"></script> |
| <script src="/resources/testharnessreport.js"></script> |
| <script src="/common/get-host-info.sub.js"></script> |
| <script src="resources/test-helpers.sub.js"></script> |
| <script> |
| |
| const host_info = get_host_info(); |
| |
| // Returns a URL for a service worker script whose Service-Worker-Allowed |
| // header value is set to |allowed_path|. If |origin| is specified, that origin |
| // is used. |
| function build_script_url(allowed_path, origin) { |
| const script = 'resources/empty-worker.js'; |
| const url = origin ? `${origin}${base_path()}${script}` : script; |
| return `${url}?pipe=header(Service-Worker-Allowed,${allowed_path})`; |
| } |
| |
| promise_test(async t => { |
| const script = build_script_url('/allowed-path'); |
| const scope = '/allowed-path'; |
| const registration = await service_worker_unregister_and_register( |
| t, script, scope); |
| assert_true(registration instanceof ServiceWorkerRegistration, 'registered'); |
| assert_equals(registration.scope, normalizeURL(scope)); |
| return registration.unregister(); |
| }, 'Registering within Service-Worker-Allowed path'); |
| |
| promise_test(async t => { |
| const script = build_script_url(new URL('/allowed-path', document.location)); |
| const scope = '/allowed-path'; |
| const registration = await service_worker_unregister_and_register( |
| t, script, scope); |
| assert_true(registration instanceof ServiceWorkerRegistration, 'registered'); |
| assert_equals(registration.scope, normalizeURL(scope)); |
| return registration.unregister(); |
| }, 'Registering within Service-Worker-Allowed path (absolute URL)'); |
| |
| promise_test(async t => { |
| const script = build_script_url('../allowed-path-with-parent'); |
| const scope = 'allowed-path-with-parent'; |
| const registration = await service_worker_unregister_and_register( |
| t, script, scope); |
| assert_true(registration instanceof ServiceWorkerRegistration, 'registered'); |
| assert_equals(registration.scope, normalizeURL(scope)); |
| return registration.unregister(); |
| }, 'Registering within Service-Worker-Allowed path with parent reference'); |
| |
| promise_test(async t => { |
| const script = build_script_url('../allowed-path'); |
| const scope = '/disallowed-path'; |
| await service_worker_unregister(t, scope); |
| return promise_rejects(t, |
| 'SecurityError', |
| navigator.serviceWorker.register(script, {scope: scope}), |
| 'register should fail'); |
| }, 'Registering outside Service-Worker-Allowed path'); |
| |
| promise_test(async t => { |
| const script = build_script_url('../allowed-path-with-parent'); |
| const scope = '/allowed-path-with-parent'; |
| await service_worker_unregister(t, scope); |
| return promise_rejects(t, |
| 'SecurityError', |
| navigator.serviceWorker.register(script, {scope: scope}), |
| 'register should fail'); |
| }, 'Registering outside Service-Worker-Allowed path with parent reference'); |
| |
| promise_test(async t => { |
| const script = build_script_url( |
| host_info.HTTPS_REMOTE_ORIGIN + '/'); |
| const scope = 'resources/this-scope-is-normally-allowed' |
| const registration = await service_worker_unregister_and_register( |
| t, script, scope); |
| assert_true(registration instanceof ServiceWorkerRegistration, 'registered'); |
| assert_equals(registration.scope, normalizeURL(scope)); |
| return registration.unregister(); |
| }, 'Service-Worker-Allowed is cross-origin to script, registering on a normally allowed scope'); |
| |
| promise_test(async t => { |
| const script = build_script_url( |
| host_info.HTTPS_REMOTE_ORIGIN + '/'); |
| const scope = '/this-scope-is-normally-disallowed' |
| const registration = await service_worker_unregister_and_register( |
| t, script, scope); |
| assert_true(registration instanceof ServiceWorkerRegistration, 'registered'); |
| assert_equals(registration.scope, normalizeURL(scope)); |
| return registration.unregister(); |
| }, 'Service-Worker-Allowed is cross-origin to script, registering on a normally disallowed scope'); |
| |
| promise_test(async t => { |
| const script = build_script_url( |
| host_info.HTTPS_REMOTE_ORIGIN + '/cross-origin/', |
| host_info.HTTPS_REMOTE_ORIGIN); |
| const scope = '/cross-origin/'; |
| await service_worker_unregister(t, scope); |
| return promise_rejects(t, |
| 'SecurityError', |
| navigator.serviceWorker.register(script, {scope: scope}), |
| 'register should fail'); |
| }, 'Service-Worker-Allowed is cross-origin to page, same-origin to script'); |
| |
| </script> |