Skip to content
Permalink
Browse files
[COOP] html/cross-origin-opener-policy/coop-same-origin-allow-popups-…
…document-write.html WPT test is failing

https://bugs.webkit.org/show_bug.cgi?id=229692

Reviewed by Darin Adler.

LayoutTests/imported/w3c:

* web-platform-tests/html/cross-origin-opener-policy/coop-same-origin-allow-popups-document-write-expected.txt:
Rebaseline WPT test that is now passing.

* web-platform-tests/html/cross-origin-opener-policy/coop-same-origin-allow-popups-document-write.html:
Merge typo fix from web-platform-tests/wpt@0adccdd

Source/WebCore:

The test does the following:
1. An opener document with `COOP=same-origin-allow-popups` opens a new window that shows the initial empty document.
   Note that the openee inherits `COOP=same-origin-allow-popups` from its opener.
2. The opener document then calls document.write() on the openee.
   Note that, as per the HTML specification, this clears the 'is displaying initial empty document' flag.
3. The openee is navigated cross-origin to a destination without COOP.

Normally, `COOP=same-origin-allow-popups` would allow the popup to be navigated cross-origin as per the logic here [1]:
"""
If all of the following are true:
    - isInitialAboutBlank,
    - activeDocumentCOOPValue's value is "same-origin-allow-popups".
    - responseCOOPValue is "unsafe-none",
then return false (meaning, no context group switch).
"""

However, because of the document.write() call at step 2, the isInitialAboutBlank flag is no longer true
and the check should fail, thus causing a browsing context group switch.

[1] https://html.spec.whatwg.org/multipage/origin.html#check-browsing-context-group-switch-coop-value

No new tests, rebaselined existing test.

* loader/DocumentLoader.cpp:
(WebCore::DocumentLoader::maybeLoadEmpty):
Replace the bad check to committedFirstRealDocumentLoad (which stays true after calling document.write()
on the initial empty document) with a check to !isDisplayingInitialEmptyDocument, which matches the
specification text. isDisplayingInitialEmptyDocument correctly becomes false after calling document.write()
on the initial empty document.

* loader/DocumentLoader.h:
(WebCore::DocumentLoader::crossOriginOpenerPolicy const):
* loader/FrameLoader.cpp:
(WebCore::FrameLoader::didBeginDocument):
Fix didBeginDocument() so that it doesn't overwrite the document's cross-origin-opener-policy when the
DocumentLoader does not know what the policy is. When opening a popup, Document::initSecurityContext()
will set the popup's cross-origin-opener-policy to the one of its opener. When didBeginDocument()
gets called later for the initial empty document, we don't want to overwrite the inherited policy
with a new default cross-origin-opener-policy of unsafe-none. The reason the DocumentLoader does not
have a policy for us is because this is the initial empty document and DocumentLoader's
doCrossOriginOpenerHandlingOfResponse() was thus never called with an actual network response.


Canonical link: https://commits.webkit.org/241139@main
git-svn-id: https://svn.webkit.org/repository/webkit/trunk@281802 268f45cc-cd09-0410-ab3c-d52691b4dbfc
  • Loading branch information
cdumez committed Aug 31, 2021
1 parent 5ac8745 commit 2830cce8942dc7478898e3928fa7cef642437aa1
@@ -1,3 +1,16 @@
2021-08-31 Chris Dumez <cdumez@apple.com>

[COOP] html/cross-origin-opener-policy/coop-same-origin-allow-popups-document-write.html WPT test is failing
https://bugs.webkit.org/show_bug.cgi?id=229692

Reviewed by Darin Adler.

* web-platform-tests/html/cross-origin-opener-policy/coop-same-origin-allow-popups-document-write-expected.txt:
Rebaseline WPT test that is now passing.

* web-platform-tests/html/cross-origin-opener-policy/coop-same-origin-allow-popups-document-write.html:
Merge typo fix from https://github.com/web-platform-tests/wpt/commit/0adccdd2cd38e2217a11d3d6dd14260f32a8a0a6

2021-08-31 Antti Koivisto <antti@apple.com>

[CSS Cascade Layers] Compute order correctly for late added sublayers
@@ -1,3 +1,3 @@

FAIL coop-same-origin-allow-popups-document-write assert_equals: opener == null expected "true" but got "false"
PASS coop-same-origin-allow-popups-document-write

@@ -52,7 +52,7 @@
// for the openee' document to load and the various fetch() with the
// dispatcher should be largely enough. However these aren't causal guarantee.
// So wait a bit to be sure:
await new Promise(r => test.step_timeout(r, 1000));
await new Promise(r => t.step_timeout(r, 1000));

// Check the opener see the openee as 'closed' after the navigation.
send(opener_token, `
@@ -1,3 +1,52 @@
2021-08-31 Chris Dumez <cdumez@apple.com>

[COOP] html/cross-origin-opener-policy/coop-same-origin-allow-popups-document-write.html WPT test is failing
https://bugs.webkit.org/show_bug.cgi?id=229692

Reviewed by Darin Adler.

The test does the following:
1. An opener document with `COOP=same-origin-allow-popups` opens a new window that shows the initial empty document.
Note that the openee inherits `COOP=same-origin-allow-popups` from its opener.
2. The opener document then calls document.write() on the openee.
Note that, as per the HTML specification, this clears the 'is displaying initial empty document' flag.
3. The openee is navigated cross-origin to a destination without COOP.

Normally, `COOP=same-origin-allow-popups` would allow the popup to be navigated cross-origin as per the logic here [1]:
"""
If all of the following are true:
- isInitialAboutBlank,
- activeDocumentCOOPValue's value is "same-origin-allow-popups".
- responseCOOPValue is "unsafe-none",
then return false (meaning, no context group switch).
"""

However, because of the document.write() call at step 2, the isInitialAboutBlank flag is no longer true
and the check should fail, thus causing a browsing context group switch.

[1] https://html.spec.whatwg.org/multipage/origin.html#check-browsing-context-group-switch-coop-value

No new tests, rebaselined existing test.

* loader/DocumentLoader.cpp:
(WebCore::DocumentLoader::maybeLoadEmpty):
Replace the bad check to committedFirstRealDocumentLoad (which stays true after calling document.write()
on the initial empty document) with a check to !isDisplayingInitialEmptyDocument, which matches the
specification text. isDisplayingInitialEmptyDocument correctly becomes false after calling document.write()
on the initial empty document.

* loader/DocumentLoader.h:
(WebCore::DocumentLoader::crossOriginOpenerPolicy const):
* loader/FrameLoader.cpp:
(WebCore::FrameLoader::didBeginDocument):
Fix didBeginDocument() so that it doesn't overwrite the document's cross-origin-opener-policy when the
DocumentLoader does not know what the policy is. When opening a popup, Document::initSecurityContext()
will set the popup's cross-origin-opener-policy to the one of its opener. When didBeginDocument()
gets called later for the initial empty document, we don't want to overwrite the inherited policy
with a new default cross-origin-opener-policy of unsafe-none. The reason the DocumentLoader does not
have a policy for us is because this is the initial empty document and DocumentLoader's
doCrossOriginOpenerHandlingOfResponse() was thus never called with an actual network response.

2021-08-31 Carlos Garcia Campos <cgarcia@igalia.com>

[SOUP] Assertion in startObservingCookieChanges()
@@ -2011,7 +2011,7 @@ bool DocumentLoader::maybeLoadEmpty()
String mimeType = shouldLoadEmpty ? "text/html" : frameLoader()->client().generatedMIMETypeForURLScheme(m_request.url().protocol().toStringWithoutCopying());
m_response = ResourceResponse(m_request.url(), mimeType, 0, "UTF-8"_s);

if (frameLoader()->stateMachine().committedFirstRealDocumentLoad()) {
if (!frameLoader()->stateMachine().isDisplayingInitialEmptyDocument()) {
doCrossOriginOpenerHandlingOfResponse(m_response);

// FIXME: Non-initial about:blank loads may cause a browsing context group switch. However, such load is synchronous and doesn't
@@ -423,7 +423,7 @@ class DocumentLoader
bool lastNavigationWasAppInitiated() const { return m_lastNavigationWasAppInitiated; }
void setLastNavigationWasAppInitiated(bool lastNavigationWasAppInitiated) { m_lastNavigationWasAppInitiated = lastNavigationWasAppInitiated; }

CrossOriginOpenerPolicy crossOriginOpenerPolicy() const { return m_currentCoopEnforcementResult ? m_currentCoopEnforcementResult->crossOriginOpenerPolicy : CrossOriginOpenerPolicy { }; }
std::optional<CrossOriginOpenerPolicy> crossOriginOpenerPolicy() const { return m_currentCoopEnforcementResult ? std::make_optional(m_currentCoopEnforcementResult->crossOriginOpenerPolicy) : std::nullopt; }

bool isContinuingLoadAfterResponsePolicyCheck() const { return m_isContinuingLoadAfterResponsePolicyCheck; }
void setIsContinuingLoadAfterResponsePolicyCheck(bool isContinuingLoadAfterResponsePolicyCheck) { m_isContinuingLoadAfterResponsePolicyCheck = isContinuingLoadAfterResponsePolicyCheck; }
@@ -768,8 +768,10 @@ void FrameLoader::didBeginDocument(bool dispatch)
}

// https://html.spec.whatwg.org/multipage/browsing-the-web.html#initialise-the-document-object (Step 7)
if (m_frame.isMainFrame())
m_frame.document()->setCrossOriginOpenerPolicy(m_documentLoader->crossOriginOpenerPolicy());
if (m_frame.isMainFrame()) {
if (auto crossOriginOpenerPolicy = m_documentLoader->crossOriginOpenerPolicy())
m_frame.document()->setCrossOriginOpenerPolicy(WTFMove(*crossOriginOpenerPolicy));
}
}

history().restoreDocumentState();

0 comments on commit 2830cce

Please sign in to comment.