summaryrefslogtreecommitdiffstats
path: root/testing/web-platform/tests/html/cross-origin-opener-policy/resources/popup-test.js
blob: c2717bb13546b168374cb37ac5be12a0328dd51c (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
// To use the functions below, be sure to include the following files in your
// test:
// - "/common/get-host-info.sub.js" to get the different origin values.
// - "common.js" to have the origins easily available.
// - "/common/dispatcher/dispatcher.js" for cross-origin messaging.
// - "/common/utils.js" for token().

function getExecutorPath(uuid, origin, headers) {
  const executor_path = '/common/dispatcher/executor.html?';
  const coop_header = headers.coop ?
    `|header(Cross-Origin-Opener-Policy,${encodeURIComponent(headers.coop)})` : '';
  const coep_header = headers.coep ?
    `|header(Cross-Origin-Embedder-Policy,${encodeURIComponent(headers.coep)})` : '';
  return origin +
         executor_path +
         `uuid=${uuid}` +
         '&pipe=' + coop_header + coep_header;
}

function getPopupHasOpener(popup_token) {
  const reply_token = token();
  send(popup_token, `send('${reply_token}', window.opener != null);`);
  return receive(reply_token);
}

// Return true if |object|.|property| can be called without throwing an error.
function canAccessProperty(object, property) {
  try {
    const unused = object[property];
    return true;
  } catch (errors) {
    return false;
  }
}

// Verifies that a popup with origin `origin` and headers `headers` has
// the expected `opener_state` after being opened.
async function popup_test(description, origin, headers, expected_opener_state) {
  promise_test(async t => {
    const popup_token = token();
    const reply_token = token();

    const popup_url = getExecutorPath(
      popup_token,
      origin.origin,
      headers);

    // We open popup and then ping it, it will respond after loading.
    const popup = window.open(popup_url);
    send(popup_token, `send('${reply_token}', 'Popup loaded');`);
    assert_equals(await receive(reply_token), 'Popup loaded');

    // Make sure the popup will be closed once the test has run, keeping a clean
    // state.
    t.add_cleanup(() => {
      send(popup_token, `close()`);
    });

    // Give some time for things to settle across processes etc. before
    // proceeding with verifications.
    await new Promise(resolve => { t.step_timeout(resolve, 500); });

    // Verify that the opener is in the state we expect it to be in.
    switch (expected_opener_state) {
      case 'preserved': {
        assert_false(popup.closed, 'Popup is closed from opener?');
        assert_true(await getPopupHasOpener(popup_token) === "true",
                    'Popup has nulled opener?');
        assert_equals(canAccessProperty(popup, "document"),
                      origin === SAME_ORIGIN,
                      'Main page has dom access to the popup?');
        assert_true(canAccessProperty(popup, "frames"),
                    'Main page has cross origin access to the popup?');
        break;
      }
      case 'restricted': {
        assert_false(popup.closed, 'Popup is closed from opener?');
        assert_true(await getPopupHasOpener(popup_token) === "true",
                    'Popup has nulled opener?');
        assert_false(canAccessProperty(popup, "document"),
                     'Main page has dom access to the popup?');
        assert_false(canAccessProperty(popup, "frames"),
                    'Main page has cross origin access to the popup?');
        assert_true(canAccessProperty(popup, "closed"),
                    'Main page has limited cross origin access to the popup?');
        break;
      }
      case 'severed': {
        assert_true(popup.closed, 'Popup is closed from opener?');
        assert_false(await getPopupHasOpener(popup_token) === "true",
                     'Popup has nulled opener?');
        break;
      }
      default:
        assert_unreached(true, "Unrecognized opener relationship: " + expected_opener_state);
    }
  }, description);
}