Bug 1657327 [wpt PR 24885] - [COOP] Add same-origin test for redirect+SOAP, a=testonly
authorPâris MEULEMAN <pmeuleman@chromium.org>
Fri, 07 Aug 2020 12:45:53 +0000
changeset 544862 94a03bd82394befef405abc139873a77071679c3
parent 544861 85ada381941c1e423a66af802aac445993b14be9
child 544863 8e0ea72b5abb2c70f3b29bbb0c226fb92085fb53
push id124254
push userwptsync@mozilla.com
push dateSat, 15 Aug 2020 07:08:45 +0000
treeherderautoland@3f1068b2fb00 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewerstestonly
bugs1657327, 24885, 2332260, 2338874, 795414
milestone81.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1657327 [wpt PR 24885] - [COOP] Add same-origin test for redirect+SOAP, a=testonly Automatic update from web-platform-tests [COOP] Add same-origin test for redirect+SOAP Follow up on [1] adding the same-origin version of the test. I.e. the first document of the popup is same-origin instead of cross-origin. 1: https://chromium-review.googlesource.com/c/chromium/src/+/2332260 Change-Id: I30a187b2c6a943abe44c5e3cff4e95ea36f5fccd Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2338874 Commit-Queue: Pâris Meuleman <pmeuleman@chromium.org> Auto-Submit: Pâris Meuleman <pmeuleman@chromium.org> Reviewed-by: Arthur Sonzogni <arthursonzogni@chromium.org> Reviewed-by: Camille Lamy <clamy@chromium.org> Cr-Commit-Position: refs/heads/master@{#795414} -- wpt-commits: 14e519e8b7f4f2ea47961391ac9783831e940159 wpt-pr: 24885
testing/web-platform/tests/html/cross-origin-opener-policy/reporting/navigation-reporting/reporting-redirect-with-same-origin-allow-popups.https.html
--- a/testing/web-platform/tests/html/cross-origin-opener-policy/reporting/navigation-reporting/reporting-redirect-with-same-origin-allow-popups.https.html
+++ b/testing/web-platform/tests/html/cross-origin-opener-policy/reporting/navigation-reporting/reporting-redirect-with-same-origin-allow-popups.https.html
@@ -1,83 +1,115 @@
 <title>
-  COOP reports are to the opener when the opener used COOP-RO+COEP and then its
-  cross-origin openee tries to access it.
+  Tests the redirect interaction with COOP same-origin-allow-popups.
 </title>
 <meta name=timeout content=long>
 <script src=/resources/testharness.js></script>
 <script src=/resources/testharnessreport.js></script>
 <script src=/common/get-host-info.sub.js></script>
 <script src="/common/utils.js"></script>
 <script src="../resources/dispatcher.js"></script>
 <script>
 
 const directory = "/html/cross-origin-opener-policy/reporting";
 const executor_path = directory + "/resources/executor.html?pipe=";
-const same_origin = get_host_info().HTTPS_ORIGIN;
-const cross_origin = get_host_info().HTTPS_REMOTE_ORIGIN;
+const same_origin = {
+  host: get_host_info().HTTPS_ORIGIN,
+  name: "Same origin"
+};
+const cross_origin = {
+  host: get_host_info().HTTPS_REMOTE_ORIGIN,
+  name: "Cross origin"
+};
 const coep_header = '|header(Cross-Origin-Embedder-Policy,require-corp)';
 
-promise_test(async t => {
-  // The test window.
-  const this_window_token = token();
+// Tests the redirect interaction with COOP same-origin-allow-popups and
+// reporting:
+// 1 - open the opener document on origin same_origin wit COOP
+// same-origin-allow-popups.
+// 2 - opener opens popup with document on origin popup_origin, no COOP and a
+// redirect header (HTTP 302, location).
+// 3 - redirection to a document with origin same_origin and COOP
+// same-origin-allow-popups.
+//
+// The navigation (2) to the first document of the popup stays in the same
+// browsing context group due to the same-origin-allow-popups COOP of the
+// opener.
+// The redirect (3) to the final document does since it compares the
+// popup_origin/unsafe-none document with the
+// same-origin/same-origin-allow-popups document.
+//
+// A opens B, B redirects to C.
+//
+// Document  Origin        COOP
+// --------  ------------  ------------------------
+// A         same-origin   same-origin-allow-popups
+// B         popup-origin  unsafe-none
+// C         same-origin   same-origin-allow-popups
+function redirect_test( popup_origin ) {
+  promise_test(async t => {
+    // The test window.
+    const this_window_token = token();
 
-  // The "opener" window. This has COOP same-origin-allow-popups and a reporter.
-  const opener_report_token= token();
-  const opener_token = token();
-  const opener_reportTo = reportToHeaders(opener_report_token);
-  const opener_url = same_origin + executor_path + opener_reportTo.header +
-    opener_reportTo.coopSameOriginAllowPopupsHeader +
-    `&uuid=${opener_token}`;
+    // The "opener" window. This has COOP same-origin-allow-popups and a
+    // reporter.
+    const opener_report_token= token();
+    const opener_token = token();
+    const opener_reportTo = reportToHeaders(opener_report_token);
+    const opener_url = same_origin.host + executor_path +
+      opener_reportTo.header + opener_reportTo.coopSameOriginAllowPopupsHeader +
+      `&uuid=${opener_token}`;
 
-  // The "openee" window.
-  // The initial URL is cross-origin with the opener, and redirects to a
-  // same-origin page with same-origin-allow-popups.
-  // The navigation to the cross-origin page stays in the same browsing context
-  // group due to the same-origin-allow-popups policy, but the redirect to the
-  // final page does since it compares the cross-origin/unsafe-none document
-  // with the same-origin/same-origin-allow-popups document.
-  const openee_token = token();
-  const openee_redirect_url = same_origin + executor_path +
-    opener_reportTo.header + opener_reportTo.coopSameOriginAllowPopupsHeader +
-    `&uuid=${openee_token}`;
-  const redirect_header = 'status(302)' +
-    `|header(Location,${encodeURIComponent(
-      openee_redirect_url
-        .replace(/,/g, "\\,")
-        .replace(/\\\\,/g, "\\\\\\,")
-        .replace(/\(/g, "%28")
-        .replace(/\)/g, "%29"))})`;
-  const openee_url = cross_origin + executor_path + redirect_header +
-    `&uuid=${openee_token}`;
-  // 1. Create the opener window.
-  let opener_window_proxy = window.open(opener_url);
-  t.add_cleanup(() => send(opener_token, "window.close()"));
+    // The "openee" window.
+    // The initial document does not have COOP and is on popup_origin, it
+    // redirects to a same-origin (with the opener) document with COOP
+    // same-origin-allow-popups.
+    const openee_token = token();
+    const openee_redirect_url = same_origin.host + executor_path +
+      opener_reportTo.header + opener_reportTo.coopSameOriginAllowPopupsHeader +
+      `&uuid=${openee_token}`;
+    const redirect_header = 'status(302)' +
+      `|header(Location,${encodeURIComponent(
+        openee_redirect_url
+          .replace(/,/g, "\\,")
+          .replace(/\\\\,/g, "\\\\\\,")
+          .replace(/\(/g, "%28")
+          .replace(/\)/g, "%29"))})`;
+    const openee_url = popup_origin.host + executor_path + redirect_header +
+      `&uuid=${openee_token}`;
+    // 1. Create the opener window.
+    let opener_window_proxy = window.open(opener_url);
+    t.add_cleanup(() => send(opener_token, "window.close()"));
+
+    // 2. The opener opens its openee.
+    send(opener_token, `
+      openee = window.open("${openee_url}");
+    `);
+    t.add_cleanup(() => send(openee_token, "window.close()"));
 
-  // 2. The opener opens its openee.
-  send(opener_token, `
-    openee = window.open("${openee_url}");
-  `);
-  t.add_cleanup(() => send(openee_token, "window.close()"));
+    // 3. Check the opener status on the openee.
+    send(openee_token, `
+      send("${this_window_token}", opener !== null);
+    `);
+    assert_equals(await receive(this_window_token), "false", "opener");
 
-  // 3. Check the opener status on the openee.
-  send(openee_token, `
-    send("${this_window_token}", opener !== null);
-  `);
-  assert_equals(await receive(this_window_token), "false", "opener");
+    // 4. Check the openee status on the opener.
+    send(opener_token, `
+      send("${this_window_token}", openee.closed);
+    `);
+    assert_equals(await receive(this_window_token), "true", "openee.closed");
 
-  // 4. Check the openee status on the opener.
-  send(opener_token, `
-    send("${this_window_token}", openee.closed);
-  `);
-  assert_equals(await receive(this_window_token), "true", "openee.closed");
+    // 5. Check a report sent to the openee.
+    let report = await receiveReport(
+        opener_report_token,
+        "navigation-to-document");
+    assert_not_equals(report, "timeout", "Report not received");
+    assert_equals(report.type, "coop");
+    assert_equals(report.url, openee_redirect_url.replace(/"/g, '%22'));
+    assert_equals(report.body["disposition"], "enforce");
+    assert_equals(report.body["effective-policy"], "same-origin-allow-popups");
+    assert_equals(report.body["document-uri"], openee_url);
+  }, `${popup_origin.name} openee redirected to same-origin with same-origin-allow-popups`);
+}
 
-  // 5. Check a report sent to the openee.
-  let report = await receiveReport(opener_report_token, "navigation-to-document")
-  assert_not_equals(report, "timeout", "Report not received");
-  assert_equals(report.type, "coop");
-  assert_equals(report.url, openee_redirect_url.replace(/"/g, '%22'));
-  assert_equals(report.body["disposition"], "enforce");
-  assert_equals(report.body["effective-policy"], "same-origin-allow-popups");
-  assert_equals(report.body["document-uri"], openee_url);
-}, "Cross-origin openee redirected to same-origin with same-origin-allow-popups");
-
+redirect_test(same_origin);
+redirect_test(cross_origin);
 </script>