(In reply to Anne (:annevk) from comment #5) > The problem here is a non-COEP process storing something using the cache API and a COEP-process trying to retrieve it using the same API. `match()` is only for retrieval and as defined does not care about request's mode. What needs to happen is that once `match()` is invoked in a COEP process and it finds something, we do an appropriate CORP check on the response found, and only if that is successful do we return the response to the process. If I understand this correctly, you mean we should only do CORP checking of cache.match() in COEP process. Otherwise, CORP checking should be ignored. But if I understand correctly, "Fetch cross-origin cors cors-enabled corp-undefined from network and CacheStorage" would still fail. The cache.match() for the sub-test is in COEP process, but it expects a cors response type. However, according to the CORP checking logic, the response's CORP is undefined, if we ignore the cors mode, we might consider it into "same-origin" checking see https://wicg.github.io/cross-origin-embedder-policy/#corp-check step 4. And we get same-origin checking fail. And it also doesn't explain why sub-test "Fetch cross-origin no-cors cors-enabled corp-undefined from network and CacheStorage" should be error response type. We can not consider it as no-cors, since it passed into cache.match() is cors mode. We make it by new Request(url) implicitly.
Bug 1642531 Comment 6 Edit History
Note: The actual edited comment in the bug view page will always show the original commenter’s name and original timestamp.
(In reply to Anne (:annevk) from comment #5) > The problem here is a non-COEP process storing something using the cache API and a COEP-process trying to retrieve it using the same API. `match()` is only for retrieval and as defined does not care about request's mode. What needs to happen is that once `match()` is invoked in a COEP process and it finds something, we do an appropriate CORP check on the response found, and only if that is successful do we return the response to the process. If I understand this correctly, you mean we should only do CORP checking of cache.match() in COEP process. Otherwise, CORP checking should be ignored. But if I understand correctly, it doesn't explain why sub-test "Fetch cross-origin no-cors cors-enabled corp-undefined from network and CacheStorage" should be error response type. We can not consider it as no-cors, since it passed into cache.match() is cors mode. We make it by new Request(url) implicitly.
(In reply to Anne (:annevk) from comment #5) > The problem here is a non-COEP process storing something using the cache API and a COEP-process trying to retrieve it using the same API. `match()` is only for retrieval and as defined does not care about request's mode. What needs to happen is that once `match()` is invoked in a COEP process and it finds something, we do an appropriate CORP check on the response found, and only if that is successful do we return the response to the process. If I understand this correctly, you mean we should only do CORP checking of cache.match() in COEP process. Otherwise, CORP checking should be ignored. But if I understand correctly, it doesn't explain why sub-test "Fetch cross-origin no-cors cors-enabled corp-undefined from network and CacheStorage" should be error response type. We can not consider it as no-cors in cache.match(), since it passed into cache.match() is cors mode. We make it by new Request(url) implicitly.
(In reply to Anne (:annevk) from comment #5) > The problem here is a non-COEP process storing something using the cache API and a COEP-process trying to retrieve it using the same API. `match()` is only for retrieval and as defined does not care about request's mode. What needs to happen is that once `match()` is invoked in a COEP process and it finds something, we do an appropriate CORP check on the response found, and only if that is successful do we return the response to the process. If I understand this correctly, you mean we should only do CORP checking of cache.match() in COEP process. Otherwise, CORP checking should be ignored. But if I understand correctly, it doesn't explain why sub-test "Fetch cross-origin no-cors cors-enabled corp-undefined from network and CacheStorage" should be error response type. https://searchfox.org/mozilla-central/rev/8ccea36c4fb09412609fb738c722830d7098602b/testing/web-platform/tests/html/cross-origin-embedder-policy/require-corp-load-from-cache-storage.https.html#172 We can not consider it as no-cors in cache.match(), since it passed into cache.match() is cors mode. We make it by new Request(url) implicitly.