Origin isolation: parse the header

Bug: 1066930 Change-Id: Ib1c79f8c9218821c7da3640e012cf042666e6d50 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2222692 Commit-Queue: Domenic Denicola <[email protected]> Reviewed-by: Kinuko Yasuda <[email protected]> Cr-Commit-Position: refs/heads/master@{#773706}
web-platform-tests · Jun 1, 2020 · d3ea885 · d3ea885
1 parent 561feab
commit d3ea885
Show file tree

Hide file tree

Showing 2 changed files with 67 additions and 0 deletions.
diff --git a/origin-isolation/parent-no-child-bad-subdomain.sub.https.html b/origin-isolation/parent-no-child-bad-subdomain.sub.https.html
@@ -0,0 +1,33 @@
+<!DOCTYPE html>
+<meta charset="utf-8">
+<title>Parent is not isolated, child attempts to isolate but uses a bad header value, child is a subdomain of the parent</title>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+
+<div id="log"></div>
+
+<script type="module">
+import { insertIframe, sendWasmModule, setBothDocumentDomains } from "./resources/helpers.mjs";
+
+for (const badValue of ["", "?0", "true", "\"?1\"", "1", "?2", "(?1)"]) {
+  let frameWindow;
+  promise_test(async () => {
+    frameWindow = await insertIframe("{{hosts[][www]}}", badValue);
+  }, `"${badValue}": frame insertion`);
+
+  // Since the header values are bad there should be no isolation
+
+  promise_test(async () => {
+    const whatHappened = await sendWasmModule(frameWindow);
+
+    assert_equals(whatHappened, "WebAssembly.Module message received");
+  }, `"${badValue}": message event must occur for`);
+
+  promise_test(async () => {
+    await setBothDocumentDomains(frameWindow);
+
+    // Must not throw
+    frameWindow.document;
+  }, `"${badValue}": setting document.domain must give sync access`);
+}
+</script>
diff --git a/origin-isolation/parent-no-child-yes-with-params-subdomain.sub.https.html b/origin-isolation/parent-no-child-yes-with-params-subdomain.sub.https.html
@@ -0,0 +1,34 @@
+<!DOCTYPE html>
+<meta charset="utf-8">
+<title>Parent is not isolated, child is isolated using parameters on its structured header, child is a subdomain of the parent</title>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+
+<div id="log"></div>
+
+<script type="module">
+import { insertIframe, sendWasmModule, setBothDocumentDomains } from "./resources/helpers.mjs";
+
+let frameWindow;
+promise_setup(async () => {
+  frameWindow = await insertIframe("{{hosts[][www]}}", "?1;param1;param2=value2");
+});
+
+// Since they're different-origin, the child's isolation request is respected,
+// so the parent ends up in the site-keyed agent cluster and the child in the
+// origin-keyed one.
+
+promise_test(async () => {
+  const whatHappened = await sendWasmModule(frameWindow);
+
+  assert_equals(whatHappened, "messageerror");
+}, "messageerror event must occur");
+
+promise_test(async () => {
+  await setBothDocumentDomains(frameWindow);
+
+  assert_throws_dom("SecurityError", DOMException, () => {
+    frameWindow.document;
+  });
+}, "setting document.domain should no-op instead of giving sync access");
+</script>