1 files changed, 92 insertions, 0 deletions

diff --git a/testing/web-platform/tests/html/cross-origin-opener-policy/reporting/access-reporting/access-from-coop-page-to-other_coop-ro.https.html b/testing/web-platform/tests/html/cross-origin-opener-policy/reporting/access-reporting/access-from-coop-page-to-other_coop-ro.https.html
new file mode 100644
index 0000000000..90df0e4e99
--- /dev/null
+++ b/testing/web-platform/tests/html/cross-origin-opener-policy/reporting/access-reporting/access-from-coop-page-to-other_coop-ro.https.html
@@ -0,0 +1,92 @@
+<title>
+  One window accesses a second one. They are aren't related by an opener/openee
+  relationship. The first window has set
+  Cross-Origin-Opener-Policy-Report-Only:same-origin, so it receives a
+  "access-from-coop-page-to-other" report.
+</title>
+<meta name=timeout content=long>
+<script src=/resources/testharness.js></script>
+<script src=/resources/testharnessreport.js></script>
+<script src=/common/get-host-info.sub.js></script>
+<script src="/common/utils.js"></script>
+<script src="/common/dispatcher/dispatcher.js"></script>
+<script src="/html/cross-origin-opener-policy/resources/common.js"></script>
+<script src="/html/cross-origin-opener-policy/reporting/resources/reporting-common.js"></script>
+<script src="/html/cross-origin-opener-policy/reporting/resources/try-access.js"></script>
+<script>
+
+const directory = "/html/cross-origin-opener-policy";
+const same_origin = get_host_info().HTTPS_ORIGIN;
+
+let escapeComma = url => url.replace(/,/g, '\\,');
+
+promise_test(async t => {
+  const report_token= token();
+  const report_to = reportToHeaders(report_token);
+
+  // The test window.
+  const this_window_token = token();
+
+  // The "opener" window. With COOP:same-origin + reporter.
+  const opener_token = token();
+  const opener_url = same_origin + executor_path + report_to.header +
+    report_to.coopReportOnlySameOriginHeader + coep_header +
+    `&uuid=${opener_token}`;
+
+  // The "openee" window. With COOP:same-origin + reporter.
+  const openee_token = token();
+  const openee_url = same_origin + executor_path + report_to.header +
+    report_to.coopReportOnlySameOriginHeader + coep_header +
+    `&uuid=${openee_token}`;
+
+  // The "other" window.
+  const other_token = token();
+  const other_url = same_origin + executor_path + report_to.header +
+    `&uuid=${other_token}`;
+
+  t.add_cleanup(() => {
+    send(opener_token, "window.close()")
+    send(openee_token, "window.close()")
+    send(other_token, "window.close()")
+  })
+
+  // 1. Create the "opener" window.
+  let opener_window_proxy = window.open(opener_url);
+
+  // 2. Create the "openee" window.
+  send(opener_token, `
+    window.openee = window.open('${escapeComma(openee_url)}');
+  `);
+
+  // 3. Create the "other" window.
+  send(openee_token, `
+    window.other = window.open('${escapeComma(other_url)}');
+  `);
+
+  // 4. Wait for "other" to load its document.
+  send(other_token, `send('${this_window_token}', "Loaded");`);
+  assert_equals(await receive(this_window_token), "Loaded");
+
+  // 5. "opener" accesses "other" window, through "openee".
+  send(opener_token, addScriptAndTriggerOnload(
+    directory + "/reporting/resources/try-access.js",
+    "tryAccess(openee.other);")
+  );
+
+  // 6. Check a report is sent to the openee.
+  let report =
+    await receiveReport(report_token, "access-from-coop-page-to-other")
+  assert_equals(report.type, "coop");
+  assert_equals(report.url, opener_url.replace(/"/g, '%22'));
+  assert_equals(report.body.disposition, "reporting");
+  assert_equals(report.body.effectivePolicy, "same-origin-plus-coep");
+  assert_equals(report.body.property, "blur");
+  assert_source_location_found(report);
+  assert_equals(report.body.openerURL, undefined);
+  assert_equals(report.body.openeeURL, undefined);
+  assert_equals(report.body.otherDocumentURL, other_url.replace(/"/g, '%22'));
+  assert_equals(report.body.referrer, undefined);
+  assert_equals(report.body.initialPopupURL, undefined);
+}, "access-from-coop-page-to-other (COOP-RO)");
+
+</script>