386 lines
15 KiB
JavaScript
386 lines
15 KiB
JavaScript
// META: script=/resources/testdriver.js
|
|
// META: script=/resources/testdriver-vendor.js
|
|
// META: script=/common/subset-tests.js
|
|
// META: script=/common/utils.js
|
|
// META: script=resources/fledge-util.sub.js
|
|
// META: timeout=long
|
|
// META: variant=?1-5
|
|
// META: variant=?6-10
|
|
// META: variant=?11-15
|
|
// META: variant=?16-last
|
|
|
|
"use strict";
|
|
|
|
// These tests focus on Protected Audience network requests - make sure they
|
|
// have no cookies, can set no cookies, and otherwise behave in the expected
|
|
// manner as related to the fetch spec. These tests don't cover additional
|
|
// request or response headers specific to Protected Audience API.
|
|
|
|
// URL that sets a cookie named "cookie" with a value of "cookie".
|
|
const SET_COOKIE_URL = `${BASE_URL}resources/set-cookie.asis`;
|
|
|
|
// URL that redirects to trusted bidding or scoring signals, depending on the
|
|
// query parameters, maintaining the query parameters for the redirect.
|
|
const REDIRECT_TO_TRUSTED_SIGNALS_URL = `${BASE_URL}resources/redirect-to-trusted-signals.py`;
|
|
|
|
// Returns a URL that stores request headers. Headers can later be retrieved
|
|
// as a name-to-list-of-values mapping with
|
|
// "(await fetchTrackedData(uuid)).trackedHeaders"
|
|
function createHeaderTrackerURL(uuid) {
|
|
return createTrackerURL(window.location.origin, uuid, 'track_headers');
|
|
}
|
|
|
|
// Returns a URL that redirects to the provided URL. Uses query strings, so
|
|
// not suitable for generating trusted bidding/scoring signals URLs.
|
|
function createRedirectURL(location) {
|
|
let url = new URL(`${BASE_URL}resources/redirect.py`);
|
|
url.searchParams.append('location', location);
|
|
return url.toString();
|
|
}
|
|
|
|
// Assert that "headers" has a single header with "name", whose value is "value".
|
|
function assertHasHeader(headers, name, value) {
|
|
assert_equals(JSON.stringify(headers[name]), JSON.stringify([value]),
|
|
'Header ' + name);
|
|
}
|
|
|
|
// Assert that "headers" has no header with "name"
|
|
function assertDoesNotHaveHeader(headers, name) {
|
|
assert_equals(headers[name], undefined, 'Header ' + name);
|
|
}
|
|
|
|
subsetTest(promise_test, async test => {
|
|
const uuid = generateUuid(test);
|
|
await setCookie(test);
|
|
|
|
await joinGroupAndRunBasicFledgeTestExpectingNoWinner(
|
|
test,
|
|
{ uuid: uuid,
|
|
interestGroupOverrides: { biddingLogicURL: createHeaderTrackerURL(uuid) }
|
|
});
|
|
|
|
let headers = (await fetchTrackedData(uuid)).trackedHeaders;
|
|
assertHasHeader(headers, 'accept', 'application/javascript');
|
|
assertHasHeader(headers, 'sec-fetch-dest', 'empty');
|
|
assertHasHeader(headers, 'sec-fetch-mode', 'no-cors');
|
|
assertHasHeader(headers, 'sec-fetch-site', 'same-origin');
|
|
assertDoesNotHaveHeader(headers, 'cookie');
|
|
assertDoesNotHaveHeader(headers, 'referer');
|
|
}, 'biddingLogicURL request headers.');
|
|
|
|
subsetTest(promise_test, async test => {
|
|
const uuid = generateUuid(test);
|
|
await deleteAllCookies();
|
|
|
|
await joinGroupAndRunBasicFledgeTestExpectingNoWinner(
|
|
test,
|
|
{ uuid: uuid,
|
|
interestGroupOverrides: { biddingLogicURL: SET_COOKIE_URL }
|
|
});
|
|
|
|
assert_equals(document.cookie, '');
|
|
await deleteAllCookies();
|
|
}, 'biddingLogicURL Set-Cookie.');
|
|
|
|
subsetTest(promise_test, async test => {
|
|
const uuid = generateUuid(test);
|
|
await joinGroupAndRunBasicFledgeTestExpectingNoWinner(
|
|
test,
|
|
{ uuid: uuid,
|
|
interestGroupOverrides: {
|
|
biddingLogicURL: createRedirectURL(createBiddingScriptURL()) }
|
|
});
|
|
}, 'biddingLogicURL redirect.');
|
|
|
|
subsetTest(promise_test, async test => {
|
|
const uuid = generateUuid(test);
|
|
await setCookie(test);
|
|
|
|
await joinGroupAndRunBasicFledgeTestExpectingNoWinner(
|
|
test,
|
|
{ uuid: uuid,
|
|
interestGroupOverrides: { biddingWasmHelperURL: createHeaderTrackerURL(uuid) }
|
|
});
|
|
|
|
let headers = (await fetchTrackedData(uuid)).trackedHeaders;
|
|
assertHasHeader(headers, 'accept', 'application/wasm');
|
|
assertHasHeader(headers, 'sec-fetch-dest', 'empty');
|
|
assertHasHeader(headers, 'sec-fetch-mode', 'no-cors');
|
|
assertHasHeader(headers, 'sec-fetch-site', 'same-origin');
|
|
assertDoesNotHaveHeader(headers, 'cookie');
|
|
assertDoesNotHaveHeader(headers, 'referer');
|
|
}, 'biddingWasmHelperURL request headers.');
|
|
|
|
subsetTest(promise_test, async test => {
|
|
const uuid = generateUuid(test);
|
|
await deleteAllCookies();
|
|
|
|
await joinGroupAndRunBasicFledgeTestExpectingNoWinner(
|
|
test,
|
|
{ uuid: uuid,
|
|
interestGroupOverrides: { biddingWasmHelperURL: SET_COOKIE_URL }
|
|
});
|
|
|
|
assert_equals(document.cookie, '');
|
|
await deleteAllCookies();
|
|
}, 'biddingWasmHelperURL Set-Cookie.');
|
|
|
|
subsetTest(promise_test, async test => {
|
|
const uuid = generateUuid(test);
|
|
await joinGroupAndRunBasicFledgeTestExpectingNoWinner(
|
|
test,
|
|
{ uuid: uuid,
|
|
interestGroupOverrides:
|
|
{ biddingWasmHelperURL: createRedirectURL(createBiddingWasmHelperURL()) }
|
|
});
|
|
}, 'biddingWasmHelperURL redirect.');
|
|
|
|
subsetTest(promise_test, async test => {
|
|
const uuid = generateUuid(test);
|
|
await setCookie(test);
|
|
|
|
await joinGroupAndRunBasicFledgeTestExpectingNoWinner(
|
|
test,
|
|
{ uuid: uuid,
|
|
auctionConfigOverrides: { decisionLogicURL: createHeaderTrackerURL(uuid) }
|
|
});
|
|
|
|
let headers = (await fetchTrackedData(uuid)).trackedHeaders;
|
|
assertHasHeader(headers, 'accept', 'application/javascript');
|
|
assertHasHeader(headers, 'sec-fetch-dest', 'empty');
|
|
assertHasHeader(headers, 'sec-fetch-mode', 'no-cors');
|
|
assertHasHeader(headers, 'sec-fetch-site', 'same-origin');
|
|
assertDoesNotHaveHeader(headers, 'cookie');
|
|
assertDoesNotHaveHeader(headers, 'referer');
|
|
}, 'decisionLogicURL request headers.');
|
|
|
|
subsetTest(promise_test, async test => {
|
|
const uuid = generateUuid(test);
|
|
await deleteAllCookies();
|
|
|
|
await joinGroupAndRunBasicFledgeTestExpectingNoWinner(
|
|
test,
|
|
{ uuid: uuid,
|
|
auctionConfigOverrides: { decisionLogicURL: SET_COOKIE_URL }
|
|
});
|
|
|
|
assert_equals(document.cookie, '');
|
|
await deleteAllCookies();
|
|
}, 'decisionLogicURL Set-Cookie.');
|
|
|
|
subsetTest(promise_test, async test => {
|
|
const uuid = generateUuid(test);
|
|
await joinGroupAndRunBasicFledgeTestExpectingNoWinner(
|
|
test,
|
|
{ uuid: uuid,
|
|
auctionConfigOverrides:
|
|
{ decisionLogicURL: createRedirectURL(createDecisionScriptURL(uuid)) }
|
|
});
|
|
}, 'decisionLogicURL redirect.');
|
|
|
|
subsetTest(promise_test, async test => {
|
|
const uuid = generateUuid(test);
|
|
await setCookie(test);
|
|
|
|
await joinGroupAndRunBasicFledgeTestExpectingWinner(
|
|
test,
|
|
{ uuid: uuid,
|
|
interestGroupOverrides: {
|
|
trustedBiddingSignalsURL: TRUSTED_BIDDING_SIGNALS_URL,
|
|
trustedBiddingSignalsKeys: ['headers'],
|
|
biddingLogicURL: createBiddingScriptURL({
|
|
generateBid:
|
|
`let headers = trustedBiddingSignals.headers;
|
|
function checkHeader(name, value) {
|
|
jsonActualValue = JSON.stringify(headers[name]);
|
|
if (jsonActualValue !== JSON.stringify([value]))
|
|
throw "Unexpected " + name + ": " + jsonActualValue;
|
|
}
|
|
checkHeader("accept", "application/json");
|
|
checkHeader("sec-fetch-dest", "empty");
|
|
checkHeader("sec-fetch-mode", "cors");
|
|
checkHeader("sec-fetch-site", "same-origin");
|
|
if (headers.cookie !== undefined)
|
|
throw "Unexpected cookie: " + JSON.stringify(headers.cookie);
|
|
if (headers.referer !== undefined)
|
|
throw "Unexpected referer: " + JSON.stringify(headers.referer);`,
|
|
})
|
|
}
|
|
});
|
|
}, 'trustedBiddingSignalsURL request headers.');
|
|
|
|
subsetTest(promise_test, async test => {
|
|
const uuid = generateUuid(test);
|
|
let cookieFrame = await createFrame(test, OTHER_ORIGIN1);
|
|
await runInFrame(test, cookieFrame, `await setCookie(test_instance)`);
|
|
|
|
await joinGroupAndRunBasicFledgeTestExpectingWinner(
|
|
test,
|
|
{ uuid: uuid,
|
|
interestGroupOverrides: {
|
|
trustedBiddingSignalsURL: CROSS_ORIGIN_TRUSTED_BIDDING_SIGNALS_URL,
|
|
trustedBiddingSignalsKeys: ['headers', 'cors'],
|
|
biddingLogicURL: createBiddingScriptURL({
|
|
generateBid:
|
|
`let headers = crossOriginTrustedBiddingSignals[
|
|
'${OTHER_ORIGIN1}'].headers;
|
|
function checkHeader(name, value) {
|
|
jsonActualValue = JSON.stringify(headers[name]);
|
|
if (jsonActualValue !== JSON.stringify([value]))
|
|
throw "Unexpected " + name + ": " + jsonActualValue;
|
|
}
|
|
checkHeader("accept", "application/json");
|
|
checkHeader("sec-fetch-dest", "empty");
|
|
checkHeader("sec-fetch-mode", "cors");
|
|
checkHeader("sec-fetch-site", "cross-site");
|
|
checkHeader("origin", "${window.location.origin}");
|
|
if (headers.cookie !== undefined)
|
|
throw "Unexpected cookie: " + JSON.stringify(headers.cookie);
|
|
if (headers.referer !== undefined)
|
|
throw "Unexpected referer: " + JSON.stringify(headers.referer);`,
|
|
})
|
|
}
|
|
});
|
|
}, 'cross-origin trustedBiddingSignalsURL request headers.');
|
|
|
|
subsetTest(promise_test, async test => {
|
|
const uuid = generateUuid(test);
|
|
await deleteAllCookies();
|
|
|
|
await joinGroupAndRunBasicFledgeTestExpectingWinner(
|
|
test,
|
|
{ uuid: uuid,
|
|
interestGroupOverrides: { trustedBiddingSignalsURL: SET_COOKIE_URL }
|
|
});
|
|
|
|
assert_equals(document.cookie, '');
|
|
await deleteAllCookies();
|
|
}, 'trustedBiddingSignalsURL Set-Cookie.');
|
|
|
|
subsetTest(promise_test, async test => {
|
|
const uuid = generateUuid(test);
|
|
|
|
await joinGroupAndRunBasicFledgeTestExpectingWinner(
|
|
test,
|
|
{ uuid: uuid,
|
|
interestGroupOverrides: {
|
|
trustedBiddingSignalsURL: REDIRECT_TO_TRUSTED_SIGNALS_URL,
|
|
trustedBiddingSignalsKeys: ['num-value'],
|
|
biddingLogicURL: createBiddingScriptURL({
|
|
generateBid:
|
|
`// The redirect should not be followed, so no signals should be received.
|
|
if (trustedBiddingSignals !== null)
|
|
throw "Unexpected trustedBiddingSignals: " + JSON.stringify(trustedBiddingSignals);`
|
|
})
|
|
}
|
|
});
|
|
}, 'trustedBiddingSignalsURL redirect.');
|
|
|
|
subsetTest(promise_test, async test => {
|
|
const uuid = generateUuid(test);
|
|
await setCookie(test);
|
|
|
|
let renderURL = createRenderURL(uuid, /*script=*/null, /*signalsParam=*/'headers');
|
|
|
|
await joinGroupAndRunBasicFledgeTestExpectingWinner(
|
|
test,
|
|
{ uuid: uuid,
|
|
interestGroupOverrides: {
|
|
ads: [{ renderURL: renderURL }]
|
|
},
|
|
auctionConfigOverrides: {
|
|
trustedScoringSignalsURL: TRUSTED_SCORING_SIGNALS_URL,
|
|
decisionLogicURL: createDecisionScriptURL(uuid,
|
|
{
|
|
scoreAd:
|
|
`let headers = trustedScoringSignals.renderURL["${renderURL}"];
|
|
function checkHeader(name, value) {
|
|
jsonActualValue = JSON.stringify(headers[name]);
|
|
if (jsonActualValue !== JSON.stringify([value]))
|
|
throw "Unexpected " + name + ": " + jsonActualValue;
|
|
}
|
|
checkHeader("accept", "application/json");
|
|
checkHeader("sec-fetch-dest", "empty");
|
|
checkHeader("sec-fetch-mode", "cors");
|
|
checkHeader("sec-fetch-site", "same-origin");
|
|
if (headers.cookie !== undefined)
|
|
throw "Unexpected cookie: " + JSON.stringify(headers.cookie);
|
|
if (headers.referer !== undefined)
|
|
throw "Unexpected referer: " + JSON.stringify(headers.referer);`,
|
|
})
|
|
}
|
|
});
|
|
}, 'trustedScoringSignalsURL request headers.');
|
|
|
|
subsetTest(promise_test, async test => {
|
|
const uuid = generateUuid(test);
|
|
let cookieFrame = await createFrame(test, OTHER_ORIGIN1);
|
|
await runInFrame(test, cookieFrame, `await setCookie(test_instance)`);
|
|
|
|
let renderURL = createRenderURL(uuid, /*script=*/null, /*signalsParam=*/'headers,cors');
|
|
|
|
await joinGroupAndRunBasicFledgeTestExpectingWinner(
|
|
test,
|
|
{ uuid: uuid,
|
|
interestGroupOverrides: {
|
|
ads: [{ renderURL: renderURL }]
|
|
},
|
|
auctionConfigOverrides: {
|
|
trustedScoringSignalsURL: CROSS_ORIGIN_TRUSTED_SCORING_SIGNALS_URL,
|
|
decisionLogicURL: createDecisionScriptURL(uuid,
|
|
{
|
|
permitCrossOriginTrustedSignals: `"${OTHER_ORIGIN1}"`,
|
|
scoreAd:
|
|
`let headers = crossOriginTrustedScoringSignals[
|
|
'${OTHER_ORIGIN1}'].renderURL["${renderURL}"];
|
|
function checkHeader(name, value) {
|
|
jsonActualValue = JSON.stringify(headers[name]);
|
|
if (jsonActualValue !== JSON.stringify([value]))
|
|
throw "Unexpected " + name + ": " + jsonActualValue;
|
|
}
|
|
checkHeader("accept", "application/json");
|
|
checkHeader("sec-fetch-dest", "empty");
|
|
checkHeader("sec-fetch-mode", "cors");
|
|
checkHeader("sec-fetch-site", "cross-site");
|
|
checkHeader("origin", "${window.location.origin}");
|
|
if (headers.cookie !== undefined)
|
|
throw "Unexpected cookie: " + JSON.stringify(headers.cookie);
|
|
if (headers.referer !== undefined)
|
|
throw "Unexpected referer: " + JSON.stringify(headers.referer);`,
|
|
})
|
|
}
|
|
});
|
|
}, 'cross-origin trustedScoringSignalsURL request headers.');
|
|
|
|
subsetTest(promise_test, async test => {
|
|
const uuid = generateUuid(test);
|
|
await deleteAllCookies();
|
|
|
|
await joinGroupAndRunBasicFledgeTestExpectingWinner(
|
|
test,
|
|
{ uuid: uuid,
|
|
auctionConfigOverrides: { trustedScoringSignalsURL: SET_COOKIE_URL }
|
|
});
|
|
|
|
assert_equals(document.cookie, '');
|
|
await deleteAllCookies();
|
|
}, 'trustedScoringSignalsURL Set-Cookie.');
|
|
|
|
subsetTest(promise_test, async test => {
|
|
const uuid = generateUuid(test);
|
|
|
|
await joinGroupAndRunBasicFledgeTestExpectingWinner(
|
|
test,
|
|
{ uuid: uuid,
|
|
auctionConfigOverrides: {
|
|
trustedScoringSignalsURL: REDIRECT_TO_TRUSTED_SIGNALS_URL,
|
|
decisionLogicURL: createDecisionScriptURL(uuid,
|
|
{
|
|
scoreAd:
|
|
`// The redirect should not be followed, so no signals should be received.
|
|
if (trustedScoringSignals !== null)
|
|
throw "Unexpected trustedScoringSignals: " + JSON.stringify(trustedScoringSignals);`
|
|
})
|
|
}
|
|
});
|
|
}, 'trustedScoringSignalsURL redirect.');
|