Update web-platform-tests to revision 44702f2bc8ea98bc32b5b244f2fe63c6ce66d49d

tests/wpt/web-platform-tests/worklets/animation-worklet-credentials.https.html

@@ -0,0 +1,15 @@
+<!DOCTYPE html>
+<html>
+<head>
+    <script src="/common/get-host-info.sub.js"></script>
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src="resources/worklet-test-utils.js"></script>
+    <script src="resources/credentials-tests.js"></script>
+</head>
+<body>
+<script>
+    runCredentialsTests("animation");
+</script>
+</body>
+</html>

tests/wpt/web-platform-tests/worklets/animation-worklet-csp.https.html

@@ -0,0 +1,15 @@
+<!DOCTYPE html>
+<html>
+<head>
+    <script src="/common/get-host-info.sub.js"></script>
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src="resources/worklet-test-utils.js"></script>
+    <script src="resources/csp-tests.js"></script>
+</head>
+<body>
+<script>
+    runContentSecurityPolicyTests("animation");
+</script>
+</body>
+</html>

tests/wpt/web-platform-tests/worklets/animation-worklet-service-worker-interception.https.html

@@ -0,0 +1,15 @@
+<!DOCTYPE html>
+<html>
+<head>
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src="resources/worklet-test-utils.js"></script>
+    <script src="resources/service-worker-interception-tests.js"></script>
+    <script src="/service-workers/service-worker/resources/test-helpers.sub.js"></script>
+</head>
+<body>
+<script>
+    runServiceWorkerInterceptionTests("animation");
+</script>
+</body>
+</html>

tests/wpt/web-platform-tests/worklets/paint-worklet-credentials.https.html

@@ -0,0 +1,15 @@
+<!DOCTYPE html>
+<html>
+<head>
+    <script src="/common/get-host-info.sub.js"></script>
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src="resources/worklet-test-utils.js"></script>
+    <script src="resources/credentials-tests.js"></script>
+</head>
+<body>
+<script>
+    runCredentialsTests("paint");
+</script>
+</body>
+</html>

tests/wpt/web-platform-tests/worklets/paint-worklet-csp.https.html

@@ -0,0 +1,15 @@
+<!DOCTYPE html>
+<html>
+<head>
+    <script src="/common/get-host-info.sub.js"></script>
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src="resources/worklet-test-utils.js"></script>
+    <script src="resources/csp-tests.js"></script>
+</head>
+<body>
+<script>
+    runContentSecurityPolicyTests("paint");
+</script>
+</body>
+</html>

tests/wpt/web-platform-tests/worklets/paint-worklet-service-worker-interception.https.html

@@ -0,0 +1,15 @@
+<!DOCTYPE html>
+<html>
+<head>
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src="resources/worklet-test-utils.js"></script>
+    <script src="resources/service-worker-interception-tests.js"></script>
+    <script src="/service-workers/service-worker/resources/test-helpers.sub.js"></script>
+</head>
+<body>
+<script>
+    runServiceWorkerInterceptionTests("paint");
+</script>
+</body>
+</html>

tests/wpt/web-platform-tests/worklets/resources/addmodule-window.html

@@ -0,0 +1,27 @@
+<!DOCTYPE html>
+<html>
+<head>
+  <title>Worklet: Referrer</title>
+  <script src="/resources/testharness.js"></script>
+  <script src="/resources/testharnessreport.js"></script>
+  <script src="worklet-test-utils.js"></script>
+</head>
+<body>
+<script>
+// Calls addModule() on a given worklet type with a script url.
+//
+// [Message Format]
+//   - type: 'paint' (worklet types defined in get_worklet())
+//   - script_url: 'worklet-script.js'
+window.onmessage = e => {
+  const worklet_type = e.data.type;
+  const script_url = e.data.script_url;
+  get_worklet(worklet_type).addModule(script_url)
+      .then(() => window.opener.postMessage('RESOLVED', '*'))
+      .catch(e => window.opener.postMessage('REJECTED', '*'));
+};
+
+window.opener.postMessage('LOADED', '*');
+</script>
+</body>
+</html>

tests/wpt/web-platform-tests/worklets/resources/credentials-tests.js

@@ -0,0 +1,106 @@
+// Runs a series of tests related to credentials on a worklet.
+//
+// Usage:
+// runCredentialsTests("paint");
+function runCredentialsTests(worklet_type) {
+  const worklet = get_worklet(worklet_type);
+
+  promise_test(() => {
+      document.cookie = 'cookieName=default';
+      const kScriptURL = 'resources/credentials.py?mode=default';
+      return worklet.addModule(kScriptURL).then(undefined_arg => {
+        assert_equals(undefined_arg, undefined);
+      });
+  }, 'Importing a same-origin script with the default WorkletOptions should ' +
+     'omit the credentials');
+
+  promise_test(() => {
+      const kSetCookieURL =
+          get_host_info().HTTPS_REMOTE_ORIGIN +
+          '/worklets/resources/set-cookie.py?name=cookieName';
+      const kScriptURL = get_host_info().HTTPS_REMOTE_ORIGIN +
+                         '/worklets/resources/credentials.py?mode=default';
+      const kOptions = { credentials: 'same-origin' };
+
+      // Set a cookie in the remote origin and then start a worklet.
+      return fetch(kSetCookieURL, { mode: 'cors' })
+        .then(() => worklet.addModule(kScriptURL, kOptions))
+        .then(undefined_arg => assert_equals(undefined_arg, undefined));
+  }, 'Importing a remote-origin script with the default WorkletOptions ' +
+     'should not include the credentials');
+
+  promise_test(() => {
+      document.cookie = 'cookieName=omit';
+      const kScriptURL = 'resources/credentials.py?mode=omit';
+      const kOptions = { credentials: 'omit' };
+      return worklet.addModule(kScriptURL, kOptions).then(undefined_arg => {
+        assert_equals(undefined_arg, undefined);
+      });
+  }, 'Importing a same-origin script with credentials=omit should omit the ' +
+     'credentials');
+
+  promise_test(() => {
+      const kSetCookieURL =
+          get_host_info().HTTPS_REMOTE_ORIGIN +
+          '/worklets/resources/set-cookie.py?name=cookieName';
+      const kScriptURL = get_host_info().HTTPS_REMOTE_ORIGIN +
+                         '/worklets/resources/credentials.py?mode=omit';
+      const kOptions = { credentials: 'omit' };
+
+      // Set a cookie in the remote origin and then start a worklet.
+      return fetch(kSetCookieURL, { mode: 'cors' })
+        .then(() => worklet.addModule(kScriptURL, kOptions))
+        .then(undefined_arg => assert_equals(undefined_arg, undefined));
+  }, 'Importing a remote-origin script with credentials=omit should omit the ' +
+     'credentials');
+
+  promise_test(() => {
+      document.cookie = 'cookieName=same-origin';
+      const kScriptURL = 'resources/credentials.py?mode=same-origin';
+      const kOptions = { credentials: 'same-origin' };
+      return worklet.addModule(kScriptURL, kOptions).then(undefined_arg => {
+        assert_equals(undefined_arg, undefined);
+      });
+  }, 'Importing a same-origin script with credentials=same-origin should ' +
+     'include the credentials');
+
+  promise_test(() => {
+      const kSetCookieURL =
+          get_host_info().HTTPS_REMOTE_ORIGIN +
+          '/worklets/resources/set-cookie.py?name=cookieName';
+      const kScriptURL = get_host_info().HTTPS_REMOTE_ORIGIN +
+                         '/worklets/resources/credentials.py?mode=same-origin';
+      const kOptions = { credentials: 'same-origin' };
+
+      // Set a cookie in the remote origin and then start a worklet.
+      return fetch(kSetCookieURL, { mode: 'cors' })
+        .then(() => worklet.addModule(kScriptURL, kOptions))
+        .then(undefined_arg => assert_equals(undefined_arg, undefined));
+  }, 'Importing a remote-origin script with credentials=same-origin should ' +
+     'not include the credentials');
+
+  promise_test(() => {
+      document.cookie = 'cookieName=include';
+      const kScriptURL = 'resources/credentials.py?mode=include';
+      const kOptions = { credentials: 'include' };
+      return worklet.addModule(kScriptURL, kOptions).then(undefined_arg => {
+          assert_equals(undefined_arg, undefined);
+      });
+  }, 'Importing a same-origin script with credentials=include should include ' +
+     'the credentials');
+
+  promise_test(() => {
+      const kSetCookieURL =
+          get_host_info().HTTPS_REMOTE_ORIGIN +
+          '/worklets/resources/set-cookie.py?name=cookieName';
+      const kScriptURL = get_host_info().HTTPS_REMOTE_ORIGIN +
+                         '/worklets/resources/credentials.py?mode=include';
+      const kOptions = { credentials: 'include' };
+
+      // Set a cookie in the remote origin and then start a worklet.
+      return fetch(kSetCookieURL, { mode: 'cors' })
+        .then(() => worklet.addModule(kScriptURL, kOptions))
+        .then(undefined_arg => assert_equals(undefined_arg, undefined));
+  }, 'Importing a remote-origin script with credentials=include should ' +
+     'include the credentials');
+}

tests/wpt/web-platform-tests/worklets/resources/credentials.py

@@ -0,0 +1,32 @@
+# Returns a valid response when a request has appropriate credentials.
+def main(request, response):
+    credentials_mode = request.GET.first("mode")
+    cookie = request.cookies.first("cookieName", None)
+    source_origin = request.headers.get("origin", None);
+    is_cross_origin = request.GET.first("is_cross_origin", False)
+
+    # The request with the default WorkletOptions should not include the cookie.
+    if credentials_mode is "default" and cookie is not None:
+        return (404)
+
+    # The request with "credentials=omit" should not include the cookie.
+    if credentials_mode is "omit" and cookie is not None:
+        return (404)
+
+    if credentials_mode is "same-origin":
+        # The cross-origin request with "credentials=same-origin" should not
+        # include the cookie.
+        if is_cross_origin and cookie is not None:
+          return (404)
+        # The same-origin request with "credentials=same-origin" should include
+        # the cookie.
+        if not is_cross_origin and cookie is None:
+          return (404)
+
+    # The request with "credentials=include" should include the cookie.
+    if credentials_mode is "include" and cookie is None:
+        return (404)
+
+    return (200, [("Content-Type", "text/javascript"),
+                  ("Access-Control-Allow-Origin", source_origin),
+                  ("Access-Control-Allow-Credentials", "true")], "")

tests/wpt/web-platform-tests/worklets/resources/csp-tests.js

@@ -0,0 +1,88 @@
+function openWindow(url) {
+  return new Promise(resolve => {
+    const win = window.open(url, '_blank');
+    add_result_callback(() => win.close());
+    window.onmessage = e => {
+      assert_equals(e.data, 'LOADED');
+      resolve(win);
+    };
+  });
+}
+
+function openWindowAndExpectResult(windowURL, scriptURL, type, expectation) {
+  return openWindow(windowURL).then(win => {
+    const promise = new Promise(r => window.onmessage = r);
+    win.postMessage({ type: type, script_url: scriptURL }, '*');
+    return promise;
+  }).then(msg_event => assert_equals(msg_event.data, expectation));
+}
+
+// Runs a series of tests related to content security policy on a worklet.
+//
+// Usage:
+// runContentSecurityPolicyTests("paint");
+function runContentSecurityPolicyTests(workletType) {
+  const worklet = get_worklet(workletType);
+
+  promise_test(t => {
+    const kWindowURL =
+        'resources/addmodule-window.html?pipe=header(' +
+        'Content-Security-Policy, script-src \'self\' \'unsafe-inline\')';
+    const kScriptURL =
+        get_host_info().HTTPS_REMOTE_ORIGIN +
+        '/worklets/resources/import-empty-worklet-script.js' +
+        '?pipe=header(Access-Control-Allow-Origin, *)';
+    return openWindowAndExpectResult(
+        kWindowURL, kScriptURL, workletType, 'REJECTED');
+  }, 'Importing a remote-origin worklet script should be blocked by the ' +
+     'script-src \'self\' directive.');
+
+  promise_test(t => {
+    const kWindowURL =
+        'resources/addmodule-window.html?pipe=header(' +
+        'Content-Security-Policy, script-src \'self\' \'unsafe-inline\')';
+    const kScriptURL = 'import-remote-origin-empty-worklet-script.sub.js';
+    return openWindowAndExpectResult(
+        kWindowURL, kScriptURL, workletType, 'REJECTED');
+  }, 'Importing a remote-origin script from a same-origin worklet script ' +
+     'should be blocked by the script-src \'self\' directive.');
+
+  promise_test(t => {
+    const kWindowURL =
+        'resources/addmodule-window.html?pipe=header(' +
+        'Content-Security-Policy, script-src * \'unsafe-inline\')';
+    const kScriptURL = get_host_info().HTTPS_REMOTE_ORIGIN +
+                       '/worklets/resources/empty-worklet-script.js' +
+                       '?pipe=header(Access-Control-Allow-Origin, *)';
+    return openWindowAndExpectResult(
+        kWindowURL, kScriptURL, workletType, 'RESOLVED');
+  }, 'Importing a remote-origin worklet script should not be blocked ' +
+     'because the script-src * directive allows it.');
+
+  promise_test(t => {
+    const kWindowURL =
+        'resources/addmodule-window.html?pipe=header(' +
+        'Content-Security-Policy, script-src * \'unsafe-inline\')';
+    // A worklet on HTTPS_REMOTE_ORIGIN will import a child script on
+    // HTTPS_REMOTE_ORIGIN.
+    const kScriptURL = get_host_info().HTTPS_REMOTE_ORIGIN +
+                       '/worklets/resources/import-empty-worklet-script.js' +
+                       '?pipe=header(Access-Control-Allow-Origin, *)';
+    return openWindowAndExpectResult(
+        kWindowURL, kScriptURL, workletType, 'RESOLVED');
+  }, 'Importing a remote-origin script from a remote-origin worklet script '+
+     'should not be blocked because the script-src * directive allows it.');
+
+  promise_test(t => {
+    const kWindowURL =
+        'resources/addmodule-window.html?pipe=header(' +
+        'Content-Security-Policy, worker-src \'self\' \'unsafe-inline\')';
+    const kScriptURL = get_host_info().HTTPS_REMOTE_ORIGIN +
+                       '/worklets/resources/empty-worklet-script.js' +
+                       '?pipe=header(Access-Control-Allow-Origin, *)';
+    return openWindowAndExpectResult(
+        kWindowURL, kScriptURL, workletType, 'RESOLVED');
+  }, 'Importing a remote-origin worklet script should not be blocked by ' +
+     'the worker-src directive because worklets obey the script-src ' +
+     'directive.');
+}

tests/wpt/web-platform-tests/worklets/resources/import-empty-worklet-script.js

@@ -0,0 +1,3 @@
+// This script can be imported as a remote-origin script, so the
+// Access-Control-Allow-Origin is specified here.
+import './empty-worklet-script.js?pipe=header(Access-Control-Allow-Origin, *)';

tests/wpt/web-platform-tests/worklets/resources/import-non-existent-worklet-script.js

@@ -0,0 +1 @@
+import './non-existent-worklet-script.js';

tests/wpt/web-platform-tests/worklets/resources/import-remote-origin-empty-worklet-script.sub.js

@@ -0,0 +1 @@
+import 'https://{{domains[www1]}}:{{ports[https][0]}}/worklets/resources/empty-worklet-script.js';

tests/wpt/web-platform-tests/worklets/resources/import-syntax-error-worklet-script.js

@@ -0,0 +1 @@
+import './syntax-error-worklet-script.js';

tests/wpt/web-platform-tests/worklets/resources/import-tests.js

@@ -95,7 +95,7 @@ function runImportTests(worklet_type) {
     promise_test(() => {
         // Specify the Access-Control-Allow-Origin header to enable cross origin
         // access.
-        const kScriptURL = get_host_info().HTTP_REMOTE_ORIGIN +
+        const kScriptURL = get_host_info().HTTPS_REMOTE_ORIGIN +
                            '/worklets/resources/empty-worklet-script.js' +
                            '?pipe=header(Access-Control-Allow-Origin, *)';
         return worklet.addModule(kScriptURL).then(undefined_arg => {
@@ -107,10 +107,33 @@ function runImportTests(worklet_type) {
     promise_test(t => {
         // Don't specify the Access-Control-Allow-Origin header. addModule()
         // should be rejected because of disallowed cross origin access.
-        const kScriptURL = get_host_info().HTTP_REMOTE_ORIGIN +
+        const kScriptURL = get_host_info().HTTPS_REMOTE_ORIGIN +
                            '/worklets/resources/empty-worklet-script.js';
         return promise_rejects(t, new DOMException('', 'AbortError'),
                                worklet.addModule(kScriptURL));
     }, 'Importing a cross origin resource without the ' +
        'Access-Control-Allow-Origin header should reject the given promise');
+
+    promise_test(t => {
+        const kScriptURL = 'resources/syntax-error-worklet-script.js';
+        return promise_rejects(t, new DOMException('', 'AbortError'),
+                               worklet.addModule(kScriptURL));
+    }, 'Importing a script that has a syntax error should reject the given ' +
+       'promise.');
+
+    promise_test(t => {
+        const kScriptURL = 'resources/import-syntax-error-worklet-script.js';
+        return promise_rejects(t, new DOMException('', 'AbortError'),
+                               worklet.addModule(kScriptURL));
+    }, 'Importing a nested script that has a syntax error should reject the ' +
+       'given promise.');
+
+    promise_test(t => {
+        const kBlob = new Blob(["import 'invalid-specifier.js';"],
+                               {type: 'text/javascript'});
+        const kBlobURL = URL.createObjectURL(kBlob);
+        return promise_rejects(t, new DOMException('', 'AbortError'),
+                               worklet.addModule(kBlobURL));
+    }, 'Importing a script that imports an invalid identifier should reject ' +
+       'the given promise.');
 }

tests/wpt/web-platform-tests/worklets/resources/referrer-window.html

@@ -15,12 +15,12 @@ window.onmessage = e => {
 
   const params = new URLSearchParams;
   params.append('referrer_policy', e.data.referrer_policy)
-  params.append('source_origin', get_host_info().HTTP_ORIGIN);
+  params.append('source_origin', get_host_info().HTTPS_ORIGIN);
 
   let script_url = '';
   if (is_cross_origin) {
     params.append('is_cross_origin', 'true')
-    script_url = get_host_info().HTTP_REMOTE_ORIGIN + '/worklets/resources/';
+    script_url = get_host_info().HTTPS_REMOTE_ORIGIN + '/worklets/resources/';
   }
   script_url += 'referrer.py?' + params;
 

tests/wpt/web-platform-tests/worklets/resources/service-worker-interception-tests.js

@@ -0,0 +1,125 @@
+function openWindow(url) {
+  return new Promise(resolve => {
+      let win = window.open(url, '_blank');
+      add_result_callback(() => win.close());
+      window.onmessage = e => {
+        assert_equals(e.data, 'LOADED');
+        resolve(win);
+      };
+    });
+}
+
+// Runs a series of tests related to service worker interception for a worklet.
+//
+// Usage:
+// runServiceWorkerInterceptionTests("paint");
+function runServiceWorkerInterceptionTests(worklet_type) {
+    const worklet = get_worklet(worklet_type);
+
+    // Tests that a worklet should be served by the owner document's service
+    // worker.
+    //
+    // [Current document] registers a service worker for Window's URL.
+    // --(open)--> [Window] should be controlled by the service worker.
+    //   --(addModule)--> [Worklet] should be served by the service worker.
+    promise_test(t => {
+        const kWindowURL = 'resources/addmodule-window.html';
+        const kServiceWorkerScriptURL = 'resources/service-worker.js';
+        // This doesn't contain the 'resources/' prefix because this will be
+        // imported from a html file under resources/.
+        const kWorkletScriptURL = 'non-existent-worklet-script.js';
+
+        return service_worker_unregister_and_register(
+            t, kServiceWorkerScriptURL, kWindowURL)
+          .then(r => {
+              add_result_callback(() => r.unregister());
+              return wait_for_state(t, r.installing, 'activated');
+            })
+          .then(() => openWindow(kWindowURL))
+          .then(win => {
+              assert_not_equals(win.navigator.serviceWorker.controller, null,
+                                'The document should be controlled.');
+              const promise = new Promise(r => window.onmessage = r);
+              // The worklet script on kWorkletScriptURL doesn't exist but the
+              // service worker serves it, so the addModule() should succeed.
+              win.postMessage({ type: worklet_type,
+                                script_url: kWorkletScriptURL }, '*');
+              return promise;
+            })
+          .then(msg_event => assert_equals(msg_event.data, 'RESOLVED'));
+    }, 'addModule() on a controlled document should be intercepted by a ' +
+       'service worker.');
+
+    // Tests that a worklet should not be served by a service worker other than
+    // the owner document's service worker.
+    //
+    // [Current document] registers a service worker for Worklet's URL.
+    // --(open)--> [Window] should not be controlled by the service worker.
+    //   --(addModule)--> [Worklet] should not be served by the service worker.
+    promise_test(t => {
+        const kWindowURL = 'resources/addmodule-window.html';
+        const kServiceWorkerScriptURL = 'resources/service-worker.js';
+        // This doesn't contain the 'resources/' prefix because this will be
+        // imported from a html file under resources/.
+        const kWorkletScriptURL = 'non-existent-worklet-script.js';
+
+        return service_worker_unregister_and_register(
+            t, kServiceWorkerScriptURL, 'resources/' + kWorkletScriptURL)
+          .then(r =>  {
+              add_result_callback(() => r.unregister());
+              return wait_for_state(t, r.installing, 'activated');
+            })
+          .then(() => openWindow(kWindowURL))
+          .then(win => {
+              assert_equals(win.navigator.serviceWorker.controller, null,
+                            'The document should not be controlled.');
+              const promise = new Promise(r => window.onmessage = r);
+              // The worklet script on kWorkletScriptURL doesn't exist and the
+              // service worker doesn't serve it, so the addModule() should
+              // fail.
+              win.postMessage({ type: worklet_type,
+                                script_url: kWorkletScriptURL }, '*');
+              return promise;
+            })
+          .then(msg_event => assert_equals(msg_event.data, 'REJECTED'));
+    }, 'addModule() on a non-controlled document should not be intercepted ' +
+       'by a service worker even if the script is under the service worker ' +
+       'scope.');
+
+    // Tests that static import should be served by the owner document's service
+    // worker.
+    //
+    // [Current document] registers a service worker for Window's URL.
+    // --(open)--> [Window] should be controlled by the service worker.
+    //   --(addModule)--> [Worklet] should be served by the service worker.
+    //     --(static import)--> [Script] should be served by the service worker.
+    promise_test(t => {
+        const kWindowURL = 'resources/addmodule-window.html';
+        const kServiceWorkerScriptURL = 'resources/service-worker.js';
+        // This doesn't contain the 'resources/' prefix because this will be
+        // imported from a html file under resources/.
+        const kWorkletScriptURL = 'import-non-existent-worklet-script.js';
+
+        return service_worker_unregister_and_register(
+            t, kServiceWorkerScriptURL, kWindowURL)
+          .then(r => {
+              add_result_callback(() => r.unregister());
+              return wait_for_state(t, r.installing, 'activated');
+            })
+          .then(() => openWindow(kWindowURL))
+          .then(win => {
+              assert_not_equals(win.navigator.serviceWorker.controller, null,
+                                'The document should be controlled.');
+              const promise = new Promise(r => window.onmessage = r);
+              // A script statically imported by the worklet doesn't exist but
+              // the service worker serves it, so the addModule() should
+              // succeed.
+              win.postMessage({ type: worklet_type,
+                                script_url: kWorkletScriptURL }, '*');
+              return promise;
+            })
+          .then(msg_event => assert_equals(msg_event.data, 'RESOLVED'));
+    }, 'Static import should be intercepted by a service worker.');
+
+    // TODO(nhiroki): Add tests for dynamic import.
+}

tests/wpt/web-platform-tests/worklets/resources/service-worker.js

@@ -0,0 +1,4 @@
+self.addEventListener('fetch', e => {
+  if (e.request.url.indexOf('/non-existent-worklet-script.js') != -1)
+    e.respondWith(fetch('empty-worklet-script.js'));
+});

tests/wpt/web-platform-tests/worklets/resources/set-cookie.py

@@ -0,0 +1,6 @@
+def main(request, response):
+    name = request.GET.first("name")
+    source_origin = request.headers.get("origin", None);
+    response.headers.set("Set-Cookie", name + "=value")
+    response.headers.set("Access-Control-Allow-Origin", source_origin)
+    response.headers.set("Access-Control-Allow-Credentials", "true")

tests/wpt/web-platform-tests/worklets/resources/syntax-error-worklet-script.js

@@ -0,0 +1 @@
+;-)