Bug 1718029 [wpt PR 29475] - Add WPT for COEP inheritance in local scheme popups, a=testonly
☠☠ backed out by dec0a179f851 ☠ ☠
authorAntonio Sartori <antoniosartori@chromium.org>
Sat, 17 Jul 2021 09:53:42 +0000
changeset 585864 2f464b21b0d08544fd7aefcf0a72f6ca4aba7c22
parent 585863 058f8d6e10f879d9b0dfae933329cba34ecb1f18
child 585865 600ab0cd3261626602a16b7a63f4745ae84ced73
push id38620
push usercsabou@mozilla.com
push dateSun, 18 Jul 2021 09:08:29 +0000
treeherdermozilla-central@cc4e5ea0c986 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewerstestonly
bugs1718029, 29475, 2984561, 901853
milestone92.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1718029 [wpt PR 29475] - Add WPT for COEP inheritance in local scheme popups, a=testonly Automatic update from web-platform-tests Add WPT for COEP inheritance in local scheme popups This change adds a Web Platform Test checking inheritance of Cross Origin Embedder Policy to local scheme popups. Change-Id: I66b4122751622a7d3df7112741a9f86785446417 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2984561 Reviewed-by: Domenic Denicola <domenic@chromium.org> Commit-Queue: Antonio Sartori <antoniosartori@chromium.org> Cr-Commit-Position: refs/heads/master@{#901853} -- wpt-commits: f27bd064b94b35fb80dc389327b264bdbe11a7ae wpt-pr: 29475
testing/web-platform/tests/html/cross-origin-embedder-policy/about-blank-popup.https.html
testing/web-platform/tests/html/cross-origin-embedder-policy/about-blank-popup.https.html.headers
testing/web-platform/tests/html/cross-origin-embedder-policy/blob.https.html
testing/web-platform/tests/html/cross-origin-embedder-policy/resources/blob-url-factory.html
testing/web-platform/tests/html/cross-origin-embedder-policy/resources/postmessage-ready.html
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/html/cross-origin-embedder-policy/about-blank-popup.https.html
@@ -0,0 +1,59 @@
+<!doctype html>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+<script src="resources/script-factory.js"></script>
+<script src="/common/get-host-info.sub.js"></script>
+<script src="/common/utils.js"></script>
+<script>
+  const origins = get_host_info();
+
+  promise_test(async t => {
+    const popup = window.open();
+    t.add_cleanup(() => { popup.close(); });
+
+    let data_from_popup = () => new Promise(resolve =>
+      window.addEventListener("message", (({ data }) => resolve(data))));
+
+    let check_result = (data, text) => {
+      assert_equals(data.origin, origin);
+      assert_true(data.sameOriginNoCORPSuccess,
+                  text + ": Same-origin without CORP did not succeed");
+      assert_true(data.crossOriginNoCORPFailure,
+                  text + ": Cross-origin without CORP did not fail");
+    };
+
+    // Check if COEP is inherited by the popup.
+    let script = popup.document.createElement('script');
+    script.innerHTML =
+      `${createScript(window.origin, origins.HTTPS_REMOTE_ORIGIN, "opener")}`;
+    popup.document.body.appendChild(script);
+    check_result(await data_from_popup(), "Initial empty document");
+
+    // Navigate the popup away.
+    popup.location = origins.HTTPS_REMOTE_ORIGIN +
+      "/html/cross-origin-embedder-policy/resources/postmessage-ready.html";
+    assert_equals(await new Promise(resolve =>
+      window.addEventListener("message", msg => resolve(msg.data))),
+      "ready");
+
+    // Navigate the popup to about:blank and wait for it.
+    popup.location = "about:blank";
+    await t.step_wait(
+      condition = () => {
+        try {
+          return popup.location.href === "about:blank";
+        } catch {}
+        return false;
+      },
+      description = "Wait for the popup to navigate.",
+      timeout=3000,
+      interval=50);
+
+    // Check again if COEP is inherited.
+    script = popup.document.createElement('script');
+    script.innerHTML =
+      `${createScript(window.origin, origins.HTTPS_REMOTE_ORIGIN, "opener")}`;
+    popup.document.body.appendChild(script);
+    check_result(await data_from_popup(), "Non-initial about:blank document");
+  }, `Cross-Origin-Embedder-Policy is inherited by about:blank popup.`);
+</script>
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/html/cross-origin-embedder-policy/about-blank-popup.https.html.headers
@@ -0,0 +1,1 @@
+Cross-Origin-Embedder-Policy: require-corp
--- a/testing/web-platform/tests/html/cross-origin-embedder-policy/blob.https.html
+++ b/testing/web-platform/tests/html/cross-origin-embedder-policy/blob.https.html
@@ -16,28 +16,29 @@ const origins = get_host_info();
     "origin": origins.HTTPS_REMOTE_ORIGIN,
     "crossOrigin": origins.HTTPS_NOTSAMESITE_ORIGIN
   },
   {
     "origin": origins.HTTPS_NOTSAMESITE_ORIGIN,
     "crossOrigin": origins.HTTPS_ORIGIN
   }
 ].forEach(({ origin, crossOrigin }) => {
-  ["subframe", "navigate"].forEach(variant => {
+  ["subframe", "navigate", "popup"].forEach(variant => {
     async_test(t => {
       const id = token();
       const frame = document.createElement("iframe");
       t.add_cleanup(() => { frame.remove(); });
       const path = new URL("resources/blob-url-factory.html", window.location).pathname;
       frame.src = `${origin}${path}?id=${id}&variant=${variant}&crossOrigin=${crossOrigin}`;
-      window.addEventListener("message", t.step_func_done(({ data }) => {
+      window.addEventListener("message", t.step_func(({ data }) => {
         if (data.id !== id) {
           return;
         }
         assert_equals(data.origin, origin);
         assert_true(data.sameOriginNoCORPSuccess, "Same-origin without CORP did not succeed");
         assert_true(data.crossOriginNoCORPFailure, "Cross-origin without CORP did not fail");
+        t.done();
       }));
       document.body.append(frame);
     }, `Cross-Origin-Embedder-Policy and blob: URL from ${origin} in subframe via ${variant}`);
   });
 });
 </script>
--- a/testing/web-platform/tests/html/cross-origin-embedder-policy/resources/blob-url-factory.html
+++ b/testing/web-platform/tests/html/cross-origin-embedder-policy/resources/blob-url-factory.html
@@ -1,17 +1,24 @@
 <body>
 <script src="script-factory.js"></script>
 <script>
 const query = new URLSearchParams(window.location.search);
 const id = query.get("id");
 const variant = query.get("variant");
-const parent = (variant === "subframe") ? "parent.parent" : "parent";
+let parent = "parent";
+if (variant === "subframe") {
+  parent = "parent.parent";
+} else if (variant === "popup") {
+  parent = "opener.parent";
+}
 const blob = new Blob([`<script>${createScript(window.origin, query.get("crossOrigin"), parent, id)}<\/script>`], { type: "text/html" });
 const blobURL = URL.createObjectURL(blob);
 if (variant === "subframe") {
   const frame = document.createElement("iframe");
   frame.src = blobURL;
   document.body.append(frame);
+} else if (variant === "popup") {
+  window.open(blobURL);
 } else {
   window.location = blobURL;
 }
 </script>
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/html/cross-origin-embedder-policy/resources/postmessage-ready.html
@@ -0,0 +1,4 @@
+<!DOCTYPE html>
+<script>
+  opener.postMessage("ready", "*");
+</script>