Bug 1695941 [wpt PR 27857] - WPT: `Sec-Fetch-*` headers aren't accessible in service workers., a=testonly

Automatic update from web-platform-tests WPT: `Sec-Fetch-*` headers aren't accessible in service workers. As requested in https://github.com/whatwg/fetch/pull/993. Change-Id: Ie6096154ad9f6af73e2c26e0bb0c8f72a2a7a99a Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2727263 Reviewed-by: Matt Falkenhagen <falken@chromium.org> Commit-Queue: Mike West <mkwst@chromium.org> Cr-Commit-Position: refs/heads/master@{#859345} -- wpt-commits: df6a144d964283f2929eeb937af2806d9aafec62 wpt-pr: 27857
2021-03-10 21:12:20 +00:00 · 2021-03-10 21:12:20 +00:00 · 7865060cb5
--- a/testing/web-platform/tests/fetch/metadata/resources/serviceworker-accessors-frame.html
+++ b/testing/web-platform/tests/fetch/metadata/resources/serviceworker-accessors-frame.html
@ -0,0 +1,3 @@
+<!DOCTYPE html>
+<meta charset="utf-8">
+<title>Page Title</title>
--- a/testing/web-platform/tests/fetch/metadata/resources/serviceworker-accessors.sw.js
+++ b/testing/web-platform/tests/fetch/metadata/resources/serviceworker-accessors.sw.js
@ -0,0 +1,14 @@
+addEventListener("fetch", event => {
+  event.waitUntil(async function () {
+    if (!event.clientId) return;
+    const client = await clients.get(event.clientId);
+    if (!client) return;
+
+    client.postMessage({
+      "dest": event.request.headers.get("sec-fetch-dest"),
+      "mode": event.request.headers.get("sec-fetch-mode"),
+      "site": event.request.headers.get("sec-fetch-site"),
+      "user": event.request.headers.get("sec-fetch-user")
+    });
+  }());
+});
--- a/testing/web-platform/tests/fetch/metadata/serviceworker-accessors.https.sub.html
+++ b/testing/web-platform/tests/fetch/metadata/serviceworker-accessors.https.sub.html
@ -0,0 +1,51 @@
+<!DOCTYPE html>
+<!--
+  This test verifies that Fetch Metadata headers are not exposed to Service
+  Workers via the request's `headers` accessor.
+-->
+<meta charset="utf-8"/>
+<script src=/resources/testharness.js></script>
+<script src=/resources/testharnessreport.js></script>
+<script src=/fetch/metadata/resources/helper.js></script>
+<script src=/service-workers/service-worker/resources/test-helpers.sub.js></script>
+<script src=/common/utils.js></script>
+<script>
+  const SCOPE = 'resources/serviceworker-accessors-frame.html';
+  const SCRIPT = 'resources/serviceworker-accessors.sw.js';
+
+  function assert_headers_not_seen_in_service_worker(frame) {
+    return new Promise((resolve, reject) => {
+      frame.contentWindow.fetch(SCOPE, {mode:'no-cors'});
+      frame.contentWindow.navigator.serviceWorker.addEventListener('message', e => {
+        assert_header_equals(e.data, {
+          "dest": null,
+          "mode": null,
+          "site": null,
+          "user": null
+        });
+        resolve();
+      });
+    });
+  }
+
+  promise_test(async function(t) {
+    const reg = await service_worker_unregister_and_register(t, SCRIPT, SCOPE);
+
+    t.add_cleanup(async () => {
+      if (reg)
+        await reg.unregister();
+    });
+
+    await wait_for_state(t, reg.installing, 'activated');
+
+    const frame = await with_iframe(SCOPE);
+    t.add_cleanup(async () => {
+      if (frame)
+        frame.remove();
+    });
+
+    // Trigger a fetch that will go through the service worker, and validate
+    // the visible headers.
+    await assert_headers_not_seen_in_service_worker(frame);
+  }, 'Sec-Fetch headers in Service Worker fetch handler.');
+</script>