Skip to content

Commit

Permalink
COOP: test COOP popup from a CSP-sandboxed popup
Browse files Browse the repository at this point in the history
Part of #18354.
  • Loading branch information
zcorpan committed Jan 9, 2020
1 parent 54170d1 commit 90e5b44
Show file tree
Hide file tree
Showing 2 changed files with 45 additions and 0 deletions.
24 changes: 24 additions & 0 deletions html/cross-origin-opener-policy/coop-csp-sandbox.https.html
Original file line number Diff line number Diff line change
@@ -0,0 +1,24 @@
<!doctype html>
<title>CSP sandboxed Cross-Origin-Opener-Policy popup should result in a network error</title>
<script src=/resources/testharness.js></script>
<script src=/resources/testharnessreport.js></script>
<script src="/common/utils.js"></script> <!-- Use token() to allow running tests in parallel -->
<div id=log>
<script>
[
"allow-popups allow-scripts allow-same-origin",
"allow-popups allow-scripts",
].forEach(sandboxValue => {
async_test(t => {
const channel = new BroadcastChannel(token());
channel.onmessage = t.unreached_func("A COOP popup was created from a CSP-sandboxed popup");
const popup = window.open(`resources/csp-sandbox.py?coop=same-origin&coep=&sandbox=${sandboxValue}&channel=${channel.name}`);
t.add_cleanup(() => { popup.close(); });
addEventListener('load', t.step_func(() => {
t.step_timeout(() => {
t.done()
}, 1500);
}));
}, `CSP: sandbox ${sandboxValue}; ${document.title}`);
});
</script>
21 changes: 21 additions & 0 deletions html/cross-origin-opener-policy/resources/csp-sandbox.py
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
def main(request, response):
coop = request.GET.first("coop")
coep = request.GET.first("coep")
sandbox = request.GET.first("sandbox")
if coop != "":
response.headers.set("Cross-Origin-Opener-Policy", coop)
if coep != "":
response.headers.set("Cross-Origin-Embedder-Policy", coep)
response.headers.set("Content-Security-Policy", "sandbox " + sandbox + ";")

# Open a popup to coop-coep.py with the same parameters (except sandbox)
response.content = """
<!doctype html>
<meta charset=utf-8>
<script src="/common/get-host-info.sub.js"></script>
<script>
const params = new URL(location).searchParams;
params.delete("sandbox");
window.open(`${get_host_info().HTTPS_ORIGIN}/html/cross-origin-opener-policy/resources/coop-coep.py?${params}`)
</script>
"""

0 comments on commit 90e5b44

Please sign in to comment.