From 9e1f46668b220458be6f406e2e6214375a5ca092 Mon Sep 17 00:00:00 2001
From: Simon Pieters <zcorpan@gmail.com>
Date: Thu, 9 Jan 2020 16:54:33 +0100
Subject: [PATCH 1/9] COOP: test COOP popup from a CSP-sandboxed popup

Part of #18354.
---
 .../coop-csp-sandbox.https.html               | 24 +++++++++++++++++++
 .../resources/csp-sandbox.py                  | 21 ++++++++++++++++
 2 files changed, 45 insertions(+)
 create mode 100644 html/cross-origin-opener-policy/coop-csp-sandbox.https.html
 create mode 100644 html/cross-origin-opener-policy/resources/csp-sandbox.py

diff --git a/html/cross-origin-opener-policy/coop-csp-sandbox.https.html b/html/cross-origin-opener-policy/coop-csp-sandbox.https.html
new file mode 100644
index 00000000000000..259d484df2cbf7
--- /dev/null
+++ b/html/cross-origin-opener-policy/coop-csp-sandbox.https.html
@@ -0,0 +1,24 @@
+<!doctype html>
+<title>CSP sandboxed Cross-Origin-Opener-Policy popup should result in a network error</title>
+<script src=/resources/testharness.js></script>
+<script src=/resources/testharnessreport.js></script>
+<script src="/common/utils.js"></script> <!-- Use token() to allow running tests in parallel -->
+<div id=log>
+<script>
+[
+  "allow-popups allow-scripts allow-same-origin",
+  "allow-popups allow-scripts",
+].forEach(sandboxValue => {
+  async_test(t => {
+    const channel = new BroadcastChannel(token());
+    channel.onmessage = t.unreached_func("A COOP popup was created from a CSP-sandboxed popup");
+    const popup = window.open(`resources/csp-sandbox.py?coop=same-origin&coep=&sandbox=${sandboxValue}&channel=${channel.name}`);
+    t.add_cleanup(() => { popup.close(); });
+    addEventListener('load', t.step_func(() => {
+      t.step_timeout(() => {
+        t.done()
+      }, 1500);
+    }));
+  }, `CSP: sandbox ${sandboxValue}; ${document.title}`);
+});
+</script>
diff --git a/html/cross-origin-opener-policy/resources/csp-sandbox.py b/html/cross-origin-opener-policy/resources/csp-sandbox.py
new file mode 100644
index 00000000000000..adaf50b8688162
--- /dev/null
+++ b/html/cross-origin-opener-policy/resources/csp-sandbox.py
@@ -0,0 +1,21 @@
+def main(request, response):
+    coop = request.GET.first("coop")
+    coep = request.GET.first("coep")
+    sandbox = request.GET.first("sandbox")
+    if coop != "":
+        response.headers.set("Cross-Origin-Opener-Policy", coop)
+    if coep != "":
+        response.headers.set("Cross-Origin-Embedder-Policy", coep)
+    response.headers.set("Content-Security-Policy", "sandbox " + sandbox + ";")
+
+    # Open a popup to coop-coep.py with the same parameters (except sandbox)
+    response.content = """
+<!doctype html>
+<meta charset=utf-8>
+<script src="/common/get-host-info.sub.js"></script>
+<script>
+  const params = new URL(location).searchParams;
+  params.delete("sandbox");
+  window.open(`${get_host_info().HTTPS_ORIGIN}/html/cross-origin-opener-policy/resources/coop-coep.py?${params}`)
+</script>
+"""

From 3b3194a464fbc5eb28c023751ed733ff80606216 Mon Sep 17 00:00:00 2001
From: Simon Pieters <zcorpan@gmail.com>
Date: Fri, 10 Jan 2020 14:15:11 +0100
Subject: [PATCH 2/9] Apply suggestions from code review

Co-Authored-By: Anne van Kesteren <annevk@annevk.nl>
---
 html/cross-origin-opener-policy/resources/csp-sandbox.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/html/cross-origin-opener-policy/resources/csp-sandbox.py b/html/cross-origin-opener-policy/resources/csp-sandbox.py
index adaf50b8688162..b1b12cf33c36d9 100644
--- a/html/cross-origin-opener-policy/resources/csp-sandbox.py
+++ b/html/cross-origin-opener-policy/resources/csp-sandbox.py
@@ -16,6 +16,6 @@ def main(request, response):
 <script>
   const params = new URL(location).searchParams;
   params.delete("sandbox");
-  window.open(`${get_host_info().HTTPS_ORIGIN}/html/cross-origin-opener-policy/resources/coop-coep.py?${params}`)
+  window.open(`${get_host_info().HTTPS_ORIGIN}/html/cross-origin-opener-policy/resources/coop-coep.py?${params}`);
 </script>
 """

From a05e1924e53c18c8170230d255b07cc5fa64032d Mon Sep 17 00:00:00 2001
From: Simon Pieters <zcorpan@gmail.com>
Date: Fri, 10 Jan 2020 14:31:31 +0100
Subject: [PATCH 3/9] Remove get-host-info.sub.js from csp-sandbox.py

---
 html/cross-origin-opener-policy/resources/csp-sandbox.py | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/html/cross-origin-opener-policy/resources/csp-sandbox.py b/html/cross-origin-opener-policy/resources/csp-sandbox.py
index b1b12cf33c36d9..bc5e8ed2d571db 100644
--- a/html/cross-origin-opener-policy/resources/csp-sandbox.py
+++ b/html/cross-origin-opener-policy/resources/csp-sandbox.py
@@ -12,10 +12,9 @@ def main(request, response):
     response.content = """
 <!doctype html>
 <meta charset=utf-8>
-<script src="/common/get-host-info.sub.js"></script>
 <script>
   const params = new URL(location).searchParams;
   params.delete("sandbox");
-  window.open(`${get_host_info().HTTPS_ORIGIN}/html/cross-origin-opener-policy/resources/coop-coep.py?${params}`);
+  window.open(`/html/cross-origin-opener-policy/resources/coop-coep.py?${params}`);
 </script>
 """

From 94da6ee228f9e96c2cbf5e5cb793da14a53b7a49 Mon Sep 17 00:00:00 2001
From: Simon Pieters <zcorpan@gmail.com>
Date: Thu, 20 Aug 2020 15:43:44 +0200
Subject: [PATCH 4/9] Use byte strings in python

---
 .../resources/csp-sandbox.py                       | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/html/cross-origin-opener-policy/resources/csp-sandbox.py b/html/cross-origin-opener-policy/resources/csp-sandbox.py
index bc5e8ed2d571db..fd19acb339c0b5 100644
--- a/html/cross-origin-opener-policy/resources/csp-sandbox.py
+++ b/html/cross-origin-opener-policy/resources/csp-sandbox.py
@@ -1,15 +1,15 @@
 def main(request, response):
-    coop = request.GET.first("coop")
-    coep = request.GET.first("coep")
-    sandbox = request.GET.first("sandbox")
+    coop = request.GET.first(b"coop")
+    coep = request.GET.first(b"coep")
+    sandbox = request.GET.first(b"sandbox")
     if coop != "":
-        response.headers.set("Cross-Origin-Opener-Policy", coop)
+        response.headers.set(b"Cross-Origin-Opener-Policy", coop)
     if coep != "":
-        response.headers.set("Cross-Origin-Embedder-Policy", coep)
-    response.headers.set("Content-Security-Policy", "sandbox " + sandbox + ";")
+        response.headers.set(b"Cross-Origin-Embedder-Policy", coep)
+    response.headers.set(b"Content-Security-Policy", b"sandbox " + sandbox + b";")
 
     # Open a popup to coop-coep.py with the same parameters (except sandbox)
-    response.content = """
+    response.content = b"""
 <!doctype html>
 <meta charset=utf-8>
 <script>

From 32b2eefa57930f9f0feaa063991321440e80a861 Mon Sep 17 00:00:00 2001
From: Simon Pieters <zcorpan@gmail.com>
Date: Thu, 20 Aug 2020 16:12:31 +0200
Subject: [PATCH 5/9] Add a test per annevk's suggestion to navigate from CSP
 sandbox to COOP doc

---
 .../coop-csp-sandbox-navigate.https.html      | 25 +++++++++++++++++++
 .../resources/common.js                       | 12 +++++++++
 .../resources/coop-coep.py                    | 12 +--------
 .../resources/csp-sandbox.py                  | 11 +++++++-
 4 files changed, 48 insertions(+), 12 deletions(-)
 create mode 100644 html/cross-origin-opener-policy/coop-csp-sandbox-navigate.https.html

diff --git a/html/cross-origin-opener-policy/coop-csp-sandbox-navigate.https.html b/html/cross-origin-opener-policy/coop-csp-sandbox-navigate.https.html
new file mode 100644
index 00000000000000..e9e83072ce5f15
--- /dev/null
+++ b/html/cross-origin-opener-policy/coop-csp-sandbox-navigate.https.html
@@ -0,0 +1,25 @@
+<!doctype html>
+<title>CSP sandbox popup navigate to Cross-Origin-Opener-Policy document should work</title>
+<script src=/resources/testharness.js></script>
+<script src=/resources/testharnessreport.js></script>
+<script src="/common/utils.js"></script> <!-- Use token() to allow running tests in parallel -->
+<div id=log>
+<script>
+[
+  "allow-popups allow-scripts allow-same-origin",
+  "allow-popups allow-scripts",
+].forEach(sandboxValue => {
+  async_test(t => {
+    const channel = new BroadcastChannel(token());
+    channel.onmessage = t.step_func_done();
+    const navigateTo = `/html/cross-origin-opener-policy/resources/coop-coep.py?coop=same-origin&coep=&channel=${channel.name}`;
+    const popup = window.open(`resources/csp-sandbox.py?coop=&coep=&sandbox=${sandboxValue}&channel=&navigate=${encodeURIComponent(navigateTo)}`);
+    t.add_cleanup(() => { popup.close(); });
+    addEventListener('load', t.step_func(() => {
+      t.step_timeout(() => {
+        assert_unreached('Navigation from CSP sandbox to COOP document failed')
+      }, 1500);
+    }));
+  }, `CSP: sandbox ${sandboxValue}; ${document.title}`);
+});
+</script>
diff --git a/html/cross-origin-opener-policy/resources/common.js b/html/cross-origin-opener-policy/resources/common.js
index 5a1744cd9ceaa4..6d6eafa709a5c8 100644
--- a/html/cross-origin-opener-policy/resources/common.js
+++ b/html/cross-origin-opener-policy/resources/common.js
@@ -102,3 +102,15 @@ function run_coop_test_iframe (documentTitle, iframe_origin, popup_origin, popup
       document.body.append(frame);
   }, `${documentTitle} with ${iframe_origin.name} iframe opening popup a ${popup_origin.name} with COOP: ${format_value(popup_coop)}`);
 }
+
+// Need to wait until the page is fully loaded before navigating
+// so that it creates a history entry properly.
+const fullyLoaded = new Promise((resolve, reject) => {
+  addEventListener('load', () => {
+    requestAnimationFrame(() => {
+      requestAnimationFrame(() => {
+        resolve();
+      });
+    });
+  });
+});
diff --git a/html/cross-origin-opener-policy/resources/coop-coep.py b/html/cross-origin-opener-policy/resources/coop-coep.py
index 285b961e996917..eff636c42480cb 100644
--- a/html/cross-origin-opener-policy/resources/coop-coep.py
+++ b/html/cross-origin-opener-policy/resources/coop-coep.py
@@ -26,23 +26,13 @@ def main(request, response):
 <!doctype html>
 <meta charset=utf-8>
 <script src="/common/get-host-info.sub.js"></script>
+<script src="/html/cross-origin-opener-policy/resources/common.js"></script>
 <body></body>
 <script>
   const params = new URL(location).searchParams;
   const navHistory = params.get("navHistory");
   const avoidBackAndForth = params.get("avoidBackAndForth");
   const navigate = params.get("navigate");
-  // Need to wait until the page is fully loaded before navigating
-  // so that it creates a history entry properly.
-  const fullyLoaded = new Promise((resolve, reject) => {
-    addEventListener('load', () => {
-      requestAnimationFrame(() => {
-        requestAnimationFrame(() => {
-          resolve();
-        });
-      });
-    });
-  });
   if (navHistory !== null) {
     fullyLoaded.then(() => {
       history.go(Number(navHistory));
diff --git a/html/cross-origin-opener-policy/resources/csp-sandbox.py b/html/cross-origin-opener-policy/resources/csp-sandbox.py
index fd19acb339c0b5..5b819404e6d8d3 100644
--- a/html/cross-origin-opener-policy/resources/csp-sandbox.py
+++ b/html/cross-origin-opener-policy/resources/csp-sandbox.py
@@ -12,9 +12,18 @@ def main(request, response):
     response.content = b"""
 <!doctype html>
 <meta charset=utf-8>
+<script src="/common/get-host-info.sub.js"></script>
+<script src="/html/cross-origin-opener-policy/resources/common.js"></script>
 <script>
   const params = new URL(location).searchParams;
   params.delete("sandbox");
-  window.open(`/html/cross-origin-opener-policy/resources/coop-coep.py?${params}`);
+  const navigate = params.get("navigate");
+  if (navigate) {
+    fullyLoaded.then(() => {
+      self.location = navigate;
+    });
+  } else {
+    window.open(`/html/cross-origin-opener-policy/resources/coop-coep.py?${params}`);
+  }
 </script>
 """

From abbc0bd7cdcfe919c868b8cf173cdeb458b2e9a6 Mon Sep 17 00:00:00 2001
From: Simon Pieters <zcorpan@gmail.com>
Date: Wed, 26 Aug 2020 15:29:39 +0200
Subject: [PATCH 6/9] Change fullyLoaded to a function

---
 .../cross-origin-opener-policy/resources/common.js | 14 ++++++++------
 .../resources/coop-coep.py                         |  7 ++++---
 .../resources/csp-sandbox.py                       |  2 +-
 3 files changed, 13 insertions(+), 10 deletions(-)

diff --git a/html/cross-origin-opener-policy/resources/common.js b/html/cross-origin-opener-policy/resources/common.js
index 6d6eafa709a5c8..18656cd9e6e1e9 100644
--- a/html/cross-origin-opener-policy/resources/common.js
+++ b/html/cross-origin-opener-policy/resources/common.js
@@ -103,14 +103,16 @@ function run_coop_test_iframe (documentTitle, iframe_origin, popup_origin, popup
   }, `${documentTitle} with ${iframe_origin.name} iframe opening popup a ${popup_origin.name} with COOP: ${format_value(popup_coop)}`);
 }
 
-// Need to wait until the page is fully loaded before navigating
+// Wait until the page is fully loaded before navigating
 // so that it creates a history entry properly.
-const fullyLoaded = new Promise((resolve, reject) => {
-  addEventListener('load', () => {
-    requestAnimationFrame(() => {
+function fullyLoaded() {
+  return new Promise((resolve, reject) => {
+    addEventListener('load', () => {
       requestAnimationFrame(() => {
-        resolve();
+        requestAnimationFrame(() => {
+          resolve();
+        });
       });
     });
   });
-});
+}
diff --git a/html/cross-origin-opener-policy/resources/coop-coep.py b/html/cross-origin-opener-policy/resources/coop-coep.py
index eff636c42480cb..04b673bf2d9732 100644
--- a/html/cross-origin-opener-policy/resources/coop-coep.py
+++ b/html/cross-origin-opener-policy/resources/coop-coep.py
@@ -27,18 +27,18 @@ def main(request, response):
 <meta charset=utf-8>
 <script src="/common/get-host-info.sub.js"></script>
 <script src="/html/cross-origin-opener-policy/resources/common.js"></script>
-<body></body>
+<body>
 <script>
   const params = new URL(location).searchParams;
   const navHistory = params.get("navHistory");
   const avoidBackAndForth = params.get("avoidBackAndForth");
   const navigate = params.get("navigate");
   if (navHistory !== null) {
-    fullyLoaded.then(() => {
+    fullyLoaded().then(() => {
       history.go(Number(navHistory));
     });
   } else if (navigate !== null && (history.length === 1 || !avoidBackAndForth)) {
-    fullyLoaded.then(() => {
+    fullyLoaded().then(() => {
       self.location = navigate;
     });
   } else {
@@ -64,4 +64,5 @@ def main(request, response):
     document.body.appendChild(iframe);
   }
 </script>
+</body>
 """
diff --git a/html/cross-origin-opener-policy/resources/csp-sandbox.py b/html/cross-origin-opener-policy/resources/csp-sandbox.py
index 5b819404e6d8d3..ed415c431eca42 100644
--- a/html/cross-origin-opener-policy/resources/csp-sandbox.py
+++ b/html/cross-origin-opener-policy/resources/csp-sandbox.py
@@ -19,7 +19,7 @@ def main(request, response):
   params.delete("sandbox");
   const navigate = params.get("navigate");
   if (navigate) {
-    fullyLoaded.then(() => {
+    fullyLoaded().then(() => {
       self.location = navigate;
     });
   } else {

From 5d9eed644c5da531aca24b12caef31e3f4b17527 Mon Sep 17 00:00:00 2001
From: Simon Pieters <zcorpan@gmail.com>
Date: Wed, 26 Aug 2020 16:50:03 +0200
Subject: [PATCH 7/9] Add more assertions in the navigate test (unsure about
 correctness)

---
 .../coop-csp-sandbox-navigate.https.html               | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/html/cross-origin-opener-policy/coop-csp-sandbox-navigate.https.html b/html/cross-origin-opener-policy/coop-csp-sandbox-navigate.https.html
index e9e83072ce5f15..de18cad11a27c0 100644
--- a/html/cross-origin-opener-policy/coop-csp-sandbox-navigate.https.html
+++ b/html/cross-origin-opener-policy/coop-csp-sandbox-navigate.https.html
@@ -11,9 +11,15 @@
 ].forEach(sandboxValue => {
   async_test(t => {
     const channel = new BroadcastChannel(token());
-    channel.onmessage = t.step_func_done();
+    let popup;
+    channel.onmessage = t.step_func_done(e => {
+      assert_equals(e.data.name, '', 'e.data.name');
+      assert_false(e.data.opener, 'e.data.opener');
+      assert_true(popup.closed, 'popup.closed');
+      assert_throws_dom("SecurityError", () => { popup.document; }, 'same-origin check');
+    });
     const navigateTo = `/html/cross-origin-opener-policy/resources/coop-coep.py?coop=same-origin&coep=&channel=${channel.name}`;
-    const popup = window.open(`resources/csp-sandbox.py?coop=&coep=&sandbox=${sandboxValue}&channel=&navigate=${encodeURIComponent(navigateTo)}`);
+    popup = window.open(`resources/csp-sandbox.py?coop=&coep=&sandbox=${sandboxValue}&channel=&navigate=${encodeURIComponent(navigateTo)}`, sandboxValue);
     t.add_cleanup(() => { popup.close(); });
     addEventListener('load', t.step_func(() => {
       t.step_timeout(() => {

From b2db19d3f719890e69683b23a1ebb8b0e8ebbf59 Mon Sep 17 00:00:00 2001
From: Simon Pieters <zcorpan@gmail.com>
Date: Wed, 26 Aug 2020 17:07:13 +0200
Subject: [PATCH 8/9] Avoid spaces in window.open second argument

---
 .../coop-csp-sandbox-navigate.https.html                        | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/html/cross-origin-opener-policy/coop-csp-sandbox-navigate.https.html b/html/cross-origin-opener-policy/coop-csp-sandbox-navigate.https.html
index de18cad11a27c0..470623bbd54302 100644
--- a/html/cross-origin-opener-policy/coop-csp-sandbox-navigate.https.html
+++ b/html/cross-origin-opener-policy/coop-csp-sandbox-navigate.https.html
@@ -19,7 +19,7 @@
       assert_throws_dom("SecurityError", () => { popup.document; }, 'same-origin check');
     });
     const navigateTo = `/html/cross-origin-opener-policy/resources/coop-coep.py?coop=same-origin&coep=&channel=${channel.name}`;
-    popup = window.open(`resources/csp-sandbox.py?coop=&coep=&sandbox=${sandboxValue}&channel=&navigate=${encodeURIComponent(navigateTo)}`, sandboxValue);
+    popup = window.open(`resources/csp-sandbox.py?coop=&coep=&sandbox=${sandboxValue}&channel=&navigate=${encodeURIComponent(navigateTo)}`, sandboxValue.replace(/ /g, '_'));
     t.add_cleanup(() => { popup.close(); });
     addEventListener('load', t.step_func(() => {
       t.step_timeout(() => {

From 36fc58a23c645ab5fd0010003c75a37b1febf884 Mon Sep 17 00:00:00 2001
From: Simon Pieters <zcorpan@gmail.com>
Date: Thu, 27 Aug 2020 15:02:56 +0200
Subject: [PATCH 9/9] Correct the same-origin check and add explanatory
 comments

---
 .../coop-csp-sandbox-navigate.https.html               | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/html/cross-origin-opener-policy/coop-csp-sandbox-navigate.https.html b/html/cross-origin-opener-policy/coop-csp-sandbox-navigate.https.html
index 470623bbd54302..bd3a55a2d8fdb0 100644
--- a/html/cross-origin-opener-policy/coop-csp-sandbox-navigate.https.html
+++ b/html/cross-origin-opener-policy/coop-csp-sandbox-navigate.https.html
@@ -15,8 +15,16 @@
     channel.onmessage = t.step_func_done(e => {
       assert_equals(e.data.name, '', 'e.data.name');
       assert_false(e.data.opener, 'e.data.opener');
+      // `popup` is still the WindowProxy that holds the CSP sandbox document, not the
+      // after-navigation COOP document. The CSP sandbox only applies to the before navigation
+      // document/window.
       assert_true(popup.closed, 'popup.closed');
-      assert_throws_dom("SecurityError", () => { popup.document; }, 'same-origin check');
+      // Same-origin check (with the CSP sandbox document) should not throw when 'allow-same-origin'
+      if (sandboxValue.includes('allow-same-origin')) {
+        assert_true(!!popup.document, 'same-origin check');
+      } else {
+        assert_throws_dom("SecurityError", () => { popup.document; }, 'same-origin check');
+      }
     });
     const navigateTo = `/html/cross-origin-opener-policy/resources/coop-coep.py?coop=same-origin&coep=&channel=${channel.name}`;
     popup = window.open(`resources/csp-sandbox.py?coop=&coep=&sandbox=${sandboxValue}&channel=&navigate=${encodeURIComponent(navigateTo)}`, sandboxValue.replace(/ /g, '_'));