Add a few Worker loading tests that don't seem to be explicitly handled
authorcommit-queue@webkit.org <commit-queue@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Mon, 19 Dec 2016 20:28:47 +0000 (20:28 +0000)
committercommit-queue@webkit.org <commit-queue@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Mon, 19 Dec 2016 20:28:47 +0000 (20:28 +0000)
https://bugs.webkit.org/show_bug.cgi?id=165870

Patch by Joseph Pecoraro <pecoraro@apple.com> on 2016-12-19
Reviewed by Daniel Bates.

The tests already pass as expected, but adding specific tests
for specific expected behavior with Worker script loads.

* http/tests/security/contentSecurityPolicy/worker-redirect-allowed-expected.txt: Added.
* http/tests/security/contentSecurityPolicy/worker-redirect-allowed.html: Added.
* http/tests/security/resources/worker-message-pass.js: Added.
* http/tests/security/worker-cross-origin-expected.txt: Added.
* http/tests/security/worker-cross-origin.html: Added.
* http/tests/security/worker-same-origin-expected.txt: Added.
* http/tests/security/worker-same-origin.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@209993 268f45cc-cd09-0410-ab3c-d52691b4dbfc

LayoutTests/ChangeLog
LayoutTests/http/tests/security/contentSecurityPolicy/worker-redirect-allowed-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/security/contentSecurityPolicy/worker-redirect-allowed.html [new file with mode: 0644]
LayoutTests/http/tests/security/resources/worker-message-pass.js [new file with mode: 0644]
LayoutTests/http/tests/security/worker-cross-origin-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/security/worker-cross-origin.html [new file with mode: 0644]
LayoutTests/http/tests/security/worker-same-origin-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/security/worker-same-origin.html [new file with mode: 0644]

index 05815d5..d75d72d 100644 (file)
@@ -1,3 +1,21 @@
+2016-12-19  Joseph Pecoraro  <pecoraro@apple.com>
+
+        Add a few Worker loading tests that don't seem to be explicitly handled
+        https://bugs.webkit.org/show_bug.cgi?id=165870
+
+        Reviewed by Daniel Bates.
+
+        The tests already pass as expected, but adding specific tests
+        for specific expected behavior with Worker script loads.
+
+        * http/tests/security/contentSecurityPolicy/worker-redirect-allowed-expected.txt: Added.
+        * http/tests/security/contentSecurityPolicy/worker-redirect-allowed.html: Added.
+        * http/tests/security/resources/worker-message-pass.js: Added.
+        * http/tests/security/worker-cross-origin-expected.txt: Added.
+        * http/tests/security/worker-cross-origin.html: Added.
+        * http/tests/security/worker-same-origin-expected.txt: Added.
+        * http/tests/security/worker-same-origin.html: Added.
+
 2016-12-18  Brent Fulgham  <bfulgham@apple.com>
 
         Side effects while restting form elements
diff --git a/LayoutTests/http/tests/security/contentSecurityPolicy/worker-redirect-allowed-expected.txt b/LayoutTests/http/tests/security/contentSecurityPolicy/worker-redirect-allowed-expected.txt
new file mode 100644 (file)
index 0000000..3dd65d2
--- /dev/null
@@ -0,0 +1,11 @@
+This tests that the Content Security Policy of the page allows loading a Web Worker's script redirected on the same origin.
+
+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
+
+
+PASS worker = new Worker("http://127.0.0.1:8000/resources/redirect.php?url=http://127.0.0.1:8000/security/resources/worker-message-pass.js") did not throw exception.
+PASS PASS: Worker loaded and sent message
+PASS successfullyParsed is true
+
+TEST COMPLETE
+
diff --git a/LayoutTests/http/tests/security/contentSecurityPolicy/worker-redirect-allowed.html b/LayoutTests/http/tests/security/contentSecurityPolicy/worker-redirect-allowed.html
new file mode 100644 (file)
index 0000000..ee92f30
--- /dev/null
@@ -0,0 +1,26 @@
+<!DOCTYPE html>
+<html>
+<head>
+<meta http-equiv="Content-Security-Policy" content="child-src http://127.0.0.1:8000/resources/redirect.php">
+<script src="/js-test-resources/js-test-pre.js"></script>
+</head>
+<body>
+<script>
+window.jsTestIsAsync = true;
+
+description("This tests that the Content Security Policy of the page allows loading a Web Worker's script redirected on the same origin.");
+
+var worker;
+shouldNotThrow('worker = new Worker("http://127.0.0.1:8000/resources/redirect.php?url=http://127.0.0.1:8000/security/resources/worker-message-pass.js")');
+worker.onmessage = function(event) {
+    testPassed(event.data);
+    finishJSTest();
+};
+worker.onerror = function () {
+    testFailed("error event dispatched");
+    finishJSTest();
+};
+</script>
+<script src="/js-test-resources/js-test-post.js"></script>
+</body>
+</html>
diff --git a/LayoutTests/http/tests/security/resources/worker-message-pass.js b/LayoutTests/http/tests/security/resources/worker-message-pass.js
new file mode 100644 (file)
index 0000000..a6a46d4
--- /dev/null
@@ -0,0 +1 @@
+postMessage("PASS: Worker loaded and sent message");
diff --git a/LayoutTests/http/tests/security/worker-cross-origin-expected.txt b/LayoutTests/http/tests/security/worker-cross-origin-expected.txt
new file mode 100644 (file)
index 0000000..3b263b7
--- /dev/null
@@ -0,0 +1,13 @@
+CONSOLE MESSAGE: Unsafe attempt to load URL http://localhost:8000/security/resources/worker-message-pass.js from frame with URL http://127.0.0.1:8000/security/worker-cross-origin.html. Domains, protocols and ports must match.
+
+This tests that Web Worker script redirects are blocked if cross origin.
+
+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
+
+
+PASS worker = new Worker("http://127.0.0.1:8000/resources/redirect.php?url=http://localhost:8000/security/resources/worker-message-pass.js") did not throw exception.
+PASS Blocked cross origin Worker script load
+PASS successfullyParsed is true
+
+TEST COMPLETE
+
diff --git a/LayoutTests/http/tests/security/worker-cross-origin.html b/LayoutTests/http/tests/security/worker-cross-origin.html
new file mode 100644 (file)
index 0000000..194c3b9
--- /dev/null
@@ -0,0 +1,25 @@
+<!DOCTYPE html>
+<html>
+<head>
+<script src="/js-test-resources/js-test-pre.js"></script>
+</head>
+<body>
+<script>
+window.jsTestIsAsync = true;
+
+description("This tests that Web Worker script redirects are blocked if cross origin.");
+
+var worker;
+shouldNotThrow('worker = new Worker("http://127.0.0.1:8000/resources/redirect.php?url=http://localhost:8000/security/resources/worker-message-pass.js")');
+worker.onmessage = function(event) {
+    testFailed("Should have blocked cross origin Worker script load");
+    finishJSTest();
+};
+worker.onerror = function () {
+    testPassed("Blocked cross origin Worker script load");
+    finishJSTest();
+};
+</script>
+<script src="/js-test-resources/js-test-post.js"></script>
+</body>
+</html>
diff --git a/LayoutTests/http/tests/security/worker-same-origin-expected.txt b/LayoutTests/http/tests/security/worker-same-origin-expected.txt
new file mode 100644 (file)
index 0000000..f56384e
--- /dev/null
@@ -0,0 +1,11 @@
+This tests that Web Worker script redirects are loaded if same origin.
+
+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
+
+
+PASS worker = new Worker("http://127.0.0.1:8000/resources/redirect.php?url=http://127.0.0.1:8000/security/resources/worker-message-pass.js") did not throw exception.
+PASS Allowed same origin Worker script load
+PASS successfullyParsed is true
+
+TEST COMPLETE
+
diff --git a/LayoutTests/http/tests/security/worker-same-origin.html b/LayoutTests/http/tests/security/worker-same-origin.html
new file mode 100644 (file)
index 0000000..1e911d7
--- /dev/null
@@ -0,0 +1,25 @@
+<!DOCTYPE html>
+<html>
+<head>
+<script src="/js-test-resources/js-test-pre.js"></script>
+</head>
+<body>
+<script>
+window.jsTestIsAsync = true;
+
+description("This tests that Web Worker script redirects are loaded if same origin.");
+
+var worker;
+shouldNotThrow('worker = new Worker("http://127.0.0.1:8000/resources/redirect.php?url=http://127.0.0.1:8000/security/resources/worker-message-pass.js")');
+worker.onmessage = function(event) {
+    testPassed("Allowed same origin Worker script load");
+    finishJSTest();
+};
+worker.onerror = function () {
+    testFailed("Should have allowed same origin Worker script load");
+    finishJSTest();
+};
+</script>
+<script src="/js-test-resources/js-test-post.js"></script>
+</body>
+</html>