ServiceWorkerSingleScriptUpdateChecker has credentials

Before the new byte-for-byte checking, credentials_mode was set to
kInclude for imported scripts. However,
ServiceWorkerSingleScriptUpdateChecker sets the flag to kOmit because
it's missed from the current spec. This CL is to correct the mode to
fix the unintentional change.
Spec issue: https://github.com/w3c/ServiceWorker/issues/1497

Bug: 1042159
Change-Id: I553d7bec015eb4cb80f7f59c640f26491fa02b75
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2032689Reviewed-by: Hiroki Nakagawa <nhiroki@chromium.org>
Commit-Queue: Makoto Shimazu <shimazu@chromium.org>
Cr-Commit-Position: refs/heads/master@{#737253}

content/browser/service_worker/service_worker_single_script_update_checker.cc

@@ -190,16 +190,6 @@ ServiceWorkerSingleScriptUpdateChecker::ServiceWorkerSingleScriptUpdateChecker(
     // https://html.spec.whatwg.org/C/#fetch-a-classic-worker-imported-script
     DCHECK_EQ(network::mojom::RequestMode::kNoCors, resource_request.mode);
 
-    // Explicitly set it to kOmit because the default value of
-    // ResourceRequest::credentials_mode (kInclude) is different from the
-    // default value in the spec "omit".
-    // https://fetch.spec.whatwg.org/#concept-request-credentials-mode
-    //
-    // TODO(https://crbug.com/799935): Remove this once we use kOmit as the
-    // default value.
-    // TODO(https://crbug.com/972458): Need the test.
-    resource_request.credentials_mode = network::mojom::CredentialsMode::kOmit;
-
     // |fetch_request_context_type| and |resource_type| roughly correspond to
     // the request's |destination| in the Fetch spec.
     // The destination is "script" for the imported script.

third_party/blink/web_tests/external/wpt/service-workers/service-worker/credentials.https.html

+<!DOCTYPE html>
+<meta charset="utf-8">
+<title>Credentials for service worker scripts</title>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+<script src="/common/get-host-info.sub.js"></script>
+<script src="/common/utils.js"></script>
+<script src="/cookies/resources/cookie-helper.sub.js"></script>
+<script src="resources/test-helpers.sub.js"></script>
+<body>
+<script>
+// Check if the service worker's script has appropriate credentials for a new
+// worker and byte-for-byte checking.
+
+const SCOPE = 'resources/in-scope';
+const COOKIE_NAME = `service-worker-credentials-${Math.random()}`;
+
+promise_test(async t => {
+  // Set-Cookies for path=/.
+  await fetch(
+      `/cookies/resources/set-cookie.py?name=${COOKIE_NAME}&path=%2F`);
+}, 'Set cookies as initialization');
+
+async function get_cookies(worker) {
+  worker.postMessage('get cookie');
+  const message = await new Promise(resolve =>
+      navigator.serviceWorker.addEventListener('message', resolve));
+  return message.data;
+}
+
+promise_test(async t => {
+  const key = token();
+  const registration = await service_worker_unregister_and_register(
+      t, `resources/echo-cookie-worker.py?key=${key}`, SCOPE);
+  t.add_cleanup(() => registration.unregister());
+  const worker = registration.installing;
+
+  const cookies = await get_cookies(worker);
+  assert_equals(cookies[COOKIE_NAME], '1', 'new worker has credentials');
+
+  await registration.update();
+  const updated_worker = registration.installing;
+  const updated_cookies = await get_cookies(updated_worker);
+  assert_equals(updated_cookies[COOKIE_NAME], '1',
+                'updated worker has credentials');
+}, 'Main script should have credentials');
+
+promise_test(async t => {
+  const key = token();
+  const registration = await service_worker_unregister_and_register(
+      t, `resources/import-echo-cookie-worker.js?key=${key}`, SCOPE);
+  t.add_cleanup(() => registration.unregister());
+  const worker = registration.installing;
+
+  const cookies = await get_cookies(worker);
+  assert_equals(cookies[COOKIE_NAME], '1', 'new worker has credentials');
+
+  await registration.update();
+  const updated_worker = registration.installing;
+  const updated_cookies = await get_cookies(updated_worker);
+  assert_equals(updated_cookies[COOKIE_NAME], '1',
+                'updated worker has credentials');
+}, 'Imported script should have credentials');
+</script>
+</body>

third_party/blink/web_tests/external/wpt/service-workers/service-worker/resources/echo-cookie-worker.py

+def main(request, response):
+    headers = [("Content-Type", "text/javascript")]
+
+    values = []
+    for key in request.cookies:
+        for cookie in request.cookies.get_list(key):
+            values.append('"%s": "%s"' % (key, cookie.value))
+
+    # Update the counter to change the script body for every request to trigger
+    # update of the service worker.
+    key = request.GET['key']
+    counter = request.server.stash.take(key)
+    if counter is None:
+        counter = 0
+    counter += 1
+    request.server.stash.put(key, counter)
+
+    body = """
+// %d
+self.addEventListener('message', e => {
+  e.source.postMessage({%s})
+});""" % (counter, ','.join(values))
+
+    return headers, body

third_party/blink/web_tests/external/wpt/service-workers/service-worker/resources/import-echo-cookie-worker.js

+importScripts(`echo-cookie-worker.py${location.search}`);