From 94f3ce5a660739448118d111eb20f21adb917ce3 Mon Sep 17 00:00:00 2001
From: arthursonzogni <arthursonzogni@chromium.org>
Date: Thu, 19 Dec 2019 06:25:46 -0800
Subject: [PATCH] COEP: Enforce CORP in cache.match()

Document using:
"Cross-Origin-Embedder-Policy: require-corp"
must not access cross-origin response that do not have the header:
"Cross-Origin-Resource-Policy: cross-site"

This is about only no-cors requests. CORS requests are checked against the
CORS headers instead.

See:
 - https://github.com/whatwg/fetch/issues/985
 - https://github.com/w3c/ServiceWorker/issues/1490

Bug:1031542
Change-Id: I94a2cb9435fcf3e76f57a8f3d3344c87fa23f9a9
---
 .../require-corp-load-from-cache-storage.https.html             | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/html/cross-origin-embedder-policy/require-corp-load-from-cache-storage.https.html b/html/cross-origin-embedder-policy/require-corp-load-from-cache-storage.https.html
index b10b2f0b73cca9..7370a611c33c8e 100644
--- a/html/cross-origin-embedder-policy/require-corp-load-from-cache-storage.https.html
+++ b/html/cross-origin-embedder-policy/require-corp-load-from-cache-storage.https.html
@@ -109,7 +109,7 @@
     const cache = await caches.open('v1');
 
     if (response_type === 'error') {
-      await promise_rejects(t, new TypeError(), cache.match(url));
+      await promise_rejects(t, 15 /* InvalidAccessError*/, cache.match(url));
       return;
     }