Add tests of Web Workers over local and custom schemes

Shared workers work, service workers don't. Dedicated workers over custom
schemes trigger the same serialization error as WebSockets.

Task-number: QTBUG-62536
Change-Id: I97b4b8c267f6cfca74bc0abfcca905b0adeabe3d
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>

8 files changed, 129 insertions, 0 deletions

diff --git a/tests/auto/widgets/origins/resources/dedicatedWorker.html b/tests/auto/widgets/origins/resources/dedicatedWorker.html
new file mode 100644
index 000000000..eacdd18ac
--- /dev/null
+++ b/tests/auto/widgets/origins/resources/dedicatedWorker.html
@@ -0,0 +1,14 @@
+<!DOCTYPE html>
+<html>
+    <head>
+        <title>dedicatedWorker</title>
+        <script>
+         var done = false;
+         var result;
+         let worker = new Worker("dedicatedWorker.js");
+         worker.onmessage = (e) => { done = true; result = e.data; };
+         worker.postMessage(41);
+        </script>
+    </head>
+    <body></body>
+</html>
diff --git a/tests/auto/widgets/origins/resources/dedicatedWorker.js b/tests/auto/widgets/origins/resources/dedicatedWorker.js
new file mode 100644
index 000000000..2631939d7
--- /dev/null
+++ b/tests/auto/widgets/origins/resources/dedicatedWorker.js
@@ -0,0 +1 @@
+onmessage = (e) => { postMessage(e.data + 1); };
diff --git a/tests/auto/widgets/origins/resources/serviceWorker.html b/tests/auto/widgets/origins/resources/serviceWorker.html
new file mode 100644
index 000000000..b2bdc8c60
--- /dev/null
+++ b/tests/auto/widgets/origins/resources/serviceWorker.html
@@ -0,0 +1,14 @@
+<!DOCTYPE html>
+<html>
+    <head>
+        <title>serviceWorker</title>
+        <script>
+         var done = false;
+         var error;
+         navigator.serviceWorker.register("serviceWorker.js")
+         .then((r) => { done = true; })
+         .catch((e) => { done = true; error = e.message; });
+        </script>
+    </head>
+    <body></body>
+</html>
diff --git a/tests/auto/widgets/origins/resources/serviceWorker.js b/tests/auto/widgets/origins/resources/serviceWorker.js
new file mode 100644
index 000000000..40a8c178f
--- /dev/null
+++ b/tests/auto/widgets/origins/resources/serviceWorker.js
@@ -0,0 +1 @@
+/* empty */
diff --git a/tests/auto/widgets/origins/resources/sharedWorker.html b/tests/auto/widgets/origins/resources/sharedWorker.html
new file mode 100644
index 000000000..8b5a0a794
--- /dev/null
+++ b/tests/auto/widgets/origins/resources/sharedWorker.html
@@ -0,0 +1,19 @@
+<!DOCTYPE html>
+<html>
+    <head>
+        <title>sharedWorker</title>
+        <script>
+         var done;
+         var result;
+         var error;
+         try {
+             let worker = new SharedWorker("sharedWorker.js");
+             worker.port.onmessage = (e) => { done = true; result = e.data; };
+             worker.port.postMessage(41);
+         } catch (e) {
+             done = true; error = e.message;
+         }
+        </script>
+    </head>
+    <body></body>
+</html>
diff --git a/tests/auto/widgets/origins/resources/sharedWorker.js b/tests/auto/widgets/origins/resources/sharedWorker.js
new file mode 100644
index 000000000..60ef93a5f
--- /dev/null
+++ b/tests/auto/widgets/origins/resources/sharedWorker.js
@@ -0,0 +1,6 @@
+onconnect = function(e) {
+    let port = e.ports[0];
+    port.onmessage = function(e) {
+        port.postMessage(e.data + 1);
+    };
+};
diff --git a/tests/auto/widgets/origins/tst_origins.cpp b/tests/auto/widgets/origins/tst_origins.cpp
index 5c798ddc2..4dff28201 100644
--- a/tests/auto/widgets/origins/tst_origins.cpp
+++ b/tests/auto/widgets/origins/tst_origins.cpp
@@ -73,6 +73,9 @@ private Q_SLOTS:
     void subdirWithoutAccess();
     void mixedSchemes();
     void webSocket();
+    void dedicatedWorker();
+    void sharedWorker();
+    void serviceWorker();
 
 private:
     bool load(const QUrl &url)
@@ -264,5 +267,70 @@ void tst_Origins::webSocket()
     // QTRY_VERIFY(eval(QSL("err")) == QVariant(expected));
 }
 
+// Create a (Dedicated)Worker. Since dedicated workers can only be accessed from
+// one page, there is not much need for security restrictions.
+void tst_Origins::dedicatedWorker()
+{
+    QVERIFY(load(QSL("file:" THIS_DIR "resources/dedicatedWorker.html")));
+    QTRY_VERIFY(eval(QSL("done")).toBool());
+    QCOMPARE(eval(QSL("result")), QVariant(42));
+
+    QVERIFY(load(QSL("qrc:/resources/dedicatedWorker.html")));
+    QTRY_VERIFY(eval(QSL("done")).toBool());
+    QCOMPARE(eval(QSL("result")), QVariant(42));
+
+    // FIXME(juvaldma): QTBUG-62536
+    // QVERIFY(load(QSL("tst:/resources/dedicatedWorker.html")));
+    // QTRY_VERIFY(eval(QSL("done")).toBool());
+    // QCOMPARE(eval(QSL("result")), QVariant(42));
+}
+
+// Create a SharedWorker. Shared workers can be accessed from multiple pages,
+// and therefore the same-origin policy applies.
+void tst_Origins::sharedWorker()
+{
+    {
+        ScopedAttribute sa(m_page.settings(), QWebEngineSettings::LocalContentCanAccessFileUrls, false);
+        QVERIFY(load(QSL("file:" THIS_DIR "resources/sharedWorker.html")));
+        QTRY_VERIFY(eval(QSL("done")).toBool());
+        QVERIFY(eval(QSL("error")).toString()
+                .contains(QSL("cannot be accessed from origin 'null'")));
+    }
+
+    {
+        ScopedAttribute sa(m_page.settings(), QWebEngineSettings::LocalContentCanAccessFileUrls, true);
+        QVERIFY(load(QSL("file:" THIS_DIR "resources/sharedWorker.html")));
+        QTRY_VERIFY(eval(QSL("done")).toBool());
+        QCOMPARE(eval(QSL("result")), QVariant(42));
+    }
+
+    QVERIFY(load(QSL("qrc:/resources/sharedWorker.html")));
+    QTRY_VERIFY(eval(QSL("done")).toBool());
+    QCOMPARE(eval(QSL("result")), QVariant(42));
+
+    QVERIFY(load(QSL("tst:/resources/sharedWorker.html")));
+    QTRY_VERIFY(eval(QSL("done")).toBool());
+    QCOMPARE(eval(QSL("result")), QVariant(42));
+}
+
+// Service workers don't work.
+void tst_Origins::serviceWorker()
+{
+    QVERIFY(load(QSL("file:" THIS_DIR "resources/serviceWorker.html")));
+    QTRY_VERIFY(eval(QSL("done")).toBool());
+    QVERIFY(eval(QSL("error")).toString()
+            .contains(QSL("The URL protocol of the current origin ('file://') is not supported.")));
+
+    QVERIFY(load(QSL("qrc:/resources/serviceWorker.html")));
+    QTRY_VERIFY(eval(QSL("done")).toBool());
+    QVERIFY(eval(QSL("error")).toString()
+            .contains(QSL("The URL protocol of the current origin ('qrc://') is not supported.")));
+
+    QVERIFY(load(QSL("tst:/resources/serviceWorker.html")));
+    QTRY_VERIFY(eval(QSL("done")).toBool());
+    QVERIFY(eval(QSL("error")).toString()
+            .contains(QSL("Only secure origins are allowed")));
+}
+
 QTEST_MAIN(tst_Origins)
 #include "tst_origins.moc"
diff --git a/tests/auto/widgets/origins/tst_origins.qrc b/tests/auto/widgets/origins/tst_origins.qrc
index 47be3bd0d..fbbbef139 100644
--- a/tests/auto/widgets/origins/tst_origins.qrc
+++ b/tests/auto/widgets/origins/tst_origins.qrc
@@ -1,9 +1,15 @@
 <!DOCTYPE RCC>
 <RCC version="1.0">
 <qresource>
+    <file>resources/dedicatedWorker.html</file>
+    <file>resources/dedicatedWorker.js</file>
     <file>resources/mixed_frame.html</file>
     <file>resources/mixed_qrc.html</file>
     <file>resources/mixed_tst.html</file>
+    <file>resources/serviceWorker.html</file>
+    <file>resources/serviceWorker.js</file>
+    <file>resources/sharedWorker.html</file>
+    <file>resources/sharedWorker.js</file>
     <file>resources/subdir/frame2.html</file>
     <file>resources/subdir/index.html</file>
     <file>resources/subdir_frame1.html</file>