-
Notifications
You must be signed in to change notification settings - Fork 3.1k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
COOP: test COOP popup from a CSP-sandboxed popup
Part of #18354.
- Loading branch information
Showing
2 changed files
with
45 additions
and
0 deletions.
There are no files selected for viewing
24 changes: 24 additions & 0 deletions
24
html/cross-origin-opener-policy/coop-csp-sandbox.https.html
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,24 @@ | ||
| <!doctype html> | ||
| <title>CSP sandboxed Cross-Origin-Opener-Policy popup should result in a network error</title> | ||
| <script src=/resources/testharness.js></script> | ||
| <script src=/resources/testharnessreport.js></script> | ||
| <script src="/common/utils.js"></script> <!-- Use token() to allow running tests in parallel --> | ||
| <div id=log> | ||
| <script> | ||
| [ | ||
| "allow-popups allow-scripts allow-same-origin", | ||
| "allow-popups allow-scripts", | ||
| ].forEach(sandboxValue => { | ||
| async_test(t => { | ||
| const channel = new BroadcastChannel(token()); | ||
| channel.onmessage = t.unreached_func("A COOP popup was created from a CSP-sandboxed popup"); | ||
| const popup = window.open(`resources/csp-sandbox.py?coop=same-origin&coep=&sandbox=${sandboxValue}&channel=${channel.name}`); | ||
| t.add_cleanup(() => { popup.close(); }); | ||
| addEventListener('load', t.step_func(() => { | ||
| t.step_timeout(() => { | ||
| t.done() | ||
| }, 1500); | ||
| })); | ||
| }, `CSP: sandbox ${sandboxValue}; ${document.title}`); | ||
| }); | ||
| </script> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,21 @@ | ||
| def main(request, response): | ||
| coop = request.GET.first("coop") | ||
| coep = request.GET.first("coep") | ||
| sandbox = request.GET.first("sandbox") | ||
| if coop != "": | ||
| response.headers.set("Cross-Origin-Opener-Policy", coop) | ||
| if coep != "": | ||
| response.headers.set("Cross-Origin-Embedder-Policy", coep) | ||
| response.headers.set("Content-Security-Policy", "sandbox " + sandbox + ";") | ||
|
|
||
| # Open a popup to coop-coep.py with the same parameters (except sandbox) | ||
| response.content = """ | ||
| <!doctype html> | ||
| <meta charset=utf-8> | ||
| <script src="/common/get-host-info.sub.js"></script> | ||
| <script> | ||
| const params = new URL(location).searchParams; | ||
| params.delete("sandbox"); | ||
| window.open(`${get_host_info().HTTPS_ORIGIN}/html/cross-origin-opener-policy/resources/coop-coep.py?${params}`) | ||
| </script> | ||
| """ |