Bug 1656457 [wpt PR 24823] - [COOP] ReportingObserver [1/M] Add WPT tests., a=testonly
authorarthursonzogni <arthursonzogni@chromium.org>
Fri, 07 Aug 2020 12:40:42 +0000
changeset 544800 bf0e3f01b294e5605b27abb2d8eff2ecc1e8cd2f
parent 544799 23fbaa3e2e2f9e7051e9dd459b8f2a11ead939e5
child 544801 98b4a6f606a9e8dab38772190a7e97accbc5e91d
push id124254
push userwptsync@mozilla.com
push dateSat, 15 Aug 2020 07:08:45 +0000
treeherderautoland@3f1068b2fb00 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewerstestonly
bugs1656457, 24823, 1111691, 2332257, 794105
milestone81.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1656457 [wpt PR 24823] - [COOP] ReportingObserver [1/M] Add WPT tests., a=testonly Automatic update from web-platform-tests [COOP] ReportingObserver [1/M] Add WPT tests. When an access is made in between two windows that would be put in different browsing context group if COOP was enforced, we should dispatch events to the ReportingObserver(s) and display error messages. This patch adds the first two basic WPT tests. A few more are also coming in follow-ups, in particular when the access is made from an iframe. Branch: [1/M] This patch. Bug: 1111691 Change-Id: I38d7092c9edb664b9f2936c7a86f2c488fafde9c Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2332257 Commit-Queue: Arthur Sonzogni <arthursonzogni@chromium.org> Reviewed-by: Pâris Meuleman <pmeuleman@chromium.org> Cr-Commit-Position: refs/heads/master@{#794105} -- wpt-commits: 813888b3f830c6d52ed3382a4976fd6196240159 wpt-pr: 24823
testing/web-platform/tests/html/cross-origin-opener-policy/reporting/access-reporting/reporting-observer.html
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/html/cross-origin-opener-policy/reporting/access-reporting/reporting-observer.html
@@ -0,0 +1,135 @@
+<title>
+  Check the ReportingObserver(s) are notified about the coop-access-violation
+  events.
+</title>
+<script src=/resources/testharness.js></script>
+<script src=/resources/testharnessreport.js></script>
+<script src=/common/get-host-info.sub.js></script>
+<script src="/common/utils.js"></script>
+<script src="../resources/dispatcher.js"></script>
+<script src="../resources/try-access.js"></script>
+<script>
+
+const directory = "/html/cross-origin-opener-policy/reporting";
+const executor_path = directory + "/resources/executor.html?pipe=";
+const https = get_host_info().HTTPS_ORIGIN;
+const coep_header = '|header(Cross-Origin-Embedder-Policy,require-corp)';
+
+promise_test(async t => {
+  // This test window.
+  const this_window_token = token();
+
+  // The "opener" window, using COOP-Report-Only and a reporter.
+  const opener_token = token();
+  const opener_reportTo = reportToHeaders(token());
+  const opener_url = https + executor_path + opener_reportTo.header +
+    opener_reportTo.coopReportOnlySameOriginHeader + coep_header +
+    `&uuid=${opener_token}`;
+
+  // The "openee" window, NOT using COOP.
+  const openee_token = token();
+  const openee_url = https + executor_path + `&uuid=${openee_token}`;
+
+  // 1. Create the opener window.
+  window.open(opener_url);
+  t.add_cleanup(() => send(opener_token, "window.close();"));
+
+  // 2. The opener opens its openee.
+  send(opener_token, `openee = window.open('${openee_url}');`);
+  t.add_cleanup(() => send(openee_token, `window.close();`));
+
+  // 3. Wait for the openee to load its document.
+  send(openee_token, `send("${this_window_token}", "Ready");`);
+  assert_equals(await receive(this_window_token), "Ready");
+
+  // 4. The opener tries to access its openee. All reports for blocked access
+  //    from the COOP page should notify the ReportingObservers.
+  send(opener_token, `
+    let observer = new ReportingObserver(()=>{});
+    observer.observe();
+    tryAccess(openee);
+    let reports = observer.takeRecords();
+    send("${this_window_token}", JSON.stringify(reports));
+    observer.disconnect();
+  `);
+
+  let report_access_from = JSON.parse(await receive(this_window_token));
+  assert_equals(report_access_from.length, 1, "No report received.");
+  assert_equals(report_access_from[0].type, "coop-access-violation");
+  assert_equals(report_access_from[0].url, opener_url.replace(/"/g, '%22'));
+  assert_true(report_access_from[0].body.sourceFile.includes("try-access.js"));
+  assert_equals(report_access_from[0].body.lineNumber, 6);
+  assert_equals(report_access_from[0].body.columnNumber, 7);
+  assert_equals(report_access_from[0].body.property, "blur");
+
+  // 5. The openee tries to access its opener. No reports for blocked access
+  //    to the COOP page should be dispatched.
+  send(openee_token, `
+    let observer = new ReportingObserver(()=>{});
+    observer.observe();
+    tryAccess(opener);
+    let reports = observer.takeRecords();
+    send("${this_window_token}", JSON.stringify(reports));
+    observer.disconnect();
+  `);
+  let report_access_to = JSON.parse(await receive(this_window_token));
+  assert_equals(report_access_to.length, 0, "Unexpected report received.");
+}, "Opener COOP");
+
+promise_test(async t => {
+  // This test window.
+  const this_window_token = token();
+
+  // The "opener" window, NOT using COOP.
+  const opener_token = token();
+  const opener_url = https + executor_path + `&uuid=${opener_token}`;
+
+  // The "openee" window, using COOP-Report-Only and a reporter.
+  const openee_token = token();
+  const openee_reportTo = reportToHeaders(token());
+  const openee_url = https + executor_path + openee_reportTo.header +
+    openee_reportTo.coopReportOnlySameOriginHeader + coep_header +
+    `&uuid=${openee_token}`;
+
+  // 1. Create the opener window.
+  window.open(opener_url);
+  t.add_cleanup(() => send(opener_token, "window.close();"));
+
+  // 2. The opener opens its openee.
+  send(opener_token,
+    `openee = window.open('${openee_url.replace(/,/g, '\\,')}');`);
+  t.add_cleanup(() => send(openee_token, `window.close();`));
+
+  // 3. The openee tries to access its opener. All reports for blocked access
+  //    from the COOP page should notify the ReportingObservers.
+  send(openee_token, `
+    let observer = new ReportingObserver(()=>{});
+    observer.observe();
+    tryAccess(opener);
+    let reports = observer.takeRecords();
+    send("${this_window_token}", JSON.stringify(reports));
+    observer.disconnect();
+  `);
+  let report_access_from = JSON.parse(await receive(this_window_token));
+  assert_equals(report_access_from.length, 1, "No report received.");
+  assert_equals(report_access_from[0].type, "coop-access-violation");
+  assert_equals(report_access_from[0].url, openee_url.replace(/"/g, '%22'));
+  assert_true(report_access_from[0].body.sourceFile.includes("try-access.js"));
+  assert_equals(report_access_from[0].body.lineNumber, 6);
+  assert_equals(report_access_from[0].body.columnNumber, 7);
+  assert_equals(report_access_from[0].body.property, "blur");
+
+  // 4. The opener tries to access its openee. No reports for blocked access
+  //    to the COOP page should be dispatched.
+  send(opener_token, `
+    let observer = new ReportingObserver(()=>{});
+    observer.observe();
+    tryAccess(openee);
+    let reports = observer.takeRecords();
+    send("${this_window_token}", JSON.stringify(reports));
+    observer.disconnect();
+  `);
+  let report_access_to = JSON.parse(await receive(this_window_token));
+  assert_equals(report_access_to.length, 0, "Unexpected report received.");
+}, "Openee COOP");
+</script>