-
Notifications
You must be signed in to change notification settings - Fork 3.1k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
PlzDedicatedWorker: Send COEP report for worker initialization failure
This CL sends COEP violation reports during the worker initialization process. The corresponded spec is here: https://html.spec.whatwg.org/C/#check-a-global-object's-embedder-policy > 4. If ownerPolicy's report-only value is "require-corp" and policy's value is "unsafe-none", then queue a cross-origin embedder policy inheritance violation with response, "worker initialization", owner's policy's report only reporting endpoint, "reporting", and owner. > 6. Queue a cross-origin embedder policy inheritance violation with response, "worker initialization", owner's policy's reporting endpoint, "enforce", and owner. Also adds WPT to check if the owner iframe can observe reports via ReportingObserver API. Tests pass with PlzDedicatedWorker and fail with non-PlzDedicatedWorker. Bug: 1171094, 1060837 Change-Id: Ida5eab351879a6793c412dccc8b0cff38c38e906 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2650015 Commit-Queue: Asami Doi <[email protected]> Reviewed-by: Yutaka Hirano <[email protected]> Reviewed-by: Makoto Shimazu <[email protected]> Reviewed-by: Hiroki Nakagawa <[email protected]> Reviewed-by: Kinuko Yasuda <[email protected]> Cr-Commit-Position: refs/heads/master@{#850107}
- Loading branch information
1 parent
4164835
commit e3a0136
Showing
2 changed files
with
116 additions
and
0 deletions.
There are no files selected for viewing
87 changes: 87 additions & 0 deletions
87
html/cross-origin-embedder-policy/reporting-to-owner.https.html
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,87 @@ | ||
<!doctype html> | ||
<html> | ||
<head> | ||
<title>Check COEP reports are send for 'new Worker()' failure</title> | ||
<meta name="timeout" content="long"> | ||
</head> | ||
<body> | ||
<script src="/common/get-host-info.sub.js"></script> | ||
<script src="/resources/testharness.js"></script> | ||
<script src="/resources/testharnessreport.js"></script> | ||
<script src="/service-workers/service-worker/resources/test-helpers.sub.js"></script> | ||
<script> | ||
const {ORIGIN} = get_host_info(); | ||
const RESOURCES_PATH= new URL("resources", location).pathname; | ||
const iframe_path = "worker-owner-frame.html?pipe="; | ||
const worker_path = "universal-worker.js?pipe="; | ||
|
||
const coep_header= { | ||
"coep-none" : "", | ||
"coep-report-only" : | ||
"header(Cross-Origin-Embedder-Policy-Report-Only,require-corp)", | ||
"coep-require-corp" : "|header(Cross-Origin-Embedder-Policy,require-corp)", | ||
}; | ||
|
||
function checkReport(report, url, blocked_url, disposition) { | ||
assert_equals(report.type, "coep"); | ||
assert_equals(report.url, url); | ||
assert_equals(report.body.type, "worker initialization"); | ||
assert_equals(report.body.blockedURL, blocked_url); | ||
assert_equals(report.body.disposition, disposition); | ||
} | ||
|
||
// Test parameters: | ||
// - `iframe_coep` the COEP header of the iframe's document response. | ||
// - `worker_coep` the COEP header of the DedicatedWorker's script response. | ||
// | ||
// Test expectations: | ||
// - `length` the length of reports. | ||
// - `disposition` the disposition in a report's body. Empty string if the | ||
// length of reports is expected to be 0. | ||
function check( | ||
// Test parameters: | ||
iframe_coep, | ||
worker_coep, | ||
// Test expectations: | ||
length, | ||
disposition) { | ||
promise_test(async (t) => { | ||
const worker_url = worker_path + coep_header[worker_coep]; | ||
const iframe_url = iframe_path + coep_header[iframe_coep]; | ||
const iframe = await with_iframe("./resources/" + iframe_url); | ||
t.add_cleanup(() => iframe.remove()); | ||
|
||
const iframe_response = new Promise(resolve => window.onmessage = resolve); | ||
iframe.contentWindow.startWorkerAndObserveReports(worker_url, length > 0); | ||
|
||
const {data} = await iframe_response; | ||
assert_equals(data.length, length); | ||
if (data.length > 0) { | ||
const blocked_url = `${ORIGIN}${RESOURCES_PATH}/${worker_url}`; | ||
const url = `${ORIGIN}${RESOURCES_PATH}/${iframe_url}`; | ||
checkReport( | ||
data[0], | ||
url, | ||
blocked_url, | ||
disposition | ||
); | ||
} | ||
}, `Reporting to ${iframe_coep} frame with ${worker_coep} worker`); | ||
} | ||
|
||
// ----------------------------------------------------------------------------- | ||
// iframe_coep , worker_coep , length , disposition | ||
// ----------------------------------------------------------------------------- | ||
check("coep-none" , "coep-none" , 0 , ""); | ||
check("coep-none" , "coep-report-only" , 0 , ""); | ||
check("coep-none" , "coep-require-corp" , 0 , ""); | ||
check("coep-report-only" , "coep-none" , 1 , "reporting"); | ||
check("coep-report-only" , "coep-report-only" , 1 , "reporting"); | ||
check("coep-report-only" , "coep-require-corp" , 0 , ""); | ||
check("coep-require-corp" , "coep-none" , 1 , "enforce"); | ||
check("coep-require-corp" , "coep-report-only" , 1 , "enforce"); | ||
check("coep-require-corp" , "coep-require-corp" , 0 , ""); | ||
|
||
</script> | ||
</body> | ||
</html> |
29 changes: 29 additions & 0 deletions
29
html/cross-origin-embedder-policy/resources/worker-owner-frame.html
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,29 @@ | ||
<!doctype html> | ||
<script> | ||
function startWorkerAndObserveReports(worker_url, wait_for_report) { | ||
const worker = new Worker(worker_url); | ||
const result_promise = new Promise(resolve => { | ||
worker.onmessage = _ => resolve('success'); | ||
worker.onerror = _ => resolve('error'); | ||
}); | ||
worker.postMessage("postMessage('reply to frame from worker');"); | ||
|
||
const report_promise = new Promise(resolve => { | ||
const observer = new ReportingObserver(reports => { | ||
observer.disconnect(); | ||
resolve(reports.map(r => r.toJSON())); | ||
}); | ||
observer.observe(); | ||
}); | ||
|
||
if (wait_for_report) { | ||
Promise.all([result_promise, report_promise]).then(results => { | ||
parent.postMessage(results[1]); | ||
}); | ||
} else { | ||
result_promise.then(result => { | ||
parent.postMessage([]); | ||
}); | ||
} | ||
} | ||
</script> |