Skip to content

Commit

Permalink
Bug 1793992 [wpt PR 36314] - [Permissions Policy Wildcards] (6) Add W…
Browse files Browse the repository at this point in the history 
…PTs, a=testonly

Automatic update from web-platform-tests
[Permissions Policy Wildcards] (6) Add WPTs

We can see the entire thing work end to end now!
Design doc:
w3c/webappsec-permissions-policy#482

This CL is part of a series:
(1) Add function to detect subdomain matches
(2) Use OriginWithPossibleWildcards in policy
(3) Propagate node source to allow list parser
(4) Parse wildcard subdomain matches
(5) Support wildcards in getAllowlistForFeature
(6) Add WPTs
(7) Enable by default

Bug: 1345994
Change-Id: I8826db4e74eb8a40e09e176459fe5f84343d456e
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3938164
Auto-Submit: Ari Chivukula <arichiv@chromium.org>
Reviewed-by: Koji Ishii <kojii@chromium.org>
Commit-Queue: Ari Chivukula <arichiv@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1056243}

--

wpt-commits: 65aefb278c8c05feb767bebd3840b1b2dd2d7c61
wpt-pr: 36314
  • Loading branch information
@arichiv @moz-wptsync-bot
arichiv authored and moz-wptsync-bot committed Oct 21, 2022
1 parent bfc30cf commit d9a527f
Show file tree
Hide file tree
Showing 4 changed files with 125 additions and 0 deletions.
55 changes: 55 additions & 0 deletions ...ons-policy/permissions-policy-header-policy-allowed-for-malformed-wildcard.https.sub.html
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,55 @@
<!DOCTYPE html>
<body>
<script src=/resources/testharness.js></script>
<script src=/resources/testharnessreport.js></script>
<script src=/permissions-policy/resources/permissions-policy.js></script>
<!-- Permissions-Policy: fullscreen=$MALFORMED_WILDCARD_ORIGINS self; -->
<script>
'use strict';
var same_origin = 'https://{{domains[]}}:{{ports[https][0]}}';
var cross_origin = 'https://{{domains[www]}}:{{ports[https][0]}}';
var cross_origin1 = 'https://{{domains[www1]}}:{{ports[https][0]}}';
var same_origin_src = '/permissions-policy/resources/permissions-policy-allowedfeatures.html';
var cross_origin_src = cross_origin + same_origin_src;
var cross_origin_src1 = cross_origin1 + same_origin_src;
var header_policy = `Permissions-Policy: fullscreen=("$MALFORMED_WILDCARD_ORIGINS self")`;

// Test that fullscreen's allowlist lists all the malformed wildcards and self.
test(function() {
assert_array_equals(
document.featurePolicy.getAllowlistForFeature('fullscreen').sort(),
["https://%2A.%2A.{{domains[]}}:{{ports[https][0]}}", "https://example.%2A.{{domains[]}}:{{ports[https][0]}}", "https://{{domains[]}}:{{ports[https][0]}}"].sort());
}, header_policy + ' -- test allowlist lists all the malformed wildcards and self.');

// Test that fullscreen is allowed on same-origin subframes with or without an allow attribute.
test_allowed_feature_for_subframe(
header_policy + ' -- test fullscreen is allowed on same-origin subframe',
'fullscreen',
same_origin_src);
test_allowed_feature_for_subframe(
header_policy + ' -- test fullscreen is allowed on same-origin subframe with allow attribute',
'fullscreen',
same_origin_src,
"fullscreen " + same_origin);

// Test that fullscreen is disallowed on cross-origin subframes without an allow attribute.
test_disallowed_feature_for_subframe(
header_policy + ' -- test fullscreen is disallowed on cross-origin subframe',
'fullscreen',
cross_origin_src);
test_disallowed_feature_for_subframe(
header_policy + ' -- test fullscreen is disallowed on cross-origin subframe allow attribute',
'fullscreen',
cross_origin_src,
"fullscreen " + cross_origin);
test_disallowed_feature_for_subframe(
header_policy + ' -- test fullscreen is disallowed on another cross-origin subframe',
'fullscreen',
cross_origin_src1);
test_disallowed_feature_for_subframe(
header_policy + ' -- test fullscreen is disallowed on another cross-origin subframe allow attribute',
'fullscreen',
cross_origin_src1,
"fullscreen " + cross_origin1);
</script>
</body>
1 change: 1 addition & 0 deletions ...ermissions-policy-header-policy-allowed-for-malformed-wildcard.https.sub.html.sub.headers
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
Permissions-Policy: fullscreen=("*://{{domains[]}}:{{ports[https][0]}}" "https://{{domains[]}}:*" "https://*.*.{{domains[]}}:{{ports[https][0]}}" "https://example.*.{{domains[]}}:{{ports[https][0]}}" self)
68 changes: 68 additions & 0 deletions ...s/permissions-policy/permissions-policy-header-policy-allowed-for-wildcard.https.sub.html
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,68 @@
<!DOCTYPE html>
<body>
<script src=/resources/testharness.js></script>
<script src=/resources/testharnessreport.js></script>
<script src=/permissions-policy/resources/permissions-policy.js></script>
<!-- Permissions-Policy: fullscreen=self wildcard_origin; -->
<script>
'use strict';
var same_origin = 'https://{{domains[]}}:{{ports[https][0]}}';
var wildcard_origin = 'https://*.{{domains[]}}:{{ports[https][0]}}';
var cross_origin = 'https://{{domains[www]}}:{{ports[https][0]}}';
var cross_origin1 = 'https://{{domains[www1]}}:{{ports[https][0]}}';
var same_origin_src = '/permissions-policy/resources/permissions-policy-allowedfeatures.html';
var cross_origin_src = cross_origin + same_origin_src;
var cross_origin_src1 = cross_origin1 + same_origin_src;
var header_policy = `Permissions-Policy: fullscreen=("${wildcard_origin}")`;

// Test that fullscreen's allowlist is [self wildcard_origin].
test(function() {
assert_array_equals(
document.featurePolicy.getAllowlistForFeature('fullscreen').sort(),
[wildcard_origin, same_origin].sort());
}, header_policy + ' -- test allowlist is [self wildcard_origin].');

// Test that fullscreen is allowed on same-origin subframes with or without an allow attribute.
test_allowed_feature_for_subframe(
header_policy + ' -- test fullscreen is allowed on same-origin subframe',
'fullscreen',
same_origin_src);
test_allowed_feature_for_subframe(
header_policy + ' -- test fullscreen is allowed on same-origin subframe even with allow attribute',
'fullscreen',
same_origin_src,
"fullscreen " + same_origin);

// Test that fullscreen is disallowed on cross-origin subframes without an allow attribute.
test_disallowed_feature_for_subframe(
header_policy + ' -- test fullscreen is disallowed on cross-origin subframe',
'fullscreen',
cross_origin_src);
test_allowed_feature_for_subframe(
header_policy + ' -- test fullscreen is allowed on cross-origin subframe allow attribute',
'fullscreen',
cross_origin_src,
"fullscreen " + cross_origin);
test_disallowed_feature_for_subframe(
header_policy + ' -- test fullscreen is disallowed on another cross-origin subframe',
'fullscreen',
cross_origin_src1);
test_allowed_feature_for_subframe(
header_policy + ' -- test fullscreen is allowed on another cross-origin subframe allow attribute',
'fullscreen',
cross_origin_src1,
"fullscreen " + cross_origin1);

// Test that wildcard allow attribute isn't supported.
test_disallowed_feature_for_subframe(
header_policy + ' -- test fullscreen is disallowed on cross-origin subframe with wildcard allow attribute',
'fullscreen',
cross_origin_src,
"fullscreen " + wildcard_origin);
test_disallowed_feature_for_subframe(
header_policy + ' -- test fullscreen is disallowed on another cross-origin subframe with wildcard allow attribute',
'fullscreen',
cross_origin_src1,
"fullscreen " + wildcard_origin);
</script>
</body>
1 change: 1 addition & 0 deletions ...s-policy/permissions-policy-header-policy-allowed-for-wildcard.https.sub.html.sub.headers
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
Permissions-Policy: fullscreen=(self "https://*.{{domains[]}}:{{ports[https][0]}}")

0 comments on commit d9a527f

Please sign in to comment.