passbolt · Apr 23, 2024
diff --git a/‎Gruntfile.js
+5-3 b/‎Gruntfile.js
+5-3
diff --git a/‎package.json
+2-2 b/‎package.json
+2-2
diff --git a/‎src/chrome-mv3/index.js
+6 b/‎src/chrome-mv3/index.js
+6
diff --git a/‎src/chrome-mv3/manifest.json
+2-1 b/‎src/chrome-mv3/manifest.json
+2-1
diff --git a/‎src/chrome-mv3/offscreens/fetch.html
+10 b/‎src/chrome-mv3/offscreens/fetch.html
+10
diff --git a/‎src/chrome-mv3/offscreens/fetch.js
+18 b/‎src/chrome-mv3/offscreens/fetch.js
+18
diff --git a/‎src/chrome-mv3/offscreens/service/network/fetchOffscreenService.js
+122 b/‎src/chrome-mv3/offscreens/service/network/fetchOffscreenService.js
+122
diff --git a/‎src/chrome-mv3/polyfill/fetchOffscreenPolyfill.js
+17 b/‎src/chrome-mv3/polyfill/fetchOffscreenPolyfill.js
+17
diff --git a/‎src/chrome-mv3/serviceWorker/service/network/requestFetchOffscreenService.js
+174 b/‎src/chrome-mv3/serviceWorker/service/network/requestFetchOffscreenService.js
+174
diff --git a/‎src/chrome-mv3/serviceWorker/service/network/requestFetchOffscreenService.test.data.js
+38 b/‎src/chrome-mv3/serviceWorker/service/network/requestFetchOffscreenService.test.data.js
+38
diff --git a/‎src/chrome-mv3/serviceWorker/service/network/requestFetchOffscreenService.test.js
+257 b/‎src/chrome-mv3/serviceWorker/service/network/requestFetchOffscreenService.test.js
+257
diff --git a/‎src/chrome-mv3/serviceWorker/service/network/responseFetchOffscreenService.js
+99 b/‎src/chrome-mv3/serviceWorker/service/network/responseFetchOffscreenService.js
+99
diff --git a/‎src/chrome-mv3/serviceWorker/service/network/responseFetchOffscreenService.test.data.js
+128 b/‎src/chrome-mv3/serviceWorker/service/network/responseFetchOffscreenService.test.data.js
+128
diff --git a/‎src/chrome-mv3/serviceWorker/service/network/responseFetchOffscreenService.test.js
+181 b/‎src/chrome-mv3/serviceWorker/service/network/responseFetchOffscreenService.test.js
+181
diff --git a/‎test/jest.setup.js
+1 b/‎test/jest.setup.js
+1
diff --git a/‎test/mocks/mockCrypto.js
+22 b/‎test/mocks/mockCrypto.js
+22
diff --git a/‎test/mocks/mockWebExtensionPolyfill.js
+8-1 b/‎test/mocks/mockWebExtensionPolyfill.js
+8-1
diff --git a/‎webpack-offscreens.fetch.config.js
+55 b/‎webpack-offscreens.fetch.config.js
+55
diff --git a/‎webpack.service-worker.config.js
+2 b/‎webpack.service-worker.config.js
+2
@@ -118,7 +118,8 @@ module.exports = function (grunt) {
       },
       service_worker: {
         files: [
-          { expand: true, cwd: path.src_chrome_mv3, src: 'serviceWorker.js', dest: path.build + 'serviceWorker' }
+          { expand: true, cwd: path.src_chrome_mv3, src: 'serviceWorker.js', dest: path.build + 'serviceWorker' },
+          { expand: true, cwd: `${path.src_chrome_mv3}/offscreens`, src: 'fetch.html', dest: `${path.build}/offscreens` }
         ]
       },
       web_accessible_resources: {
@@ -309,14 +310,15 @@ module.exports = function (grunt) {
        */
       build_service_worker_prod: {
         command: [
-          'npm run build:service-worker'
+          'npm run build:service-worker',
         ].join(' && ')
       },
       build_service_worker_debug: {
         command: [
-          'npm run dev:build:service-worker'
+          'npm run dev:build:service-worker',
         ].join(' && ')
       },
+
       /**
        * Build content script
        */
 
@@ -77,7 +77,7 @@
   "scripts": {
     "build": "npx grunt build",
     "build:background-page": "webpack --config webpack.background-page.config.js",
-    "build:service-worker": "webpack --config webpack.service-worker.config.js",
+    "build:service-worker": "webpack --config webpack.service-worker.config.js; webpack --config webpack-offscreens.fetch.config.js",
     "build:content-scripts": "npm run build:content-scripts:app; npm run build:content-scripts:browser-integration; npm run build:content-scripts:public-website",
     "build:content-scripts:app": "webpack --config webpack-content-scripts.config.js",
     "build:content-scripts:browser-integration": "webpack --config webpack-content-scripts.browser-integration.config.js",
@@ -86,7 +86,7 @@
     "build:web-accessible-resources:app": "webpack --config webpack-data.config.js; webpack --config webpack-data.download.config.js",
     "build:web-accessible-resources:browser-integration": "webpack --config webpack-data.in-form-call-to-action.config.js; webpack --config webpack-data.in-form-menu.config.js",
     "dev:build:background-page": "webpack --env debug=true --config webpack.background-page.config.js",
-    "dev:build:service-worker": "webpack --env debug=true --config webpack.service-worker.config.js",
+    "dev:build:service-worker": "webpack --env debug=true --config webpack.service-worker.config.js; webpack --env debug=true --config webpack-offscreens.fetch.config.js",
     "dev:build:content-scripts": "npm run dev:build:content-scripts:app; npm run dev:build:content-scripts:browser-integration; npm run dev:build:content-scripts:public-website",
     "dev:build:content-scripts:app": "webpack --env debug=true --config webpack-content-scripts.config.js",
     "dev:build:content-scripts:browser-integration": "webpack --env debug=true --config webpack-content-scripts.browser-integration.config.js",
 
@@ -19,6 +19,7 @@ import TabService from "../all/background_page/service/tab/tabService";
 import OnExtensionUpdateAvailableService
   from "../all/background_page/service/extension/onExtensionUpdateAvailableService";
 import GlobalAlarmService from "../all/background_page/service/alarm/globalAlarmService";
+import ResponseFetchOffscreenService from "./serviceWorker/service/network/responseFetchOffscreenService";
 
 /**
  * Load all system requirement
@@ -64,3 +65,8 @@ browser.alarms.onAlarm.removeListener(GlobalAlarmService.exec);
  * Add a top-level alarm handler.
  */
 browser.alarms.onAlarm.addListener(GlobalAlarmService.exec);
+
+/**
+ * Handle offscreen fetch responses.
+ */
+chrome.runtime.onMessage.addListener(ResponseFetchOffscreenService.handleFetchResponse);
@@ -45,7 +45,8 @@
     "downloads",
     "cookies",
     "clipboardWrite",
-    "background"
+    "background",
+    "offscreen"
   ],
   "host_permissions": [
     "*://*/*"
 
@@ -0,0 +1,10 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="utf-8"/>
+    <script src="vendors.js"></script>
+    <script src="fetch.js"></script>
+</head>
+<body spellcheck="false">
+</body>
+</html>
@@ -0,0 +1,18 @@
+/**
+ * Passbolt ~ Open source password manager for teams
+ * Copyright (c) Passbolt SA (https://www.passbolt.com)
+ *
+ * Licensed under GNU Affero General Public License version 3 of the or any later version.
+ * For full copyright and license information, please see the LICENSE.txt
+ * Redistributions of files must retain the above copyright notice.
+ *
+ * @copyright     Copyright (c) Passbolt SA (https://www.passbolt.com)
+ * @license       https://opensource.org/licenses/AGPL-3.0 AGPL License
+ * @link          https://www.passbolt.com Passbolt(tm)
+ * @since         4.7.0
+ */
+
+
+import FetchOffscreenService from "./service/network/fetchOffscreenService";
+
+chrome.runtime.onMessage.addListener(FetchOffscreenService.handleFetchRequest);
@@ -0,0 +1,122 @@
+/**
+ * Passbolt ~ Open source password manager for teams
+ * Copyright (c) Passbolt SA (https://www.passbolt.com)
+ *
+ * Licensed under GNU Affero General Public License version 3 of the or any later version.
+ * For full copyright and license information, please see the LICENSE.txt
+ * Redistributions of files must retain the above copyright notice.
+ *
+ * @copyright     Copyright (c) Passbolt SA (https://www.passbolt.com)
+ * @license       https://opensource.org/licenses/AGPL-3.0 AGPL License
+ * @link          https://www.passbolt.com Passbolt(tm)
+ * @since         4.7.0
+ */
+
+import Validator from "validator";
+
+export const SEND_MESSAGE_TARGET_FETCH_OFFSCREEN = "fetch-offscreen";
+export const SEND_MESSAGE_TARGET_FETCH_OFFSCREEN_RESPONSE_HANDLER = "service-worker-fetch-offscreen-response-handler";
+export const FETCH_OFFSCREEN_RESPONSE_TYPE_SUCCESS = "success";
+export const FETCH_OFFSCREEN_RESPONSE_TYPE_ERROR = "error";
+
+export default class FetchOffscreenService {
+  /**
+   * Handle fetch request.
+   * @param {object} message Browser runtime.onMessage listener message.
+   * @returns {Promise<void>}
+   */
+  static async handleFetchRequest(message) {
+    // Return early if this message isn't meant for the offscreen document.
+    if (message.target !== SEND_MESSAGE_TARGET_FETCH_OFFSCREEN) {
+      console.debug("FetchOffscreenService received message not specific to offscreen.");
+      return;
+    }
+
+    if (!(await FetchOffscreenService.validateMessageData(message.data))) {
+      return;
+    }
+    const {id, resource, options} = message?.data || {};
+
+    try {
+      const response = await fetch(resource, options);
+      await FetchOffscreenService.handleSuccessResponse(id, response);
+    } catch (error) {
+      await FetchOffscreenService.handleErrorResponse(id, error);
+    }
+  }
+
+  /**
+   * Validate message data.
+   * @param {object} messageData The message data
+   * @returns {Promise<boolean>}
+   */
+  static async validateMessageData(messageData = {}) {
+    let error;
+
+    if (!messageData.id || !Validator.isUUID(messageData.id)) {
+      error = new Error("FetchOffscreenService: message.id should be a valid uuid.");
+    } else if (typeof messageData.resource !== "string") {
+      error = new Error("FetchOffscreenService: message.resource should be a valid valid.");
+    } else if (typeof messageData.options !== "undefined" && !(messageData.options instanceof Object)) {
+      error = new Error("FetchOffscreenService: message.options should be an object.");
+    }
+
+    if (error) {
+      await FetchOffscreenService.handleErrorResponse(messageData.id, error);
+      return false;
+    }
+
+    return true;
+  }
+
+  /**
+   * Handle fetch success, and send response to the service worker.
+   * @param {string} id The fetch offscreen request id
+   * @param {Response} response The fetch response
+   * @returns {Promise<void>}
+   */
+  static async handleSuccessResponse(id, response) {
+    await chrome.runtime.sendMessage({
+      target: SEND_MESSAGE_TARGET_FETCH_OFFSCREEN_RESPONSE_HANDLER,
+      id: id,
+      type: FETCH_OFFSCREEN_RESPONSE_TYPE_SUCCESS,
+      data: await FetchOffscreenService.serializeResponse(response)
+    });
+  }
+
+  /**
+   * Handle fetch error, and communicate it the service worker.
+   * @param {string} id The fetch offscreen request id
+   * @param {Error} error The fetch error
+   * @returns {Promise<void>}
+   */
+  static async handleErrorResponse(id, error) {
+    console.error(error);
+    await chrome.runtime.sendMessage({
+      target: SEND_MESSAGE_TARGET_FETCH_OFFSCREEN_RESPONSE_HANDLER,
+      id: id,
+      type: FETCH_OFFSCREEN_RESPONSE_TYPE_ERROR,
+      data: {
+        name: error?.name,
+        message: error?.message || "FetchOffscreenService: an unexpected error occurred"
+      }
+    });
+  }
+
+  /**
+   * Serialize the fetch response to return to the service worker.
+   * @param {Response} response The response to serialize
+   * @returns {Promise<object>}
+   */
+  static async serializeResponse(response) {
+    return {
+      status: response.status,
+      statusText: response.statusText,
+      headers: Array.from(response.headers.entries()),
+      redirected: response.redirected,
+      url: response.url,
+      ok: response.ok,
+      text: await response.text()
+    };
+  }
+}
@@ -0,0 +1,17 @@
+/**
+ * Passbolt ~ Open source password manager for teams
+ * Copyright (c) Passbolt SA (https://www.passbolt.com)
+ *
+ * Licensed under GNU Affero General Public License version 3 of the or any later version.
+ * For full copyright and license information, please see the LICENSE.txt
+ * Redistributions of files must retain the above copyright notice.
+ *
+ * @copyright     Copyright (c) Passbolt SA (https://www.passbolt.com)
+ * @license       https://opensource.org/licenses/AGPL-3.0 AGPL License
+ * @link          https://www.passbolt.com Passbolt(tm)
+ * @since         4.7.0
+ */
+
+const {RequestFetchOffscreenService} = require("../serviceWorker/service/network/requestFetchOffscreenService");
+
+module.exports = async(resource, options) => RequestFetchOffscreenService.fetch(resource, options);
@@ -0,0 +1,174 @@
+/**
+ * Passbolt ~ Open source password manager for teams
+ * Copyright (c) Passbolt SA (https://www.passbolt.com)
+ *
+ * Licensed under GNU Affero General Public License version 3 of the or any later version.
+ * For full copyright and license information, please see the LICENSE.txt
+ * Redistributions of files must retain the above copyright notice.
+ *
+ * @copyright     Copyright (c) Passbolt SA (https://www.passbolt.com)
+ * @license       https://opensource.org/licenses/AGPL-3.0 AGPL License
+ * @link          https://www.passbolt.com Passbolt(tm)
+ * @since         4.7.0
+ */
+
+const {SEND_MESSAGE_TARGET_FETCH_OFFSCREEN} = require("../../../offscreens/service/network/fetchOffscreenService");
+
+export const IS_FETCH_OFFSCREEN_PREFERRED_STORAGE_KEY = "IS_FETCH_OFFSCREEN_PREFERRED_STORAGE_KEY";
+const LOCK_CREATE_OFFSCREEN_FETCH_DOCUMENT = "LOCK_CREATE_OFFSCREEN_FETCH_DOCUMENT";
+const FETCH_OFFSCREEN_DOCUMENT_REASON = "WORKERS";
+const OFFSCREEN_URL = "offscreens/fetch.html";
+
+export class RequestFetchOffscreenService {
+  /**
+   * Preferred strategy cache.
+   * @type {boolean|null}
+   */
+  static isFetchOffscreenPreferredCache = null;
+
+  /**
+   * The stack of requests promises callbacks using the request id as reference.
+   * @type {object}
+   */
+  static offscreenRequestsPromisesCallbacks = {};
+
+  /**
+   * Fetch external service through fetch offscreen document.
+   * @param {string} resource The fetch url resource, similar to the native fetch resource parameter.
+   * @param {object} options The fetch options, similar to the native fetch option parameter.
+   * @returns {Promise<unknown>}
+   */
+  static async fetch(resource, options) {
+    const fetchStrategy = await RequestFetchOffscreenService.isFetchOffscreenPreferred()
+      ? RequestFetchOffscreenService.fetchOffscreen
+      : RequestFetchOffscreenService.fetchNative;
+
+    return fetchStrategy(resource, options);
+  }
+
+  /**
+   * Check if the fetch offscreen strategy is preferred.
+   * @returns {Promise<boolean>}
+   */
+  static async isFetchOffscreenPreferred() {
+    if (RequestFetchOffscreenService.isFetchOffscreenPreferredCache === null) {
+      const storageData = await browser.storage.session.get([IS_FETCH_OFFSCREEN_PREFERRED_STORAGE_KEY]);
+      RequestFetchOffscreenService.isFetchOffscreenPreferredCache = Boolean(storageData?.[IS_FETCH_OFFSCREEN_PREFERRED_STORAGE_KEY]);
+    }
+
+    return RequestFetchOffscreenService.isFetchOffscreenPreferredCache;
+  }
+
+  /**
+   * Perform a fetch using the browser native API. Fallback on the offscreen fetch in case of unexpected error.
+   * @param {string} resource The fetch url resource, similar to the native fetch resource parameter.
+   * @param {object} options The fetch options, similar to the native fetch option parameter.
+   * @returns {Promise<Response>}
+   */
+  static async fetchNative(resource, options) {
+    try {
+      return await fetch(resource, options);
+    } catch (error) {
+      // Let the fetch happen even if offline in case it requests a local url or a cache, however do not fallback on offscreen strategy in that case.
+      if (!navigator.onLine) {
+        throw new Error("RequestFetchOffscreenService::fetchNative: offline error.");
+      }
+      console.error("RequestFetchOffscreenService::fetchNative: An error occurred while using the native fetch API, fallback on offscreen strategy until browser restart.", error);
+      RequestFetchOffscreenService.markFetchOffscreenStrategyAsPreferred();
+      return await RequestFetchOffscreenService.fetchOffscreen(resource, options);
+    }
+  }
+
+  /**
+   * Perform a fetch using the offscreen API.
+   * @param {string} resource The fetch url resource, similar to the native fetch resource parameter.
+   * @param {object} options The fetch options, similar to the native fetch option parameter.
+   * @returns {Promise<Response>}
+   */
+  static async fetchOffscreen(resource, options) {
+    // Create offscreen document if it does not already exist.
+    await navigator.locks.request(
+      LOCK_CREATE_OFFSCREEN_FETCH_DOCUMENT,
+      RequestFetchOffscreenService.createIfNotExistOffscreenDocument);
+
+    const offscreenFetchId = crypto.randomUUID();
+    const offscreenFetchData = RequestFetchOffscreenService.buildOffscreenData(offscreenFetchId, resource, options);
+
+    return new Promise((resolve, reject) => {
+      // Stack the response listener callbacks.
+      RequestFetchOffscreenService.offscreenRequestsPromisesCallbacks[offscreenFetchId] = {resolve, reject};
+      return RequestFetchOffscreenService.sendOffscreenMessage(offscreenFetchData)
+        .catch(reject);
+    });
+  }
+
+  /**
+   * Create fetch offscreen document if it does not exist yet.
+   * @returns {Promise<void>}
+   */
+  static async createIfNotExistOffscreenDocument() {
+    const existingContexts = await chrome.runtime.getContexts({
+      contextTypes: ["OFFSCREEN_DOCUMENT"],
+      documentUrls: [chrome.runtime.getURL(OFFSCREEN_URL)]
+    });
+
+    if (existingContexts.length > 0) {
+      return;
+    }
+
+    await chrome.offscreen.createDocument({
+      url: OFFSCREEN_URL,
+      reasons: [FETCH_OFFSCREEN_DOCUMENT_REASON],
+      justification: "Used to perform fetch to services such as the passbolt API serving invalid certificate.",
+    });
+  }
+
+  /**
+   * Build offscreen message data.
+   * @param {string} id The identifier of the offscreen fetch request.
+   * @param {string} resource The fetch url resource, similar to the native fetch resource parameter.
+   * @param {object} fetchOptions The fetch options, similar to the native fetch option parameter.
+   * @returns {object}
+   */
+  static buildOffscreenData(id, resource, fetchOptions = {}) {
+    const options = JSON.parse(JSON.stringify(fetchOptions));
+
+    // Format FormData fetch options to allow its serialization.
+    if (fetchOptions?.body instanceof FormData) {
+      const formDataValues = [];
+      for (const key of fetchOptions.body.keys()) {
+        formDataValues.push(`${encodeURIComponent(key)}=${encodeURIComponent(fetchOptions.body.get(key))}`);
+      }
+      options.body = formDataValues.join('&');
+      // Ensure the request content type reflect the content of its body.
+      options.headers = options.headers ?? {};
+      options.headers['Content-type'] = 'application/x-www-form-urlencoded';
+    }
+
+    return {id, resource, options};
+  }
+
+  /**
+   * Send message to the offscreen fetch document.
+   * @param {object} offscreenData The offscreen message data.
+   * @param {string} offscreenData.id The identifier of the offscreen fetch request.
+   * @param {string} offscreenData.resource The fetch url resource, similar to the native fetch resource parameter.
+   * @param {object} offscreenData.fetchOptions The fetch options, similar to the native fetch option parameter.
+   * @returns {Promise<*>}
+   */
+  static async sendOffscreenMessage(offscreenData) {
+    return chrome.runtime.sendMessage({
+      target: SEND_MESSAGE_TARGET_FETCH_OFFSCREEN,
+      data: offscreenData
+    });
+  }
+
+  /**
+   * Mark the fetch offscreen strategy as preferred.
+   * return {Promise<void>}
+   */
+  static async markFetchOffscreenStrategyAsPreferred() {
+    RequestFetchOffscreenService.isFetchOffscreenPreferredCache = true;
+    await browser.storage.session.set({[IS_FETCH_OFFSCREEN_PREFERRED_STORAGE_KEY]: RequestFetchOffscreenService.isFetchOffscreenPreferredCache});
+  }
+}
@@ -0,0 +1,38 @@
+/**
+ * Passbolt ~ Open source password manager for teams
+ * Copyright (c) Passbolt SA (https://www.passbolt.com)
+ *
+ * Licensed under GNU Affero General Public License version 3 of the or any later version.
+ * For full copyright and license information, please see the LICENSE.txt
+ * Redistributions of files must retain the above copyright notice.
+ *
+ * @copyright     Copyright (c) Passbolt SA (https://www.passbolt.com)
+ * @license       https://opensource.org/licenses/AGPL-3.0 AGPL License
+ * @link          https://www.passbolt.com Passbolt(tm)
+ * @since         4.7.0
+ */
+
+export const fetchOptionsHeaders = () => ({
+  "X-CSRF-Token": crypto.randomUUID()
+});
+
+export const fetchOptionWithBodyData = () => ({
+  credentials: "include",
+  headers: fetchOptionsHeaders(),
+  body: {
+    prop1: "value 1",
+    prop2: "value 2"
+  }
+});
+
+export const fetchOptionsWithBodyFormData = () => {
+  const formDataBody = (new FormData());
+  formDataBody.append("prop1", "value 1");
+  formDataBody.append("prop1", "value 2");
+  return {
+    method: "POST",
+    credentials: "include",
+    headers: fetchOptionsHeaders(),
+    body: formDataBody
+  };
+};
@@ -0,0 +1,257 @@
+/**
+ * Passbolt ~ Open source password manager for teams
+ * Copyright (c) Passbolt SA (https://www.passbolt.com)
+ *
+ * Licensed under GNU Affero General Public License version 3 of the or any later version.
+ * For full copyright and license information, please see the LICENSE.txt
+ * Redistributions of files must retain the above copyright notice.
+ *
+ * @copyright     Copyright (c) Passbolt SA (https://www.passbolt.com)
+ * @license       https://opensource.org/licenses/AGPL-3.0 AGPL License
+ * @link          https://www.passbolt.com Passbolt(tm)
+ * @since         4.7.0
+ */
+
+import each from "jest-each";
+import Validator from "validator";
+import {enableFetchMocks} from "jest-fetch-mock";
+import {
+  IS_FETCH_OFFSCREEN_PREFERRED_STORAGE_KEY,
+  RequestFetchOffscreenService
+} from "./requestFetchOffscreenService";
+import {SEND_MESSAGE_TARGET_FETCH_OFFSCREEN} from "../../../offscreens/service/network/fetchOffscreenService";
+import {fetchOptionsWithBodyFormData, fetchOptionWithBodyData} from "./requestFetchOffscreenService.test.data";
+
+
+beforeEach(() => {
+  enableFetchMocks();
+  fetch.resetMocks();
+  jest.clearAllMocks();
+  // Flush preferred strategy runtime cache.
+  RequestFetchOffscreenService.isFetchOffscreenPreferredCache = null;
+});
+
+describe("RequestFetchOffscreenService", () => {
+  describe("::isFetchOffscreenPreferred", () => {
+    it("should return false if no value found in runtime or session storage caches", async() => {
+      expect.assertions(1);
+      expect(await RequestFetchOffscreenService.isFetchOffscreenPreferred()).toBeFalsy();
+    });
+
+    each([
+      {label: "true", value: true},
+      {label: "false", value: false},
+    ]).describe("should return the runtime cached value", scenario => {
+      it(`should return the runtime cached value for scenario: ${scenario.label}`, async() => {
+        expect.assertions(1);
+        // Mock runtime cached value.
+        RequestFetchOffscreenService.isFetchOffscreenPreferredCache = scenario.value;
+        expect(await RequestFetchOffscreenService.isFetchOffscreenPreferred()).toEqual(scenario.value);
+      });
+    });
+
+    each([
+      {label: "true", value: true},
+      {label: "false", value: false},
+    ]).describe("should return the session storage value if no runtime value is present", scenario => {
+      it(`should return the runtime cached value for scenario: ${scenario.label}`, async() => {
+        expect.assertions(1);
+        // Mock session storage cached value.
+        browser.storage.session.set({[IS_FETCH_OFFSCREEN_PREFERRED_STORAGE_KEY]: scenario.value});
+        expect(await RequestFetchOffscreenService.isFetchOffscreenPreferred()).toEqual(scenario.value);
+      });
+    });
+
+    each([
+      {label: "true", value: true},
+      {label: "false", value: false},
+    ]).describe("should return the runtime cached value if set and if the session storage value is also set", scenario => {
+      it(`should return the runtime cached value for scenario: ${scenario.label}`, async() => {
+        expect.assertions(1);
+        // Mock runtime cached value.
+        RequestFetchOffscreenService.isFetchOffscreenPreferredCache = scenario.value;
+        browser.storage.session.set({[IS_FETCH_OFFSCREEN_PREFERRED_STORAGE_KEY]: !scenario.value});
+        expect(await RequestFetchOffscreenService.isFetchOffscreenPreferred()).toEqual(scenario.value);
+      });
+    });
+  });
+
+  describe("::createIfNotExistOffscreenDocument", () => {
+    it("should create the offscreen document if it does not exist yet ", async() => {
+      expect.assertions(2);
+      jest.spyOn(chrome.runtime, "getContexts").mockImplementationOnce(() => []);
+      await RequestFetchOffscreenService.createIfNotExistOffscreenDocument();
+
+      const expectedGetContextsData = {
+        contextTypes: ["OFFSCREEN_DOCUMENT"],
+        documentUrls: ["chrome-extension://didegimhafipceonhjepacocaffmoppf/offscreens/fetch.html"]
+      };
+      const expectedCreateDocumentData = {
+        url: "offscreens/fetch.html",
+        reasons: ["WORKERS"],
+        justification: "Used to perform fetch to services such as the passbolt API serving invalid certificate."
+      };
+      expect(chrome.runtime.getContexts).toHaveBeenCalledWith(expectedGetContextsData);
+      expect(chrome.offscreen.createDocument).toHaveBeenCalledWith(expectedCreateDocumentData);
+    });
+
+    it("should not create the offscreen document if it already exist ", async() => {
+      expect.assertions(1);
+      jest.spyOn(chrome.runtime, "getContexts").mockImplementationOnce(() => ["shallow-offscreen-document-mock"]);
+      await RequestFetchOffscreenService.createIfNotExistOffscreenDocument();
+      expect(chrome.offscreen.createDocument).not.toHaveBeenCalled();
+    });
+  });
+
+  describe("::buildOffscreenData", () => {
+    it("should build data to send to the offscreen document", async() => {
+      expect.assertions(1);
+      const id = crypto.randomUUID();
+      const resource = "https://test.passbolt.com/passbolt-unit-test/test.json";
+      const options = fetchOptionWithBodyData();
+      const offscreenData = RequestFetchOffscreenService.buildOffscreenData(id, resource, options);
+      // Ensure body remains a form data after serialization.
+      expect(offscreenData).toEqual({id, resource, options});
+    });
+
+    it("should ensure given fetch options body will not be altered", async() => {
+      expect.assertions(1);
+      const id = crypto.randomUUID();
+      const resource = "https://test.passbolt.com/passbolt-unit-test/test.json";
+      const fetchOptions = fetchOptionsWithBodyFormData();
+      RequestFetchOffscreenService.buildOffscreenData(id, resource, fetchOptions);
+      // Ensure body remains a form data after serialization.
+      expect(fetchOptions.body).toBeInstanceOf(FormData);
+    });
+
+    it("should transform FormData body into serialized encoded url parameters", async() => {
+      expect.assertions(1);
+      const id = crypto.randomUUID();
+      const resource = "https://test.passbolt.com/passbolt-unit-test/test.json";
+      const options = fetchOptionsWithBodyFormData();
+
+      const offscreenData = RequestFetchOffscreenService.buildOffscreenData(id, resource, options);
+      // eslint-disable-next-line object-shorthand
+      const expectedOffscreenMessageData = {
+        id,
+        resource,
+        options: {
+          ...options,
+          headers: {
+            ...options.headers,
+            "Content-type": "application/x-www-form-urlencoded" // ensure the content type reflect the body type parameter.
+          },
+          body: "prop1=value%201&prop1=value%201" // ensure the body is serialized as url encoded parameter
+        }
+      };
+      expect(offscreenData).toEqual(expectedOffscreenMessageData);
+    });
+  });
+
+  describe("::sendOffscreenMessage", () => {
+    it("should send a message to the offscreen document", async() => {
+      expect.assertions(1);
+      const data = {prop1: "value1"};
+      await RequestFetchOffscreenService.sendOffscreenMessage(data);
+      const target = SEND_MESSAGE_TARGET_FETCH_OFFSCREEN;
+      expect(chrome.runtime.sendMessage).toHaveBeenCalledWith({target, data});
+    });
+  });
+
+  describe("::fetchOffscreen", () => {
+    it("should send a message to the offscreen document and stack the response callback handlers", async() => {
+      expect.assertions(4);
+      const resource = "https://test.passbolt.com/passbolt-unit-test/test.json";
+      const options = fetchOptionsWithBodyFormData();
+      jest.spyOn(chrome.runtime, "sendMessage").mockImplementationOnce(message => {
+        expect(Validator.isUUID(message.data.id)).toBe(true);
+        const expectedMessageData = {
+          target: SEND_MESSAGE_TARGET_FETCH_OFFSCREEN,
+          data: {
+            ...message.data,
+            options: {
+              ...message.data.options,
+              headers: {
+                ...message.data.options.headers,
+                "Content-type": "application/x-www-form-urlencoded" // ensure the content type reflect the body type parameter.
+              },
+              body: "prop1=value%201&prop1=value%201" // ensure the body is serialized as url encoded parameter
+            }
+          },
+        };
+        expect(message).toEqual(expectedMessageData);
+        RequestFetchOffscreenService.offscreenRequestsPromisesCallbacks[message.data.id].resolve();
+      });
+      const requestPromise = RequestFetchOffscreenService.fetchOffscreen(resource, options);
+      expect(requestPromise).toBeInstanceOf(Promise);
+      await expect(requestPromise).resolves.not.toThrow();
+    });
+
+    it("should throw if the message cannot be sent to the offscreen document for unexpected reason", async() => {
+      expect.assertions(2);
+      const resource = "https://test.passbolt.com/passbolt-unit-test/test.json";
+      const options = fetchOptionsWithBodyFormData();
+      jest.spyOn(chrome.runtime, "sendMessage").mockImplementationOnce(() => {
+        throw new Error("Test error");
+      });
+      const requestPromise = RequestFetchOffscreenService.fetchOffscreen(resource, options);
+      expect(requestPromise).toBeInstanceOf(Promise);
+      await expect(requestPromise).rejects.toThrow();
+    });
+  });
+
+  describe("::fetchNative", () => {
+    it("should call the native fetch API", async() => {
+      expect.assertions(2);
+      const resource = "https://test.passbolt.com/passbolt-unit-test/test.json";
+      const options = fetchOptionsWithBodyFormData();
+      fetch.doMockOnce(() => Promise.resolve({}));
+      const requestPromise = RequestFetchOffscreenService.fetchNative(resource, options);
+      await expect(requestPromise).resolves.not.toThrow();
+      expect(fetch).toHaveBeenCalledWith(resource, options);
+    });
+
+    it("should fallback on fetchOffscreen if an unexpected error occurred", async() => {
+      expect.assertions(3);
+      const resource = "https://test.passbolt.com/passbolt-unit-test/test.json";
+      const options = fetchOptionsWithBodyFormData();
+      fetch.doMockOnce(() => Promise.reject({}));
+      jest.spyOn(RequestFetchOffscreenService, "fetchOffscreen").mockImplementationOnce(() => jest.fn);
+      const requestPromise = RequestFetchOffscreenService.fetchNative(resource, options);
+      await expect(requestPromise).resolves.not.toThrow();
+      expect(RequestFetchOffscreenService.isFetchOffscreenPreferredCache).toBeTruthy();
+      expect(RequestFetchOffscreenService.fetchOffscreen).toHaveBeenCalledWith(resource, options);
+    });
+
+    it("should throw and not fallback on fetchOffscreen if the navigator is not online", async() => {
+      expect.assertions(1);
+      const resource = "https://test.passbolt.com/passbolt-unit-test/test.json";
+      const options = fetchOptionsWithBodyFormData();
+      fetch.doMockOnce(() => Promise.reject({}));
+      jest.spyOn(navigator, 'onLine', 'get').mockReturnValueOnce(false);
+      const requestPromise = RequestFetchOffscreenService.fetchNative(resource, options);
+      await expect(requestPromise).rejects.toThrow();
+    });
+  });
+
+  describe("::fetch", () => {
+    it("should call the native fetch API if offscreen strategy has not been marked as preferred", async() => {
+      expect.assertions(1);
+      const resource = "https://test.passbolt.com/passbolt-unit-test/test.json";
+      const options = fetchOptionsWithBodyFormData();
+      jest.spyOn(RequestFetchOffscreenService, "fetchNative").mockImplementationOnce(() => jest.fn);
+      await RequestFetchOffscreenService.fetch(resource, options);
+      expect(RequestFetchOffscreenService.fetchNative).toHaveBeenCalledWith(resource, options);
+    });
+
+    it("should call the native fetch offscreen if this strategy has been marked as preferred", async() => {
+      expect.assertions(1);
+      const resource = "https://test.passbolt.com/passbolt-unit-test/test.json";
+      const options = fetchOptionsWithBodyFormData();
+      jest.spyOn(RequestFetchOffscreenService, "fetchOffscreen").mockImplementationOnce(() => jest.fn);
+      RequestFetchOffscreenService.isFetchOffscreenPreferredCache = true;
+      await RequestFetchOffscreenService.fetch(resource, options);
+      expect(RequestFetchOffscreenService.fetchOffscreen).toHaveBeenCalledWith(resource, options);
+    });
+  });
+});
@@ -0,0 +1,99 @@
+/**
+ * Passbolt ~ Open source password manager for teams
+ * Copyright (c) Passbolt SA (https://www.passbolt.com)
+ *
+ * Licensed under GNU Affero General Public License version 3 of the or any later version.
+ * For full copyright and license information, please see the LICENSE.txt
+ * Redistributions of files must retain the above copyright notice.
+ *
+ * @copyright     Copyright (c) Passbolt SA (https://www.passbolt.com)
+ * @license       https://opensource.org/licenses/AGPL-3.0 AGPL License
+ * @link          https://www.passbolt.com Passbolt(tm)
+ * @since         4.7.0
+ */
+
+import {assertUuid} from "../../../../all/background_page/utils/assertions";
+import {
+  FETCH_OFFSCREEN_RESPONSE_TYPE_ERROR,
+  FETCH_OFFSCREEN_RESPONSE_TYPE_SUCCESS,
+  SEND_MESSAGE_TARGET_FETCH_OFFSCREEN_RESPONSE_HANDLER
+} from "../../../offscreens/service/network/fetchOffscreenService";
+import {RequestFetchOffscreenService} from "./requestFetchOffscreenService";
+
+export default class ResponseFetchOffscreenService {
+  /**
+   * Handle fetch offscreen response message.
+   * @param {object} message The message itself.
+   * @return {void}
+   */
+  static handleFetchResponse(message) {
+    // Return early if this message isn't meant for the offscreen document.
+    if (message.target !== SEND_MESSAGE_TARGET_FETCH_OFFSCREEN_RESPONSE_HANDLER) {
+      console.debug("ResponseFetchOffscreenService: received message not specific to the service worker fetch offscreen response handler.");
+      return;
+    }
+
+    ResponseFetchOffscreenService.assertMessage(message);
+    const {id, type, data} = message;
+    const offscreenRequestPromiseCallbacks = ResponseFetchOffscreenService.consumeRequestPromiseCallbacksOrFail(id);
+
+    if (type === FETCH_OFFSCREEN_RESPONSE_TYPE_SUCCESS) {
+      offscreenRequestPromiseCallbacks.resolve(ResponseFetchOffscreenService.buildFetchResponse(data));
+    } else if (type === FETCH_OFFSCREEN_RESPONSE_TYPE_ERROR) {
+      offscreenRequestPromiseCallbacks.reject(new Error(data.message));
+    }
+  }
+
+  /**
+   * Assert message data.
+   * @param {object} message The message.
+   * @returns {void}
+   * @throws {Error} If the message id is not a valid uuid.
+   * @throws {Error} If the message data is not an object.
+   * @throws {Error} If the message type is not valid.
+   */
+  static assertMessage(message) {
+    // console.log(message);
+    const FETCH_OFFSCREEN_RESPONSE_TYPES = [FETCH_OFFSCREEN_RESPONSE_TYPE_SUCCESS, FETCH_OFFSCREEN_RESPONSE_TYPE_ERROR];
+
+    if (!FETCH_OFFSCREEN_RESPONSE_TYPES.includes(message?.type)) {
+      throw new Error(`ResponseFetchOffscreenService: message.type should be one of the following ${FETCH_OFFSCREEN_RESPONSE_TYPES.join(", ")}.`);
+    }
+    assertUuid(message?.id, "ResponseFetchOffscreenService: message.id should be a valid uuid.");
+    if (!(message?.data instanceof Object)) {
+      throw new Error("ResponseFetchOffscreenService: message.data should be an object.");
+    }
+  }
+
+  /**
+   * Consume the offscreen request promise callbacks or fail.
+   * @param {string} id The identifier of the offscreen fetch request.
+   * @returns {object}
+   * @throws {Error} If no request promise callbacks can be found for the given offscreen fetch request id.
+   */
+  static consumeRequestPromiseCallbacksOrFail(id) {
+    const offscreenRequestPromiseCallback = RequestFetchOffscreenService.offscreenRequestsPromisesCallbacks[id];
+    if (!offscreenRequestPromiseCallback) {
+      throw new Error("ResponseFetchOffscreenService: No request promise callbacks found for the given offscreen fetch request id.");
+    }
+    delete RequestFetchOffscreenService.offscreenRequestsPromisesCallbacks[id];
+
+    return offscreenRequestPromiseCallback;
+  }
+
+  /**
+   * Build native fetch response object based on offscreen message response data.
+   * @param {object} data The fetch offscreen message response data.
+   * @returns {Response}
+   */
+  static buildFetchResponse(data) {
+    return new Response(data.text, {
+      status: data.status,
+      statusText: data.statusText,
+      headers: data.headers,
+      redirected: data.redirected,
+      url: data.url,
+      ok: data.ok,
+    });
+  }
+}
@@ -0,0 +1,128 @@
+/**
+ * Passbolt ~ Open source password manager for teams
+ * Copyright (c) Passbolt SA (https://www.passbolt.com)
+ *
+ * Licensed under GNU Affero General Public License version 3 of the or any later version.
+ * For full copyright and license information, please see the LICENSE.txt
+ * Redistributions of files must retain the above copyright notice.
+ *
+ * @copyright     Copyright (c) Passbolt SA (https://www.passbolt.com)
+ * @license       https://opensource.org/licenses/AGPL-3.0 AGPL License
+ * @link          https://www.passbolt.com Passbolt(tm)
+ * @since         4.7.0
+ */
+import {
+  FETCH_OFFSCREEN_RESPONSE_TYPE_SUCCESS,
+  SEND_MESSAGE_TARGET_FETCH_OFFSCREEN_RESPONSE_HANDLER
+} from "../../../offscreens/service/network/fetchOffscreenService";
+
+export const defaultResponseMessage = (message = {}) => ({
+  target: SEND_MESSAGE_TARGET_FETCH_OFFSCREEN_RESPONSE_HANDLER,
+  id: crypto.randomUUID(),
+  type: FETCH_OFFSCREEN_RESPONSE_TYPE_SUCCESS,
+  data: {
+    "status": 200,
+    "statusText": "OK",
+    "headers": [
+      [
+        "access-control-expose-headers",
+        "X-GPGAuth-Verify-Response, X-GPGAuth-Progress, X-GPGAuth-User-Auth-Token, X-GPGAuth-Authenticated, X-GPGAuth-Refer, X-GPGAuth-Debug, X-GPGAuth-Error, X-GPGAuth-Pubkey, X-GPGAuth-Logout-Url, X-GPGAuth-Version"
+      ],
+      [
+        "cache-control",
+        "no-store, no-cache, must-revalidate"
+      ],
+      [
+        "content-security-policy",
+        "default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; frame-src 'self' https://*.duosecurity.com;"
+      ],
+      [
+        "content-type",
+        "application/json"
+      ],
+      [
+        "date",
+        "Tue, 23 Apr 2024 09:03:48 GMT"
+      ],
+      [
+        "expires",
+        "Thu, 19 Nov 1981 08:52:00 GMT"
+      ],
+      [
+        "pragma",
+        "no-cache"
+      ],
+      [
+        "referrer-policy",
+        "same-origin"
+      ],
+      [
+        "server",
+        "nginx/1.24.0 (Ubuntu)"
+      ],
+      [
+        "x-content-type-options",
+        "nosniff"
+      ],
+      [
+        "x-download-options",
+        "noopen"
+      ],
+      [
+        "x-frame-options",
+        "sameorigin"
+      ],
+      [
+        "x-gpgauth-authenticated",
+        "false"
+      ],
+      [
+        "x-gpgauth-debug",
+        "There is no user associated with this key. No key id set."
+      ],
+      [
+        "x-gpgauth-error",
+        "true"
+      ],
+      [
+        "x-gpgauth-login-url",
+        "/auth/login"
+      ],
+      [
+        "x-gpgauth-logout-url",
+        "/auth/logout"
+      ],
+      [
+        "x-gpgauth-progress",
+        "stage0"
+      ],
+      [
+        "x-gpgauth-pubkey-url",
+        "/auth/verify.json"
+      ],
+      [
+        "x-gpgauth-verify-url",
+        "/auth/verify"
+      ],
+      [
+        "x-gpgauth-version",
+        "1.3.0"
+      ],
+      [
+        "x-permitted-cross-domain-policies",
+        "all"
+      ]
+    ],
+    "redirected": false,
+    "url": "https://www.passbolt.test/settings.json?api-version=v2",
+    "ok": true,
+    "text": "{\n    \"header\": {\n        \"id\": \"0682ab8f-ecba-4336-a628-8b6cac609f49\",\n        \"status\": \"success\",\n        \"servertime\": 1713863028,\n        \"action\": \"bef9f3ca-86ef-5c6a-9b38-320e03ceb5df\",\n        \"message\": \"The operation was successful.\",\n        \"url\": \"\\/settings.json?api-version=v2\",\n        \"code\": 200\n    },\n    \"body\": {\n        \"app\": {\n            \"url\": \"https:\\/\\/www.passbolt.test\\/\",\n            \"locale\": \"en-UK\"\n        },\n        \"passbolt\": {\n            \"legal\": {\n                \"privacy_policy\": {\n                    \"url\": \"\"\n                },\n                \"terms\": {\n                    \"url\": \"https:\\/\\/www.passbolt.com\\/terms\"\n                }\n            },\n            \"edition\": \"pro\",\n            \"plugins\": {\n                \"jwtAuthentication\": {\n                    \"enabled\": true\n                },\n                \"accountRecoveryRequestHelp\": {\n                    \"enabled\": true\n                },\n                \"accountRecovery\": {\n                    \"enabled\": true\n                },\n                \"selfRegistration\": {\n                    \"enabled\": true\n                },\n                \"sso\": {\n                    \"enabled\": true\n                },\n                \"mfaPolicies\": {\n                    \"enabled\": true\n                },\n                \"ssoRecover\": {\n                    \"enabled\": true\n                },\n                \"userPassphrasePolicies\": {\n                    \"enabled\": true\n                },\n                \"inFormIntegration\": {\n                    \"enabled\": true\n                },\n                \"locale\": {\n                    \"options\": [\n                        {\n                            \"locale\": \"de-DE\",\n                            \"label\": \"Deutsch\"\n                        },\n                        {\n                            \"locale\": \"en-UK\",\n                            \"label\": \"English\"\n                        },\n                        {\n                            \"locale\": \"es-ES\",\n                            \"label\": \"Espa\\u00f1ol\"\n                        },\n                        {\n                            \"locale\": \"fr-FR\",\n                            \"label\": \"Fran\\u00e7ais\"\n                        },\n                        {\n                            \"locale\": \"it-IT\",\n                            \"label\": \"Italiano (beta)\"\n                        },\n                        {\n                            \"locale\": \"ja-JP\",\n                            \"label\": \"\\u65e5\\u672c\\u8a9e\"\n                        },\n                        {\n                            \"locale\": \"ko-KR\",\n                            \"label\": \"\\ud55c\\uad6d\\uc5b4 (beta)\"\n                        },\n                        {\n                            \"locale\": \"lt-LT\",\n                            \"label\": \"Lietuvi\\u0173\"\n                        },\n                        {\n                            \"locale\": \"nl-NL\",\n                            \"label\": \"Nederlands\"\n                        },\n                        {\n                            \"locale\": \"pl-PL\",\n                            \"label\": \"Polski\"\n                        },\n                        {\n                            \"locale\": \"pt-BR\",\n                            \"label\": \"Portugu\\u00eas Brasil (beta)\"\n                        },\n                        {\n                            \"locale\": \"ro-RO\",\n                            \"label\": \"Rom\\u00e2n\\u0103 (beta)\"\n                        },\n                        {\n                            \"locale\": \"ru-RU\",\n                            \"label\": \"P\\u0443\\u0441\\u0441\\u043a\\u0438\\u0439 (beta)\"\n                        },\n                        {\n                            \"locale\": \"sv-SE\",\n                            \"label\": \"Svenska\"\n                        }\n                    ]\n                },\n                \"rememberMe\": {\n                    \"options\": {\n                        \"300\": \"5 minutes\",\n                        \"900\": \"15 minutes\",\n                        \"1800\": \"30 minutes\",\n                        \"3600\": \"1 hour\",\n                        \"-1\": \"until I log out\"\n                    }\n                }\n            }\n        }\n    }\n}"
+  },
+  ...message
+});
+
+export const defaultCallbacks = (data = {}) => ({
+  resolve: jest.fn(),
+  reject: jest.fn(),
+  ...data
+});
@@ -0,0 +1,181 @@
+/**
+ * Passbolt ~ Open source password manager for teams
+ * Copyright (c) Passbolt SA (https://www.passbolt.com)
+ *
+ * Licensed under GNU Affero General Public License version 3 of the or any later version.
+ * For full copyright and license information, please see the LICENSE.txt
+ * Redistributions of files must retain the above copyright notice.
+ *
+ * @copyright     Copyright (c) Passbolt SA (https://www.passbolt.com)
+ * @license       https://opensource.org/licenses/AGPL-3.0 AGPL License
+ * @link          https://www.passbolt.com Passbolt(tm)
+ * @since         4.7.0
+ */
+
+import each from "jest-each";
+import {enableFetchMocks} from "jest-fetch-mock";
+import {RequestFetchOffscreenService} from "./requestFetchOffscreenService";
+import {
+  FETCH_OFFSCREEN_RESPONSE_TYPE_ERROR,
+  FETCH_OFFSCREEN_RESPONSE_TYPE_SUCCESS
+} from "../../../offscreens/service/network/fetchOffscreenService";
+import ResponseFetchOffscreenService from "./responseFetchOffscreenService";
+import {defaultCallbacks, defaultResponseMessage} from "./responseFetchOffscreenService.test.data";
+
+beforeEach(() => {
+  enableFetchMocks();
+  fetch.resetMocks();
+  jest.clearAllMocks();
+  // Flush the requests promises callbacks stack.
+  RequestFetchOffscreenService.offscreenRequestsPromisesCallbacks = {};
+});
+
+describe("ResponseFetchOffscreenService", () => {
+  describe("::assertMessage", () => {
+    each([
+      {scenario: "success", type: FETCH_OFFSCREEN_RESPONSE_TYPE_SUCCESS},
+      {scenario: "error", type: FETCH_OFFSCREEN_RESPONSE_TYPE_ERROR},
+    ]).describe("should accept if message type is valid", _props => {
+      it(`should validate message type: ${_props.scenario}`, () => {
+        const message = defaultResponseMessage({type: _props.type});
+        try {
+          ResponseFetchOffscreenService.assertMessage(message);
+          expect(true).toBeTruthy();
+        } catch (error) {
+          expect(error).toBeNull();
+        }
+      });
+    });
+
+    each([
+      {scenario: "undefined", type: undefined},
+      {scenario: "null", type: null},
+      {scenario: "invalid string", type: "invalid"},
+      {scenario: "boolean", type: true},
+      {scenario: "object", type: {data: FETCH_OFFSCREEN_RESPONSE_TYPE_SUCCESS}},
+    ]).describe("should throw if message type is not valid", _props => {
+      it(`should trow if message type: ${_props.scenario}`, () => {
+        const message = defaultResponseMessage({type: _props.type});
+        try {
+          ResponseFetchOffscreenService.assertMessage(message);
+          expect(true).toBeFalsy();
+        } catch (error) {
+          expect(error).toBeInstanceOf(Error);
+        }
+      });
+    });
+
+    it("should validate message id", () => {
+      expect(() => defaultResponseMessage({id: crypto.randomUUID()})).not.toThrow();
+    });
+
+    each([
+      {scenario: "undefined", id: undefined},
+      {scenario: "null", id: null},
+      {scenario: "invalid string", id: "invalid"},
+      {scenario: "boolean", id: true},
+      {scenario: "object", id: {data: crypto.randomUUID()}},
+    ]).describe("should throw if message id is not valid", _props => {
+      it(`should trow if message id: ${_props.scenario}`, () => {
+        const message = defaultResponseMessage({id: _props.id});
+        try {
+          ResponseFetchOffscreenService.assertMessage(message);
+          expect(true).toBeFalsy();
+        } catch (error) {
+          expect(error).toBeInstanceOf(Error);
+        }
+      });
+    });
+
+    it("should validate message data", () => {
+      expect(() => defaultResponseMessage({data: {prop: "value"}})).not.toThrow();
+    });
+
+    each([
+      {scenario: "undefined", data: undefined},
+      {scenario: "null", data: null},
+      {scenario: "invalid string", data: "invalid"},
+      {scenario: "boolean", data: true},
+    ]).describe("should throw if message data is not valid", _props => {
+      it(`should trow if message id: ${_props.scenario}`, () => {
+        const message = defaultResponseMessage({data: _props.data});
+        try {
+          ResponseFetchOffscreenService.assertMessage(message);
+          expect(true).toBeFalsy();
+        } catch (error) {
+          expect(error).toBeInstanceOf(Error);
+        }
+      });
+    });
+  });
+
+  describe("::consumeRequestPromiseCallbacksOrFail", () => {
+    it("should consume the response handler associated to the given id", () => {
+      expect.assertions(3);
+      const id = crypto.randomUUID();
+      const callbacks = defaultCallbacks();
+      RequestFetchOffscreenService.offscreenRequestsPromisesCallbacks[id] = callbacks;
+      const consumedCallbacks = ResponseFetchOffscreenService.consumeRequestPromiseCallbacksOrFail(id);
+      expect(consumedCallbacks).not.toBeNull();
+      expect(consumedCallbacks).toEqual(callbacks);
+      expect(Object.keys(RequestFetchOffscreenService.offscreenRequestsPromisesCallbacks).length).toEqual(0);
+    });
+
+    it("should throw if no associated callbacks found for the given id", () => {
+      expect.assertions(1);
+      const id = crypto.randomUUID();
+      expect(() => ResponseFetchOffscreenService.consumeRequestPromiseCallbacksOrFail(id)).toThrow();
+    });
+  });
+
+  describe("::buildFetchResponse", () => {
+    it("should build the fetch response object based on the offscreen message data", async() => {
+      expect.assertions(8);
+      const message = defaultResponseMessage();
+      const response = ResponseFetchOffscreenService.buildFetchResponse(message.data);
+      expect(response).toBeInstanceOf(Response);
+      expect(response.status).toEqual(message.data.status);
+      expect(response.statusText).toEqual(message.data.statusText);
+      expect(Array.from(response.headers.entries())).toEqual(message.data.headers);
+      expect(response.redirected).toEqual(message.data.redirected);
+      expect(response.url).toEqual(message.data.url);
+      expect(response.ok).toEqual(message.data.ok);
+      expect(await response.text()).toEqual(message.data.text);
+    });
+  });
+
+  describe("::handleFetchResponse", () => {
+    it("should handle success response and execute the resolve callback", () => {
+      expect.assertions(1);
+      const id = crypto.randomUUID();
+      const callbacks = defaultCallbacks();
+      RequestFetchOffscreenService.offscreenRequestsPromisesCallbacks[id] = callbacks;
+      const message = defaultResponseMessage({id});
+      ResponseFetchOffscreenService.handleFetchResponse(message);
+      expect(callbacks.resolve).toHaveBeenCalledWith(expect.any(Response));
+    });
+
+    it("should handle error response and execute the reject callback", () => {
+      expect.assertions(1);
+      const id = crypto.randomUUID();
+      const callbacks = defaultCallbacks();
+      RequestFetchOffscreenService.offscreenRequestsPromisesCallbacks[id] = callbacks;
+      // eslint-disable-next-line object-shorthand
+      const message = defaultResponseMessage({id, type: FETCH_OFFSCREEN_RESPONSE_TYPE_ERROR});
+      ResponseFetchOffscreenService.handleFetchResponse(message);
+      expect(callbacks.reject).toHaveBeenCalledWith(expect.any(Error));
+    });
+
+    it("should ignore message having the wrong target", () => {
+      expect.assertions(2);
+      const id = crypto.randomUUID();
+      const callbacks = defaultCallbacks();
+      RequestFetchOffscreenService.offscreenRequestsPromisesCallbacks[id] = callbacks;
+      // eslint-disable-next-line object-shorthand
+      const message = defaultResponseMessage({id, target: "other-target"});
+      ResponseFetchOffscreenService.handleFetchResponse(message);
+      expect(callbacks.resolve).not.toHaveBeenCalled();
+      expect(callbacks.reject).not.toHaveBeenCalled();
+    });
+  });
+});
@@ -15,6 +15,7 @@
 import "./mocks/mockWebExtensionPolyfill";
 import browser from "../src/all/common/polyfill/browserPolyfill";
 import "./mocks/mockTextEncoder";
+import "./mocks/mockCrypto";
 import "./matchers/extendExpect";
 import MockNavigatorLocks from './mocks/mockNavigatorLocks';
 import OrganizationSettingsModel from "../src/all/background_page/model/organizationSettings/organizationSettingsModel";
 
@@ -0,0 +1,22 @@
+/**
+ * Passbolt ~ Open source password manager for teams
+ * Copyright (c) Passbolt SA (https://www.passbolt.com)
+ *
+ * Licensed under GNU Affero General Public License version 3 of the or any later version.
+ * For full copyright and license information, please see the LICENSE.txt
+ * Redistributions of files must retain the above copyright notice.
+ *
+ * @copyright     Copyright (c) Passbolt SA (https://www.passbolt.com)
+ * @license       https://opensource.org/licenses/AGPL-3.0 AGPL License
+ * @link          https://www.passbolt.com Passbolt(tm)
+ * @since         4.7.0
+ */
+
+import {v4 as uuid} from "uuid";
+
+if (!global.crypto) {
+  global.crypto = {};
+}
+if (!global.crypto.randomUUID) {
+  global.crypto.randomUUID = uuid;
+}
@@ -29,10 +29,17 @@ jest.mock("webextension-polyfill", () => {
     cookies: {
       get: jest.fn()
     },
+    // offscreen is not mocked by jest-webextension-mock v3.8.9
+    offscreen: {
+      closeDocument: jest.fn(),
+      createDocument: jest.fn(),
+    },
     runtime: {
       ...originalBrowser.runtime,
+      // getContexts not mocked by jest-webextension-mock v3.8.9
+      getContexts: jest.fn(() => []),
       // Force the extension runtime url
-      getURL: jest.fn(() => "chrome-extension://didegimhafipceonhjepacocaffmoppf"),
+      getURL: jest.fn(path => `chrome-extension://didegimhafipceonhjepacocaffmoppf/${path}`),
       // Force extension version
       getManifest: jest.fn(() => ({
         version: "v3.6.0"
 
@@ -0,0 +1,55 @@
+const path = require('path');
+const TerserPlugin = require("terser-webpack-plugin");
+
+const config = {
+  entry: {
+    'fetch': path.resolve(__dirname, './src/chrome-mv3/offscreens/fetch.js'),
+  },
+  mode: 'production',
+  module: {
+    rules: [
+      {
+        test: /\.(js|jsx)$/,
+        exclude: /(node_modules[\\/]((?!(passbolt\-styleguide))))/,
+        loader: "babel-loader",
+        options: {
+          presets: ["@babel/react"],
+        }
+      }
+    ]
+  },
+  optimization: {
+    minimize: true,
+    minimizer: [new TerserPlugin()],
+    splitChunks: {
+      minSize: 0,
+      cacheGroups: {
+        commons: {
+          test: /[\\/]node_modules[\\/]((?!(passbolt\-styleguide)).*)[\\/]/,
+          name: 'vendors',
+          chunks: 'all'
+        },
+      }
+    },
+  },
+  resolve: {extensions: ["*", ".js"], fallback: {crypto: false}},
+  output: {
+    // Set a unique name to ensure the cohabitation of multiple webpack loader on the same page.
+    chunkLoadingGlobal: 'offscreensFetchChunkLoadingGlobal',
+    path: path.resolve(__dirname, './build/all/offscreens'),
+    pathinfo: true,
+    filename: '[name].js'
+  }
+};
+
+exports.default = function (env) {
+  env = env || {};
+  // Enable debug mode.
+  if (env.debug) {
+    config.mode = "development";
+    config.devtool = "inline-source-map";
+    config.optimization.minimize = false;
+    config.optimization.minimizer = [];
+  }
+  return config;
+};
@@ -11,6 +11,8 @@ const config = {
     new webpack.ProvidePlugin({
       // Inject browser polyfill as a global API, and adapt it depending on the environment (MV2/MV3/Windows app).
       browser: path.resolve(__dirname, './src/all/common/polyfill/browserPolyfill.js'),
+      // Inject custom api client fetch to MV3 extension as workaround of the invalid certificate issue.
+      customApiClientFetch: path.resolve(__dirname, './src/chrome-mv3/polyfill/fetchOffscreenPolyfill.js'),
     })
   ],
   module: {