| <!DOCTYPE html> |
| <html> |
| <script src="/resources/testharness.js"></script> |
| <script src="/resources/testharnessreport.js"></script> |
| <script> |
| |
| const fetch_from_data_url_worker_test = |
| (url, cors, expectation, description) => { |
| promise_test(async () => { |
| const fetchURL = new URL(url, location.href) + |
| `${cors === 'null-origin' |
| ? '?pipe=header(Access-Control-Allow-Origin, null)' : ''}`; |
| const scriptURL = |
| `data:text/javascript,` + |
| `async function test(port) {` + |
| ` let allowed = true;` + |
| ` try {` + |
| ` await fetch('${fetchURL}');` + |
| ` } catch (e) {` + |
| ` allowed = false;` + |
| ` }` + |
| ` port.postMessage({allowed});` + |
| `}` + |
| `onconnect = e => {` + |
| ` test(e.ports[0]);` + |
| `};`; |
| const worker = new SharedWorker(scriptURL); |
| const msgEvent = |
| await new Promise(resolve => worker.port.onmessage = resolve); |
| assert_equals(msgEvent.data.allowed ? 'allowed' : 'rejected', expectation); |
| }, description); |
| }; |
| |
| fetch_from_data_url_worker_test( |
| '../resources/top.txt', |
| 'acao-omitted', |
| 'rejected', |
| 'fetching "top.txt" without ACAO should be rejected.' |
| ); |
| fetch_from_data_url_worker_test( |
| '../resources/top.txt', |
| 'null-origin', |
| 'allowed', |
| 'fetching "top.txt" with CORS allowing null origin should be allowed.' |
| ); |
| fetch_from_data_url_worker_test( |
| 'data:text/plain, top', |
| 'acao-omitted', |
| 'allowed', |
| 'fetching data url script should be allowed.' |
| ); |
| |
| </script> |