Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

WPT tests for COOP with Reporting-Endpoints header #31099

Merged
merged 1 commit into from
Nov 3, 2021
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Original file line number Diff line number Diff line change
@@ -0,0 +1,86 @@

<meta name=timeout content=long>
<title>A test with both COOP and COOP report only setup using Reporting-Endpoints header</title>
<script src=/resources/testharness.js></script>
<script src=/resources/testharnessreport.js></script>
<script src="/common/get-host-info.sub.js"></script>
<script src="/common/utils.js"></script>
<script src="/common/dispatcher/dispatcher.js"></script>
<script src="/html/cross-origin-opener-policy/resources/common.js"></script>
<script
src="/html/cross-origin-opener-policy/reporting/resources/reporting-common.js?pipe=sub&report_id=2aee31d2-cd11-43bd-b34d-5f081ca3b2b4&report_only_id=d18f1779-e2ab-4a7a-8b1c-44e3a6f440f5"></script>

<script>
let tests = [
// popup origin, popup COOP, popup COEP, popup COOP report-only, popup COEP report-only, expected reports

// Open a cross-origin popup with both normal and report-only COOP. Four
// reports are sent.
[
CROSS_ORIGIN,
`same-origin-allow-popups; report-to="${popupReportEndpoint.name}"`,
"require-corp",
`same-origin; report-to="${popupReportOnlyEndpoint.name}"`,
"require-corp",
[
{
"endpoint": reportEndpoint,
"report": {
"body": {
"disposition": "enforce",
"effectivePolicy": "same-origin-allow-popups",
"nextResponseURL": /uuid=EXECUTOR_UUID$/, // next document URL
"type": "navigation-from-response"
},
"url": `${location.href}`,
"type": "coop"
}
},
{
"endpoint": reportOnlyEndpoint,
"report": {
"body": {
"disposition": "reporting",
"effectivePolicy": "same-origin-plus-coep",
"nextResponseURL": /uuid=EXECUTOR_UUID$/, // next document URL
"type": "navigation-from-response"
},
"url": `${location.href}`,
"type": "coop"
}
},
{
"endpoint": popupReportEndpoint,
"report": {
"body": {
"disposition": "enforce",
"effectivePolicy": "same-origin-allow-popups",
"previousResponseURL": "",
"referrer": `${location.origin}/`, // referrer
"type": "navigation-to-response"
},
"url": /uuid=EXECUTOR_UUID$/,
"type": "coop"
}
},
{
"endpoint": popupReportOnlyEndpoint,
"report": {
"body": {
"disposition": "reporting",
"effectivePolicy": "same-origin-plus-coep",
"previousResponseURL": "",
"referrer": `${location.origin}/`, // referrer
"type": "navigation-to-response"
},
"url": /uuid=EXECUTOR_UUID$/,
"type": "coop"
}
}
]
]
];

runNavigationDocumentReportingTests(document.title, tests);

</script>
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="coop-report-endpoint"
Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="coop-report-only-endpoint"
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Embedder-Policy-Report-Only: require-corp
Referrer-Policy: origin
Reporting-Endpoints: coop-report-endpoint="https://{{host}}:{{ports[https][0]}}/reporting/resources/report.py?reportID=2aee31d2-cd11-43bd-b34d-5f081ca3b2b4", coop-report-only-endpoint="https://{{host}}:{{ports[https][0]}}/reporting/resources/report.py?reportID=d18f1779-e2ab-4a7a-8b1c-44e3a6f440f5"
Original file line number Diff line number Diff line change
@@ -0,0 +1,129 @@
<title>
Both the openee and the opener have a COOP reporter. The report are sent to
both side.
</title>
<meta name=timeout content=long>
<script src=/resources/testharness.js></script>
<script src=/resources/testharnessreport.js></script>
<script src=/common/get-host-info.sub.js></script>
<script src="/common/utils.js"></script>
<script src="/common/dispatcher/dispatcher.js"></script>
<script src="/html/cross-origin-opener-policy/resources/common.js"></script>
<script src="/html/cross-origin-opener-policy/reporting/resources/reporting-common.js"></script>
<script src="/html/cross-origin-opener-policy/reporting/resources/try-access.js"></script>
<script>

const directory = "/html/cross-origin-opener-policy";
const origin_opener = get_host_info().HTTPS_ORIGIN;
const origin_openee = get_host_info().HTTPS_REMOTE_ORIGIN;

function reportToken() {
// Report endpoint name must start with lower case alphabet.
return token().replace(/./, 'a');
}

let escapeComma = url => url.replace(/,/g, '\\,');

let genericSetup = async function(test) {
// The test window.
const this_window_token = token();

// The "opener" window. This has COOP and a reporter.
const opener_token = token();
const opener_report_token = reportToken();
const opener_reporting = reportingEndpointsHeaders(opener_report_token);
const opener_url = origin_opener+ executor_path + opener_reporting.header +
opener_reporting.coopReportOnlySameOriginHeader + coep_header +
`&uuid=${opener_token}`;

// The "openee" window. This has COOP and a reporter.
const openee_token = token();
const openee_report_token = reportToken();
const openee_reporting = reportingEndpointsHeaders(openee_report_token);
const openee_url = origin_openee + executor_path + openee_reporting.header +
openee_reporting.coopReportOnlySameOriginHeader + coep_header +
`&uuid=${openee_token}`;

// Cleanup at the end of the test.
test.add_cleanup(() => {
send(openee_token, 'window.close()');
send(opener_token, 'window.close()');
});

// 1. Spawn the opener and the openee windows.
window.open(opener_url);
send(opener_token, `
openee = window.open('${escapeComma(openee_url)}');
`);

// 2. Wait for both to be loaded.
send(openee_token, `send('${this_window_token}', 'ACK');`);
assert_equals(await receive(this_window_token), 'ACK');

return [
this_window_token,
opener_token, opener_report_token, opener_url,
openee_token, openee_report_token, openee_url,
];
}

let assert_generic_coop_report = function(report) {
assert_equals(report.type, "coop");
assert_equals(report.body.disposition, "reporting");
assert_equals(report.body.effectivePolicy, "same-origin-plus-coep");
assert_equals(report.body.property, "blur");
}

promise_test(async test => {
let [
this_window_token,
opener_token, opener_report_token, opener_url,
openee_token, openee_report_token, openee_url,
] = await genericSetup(test);

send(opener_token, addScriptAndTriggerOnload(
directory + "/reporting/resources/try-access.js",
"tryAccess(openee);")
);

let report_opener =
await receiveReport(opener_report_token, "access-from-coop-page-to-openee")
let report_openee =
await receiveReport(openee_report_token, "access-to-coop-page-from-opener")

assert_generic_coop_report(report_openee);
assert_generic_coop_report(report_opener);

assert_equals(report_opener.url, opener_url.replace(/"/g, '%22'));
assert_equals(report_openee.url, openee_url.replace(/"/g, '%22'));
assert_source_location_found(report_opener);
assert_source_location_missing(report_openee);
}, "Access from opener")

promise_test(async test => {
let [
this_window_token,
opener_token, opener_report_token, opener_url,
openee_token, openee_report_token, openee_url,
] = await genericSetup(test);

send(openee_token, addScriptAndTriggerOnload(
directory + "/reporting/resources/try-access.js",
"tryAccess(opener);")
);

let report_opener =
await receiveReport(opener_report_token, "access-to-coop-page-from-openee")
let report_openee =
await receiveReport(openee_report_token, "access-from-coop-page-to-opener")

assert_generic_coop_report(report_openee);
assert_generic_coop_report(report_opener);

assert_equals(report_opener.url, opener_url.replace(/"/g, '%22'));
assert_equals(report_openee.url, openee_url.replace(/"/g, '%22'));
assert_source_location_missing(report_opener);
assert_source_location_found(report_openee);
}, "Access from openee")

</script>
Original file line number Diff line number Diff line change
@@ -0,0 +1,116 @@
<title>
Tests the redirect interaction with COOP same-origin-allow-popups.
</title>
<meta name=timeout content=long>
<script src=/resources/testharness.js></script>
<script src=/resources/testharnessreport.js></script>
<script src=/common/get-host-info.sub.js></script>
<script src="/common/utils.js"></script>
<script src="/common/dispatcher/dispatcher.js"></script>
<script src="/html/cross-origin-opener-policy/resources/common.js"></script>
<script src="/html/cross-origin-opener-policy/reporting/resources/reporting-common.js"></script>
<script>

const same_origin = {
host: get_host_info().HTTPS_ORIGIN,
name: "Same origin"
};
const cross_origin = {
host: get_host_info().HTTPS_REMOTE_ORIGIN,
name: "Cross origin"
};

function reportToken() {
// Report endpoint name must start with lower case alphabet.
return token().replace(/./, 'a');
}

// Tests the redirect interaction with COOP same-origin-allow-popups and
// reporting:
// 1 - open the opener document on origin same_origin wit COOP
// same-origin-allow-popups.
// 2 - opener opens popup with document on origin popup_origin, no COOP and a
// redirect header (HTTP 302, location).
// 3 - redirection to a document with origin same_origin and COOP
// same-origin-allow-popups.
//
// The navigation (2) to the first document of the popup stays in the same
// browsing context group due to the same-origin-allow-popups COOP of the
// opener.
// The redirect (3) to the final document does since it compares the
// popup_origin/unsafe-none document with the
// same-origin/same-origin-allow-popups document.
//
// A opens B, B redirects to C.
//
// Document Origin COOP
// -------- ------------ ------------------------
// A same-origin same-origin-allow-popups
// B popup-origin unsafe-none
// C same-origin same-origin-allow-popups
function redirect_test(popup_origin) {
promise_test(async t => {
// The test window.
const this_window_token = token();

// The "opener" window. This has COOP same-origin-allow-popups and a
// reporter.
const opener_token = token();
const opener_report_token = reportToken();
const opener_reporting = reportingEndpointsHeaders(opener_report_token);
const opener_url = same_origin.host + executor_path +
opener_reporting.header + opener_reporting.coopSameOriginAllowPopupsHeader +
`&uuid=${opener_token}`;

// The "openee" window.
// The initial document does not have COOP and is on popup_origin, it
// redirects to a same-origin (with the opener) document with COOP
// same-origin-allow-popups.
const openee_token = token();
const openee_redirect_url = same_origin.host + executor_path +
opener_reporting.header + opener_reporting.coopSameOriginAllowPopupsHeader +
`&uuid=${openee_token}`;
const redirect_header = 'status(302)' +
`|header(Location,${encodeURIComponent(
openee_redirect_url
.replace(/,/g, "\\,")
.replace(/\\\\,/g, "\\\\\\,")
.replace(/\(/g, "%28")
.replace(/\)/g, "%29"))})`;
const openee_url = popup_origin.host + executor_path + redirect_header +
`&uuid=${openee_token}`;
// 1. Create the opener window.
let opener_window_proxy = window.open(opener_url);
t.add_cleanup(() => send(opener_token, "window.close()"));

// 2. The opener opens its openee.
send(opener_token, `
openee = window.open("${openee_url}");
`);
t.add_cleanup(() => send(openee_token, "window.close()"));

// 3. Check the opener status on the openee.
send(openee_token, `
send("${this_window_token}", opener !== null);
`);
assert_equals(await receive(this_window_token), "false", "opener");

// 4. Check the openee status on the opener.
send(opener_token, `
send("${this_window_token}", openee.closed);
`);
assert_equals(await receive(this_window_token), "true", "openee.closed");

// 5. Check a report sent to the openee.
let report = await receiveReport(
opener_report_token,
"navigation-to-response");
assert_equals(report.type, "coop");
assert_equals(report.body.disposition, "enforce");
assert_equals(report.body.effectivePolicy, "same-origin-allow-popups");
}, `${popup_origin.name} openee redirected to same-origin with same-origin-allow-popups`);
}

redirect_test(same_origin);
redirect_test(cross_origin);
</script>
Loading