COOP and COEP tests #17606
COOP and COEP tests #17606
Conversation
wpt-pr-bot
requested review from
domenic,
foolip,
jdm,
jgraham,
zcorpan and
zqzhang
|
Thanks for adding these tests! I hadn't seen the existing WPT tests for COOP and Cross-Origin, so I'll try to take a closer look at them. Your proposed changes here seem reasonable to me. One question I was wondering about when working on the Chrome implementation, and which might be useful to cover in a test-- when a frame is navigating, is the COOP comparison made against the current document in the frame or the initiator of the navigation? For example: page A1 (with a policy and unsafe-allow-origin) opens page B (no header), staying in the group.
|
This comment has been minimized.
This comment has been minimized.
|
As currently written currentCOOP would always be from B and there's no inheritance, so a mismatch in both cases. The only time the initiator comes into play (and you could talk about inheritance of sorts) is with initial about:blank. (And yeah, we should test this!) |
|
Did a quick brainstorm of some things which might be worth testing re. these headers:
|
html/cross-origin-embedder-policy/resources/nothing.txt.headers
Outdated
Show resolved
Hide resolved
- "cross-origin-embedder-policy" set's the policy for frame. - dedicated worker's policy is set to the ancestor frame's policy. - nested frames with a conflicting policy is blocked. SharedWorker / ServiceWorker are not yet supported. All the implementation is behind the flag, and tested manually with work in progress WPTs[1]. 1: web-platform-tests/wpt#17606 Bug: 887967 Change-Id: I70ed24841afde1b3c72dad40288744bb92a6f5dc Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1715378 Commit-Queue: Yutaka Hirano <[email protected]> Reviewed-by: Hajime Hoshi <[email protected]> Reviewed-by: Kinuko Yasuda <[email protected]> Cr-Commit-Position: refs/heads/master@{#682609}
I'd be OK with adding a flag to Gecko's HTML parser to prevent renavigation on late |
|
This is ready for another round of feedback. #18354 lists the remaining work. Please add suggestions for further tests there. |
|
LGTM (I only looked at the COEP part). |
| coop_coep_test(t, host, coop, "", channelName, hasOpener); | ||
| } | ||
|
|
||
| function run_coop_tests(mainTest, testArray) { |
There was a problem hiding this comment.
annotate or use variable name to indicate mainTest is a COOP value.
| } | ||
|
|
||
| function coop_coep_test(t, host, coop, coep, channelName, hasOpener) { | ||
| url_test(t, `${host.origin}/html/cross-origin-opener-policy/resources/coop-coep.py?coop=${encodeURIComponent(coop)}&coep=${coep}&channel=${channelName}`, channelName, hasOpener); |
There was a problem hiding this comment.
This is too long. One solution might be
let url = ${host.origin}/html/cross-origin-opener-policy/resources/coop-coep.py;
url += `?coop=...
| const SAME_SITE = {origin: get_host_info().HTTPS_REMOTE_ORIGIN, name: "SAME_SITE"}; | ||
| const CROSS_ORIGIN = {origin: get_host_info().HTTPS_NOTSAMESITE_ORIGIN, name: "CROSS_ORIGIN"} | ||
|
|
||
| function url_test(t, url, channelName, hasOpener) { |
There was a problem hiding this comment.
The name url_test is kinda misleading. Actually we're test hasOpener
| const navigateHost = site === "same-origin" ? SAME_ORIGIN : SAME_SITE; | ||
| const navigateURL = `${navigateHost.origin}/html/cross-origin-opener-policy/resources/coop-coep.py?coop=${variant.coop}&coep=${variant.coep}&channel=${channel}`; | ||
| const opener = site === "same-origin" ? variant.opener : false; | ||
|
|
There was a problem hiding this comment.
IMO it's a complicated test. Could you put some comments about the testing flow?
| popup.close(); | ||
| t.done(); | ||
| }, 500); | ||
| }, "Cross-Origin-Opener-Policy only works over HTTPS"); |
|
Proposed commit message: |
|
Initial (incomplete) take at restructuring some of the existing tests to account for name and logic changes.
TODO: