forked from web-platform-tests/wpt
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
WPT tests for COOP with Reporting-Endpoints header (web-platform-test…
…s#31099) * Test the integration between new Reporting-Endpoints header with coop reporters * Added new cases covering reports sent from redirects. Bug: 1209057, 1062359 Change-Id: I2e061f2f9e235264d569032204c75df30cdb5220 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3202651 Commit-Queue: Rodney Ding <[email protected]> Reviewed-by: Ian Clelland <[email protected]> Cr-Commit-Position: refs/heads/main@{#937859} Co-authored-by: Rodney Ding <[email protected]>
- Loading branch information
1 parent
6af5905
commit fad3b7b
Showing
8 changed files
with
597 additions
and
39 deletions.
There are no files selected for viewing
86 changes: 86 additions & 0 deletions
86
...oss-origin-opener-policy/reporting/document-reporting/report-only-four-reports.https.html
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,86 @@ | ||
|
||
<meta name=timeout content=long> | ||
<title>A test with both COOP and COOP report only setup using Reporting-Endpoints header</title> | ||
<script src=/resources/testharness.js></script> | ||
<script src=/resources/testharnessreport.js></script> | ||
<script src="/common/get-host-info.sub.js"></script> | ||
<script src="/common/utils.js"></script> | ||
<script src="/common/dispatcher/dispatcher.js"></script> | ||
<script src="/html/cross-origin-opener-policy/resources/common.js"></script> | ||
<script | ||
src="/html/cross-origin-opener-policy/reporting/resources/reporting-common.js?pipe=sub&report_id=2aee31d2-cd11-43bd-b34d-5f081ca3b2b4&report_only_id=d18f1779-e2ab-4a7a-8b1c-44e3a6f440f5"></script> | ||
|
||
<script> | ||
let tests = [ | ||
// popup origin, popup COOP, popup COEP, popup COOP report-only, popup COEP report-only, expected reports | ||
|
||
// Open a cross-origin popup with both normal and report-only COOP. Four | ||
// reports are sent. | ||
[ | ||
CROSS_ORIGIN, | ||
`same-origin-allow-popups; report-to="${popupReportEndpoint.name}"`, | ||
"require-corp", | ||
`same-origin; report-to="${popupReportOnlyEndpoint.name}"`, | ||
"require-corp", | ||
[ | ||
{ | ||
"endpoint": reportEndpoint, | ||
"report": { | ||
"body": { | ||
"disposition": "enforce", | ||
"effectivePolicy": "same-origin-allow-popups", | ||
"nextResponseURL": /uuid=EXECUTOR_UUID$/, // next document URL | ||
"type": "navigation-from-response" | ||
}, | ||
"url": `${location.href}`, | ||
"type": "coop" | ||
} | ||
}, | ||
{ | ||
"endpoint": reportOnlyEndpoint, | ||
"report": { | ||
"body": { | ||
"disposition": "reporting", | ||
"effectivePolicy": "same-origin-plus-coep", | ||
"nextResponseURL": /uuid=EXECUTOR_UUID$/, // next document URL | ||
"type": "navigation-from-response" | ||
}, | ||
"url": `${location.href}`, | ||
"type": "coop" | ||
} | ||
}, | ||
{ | ||
"endpoint": popupReportEndpoint, | ||
"report": { | ||
"body": { | ||
"disposition": "enforce", | ||
"effectivePolicy": "same-origin-allow-popups", | ||
"previousResponseURL": "", | ||
"referrer": `${location.origin}/`, // referrer | ||
"type": "navigation-to-response" | ||
}, | ||
"url": /uuid=EXECUTOR_UUID$/, | ||
"type": "coop" | ||
} | ||
}, | ||
{ | ||
"endpoint": popupReportOnlyEndpoint, | ||
"report": { | ||
"body": { | ||
"disposition": "reporting", | ||
"effectivePolicy": "same-origin-plus-coep", | ||
"previousResponseURL": "", | ||
"referrer": `${location.origin}/`, // referrer | ||
"type": "navigation-to-response" | ||
}, | ||
"url": /uuid=EXECUTOR_UUID$/, | ||
"type": "coop" | ||
} | ||
} | ||
] | ||
] | ||
]; | ||
|
||
runNavigationDocumentReportingTests(document.title, tests); | ||
|
||
</script> |
6 changes: 6 additions & 0 deletions
6
...pener-policy/reporting/document-reporting/report-only-four-reports.https.html.sub.headers
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,6 @@ | ||
Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="coop-report-endpoint" | ||
Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="coop-report-only-endpoint" | ||
Cross-Origin-Embedder-Policy: require-corp | ||
Cross-Origin-Embedder-Policy-Report-Only: require-corp | ||
Referrer-Policy: origin | ||
Reporting-Endpoints: coop-report-endpoint="https://{{host}}:{{ports[https][0]}}/reporting/resources/report.py?reportID=2aee31d2-cd11-43bd-b34d-5f081ca3b2b4", coop-report-only-endpoint="https://{{host}}:{{ports[https][0]}}/reporting/resources/report.py?reportID=d18f1779-e2ab-4a7a-8b1c-44e3a6f440f5" |
129 changes: 129 additions & 0 deletions
129
...cross-origin-opener-policy/reporting/document-reporting/report-to-both_coop-ro.https.html
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,129 @@ | ||
<title> | ||
Both the openee and the opener have a COOP reporter. The report are sent to | ||
both side. | ||
</title> | ||
<meta name=timeout content=long> | ||
<script src=/resources/testharness.js></script> | ||
<script src=/resources/testharnessreport.js></script> | ||
<script src=/common/get-host-info.sub.js></script> | ||
<script src="/common/utils.js"></script> | ||
<script src="/common/dispatcher/dispatcher.js"></script> | ||
<script src="/html/cross-origin-opener-policy/resources/common.js"></script> | ||
<script src="/html/cross-origin-opener-policy/reporting/resources/reporting-common.js"></script> | ||
<script src="/html/cross-origin-opener-policy/reporting/resources/try-access.js"></script> | ||
<script> | ||
|
||
const directory = "/html/cross-origin-opener-policy"; | ||
const origin_opener = get_host_info().HTTPS_ORIGIN; | ||
const origin_openee = get_host_info().HTTPS_REMOTE_ORIGIN; | ||
|
||
function reportToken() { | ||
// Report endpoint name must start with lower case alphabet. | ||
return token().replace(/./, 'a'); | ||
} | ||
|
||
let escapeComma = url => url.replace(/,/g, '\\,'); | ||
|
||
let genericSetup = async function(test) { | ||
// The test window. | ||
const this_window_token = token(); | ||
|
||
// The "opener" window. This has COOP and a reporter. | ||
const opener_token = token(); | ||
const opener_report_token = reportToken(); | ||
const opener_reporting = reportingEndpointsHeaders(opener_report_token); | ||
const opener_url = origin_opener+ executor_path + opener_reporting.header + | ||
opener_reporting.coopReportOnlySameOriginHeader + coep_header + | ||
`&uuid=${opener_token}`; | ||
|
||
// The "openee" window. This has COOP and a reporter. | ||
const openee_token = token(); | ||
const openee_report_token = reportToken(); | ||
const openee_reporting = reportingEndpointsHeaders(openee_report_token); | ||
const openee_url = origin_openee + executor_path + openee_reporting.header + | ||
openee_reporting.coopReportOnlySameOriginHeader + coep_header + | ||
`&uuid=${openee_token}`; | ||
|
||
// Cleanup at the end of the test. | ||
test.add_cleanup(() => { | ||
send(openee_token, 'window.close()'); | ||
send(opener_token, 'window.close()'); | ||
}); | ||
|
||
// 1. Spawn the opener and the openee windows. | ||
window.open(opener_url); | ||
send(opener_token, ` | ||
openee = window.open('${escapeComma(openee_url)}'); | ||
`); | ||
|
||
// 2. Wait for both to be loaded. | ||
send(openee_token, `send('${this_window_token}', 'ACK');`); | ||
assert_equals(await receive(this_window_token), 'ACK'); | ||
|
||
return [ | ||
this_window_token, | ||
opener_token, opener_report_token, opener_url, | ||
openee_token, openee_report_token, openee_url, | ||
]; | ||
} | ||
|
||
let assert_generic_coop_report = function(report) { | ||
assert_equals(report.type, "coop"); | ||
assert_equals(report.body.disposition, "reporting"); | ||
assert_equals(report.body.effectivePolicy, "same-origin-plus-coep"); | ||
assert_equals(report.body.property, "blur"); | ||
} | ||
|
||
promise_test(async test => { | ||
let [ | ||
this_window_token, | ||
opener_token, opener_report_token, opener_url, | ||
openee_token, openee_report_token, openee_url, | ||
] = await genericSetup(test); | ||
|
||
send(opener_token, addScriptAndTriggerOnload( | ||
directory + "/reporting/resources/try-access.js", | ||
"tryAccess(openee);") | ||
); | ||
|
||
let report_opener = | ||
await receiveReport(opener_report_token, "access-from-coop-page-to-openee") | ||
let report_openee = | ||
await receiveReport(openee_report_token, "access-to-coop-page-from-opener") | ||
|
||
assert_generic_coop_report(report_openee); | ||
assert_generic_coop_report(report_opener); | ||
|
||
assert_equals(report_opener.url, opener_url.replace(/"/g, '%22')); | ||
assert_equals(report_openee.url, openee_url.replace(/"/g, '%22')); | ||
assert_source_location_found(report_opener); | ||
assert_source_location_missing(report_openee); | ||
}, "Access from opener") | ||
|
||
promise_test(async test => { | ||
let [ | ||
this_window_token, | ||
opener_token, opener_report_token, opener_url, | ||
openee_token, openee_report_token, openee_url, | ||
] = await genericSetup(test); | ||
|
||
send(openee_token, addScriptAndTriggerOnload( | ||
directory + "/reporting/resources/try-access.js", | ||
"tryAccess(opener);") | ||
); | ||
|
||
let report_opener = | ||
await receiveReport(opener_report_token, "access-to-coop-page-from-openee") | ||
let report_openee = | ||
await receiveReport(openee_report_token, "access-from-coop-page-to-opener") | ||
|
||
assert_generic_coop_report(report_openee); | ||
assert_generic_coop_report(report_opener); | ||
|
||
assert_equals(report_opener.url, opener_url.replace(/"/g, '%22')); | ||
assert_equals(report_openee.url, openee_url.replace(/"/g, '%22')); | ||
assert_source_location_missing(report_opener); | ||
assert_source_location_found(report_openee); | ||
}, "Access from openee") | ||
|
||
</script> |
116 changes: 116 additions & 0 deletions
116
.../reporting/document-reporting/reporting-redirect-with-same-origin-allow-popups.https.html
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,116 @@ | ||
<title> | ||
Tests the redirect interaction with COOP same-origin-allow-popups. | ||
</title> | ||
<meta name=timeout content=long> | ||
<script src=/resources/testharness.js></script> | ||
<script src=/resources/testharnessreport.js></script> | ||
<script src=/common/get-host-info.sub.js></script> | ||
<script src="/common/utils.js"></script> | ||
<script src="/common/dispatcher/dispatcher.js"></script> | ||
<script src="/html/cross-origin-opener-policy/resources/common.js"></script> | ||
<script src="/html/cross-origin-opener-policy/reporting/resources/reporting-common.js"></script> | ||
<script> | ||
|
||
const same_origin = { | ||
host: get_host_info().HTTPS_ORIGIN, | ||
name: "Same origin" | ||
}; | ||
const cross_origin = { | ||
host: get_host_info().HTTPS_REMOTE_ORIGIN, | ||
name: "Cross origin" | ||
}; | ||
|
||
function reportToken() { | ||
// Report endpoint name must start with lower case alphabet. | ||
return token().replace(/./, 'a'); | ||
} | ||
|
||
// Tests the redirect interaction with COOP same-origin-allow-popups and | ||
// reporting: | ||
// 1 - open the opener document on origin same_origin wit COOP | ||
// same-origin-allow-popups. | ||
// 2 - opener opens popup with document on origin popup_origin, no COOP and a | ||
// redirect header (HTTP 302, location). | ||
// 3 - redirection to a document with origin same_origin and COOP | ||
// same-origin-allow-popups. | ||
// | ||
// The navigation (2) to the first document of the popup stays in the same | ||
// browsing context group due to the same-origin-allow-popups COOP of the | ||
// opener. | ||
// The redirect (3) to the final document does since it compares the | ||
// popup_origin/unsafe-none document with the | ||
// same-origin/same-origin-allow-popups document. | ||
// | ||
// A opens B, B redirects to C. | ||
// | ||
// Document Origin COOP | ||
// -------- ------------ ------------------------ | ||
// A same-origin same-origin-allow-popups | ||
// B popup-origin unsafe-none | ||
// C same-origin same-origin-allow-popups | ||
function redirect_test(popup_origin) { | ||
promise_test(async t => { | ||
// The test window. | ||
const this_window_token = token(); | ||
|
||
// The "opener" window. This has COOP same-origin-allow-popups and a | ||
// reporter. | ||
const opener_token = token(); | ||
const opener_report_token = reportToken(); | ||
const opener_reporting = reportingEndpointsHeaders(opener_report_token); | ||
const opener_url = same_origin.host + executor_path + | ||
opener_reporting.header + opener_reporting.coopSameOriginAllowPopupsHeader + | ||
`&uuid=${opener_token}`; | ||
|
||
// The "openee" window. | ||
// The initial document does not have COOP and is on popup_origin, it | ||
// redirects to a same-origin (with the opener) document with COOP | ||
// same-origin-allow-popups. | ||
const openee_token = token(); | ||
const openee_redirect_url = same_origin.host + executor_path + | ||
opener_reporting.header + opener_reporting.coopSameOriginAllowPopupsHeader + | ||
`&uuid=${openee_token}`; | ||
const redirect_header = 'status(302)' + | ||
`|header(Location,${encodeURIComponent( | ||
openee_redirect_url | ||
.replace(/,/g, "\\,") | ||
.replace(/\\\\,/g, "\\\\\\,") | ||
.replace(/\(/g, "%28") | ||
.replace(/\)/g, "%29"))})`; | ||
const openee_url = popup_origin.host + executor_path + redirect_header + | ||
`&uuid=${openee_token}`; | ||
// 1. Create the opener window. | ||
let opener_window_proxy = window.open(opener_url); | ||
t.add_cleanup(() => send(opener_token, "window.close()")); | ||
|
||
// 2. The opener opens its openee. | ||
send(opener_token, ` | ||
openee = window.open("${openee_url}"); | ||
`); | ||
t.add_cleanup(() => send(openee_token, "window.close()")); | ||
|
||
// 3. Check the opener status on the openee. | ||
send(openee_token, ` | ||
send("${this_window_token}", opener !== null); | ||
`); | ||
assert_equals(await receive(this_window_token), "false", "opener"); | ||
|
||
// 4. Check the openee status on the opener. | ||
send(opener_token, ` | ||
send("${this_window_token}", openee.closed); | ||
`); | ||
assert_equals(await receive(this_window_token), "true", "openee.closed"); | ||
|
||
// 5. Check a report sent to the openee. | ||
let report = await receiveReport( | ||
opener_report_token, | ||
"navigation-to-response"); | ||
assert_equals(report.type, "coop"); | ||
assert_equals(report.body.disposition, "enforce"); | ||
assert_equals(report.body.effectivePolicy, "same-origin-allow-popups"); | ||
}, `${popup_origin.name} openee redirected to same-origin with same-origin-allow-popups`); | ||
} | ||
|
||
redirect_test(same_origin); | ||
redirect_test(cross_origin); | ||
</script> |
Oops, something went wrong.