-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Bug 1656856 [wpt PR 24854] - COOP: add redirect WPT tests, a=testonly
Automatic update from web-platform-tests COOP: add redirect WPT tests (#24854) This CL adds a WPT test that checks the interaction of COOP same-origin-allow-popups with redirects as specified in whatwg/html#5739. This follows up on Clamy@ work in https://crrev.com/2312796. Change-Id: I4afede7221c2edeec675035339064c4a9ae7fb80 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2332260 Reviewed-by: Arthur Sonzogni <[email protected]> Commit-Queue: Pâris Meuleman <[email protected]> Auto-Submit: Pâris Meuleman <[email protected]> Cr-Commit-Position: refs/heads/master@{#794090} Co-authored-by: Pâris MEULEMAN <[email protected]> -- wpt-commits: ea967166620364b1598ef6dbabb7f75100e9472d wpt-pr: 24854
- Loading branch information
1 parent
ddeab27
commit 10d64b9
Showing
2 changed files
with
86 additions
and
0 deletions.
There are no files selected for viewing
84 changes: 84 additions & 0 deletions
84
...eporting/navigation-reporting/reporting-redirect-with-same-origin-allow-popups.https.html
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,84 @@ | ||
<title> | ||
COOP reports are to the opener when the opener used COOP-RO+COEP and then its | ||
cross-origin openee tries to access it. | ||
</title> | ||
<meta name=timeout content=long> | ||
<script src=/resources/testharness.js></script> | ||
<script src=/resources/testharnessreport.js></script> | ||
<script src=/common/get-host-info.sub.js></script> | ||
<script src="/common/utils.js"></script> | ||
<script src="../resources/dispatcher.js"></script> | ||
<script src="../resources/try-access.js"></script> | ||
<script> | ||
|
||
const directory = "/html/cross-origin-opener-policy/reporting"; | ||
const executor_path = directory + "/resources/executor.html?pipe="; | ||
const same_origin = get_host_info().HTTPS_ORIGIN; | ||
const cross_origin = get_host_info().HTTPS_REMOTE_ORIGIN; | ||
const coep_header = '|header(Cross-Origin-Embedder-Policy,require-corp)'; | ||
|
||
promise_test(async t => { | ||
// The test window. | ||
const this_window_token = token(); | ||
|
||
// The "opener" window. This has COOP same-origin-allow-popups and a reporter. | ||
const opener_report_token= token(); | ||
const opener_token = token(); | ||
const opener_reportTo = reportToHeaders(opener_report_token); | ||
const opener_url = same_origin + executor_path + opener_reportTo.header + | ||
opener_reportTo.coopSameOriginAllowPopupsHeader + | ||
`&uuid=${opener_token}`; | ||
|
||
// The "openee" window. | ||
// The initial URL is cross-origin with the opener, and redirects to a | ||
// same-origin page with same-origin-allow-popups. | ||
// The navigation to the cross-origin page stays in the same browsing context | ||
// group due to the same-origin-allow-popups policy, but the redirect to the | ||
// final page does since it compares the cross-origin/unsafe-none document | ||
// with the same-origin/same-origin-allow-popups document. | ||
const openee_token = token(); | ||
const openee_redirect_url = same_origin + executor_path + | ||
opener_reportTo.header + opener_reportTo.coopSameOriginAllowPopupsHeader + | ||
`&uuid=${openee_token}`; | ||
const redirect_header = 'status(302)' + | ||
`|header(Location,${encodeURIComponent( | ||
openee_redirect_url | ||
.replace(/,/g, "\\,") | ||
.replace(/\\\\,/g, "\\\\\\,") | ||
.replace(/\(/g, "%28") | ||
.replace(/\)/g, "%29"))})`; | ||
const openee_url = cross_origin + executor_path + redirect_header + | ||
`&uuid=${openee_token}`; | ||
// 1. Create the opener window. | ||
let opener_window_proxy = window.open(opener_url); | ||
t.add_cleanup(() => send(opener_token, "window.close()")); | ||
|
||
// 2. The opener opens its openee. | ||
send(opener_token, ` | ||
openee = window.open("${openee_url}"); | ||
`); | ||
t.add_cleanup(() => send(openee_token, "window.close()")); | ||
|
||
// 3. Check the opener status on the openee. | ||
send(openee_token, ` | ||
send("${this_window_token}", opener !== null); | ||
`); | ||
assert_equals(await receive(this_window_token), "false", "opener"); | ||
|
||
// 4. Check the openee status on the opener. | ||
send(opener_token, ` | ||
send("${this_window_token}", openee.closed); | ||
`); | ||
assert_equals(await receive(this_window_token), "true", "openee.closed"); | ||
|
||
// 5. Check a report sent to the openee. | ||
let report = await receiveReport(opener_report_token, "navigation-to-document") | ||
assert_not_equals(report, "timeout", "Report not received"); | ||
assert_equals(report.type, "coop"); | ||
assert_equals(report.url, openee_redirect_url.replace(/"/g, '%22')); | ||
assert_equals(report.body["disposition"], "enforce"); | ||
assert_equals(report.body["effective-policy"], "same-origin-allow-popups"); | ||
assert_equals(report.body["document-uri"], openee_url); | ||
}, "Cross-origin openee redirected to same-origin with same-origin-allow-popups"); | ||
|
||
</script> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters