1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
|
<script src=/resources/testharness.js></script>
<script src=/resources/testharnessreport.js></script>
<script src="/common/get-host-info.sub.js"></script>
<script src="/common/utils.js"></script>
<script src="/common/dispatcher/dispatcher.js"></script>
<script src="./resources/common.js"></script>
<script>
const executor_path = '/common/dispatcher/executor.html?pipe=';
const https_origin = get_host_info().HTTPS_ORIGIN;
const coop_same_origin =
'|header(Cross-Origin-Opener-Policy,same-origin)';
const csp_sandbox =
'|header(Content-Security-Policy, sandbox allow-scripts)';
promise_test(async test => {
const driver_token = token();
// 1. Start from a COOP:same-origin document.
const opener_token = token();
const opener_url = https_origin + executor_path + coop_same_origin +
`&uuid=${opener_token}`;
const w = window.open(opener_url);
add_completion_callback(() => w.close());
// 2. It opens a popups, and then navigates the popup toward a same-origin
// COOP:same-origin document with CSP:sandbox
const openee_token = token();
const openee_url = https_origin + executor_path + coop_same_origin +
csp_sandbox + `&uuid=${openee_token}`;
send(opener_token, `
openee = window.open("${openee_url}");
`);
add_completion_callback(() => send(openee_token, "close()"));
// Because of CSP:sandbox, the popup is not considered same-origin with
// its openee. Check the openee/opener relationship is now closed.
send(openee_token, `
if (opener)
send("${driver_token}", "Error: have opener");
else
send("${driver_token}", "Success: no opener");
`);
assert_equals(await receive(driver_token), "Success: no opener");
// Technically, the opener's "openee" WindowProxy should appear as closed at
// this time. The popup loaded a new document, and at least two fetch requests
// were made. This is more than enough. However, in theory, there is nothing
// to guarantee we can observe "openee.close". Wait a bit to ensure this will
// never flake.
await new Promise(r => test.step_timeout(r, 1000));
send(opener_token, `
if (openee.closed)
send("${driver_token}", "Success: openee closed");
else
send("${driver_token}", "Error: can still access openee");
`);
assert_equals(await receive(driver_token), "Success: openee closed");
});
</script>
|