Bug 1656457 [wpt PR 24823] - [COOP] ReportingObserver [1/M] Add WPT tests., a=testonly
☠☠ backed out by a6e9c6ea61f6 ☠ ☠
authorarthursonzogni <arthursonzogni@chromium.org>
Fri, 07 Aug 2020 12:40:42 +0000
changeset 543906 075fff0351441a66bdc251df0d35c8f7f62ec218
parent 543905 e4712c11e98c6676a28f401d3cabce2e64a4d89a
child 543907 d5f888f3ec84e969773c24c9bd271694d5d59592
push id123742
push userwptsync@mozilla.com
push dateFri, 07 Aug 2020 23:31:06 +0000
treeherderautoland@9584ddf5d03a [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewerstestonly
bugs1656457, 24823, 1111691, 2332257, 794105
milestone81.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1656457 [wpt PR 24823] - [COOP] ReportingObserver [1/M] Add WPT tests., a=testonly Automatic update from web-platform-tests [COOP] ReportingObserver [1/M] Add WPT tests. When an access is made in between two windows that would be put in different browsing context group if COOP was enforced, we should dispatch events to the ReportingObserver(s) and display error messages. This patch adds the first two basic WPT tests. A few more are also coming in follow-ups, in particular when the access is made from an iframe. Branch: [1/M] This patch. Bug: 1111691 Change-Id: I38d7092c9edb664b9f2936c7a86f2c488fafde9c Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2332257 Commit-Queue: Arthur Sonzogni <arthursonzogni@chromium.org> Reviewed-by: Pâris Meuleman <pmeuleman@chromium.org> Cr-Commit-Position: refs/heads/master@{#794105} -- wpt-commits: 813888b3f830c6d52ed3382a4976fd6196240159 wpt-pr: 24823
testing/web-platform/tests/html/cross-origin-opener-policy/reporting/access-reporting/reporting-observer.html
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/html/cross-origin-opener-policy/reporting/access-reporting/reporting-observer.html
@@ -0,0 +1,135 @@
+<title>
+  Check the ReportingObserver(s) are notified about the coop-access-violation
+  events.
+</title>
+<script src=/resources/testharness.js></script>
+<script src=/resources/testharnessreport.js></script>
+<script src=/common/get-host-info.sub.js></script>
+<script src="/common/utils.js"></script>
+<script src="../resources/dispatcher.js"></script>
+<script src="../resources/try-access.js"></script>
+<script>
+
+const directory = "/html/cross-origin-opener-policy/reporting";
+const executor_path = directory + "/resources/executor.html?pipe=";
+const https = get_host_info().HTTPS_ORIGIN;
+const coep_header = '|header(Cross-Origin-Embedder-Policy,require-corp)';
+
+promise_test(async t => {
+  // This test window.
+  const this_window_token = token();
+
+  // The "opener" window, using COOP-Report-Only and a reporter.
+  const opener_token = token();
+  const opener_reportTo = reportToHeaders(token());
+  const opener_url = https + executor_path + opener_reportTo.header +
+    opener_reportTo.coopReportOnlySameOriginHeader + coep_header +
+    `&uuid=${opener_token}`;
+
+  // The "openee" window, NOT using COOP.
+  const openee_token = token();
+  const openee_url = https + executor_path + `&uuid=${openee_token}`;
+
+  // 1. Create the opener window.
+  window.open(opener_url);
+  t.add_cleanup(() => send(opener_token, "window.close();"));
+
+  // 2. The opener opens its openee.
+  send(opener_token, `openee = window.open('${openee_url}');`);
+  t.add_cleanup(() => send(openee_token, `window.close();`));
+
+  // 3. Wait for the openee to load its document.
+  send(openee_token, `send("${this_window_token}", "Ready");`);
+  assert_equals(await receive(this_window_token), "Ready");
+
+  // 4. The opener tries to access its openee. All reports for blocked access
+  //    from the COOP page should notify the ReportingObservers.
+  send(opener_token, `
+    let observer = new ReportingObserver(()=>{});
+    observer.observe();
+    tryAccess(openee);
+    let reports = observer.takeRecords();
+    send("${this_window_token}", JSON.stringify(reports));
+    observer.disconnect();
+  `);
+
+  let report_access_from = JSON.parse(await receive(this_window_token));
+  assert_equals(report_access_from.length, 1, "No report received.");
+  assert_equals(report_access_from[0].type, "coop-access-violation");
+  assert_equals(report_access_from[0].url, opener_url.replace(/"/g, '%22'));
+  assert_true(report_access_from[0].body.sourceFile.includes("try-access.js"));
+  assert_equals(report_access_from[0].body.lineNumber, 6);
+  assert_equals(report_access_from[0].body.columnNumber, 7);
+  assert_equals(report_access_from[0].body.property, "blur");
+
+  // 5. The openee tries to access its opener. No reports for blocked access
+  //    to the COOP page should be dispatched.
+  send(openee_token, `
+    let observer = new ReportingObserver(()=>{});
+    observer.observe();
+    tryAccess(opener);
+    let reports = observer.takeRecords();
+    send("${this_window_token}", JSON.stringify(reports));
+    observer.disconnect();
+  `);
+  let report_access_to = JSON.parse(await receive(this_window_token));
+  assert_equals(report_access_to.length, 0, "Unexpected report received.");
+}, "Opener COOP");
+
+promise_test(async t => {
+  // This test window.
+  const this_window_token = token();
+
+  // The "opener" window, NOT using COOP.
+  const opener_token = token();
+  const opener_url = https + executor_path + `&uuid=${opener_token}`;
+
+  // The "openee" window, using COOP-Report-Only and a reporter.
+  const openee_token = token();
+  const openee_reportTo = reportToHeaders(token());
+  const openee_url = https + executor_path + openee_reportTo.header +
+    openee_reportTo.coopReportOnlySameOriginHeader + coep_header +
+    `&uuid=${openee_token}`;
+
+  // 1. Create the opener window.
+  window.open(opener_url);
+  t.add_cleanup(() => send(opener_token, "window.close();"));
+
+  // 2. The opener opens its openee.
+  send(opener_token,
+    `openee = window.open('${openee_url.replace(/,/g, '\\,')}');`);
+  t.add_cleanup(() => send(openee_token, `window.close();`));
+
+  // 3. The openee tries to access its opener. All reports for blocked access
+  //    from the COOP page should notify the ReportingObservers.
+  send(openee_token, `
+    let observer = new ReportingObserver(()=>{});
+    observer.observe();
+    tryAccess(opener);
+    let reports = observer.takeRecords();
+    send("${this_window_token}", JSON.stringify(reports));
+    observer.disconnect();
+  `);
+  let report_access_from = JSON.parse(await receive(this_window_token));
+  assert_equals(report_access_from.length, 1, "No report received.");
+  assert_equals(report_access_from[0].type, "coop-access-violation");
+  assert_equals(report_access_from[0].url, openee_url.replace(/"/g, '%22'));
+  assert_true(report_access_from[0].body.sourceFile.includes("try-access.js"));
+  assert_equals(report_access_from[0].body.lineNumber, 6);
+  assert_equals(report_access_from[0].body.columnNumber, 7);
+  assert_equals(report_access_from[0].body.property, "blur");
+
+  // 4. The opener tries to access its openee. No reports for blocked access
+  //    to the COOP page should be dispatched.
+  send(opener_token, `
+    let observer = new ReportingObserver(()=>{});
+    observer.observe();
+    tryAccess(openee);
+    let reports = observer.takeRecords();
+    send("${this_window_token}", JSON.stringify(reports));
+    observer.disconnect();
+  `);
+  let report_access_to = JSON.parse(await receive(this_window_token));
+  assert_equals(report_access_to.length, 0, "Unexpected report received.");
+}, "Openee COOP");
+</script>