1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
|
<title>
This tests the inheritance of COOP for navigations to about:blank.
</title>
<meta name=timeout content=long>
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
<script src="/common/get-host-info.sub.js"></script>
<script src="/common/utils.js"></script>
<script src="/common/dispatcher/dispatcher.js"></script>
<p>Non-initial empty documents (about:blank) should inherit their
cross-origin-opener-policy from the navigation's initiator top level document,
if the initiator and its top level document are same-origin, or default
(unsafe-none) otherwise.
</p>
<ol>
<li>Create the opener popup with a given COOP <code>openerCOOP</code>.</li>
<li>Add iframe to the opener popup that is either same-origin or
cross-origin.
</li>
<li>Opener's iframe opens a new window, to a network document with <code>openeeCOOP</code>.</li>
<li>Opener's iframe navigates the openee popup to about:blank.</li>
</ol>
<script>
const executor_path = "/common/dispatcher/executor.html?pipe=";
const same_origin = get_host_info().HTTPS_ORIGIN;
const cross_origin = get_host_info().HTTPS_REMOTE_ORIGIN;
const coop_same_origin_header =
'|header(Cross-Origin-Opener-Policy,same-origin)';
const coep_require_corp_header =
'|header(Cross-Origin-Embedder-Policy,require-corp)';
const coop_same_origin_plus_coep_header =
coop_same_origin_header + coep_require_corp_header;
const coop_same_origin_allow_popups_header =
'|header(Cross-Origin-Opener-Policy,same-origin-allow-popups)';
const coop_unsafe_none_header =
'|header(Cross-Origin-Opener-Policy,unsafe-none)';
function navigateToAboutBlankTest(
opener_COOP_header,
iframe_origin,
openee_COOP_header,
openee_origin,
iframe_header,
expect_openee_closed
){
return promise_test(async t => {
const this_window_token = token();
const opener_token = token();
const openee_token = token();
const iframe_token = token();
const opener_url = same_origin + executor_path + opener_COOP_header +
`&uuid=${opener_token}`;
const openee_url = openee_origin + executor_path + openee_COOP_header +
`&uuid=${openee_token}`;
const iframe_url = iframe_origin + executor_path + iframe_header + `&uuid=${iframe_token}`;
t.add_cleanup(() => {
send(openee_token, "window.close()");
send(opener_token, "window.close()");
});
// 1. Create the opener window.
let opener_window_proxy = window.open(opener_url, opener_token);
// 2. Create the iframe.
send(opener_token, `
iframe = document.createElement('iframe');
iframe.src = "${iframe_url}";
document.body.appendChild(iframe);
`);
// 3. The iframe opens its openee window.
send(iframe_token, `
window.openee = window.open(
'${openee_url.replace(/,/g, '\\,')}',
"${openee_token}"
);
`);
// 4. Ensure the popup is fully loaded.
send(openee_token, `send("${this_window_token}", "Ack");`);
assert_equals(await receive(this_window_token), "Ack");
// 5. The iframe navigates openee to about:blank.
send(iframe_token, `
window.openee_blank = window.open('about:blank', "${openee_token}");
(async function() {
const timeout = 2000;
const retry_delay = 100;
for(let i = 0; i * retry_delay < timeout; ++i) {
// A try-catch block is used, because of same-origin policy,
// preventing access to the document before committing about:blank.
try {
if (window.openee_blank.closed ||
window.openee_blank.document.location.href == "about:blank") {
send("${this_window_token}", "about:blank loaded");
return;
}
} catch(e) {}
await new Promise(resolve => setTimeout(resolve, retry_delay));
}
send("${this_window_token}", "about:blank not loaded");
})()
`);
assert_equals(await receive(this_window_token), "about:blank loaded");
// 6. Retrieve and check the results.
send(iframe_token, `
send("${this_window_token}", window.openee.closed);
`);
assert_equals(await receive(this_window_token), `${expect_openee_closed}`);
}, `Navigate to about:blank from iframe with opener.top \
COOP: ${opener_COOP_header}, iframe origin: ${iframe_origin}, \
openee COOP: ${openee_COOP_header}, openee origin: ${openee_origin}.`);
};
// iframe same-origin with its top-level embedder:
// initial empty document and about:blank navigations initiated from the
// same-origin iframe will inherit the COOP from the iframe's top-level embedder.
// Since all navigations of openee are within same-origin pages with the
// same COOP value, there are no browsing context group switches.
navigateToAboutBlankTest(
coop_same_origin_header,
same_origin,
coop_same_origin_header,
same_origin,
"",
false
);
// Since all navigations of openee are within same-origin pages with the
// same COOP value, there are no browsing context group switches.
// Test with both COOP and COEP.
navigateToAboutBlankTest(
coop_same_origin_plus_coep_header,
same_origin,
coop_same_origin_plus_coep_header,
same_origin,
coep_require_corp_header,
false
);
// Since all navigations of openee are within same-origin pages with the
// same COOP value, there are no browsing context group switches.
navigateToAboutBlankTest(
coop_same_origin_allow_popups_header,
same_origin,
coop_same_origin_allow_popups_header,
same_origin,
"",
false
);
// The first openee navigation, from initial empty document to
// cross-origin will not switch the browsing context group, thanks to the
// same-origin-allow-popups behavior.
// The second openee navigation, to about:blank, will inherit from the
// iniatiator's, the iframe, top. Navigating from a COOP: unsafe-none page to
// a COOP: same-origin-allow-popups page causes a browsing context group
// switch.
navigateToAboutBlankTest(
coop_same_origin_allow_popups_header,
same_origin,
coop_unsafe_none_header,
cross_origin,
"",
true
);
// iframe cross-origin with its top-level embedder:
// initial empty document and about:blank navigations initiated from the
// cross-origin iframe will default COOP to unsafe-none.
// The navigation from the initial empty document and the cross_origin url
// does not cause a browsing context group switch
// (both have COOP: unsafe-none).
// The navigation from the cross-origin url to about:blank does not cause a
// browsing context group swich, about:blank defaulted its COOP value to
// unsafe-none.
navigateToAboutBlankTest(
coop_same_origin_allow_popups_header,
cross_origin,
coop_unsafe_none_header,
cross_origin,
"",
false
);
</script>
|