| ☠☠ backed out by dec0a179f851 ☠ ☠ | |
| author | Antonio Sartori <antoniosartori@chromium.org> |
| Sat, 17 Jul 2021 09:53:42 +0000 | |
| changeset 585864 | 2f464b21b0d08544fd7aefcf0a72f6ca4aba7c22 |
| parent 585863 | 058f8d6e10f879d9b0dfae933329cba34ecb1f18 |
| child 585865 | 600ab0cd3261626602a16b7a63f4745ae84ced73 |
| push id | 38620 |
| push user | csabou@mozilla.com |
| push date | Sun, 18 Jul 2021 09:08:29 +0000 |
| treeherder | mozilla-central@cc4e5ea0c986 [default view] [failures only] |
| perfherder | [talos] [build metrics] [platform microbench] (compared to previous push) |
| reviewers | testonly |
| bugs | 1718029, 29475, 2984561, 901853 |
| milestone | 92.0a1 |
| first release with | nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
|
| last release without | nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
|
new file mode 100644 --- /dev/null +++ b/testing/web-platform/tests/html/cross-origin-embedder-policy/about-blank-popup.https.html @@ -0,0 +1,59 @@ +<!doctype html> +<script src="/resources/testharness.js"></script> +<script src="/resources/testharnessreport.js"></script> +<script src="resources/script-factory.js"></script> +<script src="/common/get-host-info.sub.js"></script> +<script src="/common/utils.js"></script> +<script> + const origins = get_host_info(); + + promise_test(async t => { + const popup = window.open(); + t.add_cleanup(() => { popup.close(); }); + + let data_from_popup = () => new Promise(resolve => + window.addEventListener("message", (({ data }) => resolve(data)))); + + let check_result = (data, text) => { + assert_equals(data.origin, origin); + assert_true(data.sameOriginNoCORPSuccess, + text + ": Same-origin without CORP did not succeed"); + assert_true(data.crossOriginNoCORPFailure, + text + ": Cross-origin without CORP did not fail"); + }; + + // Check if COEP is inherited by the popup. + let script = popup.document.createElement('script'); + script.innerHTML = + `${createScript(window.origin, origins.HTTPS_REMOTE_ORIGIN, "opener")}`; + popup.document.body.appendChild(script); + check_result(await data_from_popup(), "Initial empty document"); + + // Navigate the popup away. + popup.location = origins.HTTPS_REMOTE_ORIGIN + + "/html/cross-origin-embedder-policy/resources/postmessage-ready.html"; + assert_equals(await new Promise(resolve => + window.addEventListener("message", msg => resolve(msg.data))), + "ready"); + + // Navigate the popup to about:blank and wait for it. + popup.location = "about:blank"; + await t.step_wait( + condition = () => { + try { + return popup.location.href === "about:blank"; + } catch {} + return false; + }, + description = "Wait for the popup to navigate.", + timeout=3000, + interval=50); + + // Check again if COEP is inherited. + script = popup.document.createElement('script'); + script.innerHTML = + `${createScript(window.origin, origins.HTTPS_REMOTE_ORIGIN, "opener")}`; + popup.document.body.appendChild(script); + check_result(await data_from_popup(), "Non-initial about:blank document"); + }, `Cross-Origin-Embedder-Policy is inherited by about:blank popup.`); +</script>
new file mode 100644 --- /dev/null +++ b/testing/web-platform/tests/html/cross-origin-embedder-policy/about-blank-popup.https.html.headers @@ -0,0 +1,1 @@ +Cross-Origin-Embedder-Policy: require-corp
--- a/testing/web-platform/tests/html/cross-origin-embedder-policy/blob.https.html +++ b/testing/web-platform/tests/html/cross-origin-embedder-policy/blob.https.html @@ -16,28 +16,29 @@ const origins = get_host_info(); "origin": origins.HTTPS_REMOTE_ORIGIN, "crossOrigin": origins.HTTPS_NOTSAMESITE_ORIGIN }, { "origin": origins.HTTPS_NOTSAMESITE_ORIGIN, "crossOrigin": origins.HTTPS_ORIGIN } ].forEach(({ origin, crossOrigin }) => { - ["subframe", "navigate"].forEach(variant => { + ["subframe", "navigate", "popup"].forEach(variant => { async_test(t => { const id = token(); const frame = document.createElement("iframe"); t.add_cleanup(() => { frame.remove(); }); const path = new URL("resources/blob-url-factory.html", window.location).pathname; frame.src = `${origin}${path}?id=${id}&variant=${variant}&crossOrigin=${crossOrigin}`; - window.addEventListener("message", t.step_func_done(({ data }) => { + window.addEventListener("message", t.step_func(({ data }) => { if (data.id !== id) { return; } assert_equals(data.origin, origin); assert_true(data.sameOriginNoCORPSuccess, "Same-origin without CORP did not succeed"); assert_true(data.crossOriginNoCORPFailure, "Cross-origin without CORP did not fail"); + t.done(); })); document.body.append(frame); }, `Cross-Origin-Embedder-Policy and blob: URL from ${origin} in subframe via ${variant}`); }); }); </script>
--- a/testing/web-platform/tests/html/cross-origin-embedder-policy/resources/blob-url-factory.html +++ b/testing/web-platform/tests/html/cross-origin-embedder-policy/resources/blob-url-factory.html @@ -1,17 +1,24 @@ <body> <script src="script-factory.js"></script> <script> const query = new URLSearchParams(window.location.search); const id = query.get("id"); const variant = query.get("variant"); -const parent = (variant === "subframe") ? "parent.parent" : "parent"; +let parent = "parent"; +if (variant === "subframe") { + parent = "parent.parent"; +} else if (variant === "popup") { + parent = "opener.parent"; +} const blob = new Blob([`<script>${createScript(window.origin, query.get("crossOrigin"), parent, id)}<\/script>`], { type: "text/html" }); const blobURL = URL.createObjectURL(blob); if (variant === "subframe") { const frame = document.createElement("iframe"); frame.src = blobURL; document.body.append(frame); +} else if (variant === "popup") { + window.open(blobURL); } else { window.location = blobURL; } </script>