Implement Storage Access commands for TestDriver

This change implements the Set Storage Access command for TestDriver in Blink and content_shell: https://privacycg.github.io/storage-access/#automation This is needed to support more in-depth WPT tests for the Storage Access API. The current WPT tests for this feature cover basic IDL behavior, but are not able to verify that the requestStorageAccess API itself is functional because the browser must first be put into a state where third-party cookies are blocked. A new set_storage_access method has been added to testdriver.js. It functions similarly to the existing set_permission method. This calls a Blink-internal method that forwards the passed in arguments to the content shell via Mojo. A new WebTestStorageAccessManager class in the content shell converts the arguments into ContentSettingsPatterns and passes these settings to the CookieManager. The WebTestStorageAccessManager also enables third-party cookie blocking so that these rules will take effect. Bug: 1096803 Change-Id: I635687e7d00cf95fa2cf54fb86e1f65a0fe85f3f Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2253280 Reviewed-by: Martin Šrámek <msramek@chromium.org> Reviewed-by: Mike West <mkwst@chromium.org> Commit-Queue: Brandon Walderman <brwalder@microsoft.com> Cr-Commit-Position: refs/heads/master@{#790441}
web-platform-tests · Jul 24, 2020 · 48846ad · 48846ad
1 parent 48180e6
commit 48846ad
Show file tree

Hide file tree

Showing 3 changed files with 92 additions and 0 deletions.
diff --git a/resources/testdriver.js b/resources/testdriver.js
@@ -355,6 +355,32 @@
         set_user_verified: function(authenticator_id, uv) {
             return window.test_driver_internal.set_user_verified(authenticator_id, uv);
         },
+
+        /**
+         * Sets the storage access rule for an origin when embedded
+         * in a third-party context.
+         *
+         * {@link https://privacycg.github.io/storage-access/#set-storage-access-command}
+         *
+         * @param {String} origin - A third-party origin to block or allow.
+         *                          May be "*" to indicate all origins.
+         * @param {String} embedding_origin - an embedding (first-party) origin
+         *                                    on which {origin}'s access should
+         *                                    be blocked or allowed.
+         *                                    May be "*" to indicate all origins.
+         * @param {String} state - The storage access setting.
+         *                         Must be either "allowed" or "blocked".
+         *
+         * @returns {Promise} Fulfilled after the storage access rule has been
+         *                    set, or rejected if setting the rule fails.
+         */
+        set_storage_access: function(origin, embedding_origin, state) {
+            if (state !== "allowed" && state !== "blocked") {
+                throw new Error("storage access status must be 'allowed' or 'blocked'");
+            }
+            const blocked = state === "blocked";
+            return window.test_driver_internal.set_storage_access(origin, embedding_origin, blocked);
+        },
     };
 
     window.test_driver_internal = {
@@ -569,5 +595,13 @@
         set_user_verified: function(authenticator_id, uv) {
             return Promise.reject(new Error("unimplemented"));
         },
+
+        /**
+         * Sets the storage access policy for a third-party origin when loaded
+         * in the current first party context
+         */
+        set_storage_access: function(origin, embedding_origin, blocked) {
+            return Promise.reject(new Error("unimplemented"));
+        },
     };
 })();
diff --git a/storage-access-api/resources/set-cookie.py b/storage-access-api/resources/set-cookie.py
@@ -0,0 +1,27 @@
+def main(request, response):
+  name = request.GET.first(b"name")
+  value = request.GET.first(b"value")
+  testcase = request.GET.first(b"testcase")
+  response_headers = [(b"Set-Cookie", name + b"=" + value)]
+
+  body = b"""
+  <!DOCTYPE html>
+  <meta charset="utf-8">
+  <title>Set Storage Access Subframe</title>
+  <script src="/resources/testharness.js"></script>
+
+  <script>
+    let querystring = window.location.search.substring(1).split("&");
+    const allowed = querystring.some(param => param.toLowerCase() === "allowed=true");
+
+    test(() => {
+      if (allowed) {
+        assert_equals(document.cookie, "%s=%s");
+      } else {
+        assert_equals(document.cookie, "");
+      }
+    }, "[%s] Cookie access is allowed: " + allowed);
+  </script>
+  """ % (name, value, testcase)
+
+  return (200, response_headers, body)
diff --git a/storage-access-api/storageAccess.testdriver.sub.html b/storage-access-api/storageAccess.testdriver.sub.html
@@ -0,0 +1,31 @@
+<!DOCTYPE html>
+<head>
+  <title>TestDriver - Set Storage Access Command Tests</title>
+  <script src="/resources/testharness.js"></script>
+  <script src="/resources/testharnessreport.js"></script>
+  <script src="/resources/testdriver.js"></script>
+  <script src="/resources/testdriver-vendor.js"></script>
+  <script src="helpers.js"></script>
+</head>
+<body>
+  <script>
+    "use strict";
+
+    promise_test(async t => {
+      // Allow a third-party site embedded in this first-party site.
+      await window.test_driver.set_storage_access("http://{{domains[www]}}:{{ports[http][0]}}/", "http://{{domains[]}}:{{ports[http][0]}}/", "allowed");
+      // Block a third-party site embedded in this first-party site.
+      await window.test_driver.set_storage_access("http://{{domains[www1]}}:{{ports[http][0]}}/", "http://{{domains[]}}:{{ports[http][0]}}/", "blocked");
+      // Block a third-party site on all first-party sites.
+      await window.test_driver.set_storage_access("http://{{domains[www2]}}:{{ports[http][0]}}/", "*", "blocked");
+    }, "Set up storage access rules");
+
+    RunTestsInIFrame("http://{{domains[]}}:{{ports[http][0]}}/storage-access-api/resources/set-cookie.py?name=hello0&value=world0&allowed=true&testcase=same-site");
+
+    RunTestsInIFrame("http://{{domains[www]}}:{{ports[http][0]}}/storage-access-api/resources/set-cookie.py?name=hello&value=world&allowed=true&testcase=third-party-allowed-on-first-party-site");
+
+    RunTestsInIFrame("http://{{domains[www1]}}:{{ports[http][0]}}/storage-access-api/resources/set-cookie.py?name=hello1&value=world1&allowed=false&testcase=third-party-blocked-on-first-party-site");
+
+    RunTestsInIFrame("http://{{domains[www2]}}:{{ports[http][0]}}/storage-access-api/resources/set-cookie.py?name=hello2&value=world2&allowed=false&testcase=third-party-blocked-all");
+  </script>
+</body>