| <!DOCTYPE html> |
| <!-- This test should be upstreamed to WPT if an existing test |
| isn't there yet. |
| --> |
| <title>Service Worker: Service-Worker-Allowed header</title> |
| <script src="/resources/testharness.js"></script> |
| <script src="/resources/testharnessreport.js"></script> |
| <script src="/resources/get-host-info.js"></script> |
| <script src="resources/test-helpers.js"></script> |
| <script> |
| |
| var host_info = get_host_info(); |
| |
| promise_test(function(t) { |
| var script = 'resources/service-worker-allowed-worker.php' + |
| '?ServiceWorkerAllowed=/allowed-path'; |
| var scope = '/allowed-path'; |
| return navigator.serviceWorker.register(script, {scope: scope}) |
| .then(function(registration) { |
| assert_true( |
| registration instanceof ServiceWorkerRegistration, |
| 'Successfully registered.'); |
| assert_equals( |
| registration.scope, |
| normalizeURL(scope), |
| 'Registering within Service-Worker-Allowed path should pass'); |
| service_worker_unregister_and_done(t, scope); |
| }) |
| }, 'Registering within Service-Worker-Allowed path'); |
| |
| promise_test(function(t) { |
| var script = 'resources/service-worker-allowed-worker.php' + |
| '?ServiceWorkerAllowed=../allowed-path-with-parent'; |
| var scope = 'allowed-path-with-parent'; |
| return navigator.serviceWorker.register(script, {scope: scope}) |
| .then(function(registration) { |
| assert_true( |
| registration instanceof ServiceWorkerRegistration, |
| 'Successfully registered.'); |
| assert_equals( |
| registration.scope, |
| normalizeURL(scope), |
| 'Registering within Service-Worker-Allowed path with parent ' + |
| 'reference should pass'); |
| service_worker_unregister_and_done(t, scope); |
| }) |
| }, 'Registering within Service-Worker-Allowed path with parent reference'); |
| |
| promise_test(function(t) { |
| var script = 'resources/service-worker-allowed-worker.php' + |
| '?ServiceWorkerAllowed=/allowed-path'; |
| var scope = '/disallowed-path'; |
| return promise_rejects(t, |
| 'SecurityError', |
| navigator.serviceWorker.register(script, {scope: scope}), |
| 'Registering outside Service-Worker-Allowed path should fail'); |
| }, 'Registering outside Service-Worker-Allowed path'); |
| |
| promise_test(function(t) { |
| var script = 'resources/service-worker-allowed-worker.php' + |
| '?ServiceWorkerAllowed=../allowed-path-with-parent'; |
| var scope = '/allowed-path-with-parent'; |
| return promise_rejects(t, |
| 'SecurityError', |
| navigator.serviceWorker.register(script, {scope: scope}), |
| 'Registering outside Service-Worker-Allowed path with parent ' + |
| 'reference should fail'); |
| }, 'Registering outside Service-Worker-Allowed path with parent reference'); |
| |
| promise_test(function(t) { |
| var script = host_info.HTTPS_REMOTE_ORIGIN + |
| '/serviceworker/resources/' + |
| 'service-worker-allowed-worker.php' + |
| '?ServiceWorkerAllowed=' + |
| host_info.HTTP_REMOTE_ORIGIN + '/cross-origin/'; |
| var scope = '/cross-origin/'; |
| return promise_rejects(t, |
| 'SecurityError', |
| navigator.serviceWorker.register(script, {scope: scope}), |
| 'Registering cross-origin Service-Worker-Allowed should fail'); |
| }, 'Registering cross-origin Service-Worker-Allowed'); |
| |
| </script> |