[Security][Coop] Browsing context switch reporting WPT

This CL adds basic reporting tests for browsing context switches. It provides a reporting endpoint (report.py), and reusable helpers within reporting-common.js, allowing future tests. The helpers provided verify that expected report templates are present on the expected endpoints, and that no extraneous reports are present. This CL only convers the cases: Popup opened from pages with coop : Same-origin with report only navigating to * Same-origin (without report) navigatin to *-with report Follow ups will cover redirects (moved to follow up as it had timeout issues), other origins and iframe cases. Bug: 1076456 Change-Id: I7a39d4def20692d8628ce2406569638310684f4f Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2207451 Reviewed-by: Arthur Sonzogni <[email protected]> Commit-Queue: Pâris Meuleman <[email protected]> Auto-Submit: Pâris Meuleman <[email protected]> Cr-Commit-Position: refs/heads/master@{#776008}
web-platform-tests · Jun 8, 2020 · 8cc2a71 · 8cc2a71
1 parent 7d60df8
commit 8cc2a71
Show file tree

Hide file tree

Showing 16 changed files with 1,002 additions and 7 deletions.
diff --git a/html/cross-origin-opener-policy/reporting-coop-navigated-popup.https.html b/html/cross-origin-opener-policy/reporting-coop-navigated-popup.https.html
@@ -0,0 +1,82 @@
+<title>Cross-Origin-Opener-Policy: a navigated popup with reporting</title>
+<script src=/resources/testharness.js></script>
+<script src=/resources/testharnessreport.js></script>
+<script src="/common/utils.js"></script> <!-- Use token() to allow running tests in parallel -->
+<script src="resources/reporting-common.js"></script>
+
+<script>
+
+// This test does the following:
+//  1 - This document has COOP: same-origin-allow-popups; report-to="coop-report-endpoint"
+//  2 - Open a popup on a same-origin page without COOP, with the coop-popup-report-endpoint
+//  3 - Navigate the popup to a same-origin page with COOP, with the coop-redirect-report-endpoint
+// it verifies that the reports are properly send for the browsing context switch
+// during the navigation in the popup (step 3). The current document (the opener)
+// endpoint should not receive any report as no switch ocurred on 2.
+promise_test( async t => {
+  const popupName = token();
+  const noCoopChannelName = token();
+  const coopChannelName = token();
+  await reportingTest( (resolve) => {
+    const noCOOP = `resources/coop-coep.py?coop=${encodeURIComponent(`unsafe-none; report-to="${popupReportEndpoint.name}"`)}&coep=&channel=${noCoopChannelName}`;
+    const coop = `resources/coop-coep.py?coop=${encodeURIComponent(`same-origin; report-to="${redirectReportEndpoint.name}"`)}&coep=&channel=${coopChannelName}`;
+
+    const popup = window.open(noCOOP, popupName);
+    const channel = new BroadcastChannel(coopChannelName);
+    // Close the popup once the test is complete.
+    // The browsing context is closed after the navigation hence use the
+    // broadcast channel to trigger the closure.
+    t.add_cleanup(() => {
+      channel.postMessage("close");
+    });
+    popup.onload = t.step_func(() => {
+      assert_equals(popup.name.length, popupName.length, "popup name");
+      channel.onmessage = t.step_func(event => {
+        const payload = event.data;
+        // The name should be empty, but we're checking the length rather than a
+        // string comparison to "" to keep the random token out of error messages.
+        assert_equals(payload.name.length, 0, "Popup name after navigation");
+        assert_false(payload.opener, "Opener after navigation");
+        assert_true(popup.closed, "Window proxy closed after navigation");
+        resolve();
+      });
+      popup.location = coop;
+    });
+  },
+  popupName,
+  [
+    // Reports expected for the navigation from "noCOOP" to "coop"
+    {
+      "endpoint": popupReportEndpoint,
+      "report": {
+        "body": {
+          "disposition": "enforce",
+          "document-uri": RegExp(`coop-coep.py?.*channel=${noCoopChannelName}$`),
+          "effective-policy": "unsafe-none",
+          "navigation-uri": RegExp(`coop-coep.py?.*channel=${coopChannelName}$`),
+          "violation-type": "navigation-from-document"
+        },
+        "url": RegExp(`coop-coep.py?.*channel=${noCoopChannelName}$`),
+        "type": "coop"
+      }
+    },
+    {
+      "endpoint": redirectReportEndpoint,
+      "report": {
+        "body": {
+          "disposition": "enforce",
+          "document-uri": RegExp(`coop-coep.py?.*channel=${coopChannelName}$`),
+          "effective-policy": "same-origin",
+          "navigation-uri": RegExp(`coop-coep.py?.*channel=${noCoopChannelName}$`),
+          "violation-type": "navigation-to-document"
+        },
+        "url": RegExp(`coop-coep.py?.*channel=${coopChannelName}$`),
+        "type": "coop"
+      }
+    },
+  ]);
+}, "Open a popup to a document without COOP, then navigate it to a document with");
+
+verifyRemainingReports();
+
+</script>
diff --git a/html/cross-origin-opener-policy/reporting-coop-navigated-popup.https.html.sub.headers b/html/cross-origin-opener-policy/reporting-coop-navigated-popup.https.html.sub.headers
@@ -0,0 +1,2 @@
+Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="coop-report-endpoint"
+report-to: { "group": "coop-report-endpoint", "max_age": 10886400, "endpoints": [{ "url": "https://{{hosts[][www]}}:{{ports[https][0]}}/html/cross-origin-opener-policy/resources/report.py?endpoint=coop-report-endpoint" }] }, { "group": "coop-report-only-endpoint", "max_age": 10886400, "endpoints": [{ "url": "https://{{hosts[][www]}}:{{ports[https][0]}}/html/cross-origin-opener-policy/resources/report.py?endpoint=coop-report-only-endpoint" }]}
diff --git a/.../cross-origin-opener-policy/reporting-popup-same-origin-allow-popups-report-to.https.html b/.../cross-origin-opener-policy/reporting-popup-same-origin-allow-popups-report-to.https.html
@@ -0,0 +1,123 @@
+<meta name=timeout content=long>
+<title>reporting same origin with report-to</title>
+<script src=/resources/testharness.js></script>
+<script src=/resources/testharnessreport.js></script>
+<script src="/common/get-host-info.sub.js"></script>
+<script src="resources/common.js"></script>
+<script src="resources/reporting-common.js"></script>
+
+<script>
+
+let tests = [
+  // popup origin, popup COOP, popup COEP, expected opener, expected reports
+
+  // Open a same-origin popup with a same-origin COOP and no COEP. Produces two
+  // reports (one from and one to). Both pages being same origin, the
+  // next/pervious document urls are available.
+  [
+    SAME_ORIGIN,
+    `same-origin; report-to="${popupReportEndpoint.name}"`,
+    "",
+    false,
+    [
+      {
+        "endpoint": reportEndpoint,
+        "report": {
+          "body": {
+            "disposition": "enforce",
+            "document-uri": `${location.href}`,
+            "effective-policy": "same-origin-allow-popups",
+            "navigation-uri": /coop-coep.py?.*channel=CHANNEL_NAME$/, // next document URL
+            "violation-type": "navigation-from-document"
+          },
+          "url": `${location.href}`,
+          "type": "coop"
+        }
+      },
+      {
+        "endpoint": popupReportEndpoint,
+        "report": {
+          "body": {
+            "disposition": "enforce",
+            "document-uri": /coop-coep.py?.*channel=CHANNEL_NAME$/,
+            "effective-policy": "same-origin",
+            "navigation-uri": `${location.href}`, // previous documnent url
+            "violation-type": "navigation-to-document"
+          },
+          "url": /coop-coep.py?.*channel=CHANNEL_NAME$/,
+          "type": "coop"
+        }
+      }
+    ]
+  ],
+  // Open a cross-origin popup with a same-origin-allow-popup COOP and noCOEP.
+  // Produces two reports (one from and one to). Both pages being cross origin,
+  // the next/pervious document urls are not available and the initial document
+  // url/referrer are used instead.
+  [
+    CROSS_ORIGIN,
+    `same-origin-allow-popups; report-to="${popupReportEndpoint.name}"`,
+    "require-corp",
+    false,
+    [
+      {
+        "endpoint": reportEndpoint,
+        "report": {
+          "body": {
+            "disposition": "enforce",
+            "document-uri": `${location.href}`,
+            "effective-policy": "same-origin-allow-popups",
+            "navigation-uri": /coop-coep.py?.*channel=CHANNEL_NAME$/, // initial navigation URL
+            "violation-type": "navigation-from-document"
+          },
+          "url": `${location.href}`,
+          "type": "coop"
+        }
+      },
+      {
+        "endpoint": popupReportEndpoint,
+        "report": {
+          "body": {
+            "disposition": "enforce",
+            "document-uri": /coop-coep.py?.*channel=CHANNEL_NAME$/,
+            "effective-policy": "same-origin-allow-popups",
+            "navigation-uri": `${location.origin}/`, // referrer (origin, as dictated by the referrer policy)
+            "violation-type": "navigation-to-document"
+          },
+          "url": /coop-coep.py?.*channel=CHANNEL_NAME$/,
+          "type": "coop"
+        }
+      }
+    ]
+  ],
+  // Open a cross-origin popup with a same-origin COOP and COEP, and no reporting.
+  // Produces one navigation-from-report for this document (the opener). The
+  // pages being cross origin, the next/pervious document urls are not available
+  // and the initial document url/referrer are used instead.
+  [
+    CROSS_ORIGIN,
+    `same-origin`,
+    "require-corp",
+    false,
+    [
+      {
+        "endpoint": reportEndpoint,
+        "report": {
+          "body": {
+            "disposition": "enforce",
+            "document-uri": `${location.href}`,
+            "effective-policy": "same-origin-allow-popups",
+            "navigation-uri": /coop-coep.py?.*channel=CHANNEL_NAME$/, // initial navigation URL
+            "violation-type": "navigation-from-document"
+          },
+          "url": `${location.href}`,
+          "type": "coop"
+        }
+      }
+    ]
+  ],
+];
+
+runCoopReportingTest(document.title, tests);
+
+</script>
diff --git a/...rigin-opener-policy/reporting-popup-same-origin-allow-popups-report-to.https.html.headers b/...rigin-opener-policy/reporting-popup-same-origin-allow-popups-report-to.https.html.headers
@@ -0,0 +1,3 @@
+report-to: { "group": "coop-report-endpoint", "max_age": 10886400, "endpoints": [{ "url": "https://{{hosts[][www]}}:{{ports[https][0]}}/html/cross-origin-opener-policy/resources/report.py?endpoint=coop-report-endpoint" }] }, { "group": "coop-report-only-endpoint", "max_age": 10886400, "endpoints": [{ "url": "https://{{hosts[][www]}}:{{ports[https][0]}}/html/cross-origin-opener-policy/resources/report.py?endpoint=coop-report-only-endpoint" }]}
+Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="coop-report-endpoint"
+Referrer-Policy: origin
diff --git a/html/cross-origin-opener-policy/reporting-popup-same-origin-coep-report-to.https.html b/html/cross-origin-opener-policy/reporting-popup-same-origin-coep-report-to.https.html
@@ -0,0 +1,108 @@
+<meta name=timeout content=long>
+<title>reporting same origin with report-to</title>
+<script src=/resources/testharness.js></script>
+<script src=/resources/testharnessreport.js></script>
+<script src="/common/get-host-info.sub.js"></script>
+<script src="resources/common.js"></script>
+<script src="resources/reporting-common.js"></script>
+
+<script>
+
+let tests = [
+  // popup origin, popup COOP, popup COEP, expected opener, expected reports
+
+  // Open and navigate a popup to a same-origin page with the same COOP-COEP
+  // settings: no browsing context group switch hence no report expected.
+  [
+    SAME_ORIGIN,
+    `same-origin; report-to="${popupReportEndpoint.name}"`,
+    "require-corp",
+    true,
+    []
+  ],
+  // Open a same-origin popup with a same-origin COOP but no COEP. Produces two
+  // reports (one from and one to). The from report has an effective-policy of
+  // same-origin-plus-coep, both pages being same origin, the entire
+  // next/pervious document urls are available.
+  [
+    SAME_ORIGIN,
+    `same-origin; report-to="${popupReportEndpoint.name}"`,
+    "",
+    false,
+    [
+      {
+        "endpoint": reportEndpoint,
+        "report": {
+          "body": {
+            "disposition": "enforce",
+            "document-uri": `${location.href}`,
+            "effective-policy": "same-origin-plus-coep",
+            "navigation-uri": /coop-coep.py?.*channel=CHANNEL_NAME$/, // next destination url
+            "violation-type": "navigation-from-document"
+          },
+          "url": `${location.href}`,
+          "type": "coop"
+        }
+      },
+      {
+        "endpoint": popupReportEndpoint,
+        "report": {
+          "body": {
+            "disposition": "enforce",
+            "document-uri": /coop-coep.py?.*channel=CHANNEL_NAME$/,
+            "effective-policy": "same-origin",
+            "navigation-uri": `${location.href}`, // previous document url
+            "violation-type": "navigation-to-document"
+          },
+          "url": /coop-coep.py?.*channel=CHANNEL_NAME$/,
+          "type": "coop"
+        }
+      }
+    ]
+  ],
+  // Open a cross-origin popup with a same-origin COOP and COEP.  Produces two
+  // reports (one from and one to). The from report has an effective-policy of
+  // same-origin-plus-coep, both pages being cross origin, the next/pervious
+  // document urls are not available and the initial document url/referrer are
+  // used instead.
+  [
+    CROSS_ORIGIN,
+    `same-origin; report-to="${popupReportEndpoint.name}"`,
+    "require-corp",
+    false,
+    [
+      {
+        "endpoint": reportEndpoint,
+        "report": {
+          "body": {
+            "disposition": "enforce",
+            "document-uri": `${location.href}`,
+            "effective-policy": "same-origin-plus-coep",
+            "navigation-uri": /coop-coep.py?.*channel=CHANNEL_NAME$/, // initial navigation url
+            "violation-type": "navigation-from-document"
+          },
+          "url": `${location.href}`,
+          "type": "coop"
+        }
+      },
+      {
+        "endpoint": popupReportEndpoint,
+        "report": {
+          "body": {
+            "disposition": "enforce",
+            "document-uri": /coop-coep.py?.*channel=CHANNEL_NAME$/,
+            "effective-policy": "same-origin-plus-coep",
+            "navigation-uri": `${location.origin}/`, // referrer (origin, as dictated by the referrer policy)
+            "violation-type": "navigation-to-document"
+          },
+          "url": /coop-coep.py?.*channel=CHANNEL_NAME$/,
+          "type": "coop"
+        }
+      }
+    ]
+  ],
+];
+
+runCoopReportingTest(document.title, tests);
+
+</script>
diff --git a/.../cross-origin-opener-policy/reporting-popup-same-origin-coep-report-to.https.html.headers b/.../cross-origin-opener-policy/reporting-popup-same-origin-coep-report-to.https.html.headers
@@ -0,0 +1,4 @@
+report-to: { "group": "coop-report-endpoint", "max_age": 10886400, "endpoints": [{ "url": "https://{{hosts[][www]}}:{{ports[https][0]}}/html/cross-origin-opener-policy/resources/report.py?endpoint=coop-report-endpoint" }] }, { "group": "coop-report-only-endpoint", "max_age": 10886400, "endpoints": [{ "url": "https://{{hosts[][www]}}:{{ports[https][0]}}/html/cross-origin-opener-policy/resources/report.py?endpoint=coop-report-only-endpoint" }]}
+Cross-Origin-Opener-Policy: same-origin; report-to="coop-report-endpoint"
+Cross-Origin-Embedder-Policy: require-corp
+Referrer-Policy: origin