-
Notifications
You must be signed in to change notification settings - Fork 6.7k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add WPT for COEP blocked iframe with Early Hints
Early Hints preload should not happen when an iframe violates Cross-Origin-Embedder-Policy. Bug: 1305896 Change-Id: Id8df2654c38e2b713267d85f338dee983444bac4 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3640699 Reviewed-by: Yutaka Hirano <yhirano@chromium.org> Commit-Queue: Kenichi Ishibashi <bashi@chromium.org> Cr-Commit-Position: refs/heads/main@{#1002544}
- Loading branch information
Showing
4 changed files
with
55 additions
and
0 deletions.
There are no files selected for viewing
35 changes: 35 additions & 0 deletions
35
third_party/blink/web_tests/external/wpt/loading/early-hints/iframe-coep-disallow.h2.html
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,35 @@ | ||
<!DOCTYPE html> | ||
<head> | ||
<meta charset="utf-8"> | ||
<script src="/common/utils.js"></script> | ||
<script src="/resources/testharness.js"></script> | ||
<script src="/resources/testharnessreport.js"></script> | ||
<script src="resources/early-hints-helpers.sub.js"></script> | ||
</head> | ||
<body> | ||
<script> | ||
promise_test(async (t) => { | ||
const iframe = document.createElement("iframe"); | ||
|
||
const resource_url = CROSS_ORIGIN_RESOURCES_URL + "/empty.js?" + token(); | ||
const params = new URLSearchParams(); | ||
params.set("resource-url", resource_url); | ||
params.set("token", token()); | ||
const iframe_url = CROSS_ORIGIN_RESOURCES_URL + "/html-with-early-hints.h2.py?" + params.toString(); | ||
|
||
iframe.src = iframe_url; | ||
document.body.appendChild(iframe); | ||
// Make sure the iframe didn't load. See https://github.com/whatwg/html/issues/125 for why a | ||
// timeout is used here. Long term all network error handling should be similar and have a | ||
// reliable event. | ||
assert_equals(iframe.contentDocument.body.localName, "body"); | ||
await t.step_wait(() => iframe.contentDocument === null); | ||
|
||
// Fetch the hinted resource and make sure it's not preloaded. | ||
await fetchScript(resource_url); | ||
const entries = performance.getEntriesByName(resource_url); | ||
assert_equals(entries.length, 1); | ||
assert_not_equals(entries[0].transferSize, 0); | ||
}, "Early hints for an iframe that violates Cross-Origin-Embedder-Policy should be ignored."); | ||
</script> | ||
</body> |
1 change: 1 addition & 0 deletions
1
...rty/blink/web_tests/external/wpt/loading/early-hints/iframe-coep-disallow.h2.html.headers
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
Cross-Origin-Embedder-Policy: require-corp |
1 change: 1 addition & 0 deletions
1
third_party/blink/web_tests/external/wpt/loading/early-hints/resources/empty.js.headers
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,3 +1,4 @@ | ||
cache-control: max-age=600 | ||
access-control-allow-origin: * | ||
timing-allow-origin: * | ||
cross-origin-resource-policy: cross-origin |
18 changes: 18 additions & 0 deletions
18
...ty/blink/web_tests/external/wpt/loading/early-hints/resources/html-with-early-hints.h2.py
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,18 @@ | ||
def handle_headers(frame, request, response): | ||
resource_url = request.GET.first(b"resource-url").decode() | ||
link_header_value = "<{}>; rel=preload; as=script".format(resource_url) | ||
early_hints = [ | ||
(b":status", b"103"), | ||
(b"link", link_header_value), | ||
] | ||
response.writer.write_raw_header_frame(headers=early_hints, | ||
end_headers=True) | ||
|
||
response.status = 200 | ||
response.headers[b"content-type"] = "text/html" | ||
response.write_status_headers() | ||
|
||
|
||
def main(request, response): | ||
content = "<!-- empty -->" | ||
response.writer.write_data(item=content, last=True) |