diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-07 09:22:09 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-07 09:22:09 +0000 |
commit | 43a97878ce14b72f0981164f87f2e35e14151312 (patch) | |
tree | 620249daf56c0258faa40cbdcf9cfba06de2a846 /testing/web-platform/tests/html/cross-origin-opener-policy/navigate-to-aboutblank.https.html | |
parent | Initial commit. (diff) | |
download | firefox-upstream.tar.xz firefox-upstream.zip |
Adding upstream version 110.0.1.upstream/110.0.1upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'testing/web-platform/tests/html/cross-origin-opener-policy/navigate-to-aboutblank.https.html')
-rw-r--r-- | testing/web-platform/tests/html/cross-origin-opener-policy/navigate-to-aboutblank.https.html | 193 |
1 files changed, 193 insertions, 0 deletions
diff --git a/testing/web-platform/tests/html/cross-origin-opener-policy/navigate-to-aboutblank.https.html b/testing/web-platform/tests/html/cross-origin-opener-policy/navigate-to-aboutblank.https.html new file mode 100644 index 0000000000..b2145cfa56 --- /dev/null +++ b/testing/web-platform/tests/html/cross-origin-opener-policy/navigate-to-aboutblank.https.html @@ -0,0 +1,193 @@ +<title> + This tests the inheritance of COOP for navigations to about:blank. +</title> +<meta name=timeout content=long> +<script src="/resources/testharness.js"></script> +<script src="/resources/testharnessreport.js"></script> +<script src="/common/get-host-info.sub.js"></script> +<script src="/common/utils.js"></script> +<script src="/common/dispatcher/dispatcher.js"></script> + +<p>Non-initial empty documents (about:blank) should inherit their + cross-origin-opener-policy from the navigation's initiator top level document, + if the initiator and its top level document are same-origin, or default + (unsafe-none) otherwise. +</p> + +<ol> + <li>Create the opener popup with a given COOP <code>openerCOOP</code>.</li> + <li>Add iframe to the opener popup that is either same-origin or + cross-origin. + </li> + <li>Opener's iframe opens a new window, to a network document with <code>openeeCOOP</code>.</li> + <li>Opener's iframe navigates the openee popup to about:blank.</li> +</ol> + +<script> +const executor_path = "/common/dispatcher/executor.html?pipe="; +const same_origin = get_host_info().HTTPS_ORIGIN; +const cross_origin = get_host_info().HTTPS_REMOTE_ORIGIN; +const coop_same_origin_header = + '|header(Cross-Origin-Opener-Policy,same-origin)'; +const coep_require_corp_header = + '|header(Cross-Origin-Embedder-Policy,require-corp)'; +const coop_same_origin_plus_coep_header = + coop_same_origin_header + coep_require_corp_header; +const coop_same_origin_allow_popups_header = + '|header(Cross-Origin-Opener-Policy,same-origin-allow-popups)'; +const coop_unsafe_none_header = + '|header(Cross-Origin-Opener-Policy,unsafe-none)'; + +function navigateToAboutBlankTest( + opener_COOP_header, + iframe_origin, + openee_COOP_header, + openee_origin, + iframe_header, + expect_openee_closed +){ + return promise_test(async t => { + const this_window_token = token(); + const opener_token = token(); + const openee_token = token(); + const iframe_token = token(); + + const opener_url = same_origin + executor_path + opener_COOP_header + + `&uuid=${opener_token}`; + const openee_url = openee_origin + executor_path + openee_COOP_header + + `&uuid=${openee_token}`; + const iframe_url = iframe_origin + executor_path + iframe_header + `&uuid=${iframe_token}`; + + t.add_cleanup(() => { + send(openee_token, "window.close()"); + send(opener_token, "window.close()"); + }); + + // 1. Create the opener window. + let opener_window_proxy = window.open(opener_url, opener_token); + + // 2. Create the iframe. + send(opener_token, ` + iframe = document.createElement('iframe'); + iframe.src = "${iframe_url}"; + document.body.appendChild(iframe); + `); + + // 3. The iframe opens its openee window. + send(iframe_token, ` + window.openee = window.open( + '${openee_url.replace(/,/g, '\\,')}', + "${openee_token}" + ); + `); + + // 4. Ensure the popup is fully loaded. + send(openee_token, `send("${this_window_token}", "Ack");`); + assert_equals(await receive(this_window_token), "Ack"); + + // 5. The iframe navigates openee to about:blank. + send(iframe_token, ` + window.openee_blank = window.open('about:blank', "${openee_token}"); + (async function() { + const timeout = 2000; + const retry_delay = 100; + for(let i = 0; i * retry_delay < timeout; ++i) { + // A try-catch block is used, because of same-origin policy, + // preventing access to the document before committing about:blank. + try { + if (window.openee_blank.closed || + window.openee_blank.document.location.href == "about:blank") { + send("${this_window_token}", "about:blank loaded"); + return; + } + } catch(e) {} + await new Promise(resolve => setTimeout(resolve, retry_delay)); + } + send("${this_window_token}", "about:blank not loaded"); + })() + `); + assert_equals(await receive(this_window_token), "about:blank loaded"); + + // 6. Retrieve and check the results. + send(iframe_token, ` + send("${this_window_token}", window.openee.closed); + `); + assert_equals(await receive(this_window_token), `${expect_openee_closed}`); + }, `Navigate to about:blank from iframe with opener.top \ +COOP: ${opener_COOP_header}, iframe origin: ${iframe_origin}, \ +openee COOP: ${openee_COOP_header}, openee origin: ${openee_origin}.`); +}; + +// iframe same-origin with its top-level embedder: +// initial empty document and about:blank navigations initiated from the +// same-origin iframe will inherit the COOP from the iframe's top-level embedder. + +// Since all navigations of openee are within same-origin pages with the +// same COOP value, there are no browsing context group switches. +navigateToAboutBlankTest( + coop_same_origin_header, + same_origin, + coop_same_origin_header, + same_origin, + "", + false +); + +// Since all navigations of openee are within same-origin pages with the +// same COOP value, there are no browsing context group switches. +// Test with both COOP and COEP. +navigateToAboutBlankTest( + coop_same_origin_plus_coep_header, + same_origin, + coop_same_origin_plus_coep_header, + same_origin, + coep_require_corp_header, + false +); + +// Since all navigations of openee are within same-origin pages with the +// same COOP value, there are no browsing context group switches. +navigateToAboutBlankTest( + coop_same_origin_allow_popups_header, + same_origin, + coop_same_origin_allow_popups_header, + same_origin, + "", + false +); + +// The first openee navigation, from initial empty document to +// cross-origin will not switch the browsing context group, thanks to the +// same-origin-allow-popups behavior. +// The second openee navigation, to about:blank, will inherit from the +// iniatiator's, the iframe, top. Navigating from a COOP: unsafe-none page to +// a COOP: same-origin-allow-popups page causes a browsing context group +// switch. +navigateToAboutBlankTest( + coop_same_origin_allow_popups_header, + same_origin, + coop_unsafe_none_header, + cross_origin, + "", + true +); + +// iframe cross-origin with its top-level embedder: +// initial empty document and about:blank navigations initiated from the +// cross-origin iframe will default COOP to unsafe-none. + +// The navigation from the initial empty document and the cross_origin url +// does not cause a browsing context group switch +// (both have COOP: unsafe-none). +// The navigation from the cross-origin url to about:blank does not cause a +// browsing context group swich, about:blank defaulted its COOP value to +// unsafe-none. +navigateToAboutBlankTest( + coop_same_origin_allow_popups_header, + cross_origin, + coop_unsafe_none_header, + cross_origin, + "", + false +); +</script> |