SharedWorker: Add shared-worker-options-credentials.html

This CL adds shared-worker-options-credentials.html for web-platform-test.

Bug: 1048966, 824646
Change-Id: Ib35daf5ba96ddd03bb1881757e86e8251c1a3456
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2037294
Commit-Queue: Eriko Kurimoto <elkurin@google.com>
Reviewed-by: Hiroki Nakagawa <nhiroki@chromium.org>
Cr-Commit-Position: refs/heads/master@{#738441}

third_party/blink/web_tests/external/wpt/workers/modules/dedicated-worker-options-credentials.html

@@ -52,7 +52,7 @@ function credentials_test(options, config, description) {
   promise_test(async () => {
     let workerURL, origin = config.origin;
     if (config.fetchType === 'top-level') {
-      workerURL = 'resources/credentials.py';
+      workerURL = 'resources/postmessage-credentials.py';
     } else if (config.fetchType === 'descendant-static') {
       workerURL =
         `resources/static-import-${origin}-origin-credentials-checker-worker.${origin === 'same' ? '' : 'sub.'}js`;

third_party/blink/web_tests/external/wpt/workers/modules/resources/dynamic-import-remote-origin-credentials-checker-worker.sub.js

 // Import a remote origin script.
-import('http://{{domains[www1]}}:{{ports[http][0]}}/workers/modules/resources/credentials.py');
+const import_url =
+    'http://{{domains[www1]}}:{{ports[http][0]}}/workers/modules/resources/export-credentials.py';
+if ('DedicatedWorkerGlobalScope' in self &&
+    self instanceof DedicatedWorkerGlobalScope) {
+  import(import_url)
+      .then(module => postMessage(module.cookie));
+} else if (
+    'SharedWorkerGlobalScope' in self &&
+    self instanceof SharedWorkerGlobalScope) {
+  onconnect = e => {
+    import(import_url)
+        .then(module => e.ports[0].postMessage(module.cookie));
+  };
+}

third_party/blink/web_tests/external/wpt/workers/modules/resources/dynamic-import-same-origin-credentials-checker-worker.js

-import('./credentials.py');
+const import_url = './export-credentials.py';
+if ('DedicatedWorkerGlobalScope' in self &&
+    self instanceof DedicatedWorkerGlobalScope) {
+  import(import_url)
+      .then(module => postMessage(module.cookie));
+} else if (
+    'SharedWorkerGlobalScope' in self &&
+    self instanceof SharedWorkerGlobalScope) {
+  onconnect = e => {
+    import(import_url)
+        .then(module => e.ports[0].postMessage(module.cookie));
+  };
+}

third_party/blink/web_tests/external/wpt/workers/modules/resources/credentials.py → third_party/blink/web_tests/external/wpt/workers/modules/resources/export-credentials.py

@@ -11,4 +11,5 @@ def main(request, response):
     cookie_value = '';
     if cookie:
         cookie_value = cookie.value;
-    return (200, response_headers, "postMessage('"+cookie_value+"');")
+    return (200, response_headers,
+            "export const cookie = '"+cookie_value+"';")

third_party/blink/web_tests/external/wpt/workers/modules/resources/postmessage-credentials.py

+def main(request, response):
+    cookie = request.cookies.first("COOKIE_NAME", None)
+
+    response_headers = [("Content-Type", "text/javascript"),
+                        ("Access-Control-Allow-Credentials", "true")]
+
+    origin = request.headers.get("Origin", None)
+    if origin:
+        response_headers.append(("Access-Control-Allow-Origin", origin))
+
+    cookie_value = '';
+    if cookie:
+        cookie_value = cookie.value;
+    return (200, response_headers,
+            "if ('DedicatedWorkerGlobalScope' in self &&" +
+            "    self instanceof DedicatedWorkerGlobalScope) {" +
+            "  postMessage('"+cookie_value+"');" +
+            "} else if (" +
+            "    'SharedWorkerGlobalScope' in self &&" +
+            "    self instanceof SharedWorkerGlobalScope) {" +
+            "  onconnect = e => e.ports[0].postMessage('"+cookie_value+"');" +
+            "}")

third_party/blink/web_tests/external/wpt/workers/modules/resources/static-import-remote-origin-credentials-checker-worker.sub.js

 // Import a remote origin script.
-import 'http://{{domains[www1]}}:{{ports[http][0]}}/workers/modules/resources/credentials.py';
+import * as module from 'http://{{domains[www1]}}:{{ports[http][0]}}/workers/modules/resources/export-credentials.py';
+if ('DedicatedWorkerGlobalScope' in self &&
+    self instanceof DedicatedWorkerGlobalScope) {
+  postMessage(module.cookie);
+} else if (
+    'SharedWorkerGlobalScope' in self &&
+    self instanceof SharedWorkerGlobalScope) {
+  onconnect = e => {
+    e.ports[0].postMessage(module.cookie);
+  };
+}

third_party/blink/web_tests/external/wpt/workers/modules/resources/static-import-same-origin-credentials-checker-worker.js

-import './credentials.py';
+import * as module from './export-credentials.py';
+if ('DedicatedWorkerGlobalScope' in self &&
+    self instanceof DedicatedWorkerGlobalScope) {
+  postMessage(module.cookie);
+} else if (
+    'SharedWorkerGlobalScope' in self &&
+    self instanceof SharedWorkerGlobalScope) {
+  onconnect = e => {
+    e.ports[0].postMessage(module.cookie);
+  };
+}

third_party/blink/web_tests/external/wpt/workers/modules/shared-worker-options-credentials-expected.txt

+This is a testharness.js-based test.
+PASS Test initialization: setting up cross-origin cookie
+PASS new SharedWorker() with type=module and default credentials option should behave as credentials=same-origin and send the credentials
+FAIL new SharedWorker() with type=module and credentials=omit should not send the credentials assert_equals: expected "" but got "1"
+PASS new SharedWorker() with type=module and credentials=same-origin should send the credentials
+PASS new SharedWorker() with type=module and credentials=include should send the credentials
+PASS new SharedWorker() with type=module and default credentials option should behave as credentials=same-origin and send the credentials for same-origin static imports
+FAIL new SharedWorker() with type=module and credentials=omit should not send the credentials for same-origin static imports assert_equals: expected "" but got "1"
+PASS new SharedWorker() with type=module and credentials=same-origin should send the credentials for same-origin static imports
+PASS new SharedWorker() with type=module and credentials=include should send the credentials for same-origin static imports
+PASS new SharedWorker() with type=module and default credentials option should behave as credentials=same-origin and not send the credentials for cross-origin static imports
+PASS new SharedWorker() with type=module and credentials=omit should not send the credentials for cross-origin static imports
+PASS new SharedWorker() with type=module and credentials=same-origin should not send the credentials for cross-origin static imports
+FAIL new SharedWorker() with type=module and credentials=include should send the credentials for cross-origin static imports assert_equals: expected "1" but got ""
+PASS new SharedWorker() with type=module and default credentials option should behave as credentials=same-origin and send the credentials for same-origin dynamic imports
+FAIL new SharedWorker() with type=module and credentials=omit should not send the credentials for same-origin dynamic imports assert_equals: expected "" but got "1"
+PASS new SharedWorker() with type=module and credentials=same-origin should send the credentials for same-origin dynamic imports
+PASS new SharedWorker() with type=module and credentials=include should send the credentials for same-origin dynamic imports
+PASS new SharedWorker() with type=module and default credentials option should behave as credentials=same-origin and not send the credentials for cross-origin dynamic imports
+PASS new SharedWorker() with type=module and credentials=omit should not send the credentials for cross-origin dynamic imports
+PASS new SharedWorker() with type=module and credentials=same-origin should not send the credentials for cross-origin dynamic imports
+FAIL new SharedWorker() with type=module and credentials=include should send the credentials for cross-origin dynamic imports assert_equals: expected "1" but got ""
+PASS new SharedWorker() with type=classic should always send the credentials regardless of the credentials option (default).
+PASS new SharedWorker() with type=classic should always send the credentials regardless of the credentials option (omit).
+PASS new SharedWorker() with type=classic should always send the credentials regardless of the credentials option (same-origin).
+PASS new SharedWorker() with type=classic should always send the credentials regardless of the credentials option (include).
+PASS new SharedWorker() with type=classic should always send the credentials for same-origin dynamic imports regardless of the credentials option (default).
+PASS new SharedWorker() with type=classic should always send the credentials for same-origin dynamic imports regardless of the credentials option (omit).
+PASS new SharedWorker() with type=classic should always send the credentials for same-origin dynamic imports regardless of the credentials option (same-origin).
+PASS new SharedWorker() with type=classic should always send the credentials for same-origin dynamic imports regardless of the credentials option (include).
+PASS new SharedWorker() with type=classic should never send the credentials for cross-origin dynamic imports regardless of the credentials option (default).
+PASS new SharedWorker() with type=classic should never send the credentials for cross-origin dynamic imports regardless of the credentials option (omit).
+PASS new SharedWorker() with type=classic should never send the credentials for cross-origin dynamic imports regardless of the credentials option (same-origin).
+PASS new SharedWorker() with type=classic should never send the credentials for cross-origin dynamic imports regardless of the credentials option (include).
+Harness: the test ran to completion.
+

third_party/blink/web_tests/external/wpt/workers/modules/shared-worker-options-credentials.html

+<!DOCTYPE html>
+<title>SharedWorker: WorkerOptions 'credentials'</title>
+<meta name="timeout" content="long">
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+<script src="/common/get-host-info.sub.js"></script>
+<script>
+host_info = get_host_info();
+
+// Determines the expected cookie value to be reported by a shared worker
+// based on the given option. The worker reports an empty string as the actual
+// cookie value if the cookie wasn't sent to the server. Otherwise, it's the
+// value set by the headers file:
+// "shared-worker-options-credentials.html.headers"
+function DetermineExpectedCookieValue(options, config) {
+  // Valid WorkerOptions and test config checking.
+  if (config.origin !== 'same' && config.origin !== 'remote')
+    assert_unreached('Invalid config.origin was specified: ' + config.origin);
+  if (options.credentials && options.credentials !== 'omit' &&
+      options.credentials !== 'same-origin' &&
+      options.credentials !== 'include') {
+    assert_unreached('Invalid credentials option was specified: ' +
+                      options.credentials);
+  }
+  if (options.type !== 'classic' && options.type !== 'module')
+    assert_unreached('Invalid type option was specified: ' + options.type);
+
+  if (options.type === 'classic')
+    return (config.origin === 'same') ? '1' : '';
+
+  if (options.credentials === 'omit')
+    return '';
+  else if (options.credentials === 'include')
+    return '1';
+  else
+    return (config.origin === 'same') ? '1' : '';
+}
+
+// Runs a credentials test with the given WorkerOptions.
+//
+// |options| is a WorkerOptions dict.
+// |config| has options as follows:
+//
+//   config = {
+//     fetchType: 'top-level' or 'descendant-static' or 'descendant-dynamic'
+//     origin: 'remote' or 'same'
+//   };
+//
+// - |config.fetchType| indicates the type of script to load for the test.
+// - |config.origin| indicates same-origin-ness of the script to load.
+function credentials_test(options, config, description) {
+  promise_test(async () => {
+    let workerURL, origin = config.origin;
+    if (config.fetchType === 'top-level') {
+      workerURL = 'resources/postmessage-credentials.py';
+    } else if (config.fetchType === 'descendant-static') {
+      workerURL =
+        `resources/static-import-${origin}-origin-credentials-checker-worker.${origin === 'same' ? '' : 'sub.'}js`;
+    } else if (config.fetchType === 'descendant-dynamic') {
+      workerURL =
+        `resources/dynamic-import-${origin}-origin-credentials-checker-worker.${origin === 'same' ? '' : 'sub.'}js`;
+    } else {
+      assert_unreached('Invalid config.fetchType: ' + config.fetchType);
+    }
+
+    const worker = new SharedWorker(workerURL, options);
+
+    // Wait until the worker sends the actual cookie value.
+    const msg_event = await new Promise(resolve => worker.port.onmessage = resolve);
+
+    const expectedCookieValue = DetermineExpectedCookieValue(options, config);
+    assert_equals(msg_event.data, expectedCookieValue);
+  }, description);
+}
+
+function init() {
+  // Same-origin cookie is set up in the .headers file in this directory.
+  promise_test(async () => {
+    return fetch(
+      `${host_info.HTTP_REMOTE_ORIGIN}/cookies/resources/set-cookie.py?name=COOKIE_NAME&path=/workers/modules/`,
+      {
+        mode: 'no-cors',
+        credentials: 'include'
+      });
+  }, 'Test initialization: setting up cross-origin cookie');
+}
+
+init();
+
+// Tests for module workers.
+
+credentials_test(
+    { type: 'module' },
+    { fetchType: 'top-level', origin: 'same' },
+    'new SharedWorker() with type=module and default credentials option ' +
+    'should behave as credentials=same-origin and send the credentials');
+
+credentials_test(
+    { credentials: 'omit', type: 'module' },
+    { fetchType: 'top-level', origin: 'same' },
+    'new SharedWorker() with type=module and credentials=omit should not ' +
+    'send the credentials');
+
+credentials_test(
+    { credentials: 'same-origin', type: 'module' },
+    { fetchType: 'top-level', origin: 'same' },
+    'new SharedWorker() with type=module and credentials=same-origin should ' +
+    'send the credentials');
+
+credentials_test(
+    { credentials: 'include', type: 'module' },
+    { fetchType: 'top-level', origin: 'same' },
+    'new SharedWorker() with type=module and credentials=include should send ' +
+    'the credentials');
+
+// Tests for module worker static imports.
+
+credentials_test(
+    { type: 'module' },
+    { fetchType: 'descendant-static', origin: 'same' },
+    'new SharedWorker() with type=module and default credentials option ' +
+    'should behave as credentials=same-origin and send the credentials for ' +
+    'same-origin static imports');
+
+credentials_test(
+    { credentials: 'omit', type: 'module' },
+    { fetchType: 'descendant-static', origin: 'same' },
+    'new SharedWorker() with type=module and credentials=omit should not ' +
+    'send the credentials for same-origin static imports');
+
+credentials_test(
+    { credentials: 'same-origin', type: 'module' },
+    { fetchType: 'descendant-static', origin: 'same' },
+    'new SharedWorker() with type=module and credentials=same-origin should ' +
+    'send the credentials for same-origin static imports');
+
+credentials_test(
+    { credentials: 'include', type: 'module' },
+    { fetchType: 'descendant-static', origin: 'same' },
+    'new SharedWorker() with type=module and credentials=include should send ' +
+    'the credentials for same-origin static imports');
+
+credentials_test(
+    { type: 'module' },
+    { fetchType: 'descendant-static', origin: 'remote' },
+    'new SharedWorker() with type=module and default credentials option ' +
+    'should behave as credentials=same-origin and not send the credentials ' +
+    'for cross-origin static imports');
+
+credentials_test(
+    { credentials: 'omit', type: 'module' },
+    { fetchType: 'descendant-static', origin: 'remote' },
+    'new SharedWorker() with type=module and credentials=omit should not ' +
+    'send the credentials for cross-origin static imports');
+
+credentials_test(
+    { credentials: 'same-origin', type: 'module' },
+    { fetchType: 'descendant-static', origin: 'remote' },
+    'new SharedWorker() with type=module and credentials=same-origin should ' +
+    'not send the credentials for cross-origin static imports');
+
+credentials_test(
+    { credentials: 'include', type: 'module' },
+    { fetchType: 'descendant-static', origin: 'remote' },
+    'new SharedWorker() with type=module and credentials=include should send ' +
+    'the credentials for cross-origin static imports');
+
+// Tests for module worker dynamic imports.
+
+credentials_test(
+    { type: 'module' },
+    { fetchType: 'descendant-dynamic', origin: 'same' },
+    'new SharedWorker() with type=module and default credentials option ' +
+    'should behave as credentials=same-origin and send the credentials for ' +
+    'same-origin dynamic imports');
+
+credentials_test(
+    { credentials: 'omit', type: 'module' },
+    { fetchType: 'descendant-dynamic', origin: 'same' },
+    'new SharedWorker() with type=module and credentials=omit should not ' +
+    'send the credentials for same-origin dynamic imports');
+
+credentials_test(
+    { credentials: 'same-origin', type: 'module' },
+    { fetchType: 'descendant-dynamic', origin: 'same' },
+    'new SharedWorker() with type=module and credentials=same-origin should ' +
+    'send the credentials for same-origin dynamic imports');
+
+credentials_test(
+    { credentials: 'include', type: 'module' },
+    { fetchType: 'descendant-dynamic', origin: 'same' },
+    'new SharedWorker() with type=module and credentials=include should send ' +
+    'the credentials for same-origin dynamic imports');
+
+credentials_test(
+    { type: 'module'},
+    { fetchType: 'descendant-dynamic', origin: 'remote' },
+    'new SharedWorker() with type=module and default credentials option ' +
+    'should behave as credentials=same-origin and not send the credentials ' +
+    'for cross-origin dynamic imports');
+
+credentials_test(
+    { credentials: 'omit', type: 'module' },
+    { fetchType: 'descendant-dynamic', origin: 'remote' },
+    'new SharedWorker() with type=module and credentials=omit should not ' +
+    'send the credentials for cross-origin dynamic imports');
+
+credentials_test(
+    { credentials: 'same-origin', type: 'module' },
+    { fetchType: 'descendant-dynamic', origin: 'remote' },
+    'new SharedWorker() with type=module and credentials=same-origin should ' +
+    'not send the credentials for cross-origin dynamic imports');
+
+credentials_test(
+    { credentials: 'include', type: 'module' },
+    { fetchType: 'descendant-dynamic', origin: 'remote' },
+    'new SharedWorker() with type=module and credentials=include should send ' +
+    'the credentials for cross-origin dynamic imports');
+
+// Tests for classic workers.
+// TODO(domfarolino): Maybe move classic worker tests up a directory?
+
+credentials_test(
+    { type: 'classic' },
+    { fetchType: 'top-level', origin: 'same' },
+    'new SharedWorker() with type=classic should always send the credentials ' +
+    'regardless of the credentials option (default).');
+
+credentials_test(
+    { credentials: 'omit', type: 'classic' },
+    { fetchType: 'top-level', origin: 'same' },
+    'new SharedWorker() with type=classic should always send the credentials ' +
+    'regardless of the credentials option (omit).');
+
+credentials_test(
+    { credentials: 'same-origin', type: 'classic' },
+    { fetchType: 'top-level', origin: 'same' },
+    'new SharedWorker() with type=classic should always send the credentials ' +
+    'regardless of the credentials option (same-origin).');
+
+credentials_test(
+    { credentials: 'include', type: 'classic' },
+    { fetchType: 'top-level', origin: 'same' },
+    'new SharedWorker() with type=classic should always send the credentials ' +
+    'regardless of the credentials option (include).');
+
+// Tests for classic worker dynamic imports.
+
+credentials_test(
+    { type: 'classic' },
+    { fetchType: 'descendant-dynamic', origin: 'same' },
+    'new SharedWorker() with type=classic should always send the credentials ' +
+    'for same-origin dynamic imports regardless of the credentials option ' +
+    '(default).');
+
+credentials_test(
+    { credentials: 'omit', type: 'classic' },
+    { fetchType: 'descendant-dynamic', origin: 'same' },
+    'new SharedWorker() with type=classic should always send the credentials ' +
+    'for same-origin dynamic imports regardless of the credentials option ' +
+    '(omit).');
+
+credentials_test(
+    { credentials: 'same-origin', type: 'classic' },
+    { fetchType: 'descendant-dynamic', origin: 'same' },
+    'new SharedWorker() with type=classic should always send the credentials ' +
+    'for same-origin dynamic imports regardless of the credentials option ' +
+    '(same-origin).');
+
+credentials_test(
+    { credentials: 'include', type: 'classic' },
+    { fetchType: 'descendant-dynamic', origin: 'same' },
+    'new SharedWorker() with type=classic should always send the credentials ' +
+    'for same-origin dynamic imports regardless of the credentials option ' +
+    '(include).');
+
+credentials_test(
+    { type: 'classic' },
+    { fetchType: 'descendant-dynamic', origin: 'remote' },
+    'new SharedWorker() with type=classic should never send the credentials ' +
+    'for cross-origin dynamic imports regardless of the credentials option ' +
+    '(default).');
+
+credentials_test(
+    { credentials: 'omit', type: 'classic' },
+    { fetchType: 'descendant-dynamic', origin: 'remote' },
+    'new SharedWorker() with type=classic should never send the credentials ' +
+    'for cross-origin dynamic imports regardless of the credentials option ' +
+    '(omit).');
+
+credentials_test(
+    { credentials: 'same-origin', type: 'classic' },
+    { fetchType: 'descendant-dynamic', origin: 'remote' },
+    'new SharedWorker() with type=classic should never send the credentials ' +
+    'for cross-origin dynamic imports regardless of the credentials option ' +
+    '(same-origin).');
+
+credentials_test(
+    { credentials: 'include', type: 'classic' },
+    { fetchType: 'descendant-dynamic', origin: 'remote' },
+    'new SharedWorker() with type=classic should never send the credentials ' +
+    'for cross-origin dynamic imports regardless of the credentials option ' +
+    '(include).');
+
+</script>

third_party/blink/web_tests/external/wpt/workers/modules/shared-worker-options-credentials.html.headers

+Set-Cookie: COOKIE_NAME=1
+Access-Control-Allow-Credentials: true