[COOP] Access reporting. Update the test.
The prototype: https://chromium-review.googlesource.com/c/chromium/src/+/2223934 will soon properly reports: report > url report > body > violation-type report > body > property report > body > source-file report > body > lineno report > body > colno This patch reflect this in the existing tests and fixes a few bugs. Bug: 1090273 Change-Id: I840a07ef98979ab7b36286124161ca165c228303 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2238114 Commit-Queue: Arthur Sonzogni <arthursonzogni@chromium.org> Reviewed-by: Pâris Meuleman <pmeuleman@chromium.org> Cr-Commit-Position: refs/heads/master@{#776942}
This commit is contained in:
arthursonzogni
committed by
Commit Bot
Commit Bot
parent
a2f41e9d91
commit
e106756f1b
third_party/blink/web_tests/external/wpt/html/cross-origin-opener-policy/access-reporting
@@ -16,28 +16,28 @@ const cross_origin = get_host_info().HTTPS_REMOTE_ORIGIN;
|
|||||||
const coep_header = '|header(Cross-Origin-Embedder-Policy,require-corp)';
|
const coep_header = '|header(Cross-Origin-Embedder-Policy,require-corp)';
|
||||||
|
|
||||||
let operation = [
|
let operation = [
|
||||||
//[test name , operation ] ,
|
//[type , property , operation ] ,
|
||||||
["Call blur" , w => w.blur() ] ,
|
["Call" , "blur" , w => w.blur() ] ,
|
||||||
["Call foo" , w => w.foo() ] ,
|
["Call" , "foo" , w => w.foo() ] ,
|
||||||
["Call location" , w => w.location() ] ,
|
["Call" , "location" , w => w.location() ] ,
|
||||||
["Call opener" , w => w.opener() ] ,
|
["Call" , "opener" , w => w.opener() ] ,
|
||||||
["Call postMessage" , w => w.postMessage() ] ,
|
["Call" , "postMessage" , w => w.postMessage() ] ,
|
||||||
["Call window" , w => w.window() ] ,
|
["Call" , "window" , w => w.window() ] ,
|
||||||
["Read blur" , w => w.blur ] ,
|
["Read" , "blur" , w => w.blur ] ,
|
||||||
["Read foo" , w => w.foo ] ,
|
["Read" , "foo" , w => w.foo ] ,
|
||||||
["Read location" , w => w.location ] ,
|
["Read" , "location" , w => w.location ] ,
|
||||||
["Read opener" , w => w.opener ] ,
|
["Read" , "opener" , w => w.opener ] ,
|
||||||
["Read postMessage" , w => w.postMessage ] ,
|
["Read" , "postMessage" , w => w.postMessage ] ,
|
||||||
["Read window" , w => w.window ] ,
|
["Read" , "window" , w => w.window ] ,
|
||||||
["Write blur" , w => w.blur = "test" ] ,
|
["Write" , "blur" , w => w.blur = "test" ] ,
|
||||||
["Write foo" , w => w.foo = "test" ] ,
|
["Write" , "foo" , w => w.foo = "test" ] ,
|
||||||
["Write location" , w => w.location = "test" ] ,
|
["Write" , "location" , w => w.location = "test" ] ,
|
||||||
["Write opener" , w => w.opener = "test" ] ,
|
["Write" , "opener" , w => w.opener = "test" ] ,
|
||||||
["Write postMessage" , w => w.postMessage = "test" ] ,
|
["Write" , "postMessage" , w => w.postMessage = "test" ] ,
|
||||||
["Write window" , w => w.window = "test" ] ,
|
["Write" , "window" , w => w.window = "test" ] ,
|
||||||
];
|
];
|
||||||
|
|
||||||
operation.forEach(([test, op]) => {
|
operation.forEach(([type, property, op]) => {
|
||||||
promise_test(async t => {
|
promise_test(async t => {
|
||||||
const report_token = token();
|
const report_token = token();
|
||||||
const executor_token = token();
|
const executor_token = token();
|
||||||
@@ -45,7 +45,7 @@ operation.forEach(([test, op]) => {
|
|||||||
|
|
||||||
const reportTo = reportToHeaders(report_token);
|
const reportTo = reportToHeaders(report_token);
|
||||||
const openee_url = cross_origin + executor_path +
|
const openee_url = cross_origin + executor_path +
|
||||||
reportTo.header + reportTo.coopReportOnlySameOrigin + coep_header +
|
reportTo.header + reportTo.coopReportOnlySameOriginHeader + coep_header +
|
||||||
`&uuid=${executor_token}`;
|
`&uuid=${executor_token}`;
|
||||||
const openee = window.open(openee_url);
|
const openee = window.open(openee_url);
|
||||||
t.add_cleanup(() => send(executor_token, "window.close()"))
|
t.add_cleanup(() => send(executor_token, "window.close()"))
|
||||||
@@ -75,10 +75,16 @@ operation.forEach(([test, op]) => {
|
|||||||
report_2 = JSON.parse(report_2);
|
report_2 = JSON.parse(report_2);
|
||||||
assert_equals(report_2.length, 1);
|
assert_equals(report_2.length, 1);
|
||||||
assert_equals(report_2[0].type, "coop");
|
assert_equals(report_2[0].type, "coop");
|
||||||
assert_equals(report_2[0].body["violation-type"], "access");
|
assert_equals(report_2[0].url, openee_url);
|
||||||
|
assert_equals(report_2[0].body["violation-type"], "access-to-coop-page");
|
||||||
assert_equals(report_2[0].body["disposition"], "reporting");
|
assert_equals(report_2[0].body["disposition"], "reporting");
|
||||||
assert_equals(report_2[0].body["effective-policy"], "same-origin-plus-coep");
|
assert_equals(report_2[0].body["effective-policy"], "same-origin-plus-coep");
|
||||||
}, `${test}`);
|
assert_equals(report_2[0].body["property"], property);
|
||||||
|
assert_equals(report_2[0].body["source-file"], undefined);
|
||||||
|
assert_equals(report_2[0].body["lineno"], undefined);
|
||||||
|
assert_equals(report_2[0].body["colno"], undefined);
|
||||||
|
// TODO(arthursonzogni): Add check for report > body > blocked-window-url
|
||||||
|
}, `${type} ${property}`);
|
||||||
});
|
});
|
||||||
|
|
||||||
</script>
|
</script>
|
||||||
|
|||||||
@@ -16,28 +16,28 @@ const cross_origin = get_host_info().HTTPS_REMOTE_ORIGIN;
|
|||||||
const coep_header = '|header(Cross-Origin-Embedder-Policy,require-corp)';
|
const coep_header = '|header(Cross-Origin-Embedder-Policy,require-corp)';
|
||||||
|
|
||||||
let operation = [
|
let operation = [
|
||||||
//[test name , operation ] ,
|
//[type , property , operation ] ,
|
||||||
["Call blur" , w => w.blur() ] ,
|
["Call" , "blur" , w => w.blur() ] ,
|
||||||
["Call foo" , w => w.foo() ] ,
|
["Call" , "foo" , w => w.foo() ] ,
|
||||||
["Call location" , w => w.location() ] ,
|
["Call" , "location" , w => w.location() ] ,
|
||||||
["Call opener" , w => w.opener() ] ,
|
["Call" , "opener" , w => w.opener() ] ,
|
||||||
["Call postMessage" , w => w.postMessage() ] ,
|
["Call" , "postMessage" , w => w.postMessage() ] ,
|
||||||
["Call window" , w => w.window() ] ,
|
["Call" , "window" , w => w.window() ] ,
|
||||||
["Read blur" , w => w.blur ] ,
|
["Read" , "blur" , w => w.blur ] ,
|
||||||
["Read foo" , w => w.foo ] ,
|
["Read" , "foo" , w => w.foo ] ,
|
||||||
["Read location" , w => w.location ] ,
|
["Read" , "location" , w => w.location ] ,
|
||||||
["Read opener" , w => w.opener ] ,
|
["Read" , "opener" , w => w.opener ] ,
|
||||||
["Read postMessage" , w => w.postMessage ] ,
|
["Read" , "postMessage" , w => w.postMessage ] ,
|
||||||
["Read window" , w => w.window ] ,
|
["Read" , "window" , w => w.window ] ,
|
||||||
["Write blur" , w => w.blur = "test" ] ,
|
["Write" , "blur" , w => w.blur = "test" ] ,
|
||||||
["Write foo" , w => w.foo = "test" ] ,
|
["Write" , "foo" , w => w.foo = "test" ] ,
|
||||||
["Write location" , w => w.location = "test" ] ,
|
["Write" , "location" , w => w.location = "test" ] ,
|
||||||
["Write opener" , w => w.opener = "test" ] ,
|
["Write" , "opener" , w => w.opener = "test" ] ,
|
||||||
["Write postMessage" , w => w.postMessage = "test" ] ,
|
["Write" , "postMessage" , w => w.postMessage = "test" ] ,
|
||||||
["Write window" , w => w.window = "test" ] ,
|
["Write" , "window" , w => w.window = "test" ] ,
|
||||||
];
|
];
|
||||||
|
|
||||||
operation.forEach(([test, op]) => {
|
operation.forEach(([type, property, op]) => {
|
||||||
promise_test(async t => {
|
promise_test(async t => {
|
||||||
const report_token = token();
|
const report_token = token();
|
||||||
const executor_token = token();
|
const executor_token = token();
|
||||||
@@ -45,7 +45,7 @@ operation.forEach(([test, op]) => {
|
|||||||
|
|
||||||
const reportTo = reportToHeaders(report_token);
|
const reportTo = reportToHeaders(report_token);
|
||||||
const openee_url = cross_origin + executor_path +
|
const openee_url = cross_origin + executor_path +
|
||||||
reportTo.header + reportTo.coopSameOrigin + coep_header +
|
reportTo.header + reportTo.coopSameOriginHeader + coep_header +
|
||||||
`&uuid=${executor_token}`;
|
`&uuid=${executor_token}`;
|
||||||
const openee = window.open(openee_url);
|
const openee = window.open(openee_url);
|
||||||
t.add_cleanup(() => send(executor_token, "window.close()"))
|
t.add_cleanup(() => send(executor_token, "window.close()"))
|
||||||
@@ -75,10 +75,17 @@ operation.forEach(([test, op]) => {
|
|||||||
report_2 = JSON.parse(report_2);
|
report_2 = JSON.parse(report_2);
|
||||||
assert_equals(report_2.length, 1);
|
assert_equals(report_2.length, 1);
|
||||||
assert_equals(report_2[0].type, "coop");
|
assert_equals(report_2[0].type, "coop");
|
||||||
assert_equals(report_2[0].body["violation-type"], "access");
|
assert_equals(report_2[0].url, openee_url);
|
||||||
|
assert_equals(report_2[0].body["violation-type"], "access-to-coop-page");
|
||||||
assert_equals(report_2[0].body["disposition"], "enforce");
|
assert_equals(report_2[0].body["disposition"], "enforce");
|
||||||
assert_equals(report_2[0].body["effective-policy"], "same-origin-plus-coep");
|
assert_equals(report_2[0].body["effective-policy"], "same-origin-plus-coep");
|
||||||
}, `${test}`);
|
assert_equals(report_2[0].body["property"], property);
|
||||||
|
assert_equals(report_2[0].body["source-file"], undefined);
|
||||||
|
assert_equals(report_2[0].body["lineno"], undefined);
|
||||||
|
assert_equals(report_2[0].body["colno"], undefined);
|
||||||
|
// TODO(arthursonzogni): Add check for report > body > blocked-window-url
|
||||||
|
|
||||||
|
}, `${type} ${test}`);
|
||||||
});
|
});
|
||||||
|
|
||||||
</script>
|
</script>
|
||||||
|
|||||||
@@ -16,28 +16,28 @@ const cross_origin = get_host_info().HTTPS_REMOTE_ORIGIN;
|
|||||||
const coep_header = '|header(Cross-Origin-Embedder-Policy,require-corp)';
|
const coep_header = '|header(Cross-Origin-Embedder-Policy,require-corp)';
|
||||||
|
|
||||||
let operation = [
|
let operation = [
|
||||||
//[test name , operation ] ,
|
//[type , property , operation ] ,
|
||||||
["Call blur" , "opener.blur()" ] ,
|
["Call" , "blur" , "opener.blur()" ] ,
|
||||||
["Call foo" , "opener.foo()" ] ,
|
["Call" , "foo" , "opener.foo()" ] ,
|
||||||
["Call location" , "opener.location()" ] ,
|
["Call" , "location" , "opener.location()" ] ,
|
||||||
["Call opener" , "opener.opener()" ] ,
|
["Call" , "opener" , "opener.opener()" ] ,
|
||||||
["Call postMessage" , "opener.postMessage()" ] ,
|
["Call" , "postMessage" , "opener.postMessage()" ] ,
|
||||||
["Call window" , "opener.window()" ] ,
|
["Call" , "window" , "opener.window()" ] ,
|
||||||
["Read blur" , "opener.blur" ] ,
|
["Read" , "blur" , "opener.blur" ] ,
|
||||||
["Read foo" , "opener.foo" ] ,
|
["Read" , "foo" , "opener.foo" ] ,
|
||||||
["Read location" , "opener.location" ] ,
|
["Read" , "location" , "opener.location" ] ,
|
||||||
["Read opener" , "opener.opener" ] ,
|
["Read" , "opener" , "opener.opener" ] ,
|
||||||
["Read postMessage" , "opener.postMessage" ] ,
|
["Read" , "postMessage" , "opener.postMessage" ] ,
|
||||||
["Read window" , "opener.window" ] ,
|
["Read" , "window" , "opener.window" ] ,
|
||||||
["Write blur" , "opener.blur = 'test'" ] ,
|
["Write" , "blur" , "opener.blur = 'test'" ] ,
|
||||||
["Write foo" , "opener.foo = 'test'" ] ,
|
["Write" , "foo" , "opener.foo = 'test'" ] ,
|
||||||
["Write location" , "opener.location = 'test'" ] ,
|
["Write" , "location" , "opener.location = 'test'" ] ,
|
||||||
["Write opener" , "opener.opener = 'test'" ] ,
|
["Write" , "opener" , "opener.opener = 'test'" ] ,
|
||||||
["Write postMessage" , "opener.postMessage = 'test'" ] ,
|
["Write" , "postMessage" , "opener.postMessage = 'test'" ] ,
|
||||||
["Write window" , "opener.window = 'test'" ] ,
|
["Write" , "window" , "opener.window = 'test'" ] ,
|
||||||
];
|
];
|
||||||
|
|
||||||
operation.forEach(([test, op]) => {
|
operation.forEach(([type, property, op]) => {
|
||||||
promise_test(async t => {
|
promise_test(async t => {
|
||||||
const report_token = token();
|
const report_token = token();
|
||||||
const executor_token = token();
|
const executor_token = token();
|
||||||
@@ -45,7 +45,7 @@ operation.forEach(([test, op]) => {
|
|||||||
|
|
||||||
const reportTo = reportToHeaders(report_token);
|
const reportTo = reportToHeaders(report_token);
|
||||||
const openee_url = cross_origin + executor_path +
|
const openee_url = cross_origin + executor_path +
|
||||||
reportTo.header + reportTo.coopReportOnlySameOrigin + coep_header +
|
reportTo.header + reportTo.coopReportOnlySameOriginHeader + coep_header +
|
||||||
`&uuid=${executor_token}`;
|
`&uuid=${executor_token}`;
|
||||||
const openee = window.open(openee_url);
|
const openee = window.open(openee_url);
|
||||||
t.add_cleanup(() => send(executor_token, "window.close()"))
|
t.add_cleanup(() => send(executor_token, "window.close()"))
|
||||||
@@ -74,10 +74,14 @@ operation.forEach(([test, op]) => {
|
|||||||
|
|
||||||
assert_equals(report_2.length, 1);
|
assert_equals(report_2.length, 1);
|
||||||
assert_equals(report_2[0].type, "coop");
|
assert_equals(report_2[0].type, "coop");
|
||||||
assert_equals(report_2[0].body["violation-type"], "access");
|
assert_equals(report_2[0].body["violation-type"], "access-from-coop-page");
|
||||||
assert_equals(report_2[0].body["disposition"], "reporting");
|
assert_equals(report_2[0].body["disposition"], "reporting");
|
||||||
assert_equals(report_2[0].body["effective-policy"], "same-origin-plus-coep");
|
assert_equals(report_2[0].body["effective-policy"], "same-origin-plus-coep");
|
||||||
}, `${test}`);
|
assert_equals(report_2[0].body["property"], property);
|
||||||
|
assert_equals(report_2[0].body["source-file"], undefined);
|
||||||
|
assert_equals(report_2[0].body["lineno"], undefined);
|
||||||
|
assert_equals(report_2[0].body["colno"], undefined);
|
||||||
|
}, `${type} ${property}`);
|
||||||
});
|
});
|
||||||
|
|
||||||
</script>
|
</script>
|
||||||
|
|||||||
@@ -16,28 +16,28 @@ const cross_origin = get_host_info().HTTPS_REMOTE_ORIGIN;
|
|||||||
const coep_header = '|header(Cross-Origin-Embedder-Policy,require-corp)';
|
const coep_header = '|header(Cross-Origin-Embedder-Policy,require-corp)';
|
||||||
|
|
||||||
let operation = [
|
let operation = [
|
||||||
//[test name , operation ] ,
|
//[type , property , operation ] ,
|
||||||
["Call blur" , "opener.blur()" ] ,
|
["Call" , "blur" , "opener.blur()" ] ,
|
||||||
["Call foo" , "opener.foo()" ] ,
|
["Call" , "foo" , "opener.foo()" ] ,
|
||||||
["Call location" , "opener.location()" ] ,
|
["Call" , "location" , "opener.location()" ] ,
|
||||||
["Call opener" , "opener.opener()" ] ,
|
["Call" , "opener" , "opener.opener()" ] ,
|
||||||
["Call postMessage" , "opener.postMessage()" ] ,
|
["Call" , "postMessage" , "opener.postMessage()" ] ,
|
||||||
["Call window" , "opener.window()" ] ,
|
["Call" , "window" , "opener.window()" ] ,
|
||||||
["Read blur" , "opener.blur" ] ,
|
["Read" , "blur" , "opener.blur" ] ,
|
||||||
["Read foo" , "opener.foo" ] ,
|
["Read" , "foo" , "opener.foo" ] ,
|
||||||
["Read location" , "opener.location" ] ,
|
["Read" , "location" , "opener.location" ] ,
|
||||||
["Read opener" , "opener.opener" ] ,
|
["Read" , "opener" , "opener.opener" ] ,
|
||||||
["Read postMessage" , "opener.postMessage" ] ,
|
["Read" , "postMessage" , "opener.postMessage" ] ,
|
||||||
["Read window" , "opener.window" ] ,
|
["Read" , "window" , "opener.window" ] ,
|
||||||
["Write blur" , "opener.blur = 'test'" ] ,
|
["Write" , "blur" , "opener.blur = 'test'" ] ,
|
||||||
["Write foo" , "opener.foo = 'test'" ] ,
|
["Write" , "foo" , "opener.foo = 'test'" ] ,
|
||||||
["Write location" , "opener.location = 'test'" ] ,
|
["Write" , "location" , "opener.location = 'test'" ] ,
|
||||||
["Write opener" , "opener.opener = 'test'" ] ,
|
["Write" , "opener" , "opener.opener = 'test'" ] ,
|
||||||
["Write postMessage" , "opener.postMessage = 'test'" ] ,
|
["Write" , "postMessage" , "opener.postMessage = 'test'" ] ,
|
||||||
["Write window" , "opener.window = 'test'" ] ,
|
["Write" , "window" , "opener.window = 'test'" ] ,
|
||||||
];
|
];
|
||||||
|
|
||||||
operation.forEach(([test, op]) => {
|
operation.forEach(([type, property, op]) => {
|
||||||
promise_test(async t => {
|
promise_test(async t => {
|
||||||
const report_token = token();
|
const report_token = token();
|
||||||
const executor_token = token();
|
const executor_token = token();
|
||||||
@@ -45,7 +45,7 @@ operation.forEach(([test, op]) => {
|
|||||||
|
|
||||||
const reportTo = reportToHeaders(report_token);
|
const reportTo = reportToHeaders(report_token);
|
||||||
const openee_url = cross_origin + executor_path +
|
const openee_url = cross_origin + executor_path +
|
||||||
reportTo.header + reportTo.coopSameOrigin + coep_header +
|
reportTo.header + reportTo.coopSameOriginHeader + coep_header +
|
||||||
`&uuid=${executor_token}`;
|
`&uuid=${executor_token}`;
|
||||||
const openee = window.open(openee_url);
|
const openee = window.open(openee_url);
|
||||||
t.add_cleanup(() => send(executor_token, "window.close()"));
|
t.add_cleanup(() => send(executor_token, "window.close()"));
|
||||||
@@ -59,7 +59,7 @@ operation.forEach(([test, op]) => {
|
|||||||
assert_equals(report_1[0].body["violation-type"], "navigation-to-document");
|
assert_equals(report_1[0].body["violation-type"], "navigation-to-document");
|
||||||
assert_equals(report_1[0].body["disposition"], "enforce");
|
assert_equals(report_1[0].body["disposition"], "enforce");
|
||||||
|
|
||||||
// 3. Try to access the opener. A report is sent, because of COOP-RO+COEP.
|
// 3. Try to access the opener. A report is sent, because of COOP+COEP.
|
||||||
send(executor_token, `
|
send(executor_token, `
|
||||||
try {${op}} catch(e) {}
|
try {${op}} catch(e) {}
|
||||||
send("${callback_token}", "Done");
|
send("${callback_token}", "Done");
|
||||||
@@ -74,10 +74,14 @@ operation.forEach(([test, op]) => {
|
|||||||
|
|
||||||
assert_equals(report_2.length, 1);
|
assert_equals(report_2.length, 1);
|
||||||
assert_equals(report_2[0].type, "coop");
|
assert_equals(report_2[0].type, "coop");
|
||||||
assert_equals(report_2[0].body["violation-type"], "access");
|
assert_equals(report_2[0].body["violation-type"], "access-from-coop-page");
|
||||||
assert_equals(report_2[0].body["disposition"], "enforce");
|
assert_equals(report_2[0].body["disposition"], "enforce");
|
||||||
assert_equals(report_2[0].body["effective-policy"], "same-origin-plus-coep");
|
assert_equals(report_2[0].body["effective-policy"], "same-origin-plus-coep");
|
||||||
}, `${test}`);
|
assert_equals(report_2[0].body["property"], property);
|
||||||
|
assert_equals(report_2[0].body["source-file"], undefined);
|
||||||
|
assert_equals(report_2[0].body["lineno"], undefined);
|
||||||
|
assert_equals(report_2[0].body["colno"], undefined);
|
||||||
|
}, `${type} ${property}`);
|
||||||
});
|
});
|
||||||
|
|
||||||
</script>
|
</script>
|
||||||
|
|||||||
@@ -49,7 +49,7 @@ const reportToHeaders = function(uuid) {
|
|||||||
|
|
||||||
return {
|
return {
|
||||||
header: `|header(report-to,${reportToJSON})`,
|
header: `|header(report-to,${reportToJSON})`,
|
||||||
coopSameOrigin: `|header(Cross-Origin-Opener-Policy, same-origin%3Breport-to="${uuid}")`,
|
coopSameOriginHeader: `|header(Cross-Origin-Opener-Policy, same-origin%3Breport-to="${uuid}")`,
|
||||||
coopReportOnlySameOrigin: `|header(Cross-Origin-Opener-Policy-Report-Only, same-origin%3Breport-to="${uuid}")`,
|
coopReportOnlySameOriginHeader: `|header(Cross-Origin-Opener-Policy-Report-Only, same-origin%3Breport-to="${uuid}")`,
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|||||||
Reference in New Issue
Block a user