COEP: Enforce CORP in cache.match()

Document using: "Cross-Origin-Embedder-Policy: require-corp" must not access cross-origin response that do not have the header: "Cross-Origin-Resource-Policy: cross-site" This is about only no-cors requests. CORS requests are checked against the CORS headers instead. See: - whatwg/fetch#985 - w3c/ServiceWorker#1490 Bug: 1031542 Change-Id: I94a2cb9435fcf3e76f57a8f3d3344c87fa23f9a9 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1973913 Auto-Submit: Arthur Sonzogni <[email protected]> Reviewed-by: Camille Lamy <[email protected]> Reviewed-by: Ben Kelly <[email protected]> Reviewed-by: Mike West <[email protected]> Commit-Queue: Arthur Sonzogni <[email protected]> Cr-Commit-Position: refs/heads/master@{#726782}
web-platform-tests · Dec 20, 2019 · 0089506 · 0089506
1 parent 8986297
commit 0089506
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/html/cross-origin-embedder-policy/require-corp-load-from-cache-storage.https.html b/html/cross-origin-embedder-policy/require-corp-load-from-cache-storage.https.html
@@ -109,7 +109,7 @@
     const cache = await caches.open('v1');
 
     if (response_type === 'error') {
-      await promise_rejects(t, new TypeError(), cache.match(url));
+      await promise_rejects(t, 'InvalidAccessError', cache.match(url));
       return;
     }