diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-19 01:13:27 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-19 01:13:27 +0000 |
commit | 40a355a42d4a9444dc753c04c6608dade2f06a23 (patch) | |
tree | 871fc667d2de662f171103ce5ec067014ef85e61 /testing/web-platform/tests/storage-access-api/resources | |
parent | Adding upstream version 124.0.1. (diff) | |
download | firefox-40a355a42d4a9444dc753c04c6608dade2f06a23.tar.xz firefox-40a355a42d4a9444dc753c04c6608dade2f06a23.zip |
Adding upstream version 125.0.1.upstream/125.0.1
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'testing/web-platform/tests/storage-access-api/resources')
10 files changed, 173 insertions, 41 deletions
diff --git a/testing/web-platform/tests/storage-access-api/resources/bless_cross_site_permissions.html b/testing/web-platform/tests/storage-access-api/resources/bless_cross_site_permissions.html new file mode 100644 index 0000000000..c3c5b6c0b0 --- /dev/null +++ b/testing/web-platform/tests/storage-access-api/resources/bless_cross_site_permissions.html @@ -0,0 +1,17 @@ +<!doctype html> +<meta charset="utf-8"> +<script src="/resources/testdriver.js"></script> +<script src="/resources/testdriver-vendor.js"></script> +<body> +<script> +// In order to enable `requestStorageAccess` in a third-party context for some +// origin we must first act in a window where that same origin is the top-frame +// due to the following requirements: +// (1) The origin must be `bless`ed when it's in the top-frame +// (2) `set_permission` always operates on the top-frame origin +test_driver.set_test_context(window.opener.top); +test_driver.bless("fake interaction", () => {}, window); +test_driver.set_permission({ name: 'storage-access' }, 'granted'); +window.opener.postMessage("blessed", "*"); +</script> +</body> diff --git a/testing/web-platform/tests/storage-access-api/resources/embedded_responder.js b/testing/web-platform/tests/storage-access-api/resources/embedded_responder.js index bc13c7e7e8..228a262f16 100644 --- a/testing/web-platform/tests/storage-access-api/resources/embedded_responder.js +++ b/testing/web-platform/tests/storage-access-api/resources/embedded_responder.js @@ -79,7 +79,7 @@ window.addEventListener("message", async (event) => { reply(await fetch(event.data.url, {mode: 'no-cors', credentials: 'include'}).then((resp) => resp.text())); break; case "start_dedicated_worker": - worker = new Worker("embedded_worker.js"); + worker = new Worker("embedded_worker.py"); reply(undefined); break; case "message_worker": { diff --git a/testing/web-platform/tests/storage-access-api/resources/embedded_worker.js b/testing/web-platform/tests/storage-access-api/resources/embedded_worker.js deleted file mode 100644 index f3a0fb257a..0000000000 --- a/testing/web-platform/tests/storage-access-api/resources/embedded_worker.js +++ /dev/null @@ -1,17 +0,0 @@ -"use strict"; - -self.onmessage = async (message) => { - function reply(data) { - self.postMessage({data}); - } - - switch (message.data.command) { - case "fetch": { - const response = await fetch(message.data.url, {mode: 'cors', credentials: 'include'}) - .then((resp) => resp.text()); - reply(response); - break; - } - default: - } -}; diff --git a/testing/web-platform/tests/storage-access-api/resources/embedded_worker.py b/testing/web-platform/tests/storage-access-api/resources/embedded_worker.py new file mode 100644 index 0000000000..0aa457657f --- /dev/null +++ b/testing/web-platform/tests/storage-access-api/resources/embedded_worker.py @@ -0,0 +1,31 @@ +from cookies.resources.helpers import setNoCacheAndCORSHeaders + +# This worker messages how many connections have been made and checks what cookies are available. +def main(request, response): + headers = setNoCacheAndCORSHeaders(request, response) + headers[0] = (b"Content-Type", b"text/javascript") + cookie_header = request.headers.get(b"Cookie", b"") + document = b""" +"use strict"; + +self.onmessage = async (message) => { + function reply(data) { + self.postMessage({data}); + } + + switch (message.data.command) { + case "fetch": { + const response = await fetch(message.data.url, {mode: 'cors', credentials: 'include'}) + .then((resp) => resp.text()); + reply(response); + break; + } + case "load": { + reply(\"""" + cookie_header + b""""); + break; + } + default: + } +}; +""" + return headers, document diff --git a/testing/web-platform/tests/storage-access-api/resources/get_cookies.py b/testing/web-platform/tests/storage-access-api/resources/get_cookies.py new file mode 100644 index 0000000000..07e8c2dae3 --- /dev/null +++ b/testing/web-platform/tests/storage-access-api/resources/get_cookies.py @@ -0,0 +1,10 @@ +import json +from cookies.resources.helpers import makeCookieHeader, readCookies, setNoCacheAndCORSHeaders + +from wptserve.utils import isomorphic_decode + +def main(request, response): + headers = setNoCacheAndCORSHeaders(request, response) + cookies = readCookies(request) + decoded_cookies = {isomorphic_decode(key): isomorphic_decode(val) for key, val in cookies.items()} + return headers, json.dumps(decoded_cookies)
\ No newline at end of file diff --git a/testing/web-platform/tests/storage-access-api/resources/set_cookies.py b/testing/web-platform/tests/storage-access-api/resources/set_cookies.py new file mode 100644 index 0000000000..fe182dd00c --- /dev/null +++ b/testing/web-platform/tests/storage-access-api/resources/set_cookies.py @@ -0,0 +1,10 @@ +from cookies.resources.helpers import makeCookieHeader, setNoCacheAndCORSHeaders + +def main(request, response): + headers = setNoCacheAndCORSHeaders(request, response) + headers[0] = (b"Content-Type", b"text/html; charset=utf-8") + headers.append(makeCookieHeader(b"samesite_strict", b"test", {b"SameSite":b"Strict", b"path":b"/", b"Secure":b""})) + headers.append(makeCookieHeader(b"samesite_lax", b"test", {b"SameSite":b"Lax", b"path":b"/", b"Secure":b""})) + headers.append(makeCookieHeader(b"samesite_none", b"test", {b"SameSite":b"None", b"path":b"/", b"Secure":b""})) + document = b"<!DOCTYPE html>" + return headers, document diff --git a/testing/web-platform/tests/storage-access-api/resources/shared-worker-cookies.py b/testing/web-platform/tests/storage-access-api/resources/shared-worker-cookies.py new file mode 100644 index 0000000000..9307c4112c --- /dev/null +++ b/testing/web-platform/tests/storage-access-api/resources/shared-worker-cookies.py @@ -0,0 +1,37 @@ +from cookies.resources.helpers import makeCookieHeader, readCookies, setNoCacheAndCORSHeaders + +# This worker messages how many connections have been made and checks what cookies are available. +def main(request, response): + headers = setNoCacheAndCORSHeaders(request, response) + headers[0] = (b"Content-Type", b"text/javascript") + cookies = readCookies(request) + message = b"ReadOnLoad:" + if b"samesite_strict" in cookies: + message += b"Strict" + if b"samesite_lax" in cookies: + message += b"Lax" + if b"samesite_none" in cookies: + message += b"None" + document = b""" +let connection_count = 0; +self.onconnect = (e) => { + connection_count++; + fetch("/storage-access-api/resources/get_cookies.py", {credentials: 'include'}).then((resp) => { + resp.json().then((cookies) => { + let message = \"""" + message + b""",ReadOnFetch:"; + if (cookies.hasOwnProperty("samesite_strict")) { + message += "Strict"; + } + if (cookies.hasOwnProperty("samesite_lax")) { + message += "Lax"; + } + if (cookies.hasOwnProperty("samesite_none")) { + message += "None"; + } + message += ",ConnectionsMade:" + connection_count; + e.ports[0].postMessage(message); + }); + }); +} +""" + return headers, document
\ No newline at end of file diff --git a/testing/web-platform/tests/storage-access-api/resources/shared-worker-relay.js b/testing/web-platform/tests/storage-access-api/resources/shared-worker-relay.js new file mode 100644 index 0000000000..c94acefec9 --- /dev/null +++ b/testing/web-platform/tests/storage-access-api/resources/shared-worker-relay.js @@ -0,0 +1,10 @@ +// This worker relays any messages received to the first connection. +let port; +self.onconnect = (e) => { + if (port == undefined) { + port = e.ports[0]; + } + e.ports[0].onmessage = (e) => { + port.postMessage(e.data); + } +} diff --git a/testing/web-platform/tests/storage-access-api/resources/storage-access-beyond-cookies-iframe-iframe.html b/testing/web-platform/tests/storage-access-api/resources/storage-access-beyond-cookies-iframe-iframe.html index ffb419f799..2d5e22fa71 100644 --- a/testing/web-platform/tests/storage-access-api/resources/storage-access-beyond-cookies-iframe-iframe.html +++ b/testing/web-platform/tests/storage-access-api/resources/storage-access-beyond-cookies-iframe-iframe.html @@ -17,7 +17,7 @@ case "none": { let couldRequestStorageAccessForNone = true; try { - await document.requestStorageAccess({}); + await test_driver.bless("fake user interaction", () => document.requestStorageAccess({})); } catch (_) { couldRequestStorageAccessForNone = false; } @@ -26,7 +26,7 @@ } let couldRequestStorageAccessForAllFalse = true; try { - await document.requestStorageAccess({all:false}); + await test_driver.bless("fake user interaction", () => document.requestStorageAccess({all:false})); } catch (_) { couldRequestStorageAccessForAllFalse = false; } @@ -44,7 +44,7 @@ if (hasUnpartitionedCookieAccess || document.cookie.includes("test="+id)) { message = "First-party cookies should not be readable before handle is loaded."; } - await document.requestStorageAccess({cookies: true}); + await test_driver.bless("fake user interaction", () => document.requestStorageAccess({cookies: true})); hasUnpartitionedCookieAccess = await document.hasUnpartitionedCookieAccess(); if (!hasUnpartitionedCookieAccess || !document.cookie.includes("test="+id)) { message = "First-party cookies should be readable if cookies were requested."; @@ -52,7 +52,7 @@ break; } case "sessionStorage": { - const handle = await document.requestStorageAccess({sessionStorage: true}); + const handle = await test_driver.bless("fake user interaction", () => document.requestStorageAccess({sessionStorage: true})); let hasUnpartitionedCookieAccess = await document.hasUnpartitionedCookieAccess(); if (hasUnpartitionedCookieAccess) { message = "First-party cookies should not be readable if not requested."; @@ -77,7 +77,7 @@ break; } case "localStorage": { - const handle = await document.requestStorageAccess({localStorage: true}); + const handle = await test_driver.bless("fake user interaction", () => document.requestStorageAccess({localStorage: true})); let hasUnpartitionedCookieAccess = await document.hasUnpartitionedCookieAccess(); if (hasUnpartitionedCookieAccess) { message = "First-party cookies should not be readable if not requested."; @@ -102,7 +102,7 @@ break; } case "indexedDB": { - const handle = await document.requestStorageAccess({indexedDB: true}); + const handle = await test_driver.bless("fake user interaction", () => document.requestStorageAccess({indexedDB: true})); let hasUnpartitionedCookieAccess = await document.hasUnpartitionedCookieAccess(); if (hasUnpartitionedCookieAccess) { message = "First-party cookies should not be readable if not requested."; @@ -119,7 +119,7 @@ break; } case "locks": { - const handle = await document.requestStorageAccess({locks: true}); + const handle = await test_driver.bless("fake user interaction", () => document.requestStorageAccess({locks: true})); let hasUnpartitionedCookieAccess = await document.hasUnpartitionedCookieAccess(); if (hasUnpartitionedCookieAccess) { message = "First-party cookies should not be readable if not requested."; @@ -136,7 +136,7 @@ break; } case "caches": { - const handle = await document.requestStorageAccess({caches: true}); + const handle = await test_driver.bless("fake user interaction", () => document.requestStorageAccess({caches: true})); let hasUnpartitionedCookieAccess = await document.hasUnpartitionedCookieAccess(); if (hasUnpartitionedCookieAccess) { message = "First-party cookies should not be readable if not requested."; @@ -153,7 +153,7 @@ break; } case "getDirectory": { - const handle = await document.requestStorageAccess({getDirectory: true}); + const handle = await test_driver.bless("fake user interaction", () => document.requestStorageAccess({getDirectory: true})); let hasUnpartitionedCookieAccess = await document.hasUnpartitionedCookieAccess(); if (hasUnpartitionedCookieAccess) { message = "First-party cookies should not be readable if not requested."; @@ -172,7 +172,7 @@ break; } case "estimate": { - const handle = await document.requestStorageAccess({estimate: true}); + const handle = await test_driver.bless("fake user interaction", () => document.requestStorageAccess({estimate: true})); let hasUnpartitionedCookieAccess = await document.hasUnpartitionedCookieAccess(); if (hasUnpartitionedCookieAccess) { message = "First-party cookies should not be readable if not requested."; @@ -188,7 +188,7 @@ break; } case "blobStorage": { - const handle = await document.requestStorageAccess({createObjectURL: true, revokeObjectURL: true}); + const handle = await test_driver.bless("fake user interaction", () => document.requestStorageAccess({createObjectURL: true, revokeObjectURL: true})); let hasUnpartitionedCookieAccess = await document.hasUnpartitionedCookieAccess(); if (hasUnpartitionedCookieAccess) { message = "First-party cookies should not be readable if not requested."; @@ -230,7 +230,7 @@ break; } case "BroadcastChannel": { - const handle = await document.requestStorageAccess({BroadcastChannel: true}); + const handle = await test_driver.bless("fake user interaction", () => document.requestStorageAccess({BroadcastChannel: true})); let hasUnpartitionedCookieAccess = await document.hasUnpartitionedCookieAccess(); if (hasUnpartitionedCookieAccess) { message = "First-party cookies should not be readable if not requested."; @@ -243,6 +243,26 @@ local_channel.close(); break; } + case "SharedWorker": { + const local_shared_worker = new SharedWorker("/storage-access-api/resources/shared-worker-relay.js", id); + local_shared_worker.port.start(); + local_shared_worker.port.postMessage("Same-origin local access"); + const handle = await test_driver.bless("fake user interaction", () => document.requestStorageAccess({SharedWorker: true})); + let couldRequestAllCookies = true; + try { + handle.SharedWorker("/storage-access-api/resources/shared-worker-relay.js", {name: id, sameSiteCookies: 'all'}); + } catch (_) { + couldRequestAllCookies = false; + } + if (couldRequestAllCookies) { + message = "Shared Workers in a third-party context should not be able to request SameSite cookies."; + } + handle.SharedWorker("/storage-access-api/resources/shared-worker-cookies.py", id).port.start(); + const handle_shared_worker = handle.SharedWorker("/storage-access-api/resources/shared-worker-relay.js", {name: id, sameSiteCookies: 'none'}); + handle_shared_worker.port.start(); + handle_shared_worker.port.postMessage("Same-origin handle access"); + break; + } default: { message = "Unexpected type " + type; break; @@ -254,6 +274,6 @@ // Step 7 (storage-access-api/storage-access-beyond-cookies.{}.tentative.sub.https.html) await MaybeSetStorageAccess("*", "*", "allowed"); await test_driver.set_permission({ name: 'storage-access' }, 'prompt'); - window.top.postMessage(message, "*"); + window.top.postMessage({type: "result", message: message}, "*"); })(); </script> diff --git a/testing/web-platform/tests/storage-access-api/resources/storage-access-beyond-cookies-iframe.sub.html b/testing/web-platform/tests/storage-access-api/resources/storage-access-beyond-cookies-iframe.sub.html index 8c30973416..a9247a0002 100644 --- a/testing/web-platform/tests/storage-access-api/resources/storage-access-beyond-cookies-iframe.sub.html +++ b/testing/web-platform/tests/storage-access-api/resources/storage-access-beyond-cookies-iframe.sub.html @@ -5,7 +5,10 @@ <script src="/storage-access-api/helpers.js"></script> <body> <script> -(async function() { +window.addEventListener("message", async (e) => { + if (e.data != "blessed") { + return; + } test_driver.set_test_context(window.top); const type = (new URLSearchParams(window.location.search)).get("type"); const id = (new URLSearchParams(window.location.search)).get("id"); @@ -14,14 +17,18 @@ try { await MaybeSetStorageAccess("*", "*", "blocked"); await test_driver.set_permission({ name: 'storage-access' }, 'granted'); - let hasUnpartitionedCookieAccess = await document.hasUnpartitionedCookieAccess(); - if (hasUnpartitionedCookieAccess) { - message = "First-party cookies should not be readable before handle is loaded."; + if (type == "cookies") { + let hasUnpartitionedCookieAccess = await document.hasUnpartitionedCookieAccess(); + if (hasUnpartitionedCookieAccess) { + message = "First-party cookies should not be readable before handle is loaded."; + } } - const handle = await document.requestStorageAccess({all: true}); - hasUnpartitionedCookieAccess = await document.hasUnpartitionedCookieAccess(); - if (!hasUnpartitionedCookieAccess) { - message = "First-party cookies should be readable after handle is loaded."; + const handle = await test_driver.bless("fake user interaction", () => document.requestStorageAccess({all: true})); + if (type == "cookies") { + hasUnpartitionedCookieAccess = await document.hasUnpartitionedCookieAccess(); + if (!hasUnpartitionedCookieAccess) { + message = "First-party cookies should be readable after handle is loaded."; + } } switch (type) { case "none": { @@ -108,6 +115,12 @@ channel.close(); break; } + case "SharedWorker": { + const shared_worker = handle.SharedWorker("/storage-access-api/resources/shared-worker-relay.js", id); + shared_worker.port.start(); + shared_worker.port.postMessage("Cross-origin handle access"); + break; + } default: { message = "Unexpected type " + type; break; @@ -119,13 +132,14 @@ await MaybeSetStorageAccess("*", "*", "allowed"); await test_driver.set_permission({ name: 'storage-access' }, 'prompt'); if (message) { - window.top.postMessage(message, "*"); + window.top.postMessage({type: "result", message: message}, "*"); return; } // Step 5 (storage-access-api/storage-access-beyond-cookies.{}.tentative.sub.https.html) let iframe = document.createElement("iframe"); iframe.src = "https://{{hosts[][]}}:{{ports[https][0]}}/storage-access-api/resources/storage-access-beyond-cookies-iframe-iframe.html?type=" + type + "&id=" + id; document.body.appendChild(iframe); -})(); +}); +window.open("https://{{hosts[alt][]}}:{{ports[https][0]}}/storage-access-api/resources/bless_cross_site_permissions.html"); </script> </body> |