1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
|
<title>
This tests the inheritance of COOP for navigations of the top document to about:blank.
</title>
<meta name=timeout content=long>
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
<script src="/common/get-host-info.sub.js"></script>
<script src="/common/utils.js"></script>
<script src="/common/dispatcher/dispatcher.js"></script>
<script src="/html/cross-origin-opener-policy/resources/common.js"></script>
<p>Non-initial empty documents (about:blank) should inherit their
cross-origin-opener-policy from the navigation's initiator top level document,
if the initiator and its top level document are same-origin, or default (to
unsafe-none) otherwise.
</p>
<ol>
<li>Create the opener popup with a given COOP <code>openerCOOP</code>.</li>
<li>Add iframe to the opener popup that is either same-origin or
cross-origin.
</li>
<li>Opener opens a new window, to a network document with the same origin and
COOP value as opener.</li>
<li>Opener's iframe navigates its parent frame (opener) to about:blank.</li>
<li>Verify the openee still has access to its opener.</li>
</ol>
<script>
const executor_path = "/common/dispatcher/executor.html?pipe=";
const same_origin = get_host_info().HTTPS_ORIGIN;
const cross_origin = get_host_info().HTTPS_REMOTE_ORIGIN;
const coop_same_origin_header =
'|header(Cross-Origin-Opener-Policy,same-origin)';
const coop_same_origin_allow_popups_header =
'|header(Cross-Origin-Opener-Policy,same-origin-allow-popups)';
const coop_unsafe_none_header =
'|header(Cross-Origin-Opener-Policy,unsafe-none)';
function navigateToAboutBlankTest(
COOP_header,
iframe_origin,
expect_opener_closed
){
return promise_test(async t => {
const this_window_token = token();
const opener_token = token();
const openee_token = token();
const iframe_token = token();
const opener_url = same_origin + executor_path + COOP_header +
`&uuid=${opener_token}`;
const openee_url = same_origin + executor_path + COOP_header +
`&uuid=${openee_token}`;
const iframe_url = iframe_origin + executor_path + `&uuid=${iframe_token}`;
t.add_cleanup(() => {
send(opener_token, "window.close()");
send(openee_token, "window.close()");
});
// 1. Create the opener window.
let opener_window_proxy = window.open(opener_url, opener_token);
// 2. Create the iframe.
send(opener_token, `
iframe = document.createElement('iframe');
iframe.src = "${iframe_url}";
document.body.appendChild(iframe);
`);
// 3. The opener opens openee window.
send(opener_token, `
window.openee = window.open(
'${openee_url.replace(/,/g, '\\,')}'
);
`);
// 4. Ensure the popup is fully loaded.
send(openee_token, `send("${this_window_token}", "Ack");`);
assert_equals(await receive(this_window_token), "Ack");
// 5. The iframe navigates its top-level document to about:blank. It needs
// to receive a user action as it may be cross-origin and it navigates top
// to a cross-origin document.
// https://github.com/WICG/interventions/issues/16
send(iframe_token, addScriptAndTriggerOnload(
"/resources/testdriver.js",
`${addScriptAndTriggerOnload("/resources/testdriver-vendor.js",
`
test_driver.bless('navigate top to about:blank', () => {
open("about:blank", "_top");
});
`)}
`));
// 6. Ensure opener is fully loaded and then retrieve the results.
send(openee_token, `
(async function() {
const timeout = 2000;
const retry_delay = 100;
for(let i = 0; i * retry_delay < timeout; ++i) {
// A try-catch block is used, because of same-origin policy,
// which may prevent the access to the opener if its origin changed,
// after a navigation to about:blank from the cross origin iframe.
try {
if (
window.opener === null ||
window.opener.closed ||
window.opener.document.location.href == "about:blank") {
send("${this_window_token}", "about:blank loaded");
return;
}
} catch(e) {
// The exception is thrown when about:blank is loaded and is
// cross-origin with openee.
send("${this_window_token}", "about:blank loaded");
return;
}
await new Promise(resolve => setTimeout(resolve, retry_delay));
}
send("${this_window_token}", "about:blank NOT loaded");
})()
`);
assert_equals(await receive(this_window_token), "about:blank loaded");
// 7. Retrieve and check the results.
send(openee_token, `
send(
"${this_window_token}",
window.opener === null || window.opener.closed);
`);
assert_equals(await receive(this_window_token), `${expect_opener_closed}`);
}, `Navigate top to about:blank from iframe with \
opener COOP: ${COOP_header}, iframe origin: ${iframe_origin}`);
};
// iframe same-origin with its top-level embedder:
// initial empty document and about:blank navigations initiated from the
// same-origin iframe will inherit COOP from the iframe's top-level embedder.
// Opener's navigation to about:blank stays in the same browsing context group.
navigateToAboutBlankTest(
coop_same_origin_header,
same_origin,
false
);
// iframe cross-origin with its top-level embedder:
// initial empty document and about:blank navigations initiated from the
// cross-origin iframe will default COOP to unsafe-none.
// Opener's navigation to about:blank doesn't inherit COOP, leading to a
// browsing context group switch.
navigateToAboutBlankTest(
coop_same_origin_header,
cross_origin,
true
);
// Same origin allow popups allows the navigation of top to the cross-origin
// about:blank (origin inherited from the iframe) page, which does not have COOP
// (initiator is a cross origin iframe).
navigateToAboutBlankTest(
coop_same_origin_allow_popups_header,
cross_origin,
false
);
</script>
|
