| // META: script=/service-workers/service-worker/resources/test-helpers.sub.js |
| // META: script=resources/utils.js |
| 'use strict'; |
| |
| // Tests that Mixed Content requests are blocked. |
| // https://w3c.github.io/webappsec-mixed-content/#should-block-fetch |
| // https://w3c.github.io/webappsec-mixed-content/#a-priori-authenticated-url |
| // https://w3c.github.io/webappsec-secure-contexts/#is-origin-trustworthy |
| |
| // With an additional restriction that only https:// and loopback http:// |
| // requests are allowed. Hence the wss:, file:, data:, etc schemes are blocked. |
| // https://github.com/WICG/background-fetch/issues/44 |
| |
| // This is not a comprehensive test of mixed content blocking - it is just |
| // intended to check that blocking is enabled. |
| |
| backgroundFetchTest((t, bgFetch) => { |
| return bgFetch.fetch(uniqueId(), 'https://example.com'); |
| }, 'https: fetch should register ok'); |
| |
| backgroundFetchTest((t, bgFetch) => { |
| return bgFetch.fetch(uniqueId(), 'http://127.0.0.1'); |
| }, 'loopback IPv4 http: fetch should register ok'); |
| |
| backgroundFetchTest((t, bgFetch) => { |
| return bgFetch.fetch(uniqueId(), 'http://[::1]'); |
| }, 'loopback IPv6 http: fetch should register ok'); |
| |
| backgroundFetchTest((t, bgFetch) => { |
| return bgFetch.fetch(uniqueId(), 'http://localhost'); |
| }, 'localhost http: fetch should register ok'); |
| |
| backgroundFetchTest((t, bgFetch) => { |
| return promise_rejects_js(t, TypeError, |
| bgFetch.fetch(uniqueId(), 'wss:127.0.0.1')); |
| }, 'wss: fetch should reject'); |
| |
| backgroundFetchTest((t, bgFetch) => { |
| return promise_rejects_js(t, TypeError, |
| bgFetch.fetch(uniqueId(), 'file:///')); |
| }, 'file: fetch should reject'); |
| |
| backgroundFetchTest((t, bgFetch) => { |
| return promise_rejects_js(t, TypeError, |
| bgFetch.fetch(uniqueId(), 'data:text/plain,foo')); |
| }, 'data: fetch should reject'); |
| |
| backgroundFetchTest((t, bgFetch) => { |
| return promise_rejects_js(t, TypeError, |
| bgFetch.fetch(uniqueId(), 'foobar:bazqux')); |
| }, 'unknown scheme fetch should reject'); |