Bug 1898631 [wpt PR 46464] - [shared storage] Move the opaque origin …

…check to each SharedStorage method, a=testonly Automatic update from web-platform-tests [shared storage] Move the opaque origin check to each SharedStorage method Currently, we throw an error when accessing window.sharedStorage in an opaque origin context. This deviates from the specification, which specifies to throw an error for opaque origins within each method. We fix the code to align with the specification. The validation at mojom boundary is also moved to each method. This requires SharedStorageWorkletDevToolsAgentHostTest to update the page origin to https scheme. This also begins to address the ambiguity around whether sharedStorage.createWorklet(url) should be permitted in opaque origin contexts. By relocating the check, we create flexibility for potential future relaxation of these constraints. Bug: 342197901 Change-Id: Ie1583b341148681be202eeae39810cbfac546de9 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5560723 Reviewed-by: Andrey Kosyakov <[email protected]> Commit-Queue: Yao Xiao <[email protected]> Reviewed-by: Cammie Smith Barnes <[email protected]> Cr-Commit-Position: refs/heads/main@{#1305355} -- wpt-commits: c08b0dd8248f432c007ee7d9e83d2522bfc54257 wpt-pr: 46464
mozilla · Jun 3, 2024 · 1fe5ee1 · 1fe5ee1
1 parent bf98635
commit 1fe5ee1
Show file tree

Hide file tree

Showing 2 changed files with 50 additions and 5 deletions.
diff --git a/testing/web-platform/tests/shared-storage/resources/verify-shared-storage.https.html b/testing/web-platform/tests/shared-storage/resources/verify-shared-storage.https.html
@@ -2,12 +2,26 @@
 <html>
 <body>
 <script>
+async function test() {
+  let params = new URL(document.location.toString()).searchParams;
+  let method = params.get("method");
+
   try {
-    window.sharedStorage;
+    if (method == 'set') {
+      await sharedStorage.set('key0', 'key1');
+    } else if (method == 'createWorklet') {
+      await sharedStorage.createWorklet('simple-module.js')
+    } else if (method == 'addModule') {
+      await sharedStorage.worklet.addModule('simple-module.js')
+    }
     window.parent.postMessage({ accessSharedStorageResult: 'success'}, "*");
   } catch (error) {
     window.parent.postMessage({ accessSharedStorageResult: 'failure'}, "*");
   }
+}
+
+test();
+
 </script>
 </body>
 </html>
diff --git a/...web-platform/tests/shared-storage/shared-storage-in-sandboxed-iframe.tentative.https.html b/...web-platform/tests/shared-storage/shared-storage-in-sandboxed-iframe.tentative.https.html
@@ -4,10 +4,11 @@
   <script src=/resources/testharnessreport.js></script>
   <script src=/browsing-topics/resources/header-util.sub.js></script>
   <script>
-    function test_shared_storage_in_sandboxed_iframe(test, sandbox_flags, expect_success) {
+    function test_shared_storage_in_sandboxed_iframe(test, sandbox_flags, method, expect_success) {
       let frame = document.createElement('iframe');
       frame.sandbox = sandbox_flags;
-      frame.src = '/shared-storage/resources/verify-shared-storage.https.html';
+      frame.src = '/shared-storage/resources/verify-shared-storage.https.html' +
+                  `?method=${method}`;
 
       window.addEventListener('message', test.step_func(function handler(evt) {
         if (evt.source === frame.contentWindow) {
@@ -29,13 +30,43 @@
     async_test(t => {
       test_shared_storage_in_sandboxed_iframe(t,
         /*sandbox_flags=*/'allow-scripts allow-same-origin',
+        /*method=*/'set',
         /*expect_success=*/true);
-    }, 'test shared storage in sandboxed iframe with "allow-same-origin"');
+    }, 'test sharedStorage.set() in sandboxed iframe with "allow-same-origin"');
 
     async_test(t => {
       test_shared_storage_in_sandboxed_iframe(t,
         /*sandbox_flags=*/'allow-scripts',
+        /*method=*/'set',
         /*expect_success=*/false);
-    }, 'test shared storage in sandboxed iframe without "allow-same-origin"');
+    }, 'test sharedStorage.set() in sandboxed iframe without "allow-same-origin"');
+
+    async_test(t => {
+      test_shared_storage_in_sandboxed_iframe(t,
+        /*sandbox_flags=*/'allow-scripts allow-same-origin',
+        /*method=*/'createWorklet',
+        /*expect_success=*/true);
+    }, 'test sharedStorage.createWorklet() in sandboxed iframe with "allow-same-origin"');
+
+    async_test(t => {
+      test_shared_storage_in_sandboxed_iframe(t,
+        /*sandbox_flags=*/'allow-scripts',
+        /*method=*/'createWorklet',
+        /*expect_success=*/false);
+    }, 'test sharedStorage.createWorklet() in sandboxed iframe without "allow-same-origin"');
+
+    async_test(t => {
+      test_shared_storage_in_sandboxed_iframe(t,
+        /*sandbox_flags=*/'allow-scripts allow-same-origin',
+        /*method=*/'addModule',
+        /*expect_success=*/true);
+    }, 'test sharedStorage.worklet.addModule() in sandboxed iframe with "allow-same-origin"');
+
+    async_test(t => {
+      test_shared_storage_in_sandboxed_iframe(t,
+        /*sandbox_flags=*/'allow-scripts',
+        /*method=*/'addModule',
+        /*expect_success=*/false);
+    }, 'test sharedStorage.worklet.addModule() in sandboxed iframe without "allow-same-origin"');
   </script>
 </body>