Skip to content

Commit

Permalink
Add basic reporting test from Same-origin
Browse files Browse the repository at this point in the history 
Bug: 1076456
Change-Id: I7a39d4def20692d8628ce2406569638310684f4f
  • Loading branch information
@ParisMeuleman @chromium-wpt-export-bot
ParisMeuleman authored and chromium-wpt-export-bot committed May 19, 2020
1 parent effa399 commit d9acb68
Show file tree
Hide file tree
Showing 10 changed files with 710 additions and 7 deletions.
109 changes: 109 additions & 0 deletions html/cross-origin-opener-policy/reporting-coop-navigated-popup.https.html
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,109 @@
<!doctype html>
<title>Cross-Origin-Opener-Policy: a navigated popup</title>
<!-- In particular this is different from coep-navigate-popup.https.html as this document initiates
the navigation (and uses same-origin-allow-popups and no COEP as without that it cannot be
observed). COOP should work identically, but implementations might have used the wrong
authority. -->
<script src=/resources/testharness.js></script>
<script src=/resources/testharnessreport.js></script>
<script src="/common/utils.js"></script> <!-- Use token() to allow running tests in parallel -->
<script src="resources/reporting-common.js"></script>
<script>

promise_test( async t => {
const popupName = token();
const noCoopChannelName = token();
const coopChannelName = token();
reporting_test( (resolve) => {
const noCOOP = `resources/coop-coep.py?coop=unsafe-none; report-to="${popupReportEndpoint.name}"&coep=&channel=${noCoopChannelName}`;
const coop = `resources/coop-coep.py?coop=same-origin; report-to="${redirectReportEndpoint.name}&coep=&channel=${coopChannelName}`;

const popup = window.open(noCOOP, popupName);
const channel = new BroadcastChannel(coopChannelName);
// Close the popup once the test is complete.
// The browsing context is closed after the navigation hence use the broadcast channel
// to trigger the closure.
t.add_cleanup(() => {
channel.postMessage("close");
});
popup.onload = t.step_func(() => {
assert_equals(popup.name, popupName);
assert_equals(new URL(popup.document.URL).pathname, noCOOP);
channel.onmessage = t.step_func(event => {
const payload = event.data;
// The name should be empty, but we're checking the length rather than a
// string comparison to "" to keep the random token out of error messages.
assert_equals(payload.name.length, 0);
assert_false(payload.opener);
assert_true(popup.closed);
resolve();
});
popup.location = coop;
});
},
popupName,
[
// Reports expected for the navigation from "noCOOP" to "coop"
{
"endpoint": popupReportEndpoint,
"report": {
"body": {
"disposition": "enforce",
"document-uri": RegExp(`coop-coep.py?.*channel=${noCoopChannelName}$`),
"effective-policy": "unsafe-none",
"navigation-uri": RegExp(`coop-coep.py?.*channel=${coopChannelName}$`),
"violation-type": "navigation-from-document"
},
"url": RegExp(`coop-coep.py?.*channel=${noCoopChannelName}$`),
"type": "coop"
}
},
{
"endpoint": redirectReportEndpoint,
"report": {
"body": {
"disposition": "enforce",
"document-uri": RegExp(`coop-coep.py?.*channel=${coopChannelName}$`),
"effective-policy": "same-origin",
"navigation-uri": RegExp(`coop-coep.py?.*channel=${noCoopChannelName}$`),
"violation-type": "navigation-to-document"
},
"url": RegExp(`coop-coep.py?.*channel=${coopChannelName}$`),
"type": "coop"
}
},
],
[
// no reports expected for the popup's navigation from about:blank to "noCoop"
{
"endpoint": reportEndpoint,
"report": {
"body": {
"disposition": "enforce",
"document-uri": `${location.href}`,
"effective-policy": "same-origin-allow-popups",
"navigation-uri": RegExp(`coop-coep.py?.*channel=${noCoopChannelName}$`),
"violation-type": "navigation-from-document"
},
"url": `${location.href}`,
"type": "coop"
}
},
{
"endpoint": popupReportEndpoint,
"report": {
"body": {
"disposition": "enforce",
"document-uri": RegExp(`coop-coep.py?.*channel=${noCoopChannelName}$`),
"effective-policy": "unsafe-none",
"navigation-uri": `${location.href}`,
"violation-type": "navigation-to-document"
},
"url": RegExp(`coop-coep.py?.*channel=${noCoopChannelName}$`),
"type": "coop"
}
},
]);
}, "Open a popup to a document without COOP, then navigate it to a document with");

</script>
2 changes: 2 additions & 0 deletions html/cross-origin-opener-policy/reporting-coop-navigated-popup.https.html.sub.headers
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="coop-report-endpoint"
report-to: { "group": "coop-report-endpoint", "max_age": 10886400, "endpoints": [{ "url": "https://{{hosts[][www]}}:{{ports[https][0]}}/html/cross-origin-opener-policy/resources/report.py?endpoint=coop-report-endpoint" }] }, { "group": "coop-report-only-endpoint", "max_age": 10886400, "endpoints": [{ "url": "https://{{hosts[][www]}}:{{ports[https][0]}}/html/cross-origin-opener-policy/resources/report.py?endpoint=coop-report-only-endpoint" }]}
212 changes: 212 additions & 0 deletions html/cross-origin-opener-policy/reporting-popup-same-origin-report-to.https.html
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,212 @@

<!doctype html>
<meta charset=utf-8>
<meta name=timeout content=long>
<title>reporting same origin with report-to</title>
<script src=/resources/testharness.js></script>
<script src=/resources/testharnessreport.js></script>
<script src="/common/get-host-info.sub.js"></script>
<script src="resources/common.js"></script>
<script src="resources/reporting-common.js"></script>

<div id=log></div>
<script>

let tests = [
// popup origin, popup COOP, popup COEP, expected opener, expected reports, unwanted reports
// Open and navigate a popup to a same-origin page: no browsing context group switch, no report.
[SAME_ORIGIN, `same-origin; report-to="${popupReportEndpoint.name}"`, "", true, [], [
{
"endpoint": reportEndpoint, "report": {
"body": {
"disposition": "enforce",
"document-uri": `${location.href}`,
"effective-policy": "same-origin",
"navigation-uri": /coop-coep.py?.*channel=CHANNEL_NAME$/,
"violation-type": "navigation-from-document"
},
"url": `${location.href}`,
"type": "coop"
}
},
{
"endpoint": popupReportEndpoint, "report": {
"body": {
"disposition": "enforce",
"document-uri": /coop-coep.py?.*channel=CHANNEL_NAME$/,
"effective-policy": "same-origin",
"navigation-uri": `${location.href}`,
"violation-type": "navigation-to-document"
},
"url": /coop-coep.py?.*channel=CHANNEL_NAME$/,
"type": "coop"
}
}
]
],
// Cross origin popup, report the browsing context group switch to all required endpoints.
[CROSS_ORIGIN, `same-origin; report-to="${popupReportEndpoint.name}"`, "", false, [
{
"endpoint": reportEndpoint, "report": {
"body": {
"disposition": "enforce",
"document-uri": `${location.href}`,
"effective-policy": "same-origin",
"navigation-uri": /coop-coep.py?.*channel=CHANNEL_NAME$/, // initial navigation URL
"violation-type": "navigation-from-document"
},
"url": `${location.href}`,
"type": "coop"
}
},
{
"endpoint": popupReportEndpoint, "report": {
"body": {
"disposition": "enforce",
"document-uri": /coop-coep.py?.*channel=CHANNEL_NAME$/,
"effective-policy": "same-origin",
"navigation-uri": `${location.href}`, // referrer
"violation-type": "navigation-to-document"
},
"url": /coop-coep.py?.*channel=CHANNEL_NAME$/,
"type": "coop"
}
}
],
[]
],
// Open and navigate a popup to a same-origin without COOP page: two reports.
// Verifies that unsafe-none can specify a reporting endpoint.
[SAME_ORIGIN, `unsafe-none; report-to="${popupReportEndpoint.name}"`, "", false, [
{
"endpoint": reportEndpoint, "report": {
"body": {
"disposition": "enforce",
"document-uri": `${location.href}`,
"effective-policy": "same-origin",
"navigation-uri": /coop-coep.py?.*channel=CHANNEL_NAME$/,
"violation-type": "navigation-from-document"
},
"url": `${location.href}`,
"type": "coop"
}
},
{
"endpoint": popupReportEndpoint, "report": {
"body": {
"disposition": "enforce",
"document-uri": /coop-coep.py?.*channel=CHANNEL_NAME$/,
"effective-policy": "unsafe-none",
"navigation-uri": `${location.href}`,
"violation-type": "navigation-to-document"
},
"url": /coop-coep.py?.*channel=CHANNEL_NAME$/,
"type": "coop"
}
}
],
[]
],
// Cross origin popup, report the browsing context group switch to all required endpoints.
// Verifies that unsafe-none can specify a reporting endpoint.
[CROSS_ORIGIN, `unsafe-none; report-to="${popupReportEndpoint.name}"`, "", false, [
{
"endpoint": reportEndpoint, "report": {
"body": {
"disposition": "enforce",
"document-uri": `${location.href}`,
"effective-policy": "same-origin",
"navigation-uri": /coop-coep.py?.*channel=CHANNEL_NAME$/, // initial navigation URL
"violation-type": "navigation-from-document"
},
"url": `${location.href}`,
"type": "coop"
}
},
{
"endpoint": popupReportEndpoint, "report": {
"body": {
"disposition": "enforce",
"document-uri": /coop-coep.py?.*channel=CHANNEL_NAME$/,
"effective-policy": "unsafe-none",
"navigation-uri": `${location.href}`, // referrer
"violation-type": "navigation-to-document"
},
"url": /coop-coep.py?.*channel=CHANNEL_NAME$/,
"type": "coop"
}
}
],
[]
],
// Same origin popup, without COOP or reporting, report only sent to opener.
[SAME_ORIGIN, "unsafe-none", "", false,
[
{
"endpoint": reportEndpoint, "report": {
"body": {
"disposition": "enforce",
"document-uri": `${location.href}`,
"effective-policy": "same-origin",
"navigation-uri": /coop-coep.py?.*channel=CHANNEL_NAME$/,
"violation-type": "navigation-from-document"
},
"url": `${location.href}`,
"type": "coop"
}
}
],
[
{
"endpoint": popupReportEndpoint, "report": {
"body": {
"disposition": "enforce",
"document-uri": /coop-coep.py?.*channel=CHANNEL_NAME$/,
"effective-policy": "unsafe-none",
"navigation-uri": `${location.href}`,
"violation-type": "navigation-to-document"
},
"url": /coop-coep.py?.*channel=CHANNEL_NAME$/,
"type": "coop"
}
}
]
],
// Cross origin popup, without COOP or reporting, report only sent to opener.
[CROSS_ORIGIN, "unsafe-none", "", false,
[
{
"endpoint": reportEndpoint, "report": {
"body": {
"disposition": "enforce",
"document-uri": `${location.href}`,
"effective-policy": "same-origin",
"navigation-uri": /coop-coep.py?.*channel=CHANNEL_NAME$/,
"violation-type": "navigation-from-document"
},
"url": `${location.href}`,
"type": "coop"
}
}
],
[
{
"endpoint": popupReportEndpoint, "report": {
"body": {
"disposition": "enforce",
"document-uri": /coop-coep.py?.*channel=CHANNEL_NAME$/,
"effective-policy": "unsafe-none",
"navigation-uri": `${location.href}`,
"violation-type": "navigation-to-document"
},
"url": /coop-coep.py?.*channel=CHANNEL_NAME$/,
"type": "coop"
}
}
]
],
];

run_coop_reporting_test(document.title, tests);

</script>
2 changes: 2 additions & 0 deletions html/cross-origin-opener-policy/reporting-popup-same-origin-report-to.https.html.sub.headers
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
report-to: { "group": "coop-report-endpoint", "max_age": 10886400, "endpoints": [{ "url": "https://{{hosts[][www]}}:{{ports[https][0]}}/html/cross-origin-opener-policy/resources/report.py?endpoint=coop-report-endpoint" }] }, { "group": "coop-report-only-endpoint", "max_age": 10886400, "endpoints": [{ "url": "https://{{hosts[][www]}}:{{ports[https][0]}}/html/cross-origin-opener-policy/resources/report.py?endpoint=coop-report-only-endpoint" }]}
Cross-Origin-Opener-Policy: same-origin; report-to="coop-report-endpoint"
Loading

0 comments on commit d9acb68

Please sign in to comment.