Cross origin workers should fail to fetch (web-platform-tests#13671)

* Cross origin workers should fail to fetch * Pass tests when cross-origin workers fail to construct, and fix other tests * Assert that DOMExceptions thrown on worker construction are SecurityErrors * Add asserts to Worker/SharedWorker constructor tests, fix Worker tests
qiuzhong · Oct 23, 2018 · f3e2b41 · f3e2b41
1 parent a252e9f
commit f3e2b41
Show file tree

Hide file tree

Showing 3 changed files with 31 additions and 16 deletions.
diff --git a/workers/Worker_cross_origin_security_err.htm b/workers/Worker_cross_origin_security_err.htm
@@ -1,5 +1,5 @@
 <!DOCTYPE html>
-<title> Worker cross-origin URL </title>
+<title>Worker cross-origin URL</title>
 <script src="/resources/testharness.js"></script>
 <script src="/resources/testharnessreport.js"></script>
 <div id=log></div>
@@ -11,7 +11,20 @@
       assert_true(e instanceof Event);
     });
   } catch (e) {
-    t.step_func_done(function(e) { assert_true(true); });
+    assert_throws("SecurityError", () => {throw e}, "DOMExceptions thrown on cross-origin Worker construction must be SecurityErrors");
+    t.done();
   }
-});
+}, "Cross-origin classic workers should fail to fetch");
+
+async_test(function(t) {
+  try {
+    var w = new Worker("ftp://example.org/support/WorkerBasic.js", {type: "module"});
+    w.onerror = t.step_func_done(function(e) {
+      assert_true(e instanceof Event);
+    });
+  } catch (e) {
+    assert_throws("SecurityError", () => {throw e}, "DOMExceptions thrown on cross-origin module Worker construction must be SecurityErrors");
+    t.done();
+  }
+}, "Cross-origin module workers should fail to fetch");
 </script>
diff --git a/workers/constructors/SharedWorker/same-origin.html b/workers/constructors/SharedWorker/same-origin.html
@@ -3,7 +3,7 @@
 -->
 <!doctype html>
 <title>same-origin checks</title>
-<link rel=help href="http://www.whatwg.org/html/#dom-sharedworker">
+<link rel=help href="https://html.spec.whatwg.org/multipage/workers.html#dom-sharedworker">
 <script src="/resources/testharness.js"></script>
 <script src="/resources/testharnessreport.js"></script>
 <div id="log"></div>
@@ -19,7 +19,8 @@
       assert_true(e instanceof Event);
     });
   } catch (e) {
-    t.step_func_done(function(e) { assert_true(true); });
+    assert_throws("SecurityError", () => {throw e}, "DOMExceptions thrown on cross-origin SharedWorker construction must be SecurityErrors");
+    t.done();
   }
 }
 

diff --git a/workers/constructors/Worker/same-origin.html b/workers/constructors/Worker/same-origin.html
@@ -1,7 +1,7 @@
 <!doctype html>
 <meta charset=utf-8>
 <title>same-origin checks; the script is in a script element</title>
-<link rel=help href="http://www.whatwg.org/html/#dom-worker">
+<link rel=help href="https://html.spec.whatwg.org/multipage/workers.html#dom-worker">
 <script src="/resources/testharness.js"></script>
 <script src="/resources/testharnessreport.js"></script>
 <div id="log"></div>
@@ -10,14 +10,15 @@
 // not propogate to the window before the tests finish
 setup({allow_uncaught_exception: true});
 
-function testSharedWorkerHelper(t, script) {
+function testWorkerHelper(t, script) {
   try {
-    var worker = new SharedWorker(script, '');
+    var worker = new Worker(script);
     worker.onerror = t.step_func_done(function(e) {
       assert_true(e instanceof Event);
     });
   } catch (e) {
-    t.step_func_done(function(e) { assert_true(true); });
+    assert_throws("SecurityError", () => {throw e}, "DOMExceptions thrown on cross-origin Worker construction must be SecurityErrors");
+    t.done();
   }
 }
 
@@ -33,31 +34,31 @@
 }, "data_url");
 
 async_test(function(t) {
-  testSharedWorkerHelper(t, 'about:blank');
+  testWorkerHelper(t, 'about:blank');
 }, "about_blank");
 
 async_test(function(t) {
-  testSharedWorkerHelper(t, 'http://www.example.invalid/');
+  testWorkerHelper(t, 'http://www.example.invalid/');
 }, "example_invalid");
 
 async_test(function(t) {
-  testSharedWorkerHelper(t, location.protocol+'//'+location.hostname+':81/');
+  testWorkerHelper(t, location.protocol+'//'+location.hostname+':81/');
 }, "port_81");
 
 async_test(function(t) {
-  testSharedWorkerHelper(t, 'https://'+location.hostname+':80/');
+  testWorkerHelper(t, 'https://'+location.hostname+':80/');
 }, "https_port_80");
 
 async_test(function(t) {
-  testSharedWorkerHelper(t, 'https://'+location.hostname+':8000/');
+  testWorkerHelper(t, 'https://'+location.hostname+':8000/');
 }, "https_port_8000");
 
 async_test(function(t) {
-  testSharedWorkerHelper(t, 'http://'+location.hostname+':8012/');
+  testWorkerHelper(t, 'http://'+location.hostname+':8012/');
 }, "http_post_8012");
 
 async_test(function(t) {
-  testSharedWorkerHelper(t,'javascript:""');
+  testWorkerHelper(t,'javascript:""');
 }, "javascript_url");
 
 </script>