summaryrefslogtreecommitdiffstats
path: root/testing/web-platform/tests/storage-access-api/resources
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-19 01:13:27 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-19 01:13:27 +0000
commit40a355a42d4a9444dc753c04c6608dade2f06a23 (patch)
tree871fc667d2de662f171103ce5ec067014ef85e61 /testing/web-platform/tests/storage-access-api/resources
parentAdding upstream version 124.0.1. (diff)
downloadfirefox-40a355a42d4a9444dc753c04c6608dade2f06a23.tar.xz
firefox-40a355a42d4a9444dc753c04c6608dade2f06a23.zip
Adding upstream version 125.0.1.upstream/125.0.1
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'testing/web-platform/tests/storage-access-api/resources')
-rw-r--r--testing/web-platform/tests/storage-access-api/resources/bless_cross_site_permissions.html17
-rw-r--r--testing/web-platform/tests/storage-access-api/resources/embedded_responder.js2
-rw-r--r--testing/web-platform/tests/storage-access-api/resources/embedded_worker.js17
-rw-r--r--testing/web-platform/tests/storage-access-api/resources/embedded_worker.py31
-rw-r--r--testing/web-platform/tests/storage-access-api/resources/get_cookies.py10
-rw-r--r--testing/web-platform/tests/storage-access-api/resources/set_cookies.py10
-rw-r--r--testing/web-platform/tests/storage-access-api/resources/shared-worker-cookies.py37
-rw-r--r--testing/web-platform/tests/storage-access-api/resources/shared-worker-relay.js10
-rw-r--r--testing/web-platform/tests/storage-access-api/resources/storage-access-beyond-cookies-iframe-iframe.html46
-rw-r--r--testing/web-platform/tests/storage-access-api/resources/storage-access-beyond-cookies-iframe.sub.html34
10 files changed, 173 insertions, 41 deletions
diff --git a/testing/web-platform/tests/storage-access-api/resources/bless_cross_site_permissions.html b/testing/web-platform/tests/storage-access-api/resources/bless_cross_site_permissions.html
new file mode 100644
index 0000000000..c3c5b6c0b0
--- /dev/null
+++ b/testing/web-platform/tests/storage-access-api/resources/bless_cross_site_permissions.html
@@ -0,0 +1,17 @@
+<!doctype html>
+<meta charset="utf-8">
+<script src="/resources/testdriver.js"></script>
+<script src="/resources/testdriver-vendor.js"></script>
+<body>
+<script>
+// In order to enable `requestStorageAccess` in a third-party context for some
+// origin we must first act in a window where that same origin is the top-frame
+// due to the following requirements:
+// (1) The origin must be `bless`ed when it's in the top-frame
+// (2) `set_permission` always operates on the top-frame origin
+test_driver.set_test_context(window.opener.top);
+test_driver.bless("fake interaction", () => {}, window);
+test_driver.set_permission({ name: 'storage-access' }, 'granted');
+window.opener.postMessage("blessed", "*");
+</script>
+</body>
diff --git a/testing/web-platform/tests/storage-access-api/resources/embedded_responder.js b/testing/web-platform/tests/storage-access-api/resources/embedded_responder.js
index bc13c7e7e8..228a262f16 100644
--- a/testing/web-platform/tests/storage-access-api/resources/embedded_responder.js
+++ b/testing/web-platform/tests/storage-access-api/resources/embedded_responder.js
@@ -79,7 +79,7 @@ window.addEventListener("message", async (event) => {
reply(await fetch(event.data.url, {mode: 'no-cors', credentials: 'include'}).then((resp) => resp.text()));
break;
case "start_dedicated_worker":
- worker = new Worker("embedded_worker.js");
+ worker = new Worker("embedded_worker.py");
reply(undefined);
break;
case "message_worker": {
diff --git a/testing/web-platform/tests/storage-access-api/resources/embedded_worker.js b/testing/web-platform/tests/storage-access-api/resources/embedded_worker.js
deleted file mode 100644
index f3a0fb257a..0000000000
--- a/testing/web-platform/tests/storage-access-api/resources/embedded_worker.js
+++ /dev/null
@@ -1,17 +0,0 @@
-"use strict";
-
-self.onmessage = async (message) => {
- function reply(data) {
- self.postMessage({data});
- }
-
- switch (message.data.command) {
- case "fetch": {
- const response = await fetch(message.data.url, {mode: 'cors', credentials: 'include'})
- .then((resp) => resp.text());
- reply(response);
- break;
- }
- default:
- }
-};
diff --git a/testing/web-platform/tests/storage-access-api/resources/embedded_worker.py b/testing/web-platform/tests/storage-access-api/resources/embedded_worker.py
new file mode 100644
index 0000000000..0aa457657f
--- /dev/null
+++ b/testing/web-platform/tests/storage-access-api/resources/embedded_worker.py
@@ -0,0 +1,31 @@
+from cookies.resources.helpers import setNoCacheAndCORSHeaders
+
+# This worker messages how many connections have been made and checks what cookies are available.
+def main(request, response):
+ headers = setNoCacheAndCORSHeaders(request, response)
+ headers[0] = (b"Content-Type", b"text/javascript")
+ cookie_header = request.headers.get(b"Cookie", b"")
+ document = b"""
+"use strict";
+
+self.onmessage = async (message) => {
+ function reply(data) {
+ self.postMessage({data});
+ }
+
+ switch (message.data.command) {
+ case "fetch": {
+ const response = await fetch(message.data.url, {mode: 'cors', credentials: 'include'})
+ .then((resp) => resp.text());
+ reply(response);
+ break;
+ }
+ case "load": {
+ reply(\"""" + cookie_header + b"""");
+ break;
+ }
+ default:
+ }
+};
+"""
+ return headers, document
diff --git a/testing/web-platform/tests/storage-access-api/resources/get_cookies.py b/testing/web-platform/tests/storage-access-api/resources/get_cookies.py
new file mode 100644
index 0000000000..07e8c2dae3
--- /dev/null
+++ b/testing/web-platform/tests/storage-access-api/resources/get_cookies.py
@@ -0,0 +1,10 @@
+import json
+from cookies.resources.helpers import makeCookieHeader, readCookies, setNoCacheAndCORSHeaders
+
+from wptserve.utils import isomorphic_decode
+
+def main(request, response):
+ headers = setNoCacheAndCORSHeaders(request, response)
+ cookies = readCookies(request)
+ decoded_cookies = {isomorphic_decode(key): isomorphic_decode(val) for key, val in cookies.items()}
+ return headers, json.dumps(decoded_cookies) \ No newline at end of file
diff --git a/testing/web-platform/tests/storage-access-api/resources/set_cookies.py b/testing/web-platform/tests/storage-access-api/resources/set_cookies.py
new file mode 100644
index 0000000000..fe182dd00c
--- /dev/null
+++ b/testing/web-platform/tests/storage-access-api/resources/set_cookies.py
@@ -0,0 +1,10 @@
+from cookies.resources.helpers import makeCookieHeader, setNoCacheAndCORSHeaders
+
+def main(request, response):
+ headers = setNoCacheAndCORSHeaders(request, response)
+ headers[0] = (b"Content-Type", b"text/html; charset=utf-8")
+ headers.append(makeCookieHeader(b"samesite_strict", b"test", {b"SameSite":b"Strict", b"path":b"/", b"Secure":b""}))
+ headers.append(makeCookieHeader(b"samesite_lax", b"test", {b"SameSite":b"Lax", b"path":b"/", b"Secure":b""}))
+ headers.append(makeCookieHeader(b"samesite_none", b"test", {b"SameSite":b"None", b"path":b"/", b"Secure":b""}))
+ document = b"<!DOCTYPE html>"
+ return headers, document
diff --git a/testing/web-platform/tests/storage-access-api/resources/shared-worker-cookies.py b/testing/web-platform/tests/storage-access-api/resources/shared-worker-cookies.py
new file mode 100644
index 0000000000..9307c4112c
--- /dev/null
+++ b/testing/web-platform/tests/storage-access-api/resources/shared-worker-cookies.py
@@ -0,0 +1,37 @@
+from cookies.resources.helpers import makeCookieHeader, readCookies, setNoCacheAndCORSHeaders
+
+# This worker messages how many connections have been made and checks what cookies are available.
+def main(request, response):
+ headers = setNoCacheAndCORSHeaders(request, response)
+ headers[0] = (b"Content-Type", b"text/javascript")
+ cookies = readCookies(request)
+ message = b"ReadOnLoad:"
+ if b"samesite_strict" in cookies:
+ message += b"Strict"
+ if b"samesite_lax" in cookies:
+ message += b"Lax"
+ if b"samesite_none" in cookies:
+ message += b"None"
+ document = b"""
+let connection_count = 0;
+self.onconnect = (e) => {
+ connection_count++;
+ fetch("/storage-access-api/resources/get_cookies.py", {credentials: 'include'}).then((resp) => {
+ resp.json().then((cookies) => {
+ let message = \"""" + message + b""",ReadOnFetch:";
+ if (cookies.hasOwnProperty("samesite_strict")) {
+ message += "Strict";
+ }
+ if (cookies.hasOwnProperty("samesite_lax")) {
+ message += "Lax";
+ }
+ if (cookies.hasOwnProperty("samesite_none")) {
+ message += "None";
+ }
+ message += ",ConnectionsMade:" + connection_count;
+ e.ports[0].postMessage(message);
+ });
+ });
+}
+"""
+ return headers, document \ No newline at end of file
diff --git a/testing/web-platform/tests/storage-access-api/resources/shared-worker-relay.js b/testing/web-platform/tests/storage-access-api/resources/shared-worker-relay.js
new file mode 100644
index 0000000000..c94acefec9
--- /dev/null
+++ b/testing/web-platform/tests/storage-access-api/resources/shared-worker-relay.js
@@ -0,0 +1,10 @@
+// This worker relays any messages received to the first connection.
+let port;
+self.onconnect = (e) => {
+ if (port == undefined) {
+ port = e.ports[0];
+ }
+ e.ports[0].onmessage = (e) => {
+ port.postMessage(e.data);
+ }
+}
diff --git a/testing/web-platform/tests/storage-access-api/resources/storage-access-beyond-cookies-iframe-iframe.html b/testing/web-platform/tests/storage-access-api/resources/storage-access-beyond-cookies-iframe-iframe.html
index ffb419f799..2d5e22fa71 100644
--- a/testing/web-platform/tests/storage-access-api/resources/storage-access-beyond-cookies-iframe-iframe.html
+++ b/testing/web-platform/tests/storage-access-api/resources/storage-access-beyond-cookies-iframe-iframe.html
@@ -17,7 +17,7 @@
case "none": {
let couldRequestStorageAccessForNone = true;
try {
- await document.requestStorageAccess({});
+ await test_driver.bless("fake user interaction", () => document.requestStorageAccess({}));
} catch (_) {
couldRequestStorageAccessForNone = false;
}
@@ -26,7 +26,7 @@
}
let couldRequestStorageAccessForAllFalse = true;
try {
- await document.requestStorageAccess({all:false});
+ await test_driver.bless("fake user interaction", () => document.requestStorageAccess({all:false}));
} catch (_) {
couldRequestStorageAccessForAllFalse = false;
}
@@ -44,7 +44,7 @@
if (hasUnpartitionedCookieAccess || document.cookie.includes("test="+id)) {
message = "First-party cookies should not be readable before handle is loaded.";
}
- await document.requestStorageAccess({cookies: true});
+ await test_driver.bless("fake user interaction", () => document.requestStorageAccess({cookies: true}));
hasUnpartitionedCookieAccess = await document.hasUnpartitionedCookieAccess();
if (!hasUnpartitionedCookieAccess || !document.cookie.includes("test="+id)) {
message = "First-party cookies should be readable if cookies were requested.";
@@ -52,7 +52,7 @@
break;
}
case "sessionStorage": {
- const handle = await document.requestStorageAccess({sessionStorage: true});
+ const handle = await test_driver.bless("fake user interaction", () => document.requestStorageAccess({sessionStorage: true}));
let hasUnpartitionedCookieAccess = await document.hasUnpartitionedCookieAccess();
if (hasUnpartitionedCookieAccess) {
message = "First-party cookies should not be readable if not requested.";
@@ -77,7 +77,7 @@
break;
}
case "localStorage": {
- const handle = await document.requestStorageAccess({localStorage: true});
+ const handle = await test_driver.bless("fake user interaction", () => document.requestStorageAccess({localStorage: true}));
let hasUnpartitionedCookieAccess = await document.hasUnpartitionedCookieAccess();
if (hasUnpartitionedCookieAccess) {
message = "First-party cookies should not be readable if not requested.";
@@ -102,7 +102,7 @@
break;
}
case "indexedDB": {
- const handle = await document.requestStorageAccess({indexedDB: true});
+ const handle = await test_driver.bless("fake user interaction", () => document.requestStorageAccess({indexedDB: true}));
let hasUnpartitionedCookieAccess = await document.hasUnpartitionedCookieAccess();
if (hasUnpartitionedCookieAccess) {
message = "First-party cookies should not be readable if not requested.";
@@ -119,7 +119,7 @@
break;
}
case "locks": {
- const handle = await document.requestStorageAccess({locks: true});
+ const handle = await test_driver.bless("fake user interaction", () => document.requestStorageAccess({locks: true}));
let hasUnpartitionedCookieAccess = await document.hasUnpartitionedCookieAccess();
if (hasUnpartitionedCookieAccess) {
message = "First-party cookies should not be readable if not requested.";
@@ -136,7 +136,7 @@
break;
}
case "caches": {
- const handle = await document.requestStorageAccess({caches: true});
+ const handle = await test_driver.bless("fake user interaction", () => document.requestStorageAccess({caches: true}));
let hasUnpartitionedCookieAccess = await document.hasUnpartitionedCookieAccess();
if (hasUnpartitionedCookieAccess) {
message = "First-party cookies should not be readable if not requested.";
@@ -153,7 +153,7 @@
break;
}
case "getDirectory": {
- const handle = await document.requestStorageAccess({getDirectory: true});
+ const handle = await test_driver.bless("fake user interaction", () => document.requestStorageAccess({getDirectory: true}));
let hasUnpartitionedCookieAccess = await document.hasUnpartitionedCookieAccess();
if (hasUnpartitionedCookieAccess) {
message = "First-party cookies should not be readable if not requested.";
@@ -172,7 +172,7 @@
break;
}
case "estimate": {
- const handle = await document.requestStorageAccess({estimate: true});
+ const handle = await test_driver.bless("fake user interaction", () => document.requestStorageAccess({estimate: true}));
let hasUnpartitionedCookieAccess = await document.hasUnpartitionedCookieAccess();
if (hasUnpartitionedCookieAccess) {
message = "First-party cookies should not be readable if not requested.";
@@ -188,7 +188,7 @@
break;
}
case "blobStorage": {
- const handle = await document.requestStorageAccess({createObjectURL: true, revokeObjectURL: true});
+ const handle = await test_driver.bless("fake user interaction", () => document.requestStorageAccess({createObjectURL: true, revokeObjectURL: true}));
let hasUnpartitionedCookieAccess = await document.hasUnpartitionedCookieAccess();
if (hasUnpartitionedCookieAccess) {
message = "First-party cookies should not be readable if not requested.";
@@ -230,7 +230,7 @@
break;
}
case "BroadcastChannel": {
- const handle = await document.requestStorageAccess({BroadcastChannel: true});
+ const handle = await test_driver.bless("fake user interaction", () => document.requestStorageAccess({BroadcastChannel: true}));
let hasUnpartitionedCookieAccess = await document.hasUnpartitionedCookieAccess();
if (hasUnpartitionedCookieAccess) {
message = "First-party cookies should not be readable if not requested.";
@@ -243,6 +243,26 @@
local_channel.close();
break;
}
+ case "SharedWorker": {
+ const local_shared_worker = new SharedWorker("/storage-access-api/resources/shared-worker-relay.js", id);
+ local_shared_worker.port.start();
+ local_shared_worker.port.postMessage("Same-origin local access");
+ const handle = await test_driver.bless("fake user interaction", () => document.requestStorageAccess({SharedWorker: true}));
+ let couldRequestAllCookies = true;
+ try {
+ handle.SharedWorker("/storage-access-api/resources/shared-worker-relay.js", {name: id, sameSiteCookies: 'all'});
+ } catch (_) {
+ couldRequestAllCookies = false;
+ }
+ if (couldRequestAllCookies) {
+ message = "Shared Workers in a third-party context should not be able to request SameSite cookies.";
+ }
+ handle.SharedWorker("/storage-access-api/resources/shared-worker-cookies.py", id).port.start();
+ const handle_shared_worker = handle.SharedWorker("/storage-access-api/resources/shared-worker-relay.js", {name: id, sameSiteCookies: 'none'});
+ handle_shared_worker.port.start();
+ handle_shared_worker.port.postMessage("Same-origin handle access");
+ break;
+ }
default: {
message = "Unexpected type " + type;
break;
@@ -254,6 +274,6 @@
// Step 7 (storage-access-api/storage-access-beyond-cookies.{}.tentative.sub.https.html)
await MaybeSetStorageAccess("*", "*", "allowed");
await test_driver.set_permission({ name: 'storage-access' }, 'prompt');
- window.top.postMessage(message, "*");
+ window.top.postMessage({type: "result", message: message}, "*");
})();
</script>
diff --git a/testing/web-platform/tests/storage-access-api/resources/storage-access-beyond-cookies-iframe.sub.html b/testing/web-platform/tests/storage-access-api/resources/storage-access-beyond-cookies-iframe.sub.html
index 8c30973416..a9247a0002 100644
--- a/testing/web-platform/tests/storage-access-api/resources/storage-access-beyond-cookies-iframe.sub.html
+++ b/testing/web-platform/tests/storage-access-api/resources/storage-access-beyond-cookies-iframe.sub.html
@@ -5,7 +5,10 @@
<script src="/storage-access-api/helpers.js"></script>
<body>
<script>
-(async function() {
+window.addEventListener("message", async (e) => {
+ if (e.data != "blessed") {
+ return;
+ }
test_driver.set_test_context(window.top);
const type = (new URLSearchParams(window.location.search)).get("type");
const id = (new URLSearchParams(window.location.search)).get("id");
@@ -14,14 +17,18 @@
try {
await MaybeSetStorageAccess("*", "*", "blocked");
await test_driver.set_permission({ name: 'storage-access' }, 'granted');
- let hasUnpartitionedCookieAccess = await document.hasUnpartitionedCookieAccess();
- if (hasUnpartitionedCookieAccess) {
- message = "First-party cookies should not be readable before handle is loaded.";
+ if (type == "cookies") {
+ let hasUnpartitionedCookieAccess = await document.hasUnpartitionedCookieAccess();
+ if (hasUnpartitionedCookieAccess) {
+ message = "First-party cookies should not be readable before handle is loaded.";
+ }
}
- const handle = await document.requestStorageAccess({all: true});
- hasUnpartitionedCookieAccess = await document.hasUnpartitionedCookieAccess();
- if (!hasUnpartitionedCookieAccess) {
- message = "First-party cookies should be readable after handle is loaded.";
+ const handle = await test_driver.bless("fake user interaction", () => document.requestStorageAccess({all: true}));
+ if (type == "cookies") {
+ hasUnpartitionedCookieAccess = await document.hasUnpartitionedCookieAccess();
+ if (!hasUnpartitionedCookieAccess) {
+ message = "First-party cookies should be readable after handle is loaded.";
+ }
}
switch (type) {
case "none": {
@@ -108,6 +115,12 @@
channel.close();
break;
}
+ case "SharedWorker": {
+ const shared_worker = handle.SharedWorker("/storage-access-api/resources/shared-worker-relay.js", id);
+ shared_worker.port.start();
+ shared_worker.port.postMessage("Cross-origin handle access");
+ break;
+ }
default: {
message = "Unexpected type " + type;
break;
@@ -119,13 +132,14 @@
await MaybeSetStorageAccess("*", "*", "allowed");
await test_driver.set_permission({ name: 'storage-access' }, 'prompt');
if (message) {
- window.top.postMessage(message, "*");
+ window.top.postMessage({type: "result", message: message}, "*");
return;
}
// Step 5 (storage-access-api/storage-access-beyond-cookies.{}.tentative.sub.https.html)
let iframe = document.createElement("iframe");
iframe.src = "https://{{hosts[][]}}:{{ports[https][0]}}/storage-access-api/resources/storage-access-beyond-cookies-iframe-iframe.html?type=" + type + "&id=" + id;
document.body.appendChild(iframe);
-})();
+});
+window.open("https://{{hosts[alt][]}}:{{ports[https][0]}}/storage-access-api/resources/bless_cross_site_permissions.html");
</script>
</body>