Add basic reporting test from Same-origin

Bug: 1076456
Change-Id: I7a39d4def20692d8628ce2406569638310684f4f

html/cross-origin-opener-policy/reporting-coop-navigated-popup.https.html

@@ -0,0 +1,75 @@
+<title>Cross-Origin-Opener-Policy: a navigated popup with reporting</title>
+<script src=/resources/testharness.js></script>
+<script src=/resources/testharnessreport.js></script>
+<script src="/common/utils.js"></script> <!-- Use token() to allow running tests in parallel -->
+<script src="resources/reporting-common.js"></script>
+
+<script>
+
+promise_test( async t => {
+  const popupName = token();
+  const noCoopChannelName = token();
+  const coopChannelName = token();
+  await reporting_test( (resolve) => {
+    const noCOOP = `resources/coop-coep.py?coop=${encodeURIComponent(`unsafe-none; report-to="${popupReportEndpoint.name}"`)}&coep=&channel=${noCoopChannelName}`;
+    const coop = `resources/coop-coep.py?coop=${encodeURIComponent(`same-origin; report-to="${redirectReportEndpoint.name}"`)}&coep=&channel=${coopChannelName}`;
+
+    const popup = window.open(noCOOP, popupName);
+    const channel = new BroadcastChannel(coopChannelName);
+    // Close the popup once the test is complete.
+    // The browsing context is closed after the navigation hence use the broadcast channel
+    // to trigger the closure.
+    t.add_cleanup(() => {
+      channel.postMessage("close");
+    });
+    popup.onload = t.step_func(() => {
+      assert_equals(popup.name.length, popupName.length, "popup name");
+      channel.onmessage = t.step_func(event => {
+        const payload = event.data;
+        // The name should be empty, but we're checking the length rather than a
+        // string comparison to "" to keep the random token out of error messages.
+        assert_equals(payload.name.length, 0, "Popup name after navigation");
+        assert_false(payload.opener, "Opener after navigation");
+        assert_true(popup.closed, "Window proxy closed after navigation");
+        resolve();
+      });
+      popup.location = coop;
+    });
+  },
+  popupName,
+  [
+    // Reports expected for the navigation from "noCOOP" to "coop"
+    {
+      "endpoint": popupReportEndpoint,
+      "report": {
+        "body": {
+          "disposition": "enforce",
+          "document-uri": RegExp(`coop-coep.py?.*channel=${noCoopChannelName}$`),
+          "effective-policy": "unsafe-none",
+          "navigation-uri": RegExp(`coop-coep.py?.*channel=${coopChannelName}$`),
+          "violation-type": "navigation-from-document"
+        },
+        "url": RegExp(`coop-coep.py?.*channel=${noCoopChannelName}$`),
+        "type": "coop"
+      }
+    },
+    {
+      "endpoint": redirectReportEndpoint,
+      "report": {
+        "body": {
+          "disposition": "enforce",
+          "document-uri": RegExp(`coop-coep.py?.*channel=${coopChannelName}$`),
+          "effective-policy": "same-origin",
+          "navigation-uri": RegExp(`coop-coep.py?.*channel=${noCoopChannelName}$`),
+          "violation-type": "navigation-to-document"
+        },
+        "url": RegExp(`coop-coep.py?.*channel=${coopChannelName}$`),
+        "type": "coop"
+      }
+    },
+  ]);
+}, "Open a popup to a document without COOP, then navigate it to a document with");
+
+verify_remaining_reports();
+
+</script>

html/cross-origin-opener-policy/reporting-coop-navigated-popup.https.html.sub.headers

@@ -0,0 +1,2 @@
+Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="coop-report-endpoint"
+report-to: { "group": "coop-report-endpoint", "max_age": 10886400, "endpoints": [{ "url": "https://{{hosts[][www]}}:{{ports[https][0]}}/html/cross-origin-opener-policy/resources/report.py?endpoint=coop-report-endpoint" }] }, { "group": "coop-report-only-endpoint", "max_age": 10886400, "endpoints": [{ "url": "https://{{hosts[][www]}}:{{ports[https][0]}}/html/cross-origin-opener-policy/resources/report.py?endpoint=coop-report-only-endpoint" }]}

html/cross-origin-opener-policy/reporting-popup-same-origin-report-to.https.html

@@ -0,0 +1,181 @@
+<meta name=timeout content=long>
+<title>reporting same origin with report-to</title>
+<script src=/resources/testharness.js></script>
+<script src=/resources/testharnessreport.js></script>
+<script src="/common/get-host-info.sub.js"></script>
+<script src="resources/common.js"></script>
+<script src="resources/reporting-common.js"></script>
+
+<script>
+
+let tests = [
+  // popup origin, popup COOP, popup COEP, expected opener, expected reports
+  // Open and navigate a popup to a same-origin page: no browsing context group switch, no report.
+  [SAME_ORIGIN, `same-origin; report-to="${popupReportEndpoint.name}"`, "", true, [] ],
+  // Cross origin popup, report the browsing context group switch to all required endpoints.
+  [CROSS_ORIGIN, `same-origin; report-to="${popupReportEndpoint.name}"`, "", false,
+    [
+      {
+        "endpoint": reportEndpoint, "report": {
+          "body": {
+            "disposition": "enforce",
+            "document-uri": `${location.href}`,
+            "effective-policy": "same-origin",
+            "navigation-uri": /coop-coep.py?.*channel=CHANNEL_NAME$/, // initial navigation URL
+            "violation-type": "navigation-from-document"
+          },
+          "url": `${location.href}`,
+          "type": "coop"
+        }
+      },
+      {
+        "endpoint": popupReportEndpoint, "report": {
+          "body": {
+            "disposition": "enforce",
+            "document-uri": /coop-coep.py?.*channel=CHANNEL_NAME$/,
+            "effective-policy": "same-origin",
+            "navigation-uri": `${location.href}`, // referrer
+            "violation-type": "navigation-to-document"
+          },
+          "url": /coop-coep.py?.*channel=CHANNEL_NAME$/,
+          "type": "coop"
+        }
+      }
+    ]
+  ],
+  // Open and navigate a popup to a same-origin without COOP page: two reports.
+  // Verifies that unsafe-none can specify a reporting endpoint.
+  [SAME_ORIGIN, `unsafe-none; report-to="${popupReportEndpoint.name}"`, "", false,
+    [
+      {
+        "endpoint": reportEndpoint, "report": {
+          "body": {
+            "disposition": "enforce",
+            "document-uri": `${location.href}`,
+            "effective-policy": "same-origin",
+            "navigation-uri": /coop-coep.py?.*channel=CHANNEL_NAME$/,
+            "violation-type": "navigation-from-document"
+          },
+          "url": `${location.href}`,
+          "type": "coop"
+        }
+      },
+      {
+        "endpoint": popupReportEndpoint, "report": {
+          "body": {
+            "disposition": "enforce",
+            "document-uri": /coop-coep.py?.*channel=CHANNEL_NAME$/,
+            "effective-policy": "unsafe-none",
+            "navigation-uri": `${location.href}`,
+            "violation-type": "navigation-to-document"
+          },
+          "url": /coop-coep.py?.*channel=CHANNEL_NAME$/,
+          "type": "coop"
+        }
+      }
+    ]
+  ],
+  // Open and navigate a popup to a same-origin page with COEP: two reports.
+  [SAME_ORIGIN, `same-origin; report-to="${popupReportEndpoint.name}"`, "require-corp", false,
+    [
+      {
+        "endpoint": reportEndpoint, "report": {
+          "body": {
+            "disposition": "enforce",
+            "document-uri": `${location.href}`,
+            "effective-policy": "same-origin",
+            "navigation-uri": /coop-coep.py?.*channel=CHANNEL_NAME$/,
+            "violation-type": "navigation-from-document"
+          },
+          "url": `${location.href}`,
+          "type": "coop"
+        }
+      },
+      {
+        "endpoint": popupReportEndpoint, "report": {
+          "body": {
+            "disposition": "enforce",
+            "document-uri": /coop-coep.py?.*channel=CHANNEL_NAME$/,
+            "effective-policy": "same-origin-plus-coep",
+            "navigation-uri": `${location.href}`,
+            "violation-type": "navigation-to-document"
+          },
+          "url": /coop-coep.py?.*channel=CHANNEL_NAME$/,
+          "type": "coop"
+        }
+      }
+    ]
+  ],
+  // Cross origin popup, report the browsing context group switch to all required endpoints.
+  // Verifies that unsafe-none can specify a reporting endpoint.
+  [CROSS_ORIGIN, `unsafe-none; report-to="${popupReportEndpoint.name}"`, "", false,
+    [
+      {
+        "endpoint": reportEndpoint, "report": {
+          "body": {
+            "disposition": "enforce",
+            "document-uri": `${location.href}`,
+            "effective-policy": "same-origin",
+            "navigation-uri": /coop-coep.py?.*channel=CHANNEL_NAME$/, // initial navigation URL
+            "violation-type": "navigation-from-document"
+          },
+          "url": `${location.href}`,
+          "type": "coop"
+        }
+      },
+      {
+        "endpoint": popupReportEndpoint, "report": {
+          "body": {
+            "disposition": "enforce",
+            "document-uri": /coop-coep.py?.*channel=CHANNEL_NAME$/,
+            "effective-policy": "unsafe-none",
+            "navigation-uri": `${location.href}`, // referrer
+            "violation-type": "navigation-to-document"
+          },
+          "url": /coop-coep.py?.*channel=CHANNEL_NAME$/,
+          "type": "coop"
+        }
+      }
+    ]
+  ],
+  // Same origin popup, without COOP or reporting, report only sent to opener.
+  [SAME_ORIGIN, "unsafe-none", "", false,
+    [
+      {
+        "endpoint": reportEndpoint, "report": {
+          "body": {
+            "disposition": "enforce",
+            "document-uri": `${location.href}`,
+            "effective-policy": "same-origin",
+            "navigation-uri": /coop-coep.py?.*channel=CHANNEL_NAME$/,
+            "violation-type": "navigation-from-document"
+          },
+          "url": `${location.href}`,
+          "type": "coop"
+        }
+      }
+    ]
+  ],
+  // Cross origin popup, without COOP or reporting, report only sent to opener.
+  [CROSS_ORIGIN, "unsafe-none", "", false,
+    [
+      {
+        "endpoint": reportEndpoint, "report": {
+          "body": {
+            "disposition": "enforce",
+            "document-uri": `${location.href}`,
+            "effective-policy": "same-origin",
+            "navigation-uri": /coop-coep.py?.*channel=CHANNEL_NAME$/,
+            "violation-type": "navigation-from-document"
+          },
+          "url": `${location.href}`,
+          "type": "coop"
+        }
+      }
+    ]
+  ],
+];
+
+run_coop_reporting_test(document.title, tests);
+
+</script>

html/cross-origin-opener-policy/reporting-popup-same-origin-report-to.https.html.sub.headers

@@ -0,0 +1,2 @@
+report-to: { "group": "coop-report-endpoint", "max_age": 10886400, "endpoints": [{ "url": "https://{{hosts[][www]}}:{{ports[https][0]}}/html/cross-origin-opener-policy/resources/report.py?endpoint=coop-report-endpoint" }] }, { "group": "coop-report-only-endpoint", "max_age": 10886400, "endpoints": [{ "url": "https://{{hosts[][www]}}:{{ports[https][0]}}/html/cross-origin-opener-policy/resources/report.py?endpoint=coop-report-only-endpoint" }]}
+Cross-Origin-Opener-Policy: same-origin; report-to="coop-report-endpoint"

html/cross-origin-opener-policy/reporting-popup-same-origin.https.html

@@ -0,0 +1,74 @@
+<meta name=timeout content=long>
+<title>reporting same origin</title>
+<script src=/resources/testharness.js></script>
+<script src=/resources/testharnessreport.js></script>
+<script src="/common/get-host-info.sub.js"></script>
+<script src="resources/common.js"></script>
+<script src="resources/reporting-common.js"></script>
+
+<script>
+
+let tests = [
+  // popup origin, popup COOP, popup COEP, expected opener, expected reports
+  // Cross origin popup, report the browsing context group switch to the popup's endpoint.
+  [CROSS_ORIGIN, `same-origin; report-to="${popupReportEndpoint.name}"`, "", false, [
+      {
+        "endpoint": popupReportEndpoint, "report": {
+          "body": {
+            "disposition": "enforce",
+            "document-uri": /coop-coep.py?.*channel=CHANNEL_NAME$/,
+            "effective-policy": "same-origin",
+            "navigation-uri": `${location.href}`, // referrer
+            "violation-type": "navigation-to-document"
+          },
+          "url": /coop-coep.py?.*channel=CHANNEL_NAME$/,
+          "type": "coop"
+        }
+      }
+    ]
+  ],
+  // Open and navigate a popup to a page that is same-origin without COOP.
+  // Verifies that unsafe-none can specify a reporting endpoint.
+  [SAME_ORIGIN, `unsafe-none; report-to="${popupReportEndpoint.name}"`, "", false,
+    [
+      {
+        "endpoint": popupReportEndpoint, "report": {
+          "body": {
+            "disposition": "enforce",
+            "document-uri": /coop-coep.py?.*channel=CHANNEL_NAME$/,
+            "effective-policy": "unsafe-none",
+            "navigation-uri": `${location.href}`,
+            "violation-type": "navigation-to-document"
+          },
+          "url": /coop-coep.py?.*channel=CHANNEL_NAME$/,
+          "type": "coop"
+        }
+      }
+    ]
+  ],
+  // Cross origin popup, report the browsing context group switch to the popup endpoints.
+  // Verifies that unsafe-none can specify a reporting endpoint.
+  [CROSS_ORIGIN, `unsafe-none; report-to="${popupReportEndpoint.name}"`, "", false,
+    [
+      {
+        "endpoint": popupReportEndpoint, "report": {
+          "body": {
+            "disposition": "enforce",
+            "document-uri": /coop-coep.py?.*channel=CHANNEL_NAME$/,
+            "effective-policy": "unsafe-none",
+            "navigation-uri": `${location.href}`, // referrer
+            "violation-type": "navigation-to-document"
+          },
+          "url": /coop-coep.py?.*channel=CHANNEL_NAME$/,
+          "type": "coop"
+        }
+      }
+    ]
+  ],
+  // Same origin popup, without COOP or reporting, no report sent.
+  [SAME_ORIGIN, "unsafe-none", "", false, [] ]
+];
+
+run_coop_reporting_test(document.title, tests);
+
+</script>

html/cross-origin-opener-policy/reporting-popup-same-origin.https.html.headers

@@ -0,0 +1 @@
+Cross-Origin-Opener-Policy: same-origin

html/cross-origin-opener-policy/resources/common.js

@@ -29,11 +29,14 @@ function validate_results(callback, test, w, channelName, hasOpener, openerDOMAc
   }
 }
 
-function url_test(t, url, channelName, hasOpener, openerDOMAccess) {
+function url_test(t, url, channelName, hasOpener, openerDOMAccess, callback) {
+  if (callback === undefined) {
+    callback = () => { t.done(); };
+  }
   const bc = new BroadcastChannel(channelName);
   bc.onmessage = t.step_func(event => {
     const payload = event.data;
-    validate_results(() => { t.done(); }, t, w, channelName, hasOpener, openerDOMAccess, payload);
+    validate_results(callback, t, w, channelName, hasOpener, openerDOMAccess, payload);
   });
 
   const w = window.open(url, channelName);
@@ -46,20 +49,20 @@ function url_test(t, url, channelName, hasOpener, openerDOMAccess) {
   });
 }
 
-function coop_coep_test(t, host, coop, coep, channelName, hasOpener, openerDOMAccess) {
-  url_test(t, `${host.origin}/html/cross-origin-opener-policy/resources/coop-coep.py?coop=${encodeURIComponent(coop)}&coep=${coep}&channel=${channelName}`, channelName, hasOpener, openerDOMAccess);
+function coop_coep_test(t, host, coop, coep, channelName, hasOpener, openerDOMAccess, callback) {
+  url_test(t, `${host.origin}/html/cross-origin-opener-policy/resources/coop-coep.py?coop=${encodeURIComponent(coop)}&coep=${coep}&channel=${channelName}`, channelName, hasOpener, openerDOMAccess, callback);
 }
 
-function coop_test(t, host, coop, channelName, hasOpener) {
-  coop_coep_test(t, host, coop, "", channelName, hasOpener);
+function coop_test(t, host, coop, channelName, hasOpener, callback) {
+  coop_coep_test(t, host, coop, "", channelName, hasOpener, undefined /* openerDOMAccess */, callback);
 }
 
 function run_coop_tests(documentCOOPValueTitle, testArray) {
   for (const test of testArray) {
     async_test(t => {
       coop_test(t, test[0], test[1],
                 `${documentCOOPValueTitle}_to_${test[0].name}_${test[1].replace(/ /g,"-")}`,
-                test[2]);
+                test[2], () => { t.done(); });
     }, `${documentCOOPValueTitle} document opening popup to ${test[0].origin} with COOP: "${test[1]}"`);
   }
 }