From 1512224a05db70c1e1890e440a09f5f9852cc35d Mon Sep 17 00:00:00 2001 From: Kunihiko Sakamoto Date: Thu, 14 Oct 2021 18:56:23 -0700 Subject: [PATCH] Support uuid-in-package: URLs in Subresource WebBundles This allows subresource and subframe loading from WebBundles with uuid-in-package: scheme URLs. We have been using urn:uuid: for this purpose, but since urn: scheme can be handled by custom protocol handler, there was a possibility of conflict. Explainer change: https://github.com/WICG/webpackage/pull/677 The semantics is the same as currently we have for urn:uuid. Temporarily, we support both uuid-in-package: and urn:uuid: resources so that this will not break currently running origin trial. We will remove the urn:uuid: support before shipping this feature. Bug: 1257045 Change-Id: Ie86d3a3207fdaa6a4b0b4337cac2f1c6457e132b Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3104651 Reviewed-by: Daniel Cheng Reviewed-by: Alex Moshchuk Reviewed-by: Takashi Toyoshima Reviewed-by: Hayato Ito Commit-Queue: Kunihiko Sakamoto Cr-Commit-Position: refs/heads/main@{#931822} --- web-bundle/resources/generate-test-wbns.sh | 5 + web-bundle/resources/uuid-in-package.har | 44 +++++++ web-bundle/resources/wbn/uuid-in-package.wbn | Bin 0 -> 397 bytes .../link-csp-allowed.https.tentative.html | 34 ++++- .../link-csp-blocked.https.tentative.html | 119 ++++++++++-------- .../subframe-from-web-bundle-test.js | 64 ++++++---- .../resources/subresource-load-test.sub.js | 24 +++- 7 files changed, 218 insertions(+), 72 deletions(-) create mode 100644 web-bundle/resources/uuid-in-package.har create mode 100644 web-bundle/resources/wbn/uuid-in-package.wbn diff --git a/web-bundle/resources/generate-test-wbns.sh b/web-bundle/resources/generate-test-wbns.sh index 86413179cf9cacf..6c9a75f9c366545 100755 --- a/web-bundle/resources/generate-test-wbns.sh +++ b/web-bundle/resources/generate-test-wbns.sh @@ -158,3 +158,8 @@ gen-bundle \ -version b2 \ -har cross-origin-no-cors.har \ -o wbn/no-cors/cross-origin-b2.wbn + +gen-bundle \ + -version b2 \ + -har uuid-in-package.har \ + -o wbn/uuid-in-package.wbn diff --git a/web-bundle/resources/uuid-in-package.har b/web-bundle/resources/uuid-in-package.har new file mode 100644 index 000000000000000..8dedc951d53e09f --- /dev/null +++ b/web-bundle/resources/uuid-in-package.har @@ -0,0 +1,44 @@ +{ + "log": { + "entries": [ + { + "request": { + "method": "GET", + "url": "uuid-in-package:020111b3-437a-4c5c-ae07-adb6bbffb720", + "headers": [] + }, + "response": { + "status": 200, + "headers": [ + { + "name": "Content-type", + "value": "application/javascript" + } + ], + "content": { + "text": "window.report_result('OK');" + } + } + }, + { + "request": { + "method": "GET", + "url": "uuid-in-package:429fcc4e-0696-4bad-b099-ee9175f023ae", + "headers": [] + }, + "response": { + "status": 200, + "headers": [ + { + "name": "Content-type", + "value": "text/html" + } + ], + "content": { + "text": "" + } + } + } + ] + } +} diff --git a/web-bundle/resources/wbn/uuid-in-package.wbn b/web-bundle/resources/wbn/uuid-in-package.wbn new file mode 100644 index 0000000000000000000000000000000000000000..d4d100d121a111e71dd7ef40016e7208b89908b8 GIT binary patch literal 397 zcmZ{gK}*9x6olKWzaZeH2O$Y`(@mN-q^-TESg|4sN^Y{dd8w;ycFAtiig*cnQxF8N zg&zEE9{Upvwl{IEkNM`!yo}b%*Z1}EnQSc0u6sZDbe3z?*pXWSA zJVlbQdoqC@_OR=^w2l0BK#+zxKHFR^D9F?TCnlQM%?3Ck;}f3R{U^J>GiYr? KMzvqn-+lm##fiB9 literal 0 HcmV?d00001 diff --git a/web-bundle/subresource-loading/link-csp-allowed.https.tentative.html b/web-bundle/subresource-loading/link-csp-allowed.https.tentative.html index 1e2daa404fb3341..d0034b22eefb197 100644 --- a/web-bundle/subresource-loading/link-csp-allowed.https.tentative.html +++ b/web-bundle/subresource-loading/link-csp-allowed.https.tentative.html @@ -9,13 +9,15 @@ content=" script-src https://web-platform.test:8444/web-bundle/resources/wbn/urn-uuid.wbn + https://web-platform.test:8444/web-bundle/resources/wbn/uuid-in-package.wbn https://web-platform.test:8444/resources/testharness.js https://web-platform.test:8444/resources/testharnessreport.js 'unsafe-inline'; img-src https://web-platform.test:8444/web-bundle/resources/wbn/pass.png; frame-src - https://web-platform.test:8444/web-bundle/resources/wbn/urn-uuid.wbn" + https://web-platform.test:8444/web-bundle/resources/wbn/urn-uuid.wbn + https://web-platform.test:8444/web-bundle/resources/wbn/uuid-in-package.wbn" > @@ -25,6 +27,9 @@ + diff --git a/web-bundle/subresource-loading/resources/subframe-from-web-bundle-test.js b/web-bundle/subresource-loading/resources/subframe-from-web-bundle-test.js index 86de84174c777dc..86987e7dfbe42e7 100644 --- a/web-bundle/subresource-loading/resources/subframe-from-web-bundle-test.js +++ b/web-bundle/subresource-loading/resources/subframe-from-web-bundle-test.js @@ -1,20 +1,32 @@ -const frame_url = 'urn:uuid:429fcc4e-0696-4bad-b099-ee9175f023ae'; - promise_test(async (t) => { - const iframe = await createWebBundleElementAndIframe(t); - // The urn:uuid URL iframe is cross-origin. So accessing - // iframe.contentWindow.location should throws a SecurityError. + const bundle_url = '../resources/wbn/urn-uuid.wbn'; + const frame_url = 'urn:uuid:429fcc4e-0696-4bad-b099-ee9175f023ae'; + const iframe = await createWebBundleElementAndIframe(t, bundle_url, frame_url); + // The iframe is cross-origin. So accessing iframe.contentWindow.location + // should throw a SecurityError. assert_throws_dom( "SecurityError", () => { iframe.contentWindow.location.href; }); }, 'The urn:uuid URL iframe must be cross-origin.'); -urn_uuid_iframe_test( +promise_test(async (t) => { + const bundle_url = '../resources/wbn/uuid-in-package.wbn'; + const frame_url = 'uuid-in-package:429fcc4e-0696-4bad-b099-ee9175f023ae'; + const iframe = await createWebBundleElementAndIframe(t, bundle_url, frame_url); + // The iframe is cross-origin. So accessing iframe.contentWindow.location + // should throw a SecurityError. + assert_throws_dom( + "SecurityError", + () => { iframe.contentWindow.location.href; }); + }, 'The uuid-in-package: URL iframe must be cross-origin.'); + +uuid_iframe_test( 'location.href', - frame_url, - 'location.href in urn uuid iframe.'); + ['urn:uuid:429fcc4e-0696-4bad-b099-ee9175f023ae', + 'uuid-in-package:429fcc4e-0696-4bad-b099-ee9175f023ae'], + 'location.href in opaque-origin iframe.'); -urn_uuid_iframe_test( +uuid_iframe_test( '(' + (() => { try { let result = window.localStorage; @@ -26,7 +38,7 @@ urn_uuid_iframe_test( 'SecurityError', 'Accesing window.localStorage should throw a SecurityError.'); -urn_uuid_iframe_test( +uuid_iframe_test( '(' + (() => { try { let result = window.sessionStorage; @@ -38,7 +50,7 @@ urn_uuid_iframe_test( 'SecurityError', 'Accesing window.sessionStorage should throw a SecurityError.'); -urn_uuid_iframe_test( +uuid_iframe_test( '(' + (() => { try { let result = document.cookie; @@ -50,7 +62,7 @@ urn_uuid_iframe_test( 'SecurityError', 'Accesing document.cookie should throw a SecurityError.'); -urn_uuid_iframe_test( +uuid_iframe_test( '(' + (() => { try { let request = window.indexedDB.open("db"); @@ -62,22 +74,32 @@ urn_uuid_iframe_test( 'SecurityError', 'Opening an indexedDB should throw a SecurityError.'); -urn_uuid_iframe_test( +uuid_iframe_test( 'window.caches === undefined', true, 'window.caches should be undefined.'); -function urn_uuid_iframe_test(code, expected, name) { +function uuid_iframe_test(code, expected, name) { + if (!Array.isArray(expected)) { + expected = [expected, expected]; + } + promise_test(async (t) => { + const bundle_url = '../resources/wbn/urn-uuid.wbn'; + const frame_url = 'urn:uuid:429fcc4e-0696-4bad-b099-ee9175f023ae'; + const iframe = await createWebBundleElementAndIframe(t, bundle_url, frame_url); + assert_equals(await evalInIframe(iframe, code), expected[0]); + }, name + '(urn:uuid)'); + promise_test(async (t) => { - const iframe = await createWebBundleElementAndIframe(t); - assert_equals(await evalInIframe(iframe, code), expected); - }, name); + const bundle_url = '../resources/wbn/uuid-in-package.wbn'; + const frame_url = 'uuid-in-package:429fcc4e-0696-4bad-b099-ee9175f023ae'; + const iframe = await createWebBundleElementAndIframe(t, bundle_url, frame_url); + assert_equals(await evalInIframe(iframe, code), expected[1]); + }, name + 'uuid-in-package'); } -async function createWebBundleElementAndIframe(t) { - const element = createWebBundleElement( - '../resources/wbn/urn-uuid.wbn', - [frame_url]); +async function createWebBundleElementAndIframe(t, bundle_url, frame_url) { + const element = createWebBundleElement(bundle_url, [frame_url]); document.body.appendChild(element); const iframe = document.createElement('iframe'); t.add_cleanup(() => { diff --git a/web-bundle/subresource-loading/resources/subresource-load-test.sub.js b/web-bundle/subresource-loading/resources/subresource-load-test.sub.js index b6a66866ea6a553..bd20b13abaaa8e0 100644 --- a/web-bundle/subresource-loading/resources/subresource-load-test.sub.js +++ b/web-bundle/subresource-loading/resources/subresource-load-test.sub.js @@ -266,6 +266,28 @@ promise_test(async () => { document.body.removeChild(element); }, 'Subresource loading with urn:uuid: URL of a \'b2\' bundle with scopes attribute'); +promise_test(async () => { + const url = 'uuid-in-package:020111b3-437a-4c5c-ae07-adb6bbffb720'; + const element = createWebBundleElement( + '../resources/wbn/uuid-in-package.wbn', + [url]); + document.body.appendChild(element); + assert_equals(await loadScriptAndWaitReport(url), 'OK'); + document.body.removeChild(element); +}, 'Subresource loading with uuid-in-package: URL with resources attribute'); + +promise_test(async () => { + const url = 'uuid-in-package:020111b3-437a-4c5c-ae07-adb6bbffb720'; + const element = createWebBundleElement( + '../resources/wbn/uuid-in-package.wbn', + [], + {scopes: ['uuid-in-package:']}); + document.body.appendChild(element); + assert_equals(await loadScriptAndWaitReport(url), 'OK'); + document.body.removeChild(element); +}, 'Subresource loading with uuid-in-package: URL with scopes attribute'); + + promise_test(async () => { const wbn_url = 'https://{{domains[]}}:{{ports[https][0]}}/web-bundle/resources/wbn/subresource.wbn?test-resources-update'; const resource_url = 'https://{{domains[]}}:{{ports[https][0]}}/web-bundle/resources/wbn/submodule.js'; @@ -287,4 +309,4 @@ async function loadScriptAndWaitReport(script_url) { script.src = script_url; document.body.appendChild(script); return result_promise; -} \ No newline at end of file +}