From 086c044dc34dfc0f74fbe41f4ecb402b2cd34884 Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Fri, 19 Apr 2024 03:13:33 +0200 Subject: Merging upstream version 125.0.1. Signed-off-by: Daniel Baumann --- .../resources/bless_cross_site_permissions.html | 17 ++++++++ .../resources/embedded_responder.js | 2 +- .../resources/embedded_worker.js | 17 -------- .../resources/embedded_worker.py | 31 +++++++++++++++ .../storage-access-api/resources/get_cookies.py | 10 +++++ .../storage-access-api/resources/set_cookies.py | 10 +++++ .../resources/shared-worker-cookies.py | 37 +++++++++++++++++ .../resources/shared-worker-relay.js | 10 +++++ ...torage-access-beyond-cookies-iframe-iframe.html | 46 ++++++++++++++++------ .../storage-access-beyond-cookies-iframe.sub.html | 34 +++++++++++----- 10 files changed, 173 insertions(+), 41 deletions(-) create mode 100644 testing/web-platform/tests/storage-access-api/resources/bless_cross_site_permissions.html delete mode 100644 testing/web-platform/tests/storage-access-api/resources/embedded_worker.js create mode 100644 testing/web-platform/tests/storage-access-api/resources/embedded_worker.py create mode 100644 testing/web-platform/tests/storage-access-api/resources/get_cookies.py create mode 100644 testing/web-platform/tests/storage-access-api/resources/set_cookies.py create mode 100644 testing/web-platform/tests/storage-access-api/resources/shared-worker-cookies.py create mode 100644 testing/web-platform/tests/storage-access-api/resources/shared-worker-relay.js (limited to 'testing/web-platform/tests/storage-access-api/resources') diff --git a/testing/web-platform/tests/storage-access-api/resources/bless_cross_site_permissions.html b/testing/web-platform/tests/storage-access-api/resources/bless_cross_site_permissions.html new file mode 100644 index 0000000000..c3c5b6c0b0 --- /dev/null +++ b/testing/web-platform/tests/storage-access-api/resources/bless_cross_site_permissions.html @@ -0,0 +1,17 @@ + + + + + + + diff --git a/testing/web-platform/tests/storage-access-api/resources/embedded_responder.js b/testing/web-platform/tests/storage-access-api/resources/embedded_responder.js index bc13c7e7e8..228a262f16 100644 --- a/testing/web-platform/tests/storage-access-api/resources/embedded_responder.js +++ b/testing/web-platform/tests/storage-access-api/resources/embedded_responder.js @@ -79,7 +79,7 @@ window.addEventListener("message", async (event) => { reply(await fetch(event.data.url, {mode: 'no-cors', credentials: 'include'}).then((resp) => resp.text())); break; case "start_dedicated_worker": - worker = new Worker("embedded_worker.js"); + worker = new Worker("embedded_worker.py"); reply(undefined); break; case "message_worker": { diff --git a/testing/web-platform/tests/storage-access-api/resources/embedded_worker.js b/testing/web-platform/tests/storage-access-api/resources/embedded_worker.js deleted file mode 100644 index f3a0fb257a..0000000000 --- a/testing/web-platform/tests/storage-access-api/resources/embedded_worker.js +++ /dev/null @@ -1,17 +0,0 @@ -"use strict"; - -self.onmessage = async (message) => { - function reply(data) { - self.postMessage({data}); - } - - switch (message.data.command) { - case "fetch": { - const response = await fetch(message.data.url, {mode: 'cors', credentials: 'include'}) - .then((resp) => resp.text()); - reply(response); - break; - } - default: - } -}; diff --git a/testing/web-platform/tests/storage-access-api/resources/embedded_worker.py b/testing/web-platform/tests/storage-access-api/resources/embedded_worker.py new file mode 100644 index 0000000000..0aa457657f --- /dev/null +++ b/testing/web-platform/tests/storage-access-api/resources/embedded_worker.py @@ -0,0 +1,31 @@ +from cookies.resources.helpers import setNoCacheAndCORSHeaders + +# This worker messages how many connections have been made and checks what cookies are available. +def main(request, response): + headers = setNoCacheAndCORSHeaders(request, response) + headers[0] = (b"Content-Type", b"text/javascript") + cookie_header = request.headers.get(b"Cookie", b"") + document = b""" +"use strict"; + +self.onmessage = async (message) => { + function reply(data) { + self.postMessage({data}); + } + + switch (message.data.command) { + case "fetch": { + const response = await fetch(message.data.url, {mode: 'cors', credentials: 'include'}) + .then((resp) => resp.text()); + reply(response); + break; + } + case "load": { + reply(\"""" + cookie_header + b""""); + break; + } + default: + } +}; +""" + return headers, document diff --git a/testing/web-platform/tests/storage-access-api/resources/get_cookies.py b/testing/web-platform/tests/storage-access-api/resources/get_cookies.py new file mode 100644 index 0000000000..07e8c2dae3 --- /dev/null +++ b/testing/web-platform/tests/storage-access-api/resources/get_cookies.py @@ -0,0 +1,10 @@ +import json +from cookies.resources.helpers import makeCookieHeader, readCookies, setNoCacheAndCORSHeaders + +from wptserve.utils import isomorphic_decode + +def main(request, response): + headers = setNoCacheAndCORSHeaders(request, response) + cookies = readCookies(request) + decoded_cookies = {isomorphic_decode(key): isomorphic_decode(val) for key, val in cookies.items()} + return headers, json.dumps(decoded_cookies) \ No newline at end of file diff --git a/testing/web-platform/tests/storage-access-api/resources/set_cookies.py b/testing/web-platform/tests/storage-access-api/resources/set_cookies.py new file mode 100644 index 0000000000..fe182dd00c --- /dev/null +++ b/testing/web-platform/tests/storage-access-api/resources/set_cookies.py @@ -0,0 +1,10 @@ +from cookies.resources.helpers import makeCookieHeader, setNoCacheAndCORSHeaders + +def main(request, response): + headers = setNoCacheAndCORSHeaders(request, response) + headers[0] = (b"Content-Type", b"text/html; charset=utf-8") + headers.append(makeCookieHeader(b"samesite_strict", b"test", {b"SameSite":b"Strict", b"path":b"/", b"Secure":b""})) + headers.append(makeCookieHeader(b"samesite_lax", b"test", {b"SameSite":b"Lax", b"path":b"/", b"Secure":b""})) + headers.append(makeCookieHeader(b"samesite_none", b"test", {b"SameSite":b"None", b"path":b"/", b"Secure":b""})) + document = b"" + return headers, document diff --git a/testing/web-platform/tests/storage-access-api/resources/shared-worker-cookies.py b/testing/web-platform/tests/storage-access-api/resources/shared-worker-cookies.py new file mode 100644 index 0000000000..9307c4112c --- /dev/null +++ b/testing/web-platform/tests/storage-access-api/resources/shared-worker-cookies.py @@ -0,0 +1,37 @@ +from cookies.resources.helpers import makeCookieHeader, readCookies, setNoCacheAndCORSHeaders + +# This worker messages how many connections have been made and checks what cookies are available. +def main(request, response): + headers = setNoCacheAndCORSHeaders(request, response) + headers[0] = (b"Content-Type", b"text/javascript") + cookies = readCookies(request) + message = b"ReadOnLoad:" + if b"samesite_strict" in cookies: + message += b"Strict" + if b"samesite_lax" in cookies: + message += b"Lax" + if b"samesite_none" in cookies: + message += b"None" + document = b""" +let connection_count = 0; +self.onconnect = (e) => { + connection_count++; + fetch("/storage-access-api/resources/get_cookies.py", {credentials: 'include'}).then((resp) => { + resp.json().then((cookies) => { + let message = \"""" + message + b""",ReadOnFetch:"; + if (cookies.hasOwnProperty("samesite_strict")) { + message += "Strict"; + } + if (cookies.hasOwnProperty("samesite_lax")) { + message += "Lax"; + } + if (cookies.hasOwnProperty("samesite_none")) { + message += "None"; + } + message += ",ConnectionsMade:" + connection_count; + e.ports[0].postMessage(message); + }); + }); +} +""" + return headers, document \ No newline at end of file diff --git a/testing/web-platform/tests/storage-access-api/resources/shared-worker-relay.js b/testing/web-platform/tests/storage-access-api/resources/shared-worker-relay.js new file mode 100644 index 0000000000..c94acefec9 --- /dev/null +++ b/testing/web-platform/tests/storage-access-api/resources/shared-worker-relay.js @@ -0,0 +1,10 @@ +// This worker relays any messages received to the first connection. +let port; +self.onconnect = (e) => { + if (port == undefined) { + port = e.ports[0]; + } + e.ports[0].onmessage = (e) => { + port.postMessage(e.data); + } +} diff --git a/testing/web-platform/tests/storage-access-api/resources/storage-access-beyond-cookies-iframe-iframe.html b/testing/web-platform/tests/storage-access-api/resources/storage-access-beyond-cookies-iframe-iframe.html index ffb419f799..2d5e22fa71 100644 --- a/testing/web-platform/tests/storage-access-api/resources/storage-access-beyond-cookies-iframe-iframe.html +++ b/testing/web-platform/tests/storage-access-api/resources/storage-access-beyond-cookies-iframe-iframe.html @@ -17,7 +17,7 @@ case "none": { let couldRequestStorageAccessForNone = true; try { - await document.requestStorageAccess({}); + await test_driver.bless("fake user interaction", () => document.requestStorageAccess({})); } catch (_) { couldRequestStorageAccessForNone = false; } @@ -26,7 +26,7 @@ } let couldRequestStorageAccessForAllFalse = true; try { - await document.requestStorageAccess({all:false}); + await test_driver.bless("fake user interaction", () => document.requestStorageAccess({all:false})); } catch (_) { couldRequestStorageAccessForAllFalse = false; } @@ -44,7 +44,7 @@ if (hasUnpartitionedCookieAccess || document.cookie.includes("test="+id)) { message = "First-party cookies should not be readable before handle is loaded."; } - await document.requestStorageAccess({cookies: true}); + await test_driver.bless("fake user interaction", () => document.requestStorageAccess({cookies: true})); hasUnpartitionedCookieAccess = await document.hasUnpartitionedCookieAccess(); if (!hasUnpartitionedCookieAccess || !document.cookie.includes("test="+id)) { message = "First-party cookies should be readable if cookies were requested."; @@ -52,7 +52,7 @@ break; } case "sessionStorage": { - const handle = await document.requestStorageAccess({sessionStorage: true}); + const handle = await test_driver.bless("fake user interaction", () => document.requestStorageAccess({sessionStorage: true})); let hasUnpartitionedCookieAccess = await document.hasUnpartitionedCookieAccess(); if (hasUnpartitionedCookieAccess) { message = "First-party cookies should not be readable if not requested."; @@ -77,7 +77,7 @@ break; } case "localStorage": { - const handle = await document.requestStorageAccess({localStorage: true}); + const handle = await test_driver.bless("fake user interaction", () => document.requestStorageAccess({localStorage: true})); let hasUnpartitionedCookieAccess = await document.hasUnpartitionedCookieAccess(); if (hasUnpartitionedCookieAccess) { message = "First-party cookies should not be readable if not requested."; @@ -102,7 +102,7 @@ break; } case "indexedDB": { - const handle = await document.requestStorageAccess({indexedDB: true}); + const handle = await test_driver.bless("fake user interaction", () => document.requestStorageAccess({indexedDB: true})); let hasUnpartitionedCookieAccess = await document.hasUnpartitionedCookieAccess(); if (hasUnpartitionedCookieAccess) { message = "First-party cookies should not be readable if not requested."; @@ -119,7 +119,7 @@ break; } case "locks": { - const handle = await document.requestStorageAccess({locks: true}); + const handle = await test_driver.bless("fake user interaction", () => document.requestStorageAccess({locks: true})); let hasUnpartitionedCookieAccess = await document.hasUnpartitionedCookieAccess(); if (hasUnpartitionedCookieAccess) { message = "First-party cookies should not be readable if not requested."; @@ -136,7 +136,7 @@ break; } case "caches": { - const handle = await document.requestStorageAccess({caches: true}); + const handle = await test_driver.bless("fake user interaction", () => document.requestStorageAccess({caches: true})); let hasUnpartitionedCookieAccess = await document.hasUnpartitionedCookieAccess(); if (hasUnpartitionedCookieAccess) { message = "First-party cookies should not be readable if not requested."; @@ -153,7 +153,7 @@ break; } case "getDirectory": { - const handle = await document.requestStorageAccess({getDirectory: true}); + const handle = await test_driver.bless("fake user interaction", () => document.requestStorageAccess({getDirectory: true})); let hasUnpartitionedCookieAccess = await document.hasUnpartitionedCookieAccess(); if (hasUnpartitionedCookieAccess) { message = "First-party cookies should not be readable if not requested."; @@ -172,7 +172,7 @@ break; } case "estimate": { - const handle = await document.requestStorageAccess({estimate: true}); + const handle = await test_driver.bless("fake user interaction", () => document.requestStorageAccess({estimate: true})); let hasUnpartitionedCookieAccess = await document.hasUnpartitionedCookieAccess(); if (hasUnpartitionedCookieAccess) { message = "First-party cookies should not be readable if not requested."; @@ -188,7 +188,7 @@ break; } case "blobStorage": { - const handle = await document.requestStorageAccess({createObjectURL: true, revokeObjectURL: true}); + const handle = await test_driver.bless("fake user interaction", () => document.requestStorageAccess({createObjectURL: true, revokeObjectURL: true})); let hasUnpartitionedCookieAccess = await document.hasUnpartitionedCookieAccess(); if (hasUnpartitionedCookieAccess) { message = "First-party cookies should not be readable if not requested."; @@ -230,7 +230,7 @@ break; } case "BroadcastChannel": { - const handle = await document.requestStorageAccess({BroadcastChannel: true}); + const handle = await test_driver.bless("fake user interaction", () => document.requestStorageAccess({BroadcastChannel: true})); let hasUnpartitionedCookieAccess = await document.hasUnpartitionedCookieAccess(); if (hasUnpartitionedCookieAccess) { message = "First-party cookies should not be readable if not requested."; @@ -243,6 +243,26 @@ local_channel.close(); break; } + case "SharedWorker": { + const local_shared_worker = new SharedWorker("/storage-access-api/resources/shared-worker-relay.js", id); + local_shared_worker.port.start(); + local_shared_worker.port.postMessage("Same-origin local access"); + const handle = await test_driver.bless("fake user interaction", () => document.requestStorageAccess({SharedWorker: true})); + let couldRequestAllCookies = true; + try { + handle.SharedWorker("/storage-access-api/resources/shared-worker-relay.js", {name: id, sameSiteCookies: 'all'}); + } catch (_) { + couldRequestAllCookies = false; + } + if (couldRequestAllCookies) { + message = "Shared Workers in a third-party context should not be able to request SameSite cookies."; + } + handle.SharedWorker("/storage-access-api/resources/shared-worker-cookies.py", id).port.start(); + const handle_shared_worker = handle.SharedWorker("/storage-access-api/resources/shared-worker-relay.js", {name: id, sameSiteCookies: 'none'}); + handle_shared_worker.port.start(); + handle_shared_worker.port.postMessage("Same-origin handle access"); + break; + } default: { message = "Unexpected type " + type; break; @@ -254,6 +274,6 @@ // Step 7 (storage-access-api/storage-access-beyond-cookies.{}.tentative.sub.https.html) await MaybeSetStorageAccess("*", "*", "allowed"); await test_driver.set_permission({ name: 'storage-access' }, 'prompt'); - window.top.postMessage(message, "*"); + window.top.postMessage({type: "result", message: message}, "*"); })(); diff --git a/testing/web-platform/tests/storage-access-api/resources/storage-access-beyond-cookies-iframe.sub.html b/testing/web-platform/tests/storage-access-api/resources/storage-access-beyond-cookies-iframe.sub.html index 8c30973416..a9247a0002 100644 --- a/testing/web-platform/tests/storage-access-api/resources/storage-access-beyond-cookies-iframe.sub.html +++ b/testing/web-platform/tests/storage-access-api/resources/storage-access-beyond-cookies-iframe.sub.html @@ -5,7 +5,10 @@ -- cgit v1.2.3