AnonymousIframe: Allow being embedded inside COI.

Modify NavigationRequest::CoopCoepSanityCheck to allow anonymous iframe
from being embedded inside cross-origin-isolated parent.

Bug: 1251084
Change-Id: Id55c54685538a2f04be38889a32c4c769adb3af8
Fix: 1251084
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3655436
Reviewed-by: Arthur Hemery <[email protected]>
Commit-Queue: Arthur Sonzogni <[email protected]>
Cr-Commit-Position: refs/heads/main@{#1006826}

html/anonymous-iframe/embedding.tentative.https.window.js

@@ -0,0 +1,117 @@
+// META: variant=?1-2
+// META: variant=?3-4
+// META: variant=?5-6
+// META: variant=?7-8
+// META: variant=?9-10
+// META: variant=?11-12
+// META: variant=?13-last
+// META: script=/common/get-host-info.sub.js
+// META: script=/common/utils.js
+// META: script=/common/subset-tests.js
+// META: script=/common/dispatcher/dispatcher.js
+// META: script=/html/cross-origin-embedder-policy/credentialless/resources/common.js
+// META: script=./resources/common.js
+// META: script=./resources/embedding-test.js
+
+const {REMOTE_ORIGIN} = get_host_info();
+
+// variant = 1
+subsetTest(embeddingTest,
+  "Parent embeds same-origin anonymous iframe", {
+  expectation: EXPECT_LOAD,
+});
+
+// variant = 2
+subsetTest(embeddingTest,
+  "Parent embeds cross-origin anonymous iframe", {
+  child_origin: REMOTE_ORIGIN,
+  expectation: EXPECT_LOAD,
+});
+
+// variant = 3
+subsetTest(embeddingTest,
+  "COEP:require-corp parent embeds same-origin anonymous iframe", {
+  parent_headers: coep_require_corp,
+  expectation: EXPECT_LOAD,
+});
+
+// variant = 4
+subsetTest(embeddingTest,
+  "COEP:require-corp parent embeds cross-origin anonymous iframe", {
+  parent_headers: coep_require_corp,
+  child_origin: REMOTE_ORIGIN,
+  expectation: EXPECT_LOAD,
+});
+
+// variant = 5
+subsetTest(embeddingTest,
+  "COEP:credentialless parent embeds same-origin anonymous iframe", {
+  parent_headers: coep_credentialless,
+  expectation: EXPECT_LOAD,
+});
+
+// variant = 6
+subsetTest(embeddingTest,
+  "COEP:credentialless parent embeds cross-origin anonymous iframe", {
+  parent_headers: coep_credentialless,
+  child_origin: REMOTE_ORIGIN,
+  expectation: EXPECT_LOAD,
+});
+
+// variant = 7
+// Regression test for https://crbug.com/1314369
+subsetTest(embeddingTest,
+  "COOP:same-origin + COEP:require-corp embeds same-origin anonymous iframe", {
+  parent_headers: coop_same_origin + coep_require_corp,
+  expectation: EXPECT_LOAD,
+});
+
+// variant = 8
+// Regression test for https://crbug.com/1314369
+subsetTest(embeddingTest,
+  "COOP:same-origin + COEP:require-corp embeds cross-origin anonymous iframe", {
+  parent_headers: coop_same_origin + coep_require_corp,
+  child_origin: REMOTE_ORIGIN,
+  expectation: EXPECT_LOAD,
+});
+
+// variant = 9
+// Regression test for https://crbug.com/1314369
+subsetTest(embeddingTest,
+  "COOP:same-origin + COEP:credentialless embeds same-origin anonymous iframe", {
+  parent_headers: coop_same_origin + coep_credentialless,
+  expectation: EXPECT_LOAD,
+});
+
+// variant = 10
+// Regression test for https://crbug.com/1314369
+subsetTest(embeddingTest,
+  "COOP:same-origin + COEP:credentialless embeds cross-origin anonymous iframe", {
+  parent_headers: coop_same_origin + coep_credentialless,
+  child_origin: REMOTE_ORIGIN,
+  expectation: EXPECT_LOAD,
+});
+
+// variant = 11
+subsetTest(embeddingTest,
+  "Parents embeds a CSP:frame-ancestore anonymous iframe", {
+  child_headers: "|headers(Content-Security-Policy,frame-ancestors 'none')",
+  expectation: EXPECT_BLOCK,
+});
+
+// variant = 12
+subsetTest(embeddingTest,
+  "Cross-Origin-Isolated parent embeds same-origin COEP anonymous iframe", {
+  parent_headers: coop_same_origin + coep_require_corp,
+  child_headers: coop_same_origin + coep_require_corp,
+  expectation: EXPECT_LOAD,
+});
+
+// variant = 13
+subsetTest(embeddingTest,
+  "Cross-Origin-Isolated parent embeds cross-origin COEP anonymous iframe", {
+  parent_headers: coop_same_origin + coep_require_corp,
+  child_headers: coop_same_origin + coep_require_corp,
+  child_origin: REMOTE_ORIGIN,
+  expectation: EXPECT_LOAD,
+});

html/anonymous-iframe/resources/embedding-test.js

@@ -0,0 +1,72 @@
+// One document embeds another in an iframe. Both are loaded from the network.
+// Check whether or not the child can load.
+
+// There are no interoperable ways to check an iframe failed to load. So a
+// timeout is being used. See https://github.com/whatwg/html/issues/125
+// Moreover, we want to track progress, managing timeout explicitly allows to
+// get a per-test results, even in case of failure of one.
+setup({ explicit_timeout: true });
+
+const EXPECT_LOAD = "load";
+const EXPECT_BLOCK = "block";
+
+// Load an anonymous iframe. Control both the parent and the child headers.
+// Check whether it loaded or not.
+const embeddingTest = (description, {
+  parent_headers,
+  child_headers,
+  child_origin,
+  expectation,
+}) => {
+  // Default values:
+  child_origin ||= globalThis.origin;
+  parent_headers ||= "";
+  child_headers||= "";
+
+  const parent_origin = window.origin;
+
+  promise_test_parallel(async test => {
+    const parent_token = token();
+    const parent_url = parent_origin + executor_path + parent_headers +
+      `&uuid=${parent_token}`;
+
+    const child_token = token();
+    const child_url = child_origin + executor_path + child_headers +
+      `&uuid=${child_token}`;
+
+    // Create the parent:
+    window.open(parent_url);
+    add_completion_callback(() => send(parent_token, "close()"));
+
+    // The parent creates its child:
+    await send(parent_token, `
+      const iframe = document.createElement("iframe");
+      iframe.anonymous = true;
+      iframe.src = "${child_url}";
+      document.body.appendChild(iframe);
+    `);
+
+    // Ping the child to know whether it was allowed to load or not:
+    const reply_token = token();
+    await send(child_token, `
+      send("${reply_token}", "load");
+    `);
+
+    // There are no interoperable ways to check an iframe failed to load. So a
+    // timeout is being used.
+    // See https://github.com/whatwg/html/issues/125
+    // Use a shorter timeout when it is expected to be reached.
+    // - The long delay reduces the false-positive rate. False-positive causes
+    //   stability problems on bot, so a big delay is used to vanish them.
+    //   https://crbug.com/1215956.
+    // - The short delay avoids delaying too much the test(s) for nothing and
+    //   timing out. False-negative are not a problem, they just need not to
+    //   overwhelm the true-negative, which is trivial to get.
+    step_timeout(() => send(reply_token, "block"), expectation == EXPECT_BLOCK
+      ? 2000
+      : 6000
+    );
+
+    assert_equals(await receive(reply_token), expectation);
+  }, description);
+};