-
Notifications
You must be signed in to change notification settings - Fork 3.1k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add one WPT test about <iframe>. A few parameters can vary: - Parent is COEP:{none,credentialless,require-corp} - Child is COEP:{none,credentialless,require-corp} - Child is CORP:{undefined, cross-origin} - Child is {same-origin,cross-origin} with its parent. Depending on all of those, the iframe must be blocked or must loaded. Bug:1175099 Change-Id: I6f60cac9211afdecf9969050efb5e4598cc1052e
- Loading branch information
1 parent
dae1263
commit 9c1e9bc
Showing
6 changed files
with
213 additions
and
5 deletions.
There are no files selected for viewing
39 changes: 39 additions & 0 deletions
39
...oss-origin-embedder-policy/credentialless/iframe-coep-credentialless.tentative.https.html
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,39 @@ | ||
<script src="/resources/testharness.js"></script> | ||
<script src="/resources/testharnessreport.js"></script> | ||
<script src="/common/get-host-info.sub.js"></script> | ||
<script src="/common/utils.js"></script> | ||
<script src="./resources/common.js"></script> | ||
<script src="./resources/dispatcher.js"></script> | ||
<script src="./resources/iframeTest.js"></script> | ||
|
||
<script> | ||
|
||
const parent_coep_credentialless = newWindow(coep_credentialless); | ||
iframeTest("COEP:credentialless embeds same-origin COEP:none", | ||
parent_coep_credentialless, same_origin, coep_none, EXPECT_BLOCK); | ||
iframeTest("COEP:credentialless embeds cross-origin COEP:none", | ||
parent_coep_credentialless, cross_origin, coep_none, EXPECT_BLOCK); | ||
iframeTest("COEP:credentialless embeds same-origin COEP:credentialless", | ||
parent_coep_credentialless, same_origin, coep_credentialless, EXPECT_LOAD); | ||
iframeTest("COEP:credentialless embeds cross-origin COEP:credentialless", | ||
parent_coep_credentialless, cross_origin, coep_credentialless, EXPECT_BLOCK); | ||
iframeTest("COEP:credentialless embeds same-origin COEP:require-corp", | ||
parent_coep_credentialless, same_origin, coep_require_corp, EXPECT_LOAD); | ||
iframeTest("COEP:credentialless embeds cross-origin COEP:require-corp", | ||
parent_coep_credentialless, cross_origin, coep_require_corp, EXPECT_BLOCK); | ||
|
||
// Using CORP:cross-origin might unblock previously blocked iframes. | ||
iframeTestCORP("COEP:credentialless embeds same-origin COEP:none", | ||
parent_coep_credentialless, same_origin, coep_none, EXPECT_BLOCK); | ||
iframeTestCORP("COEP:credentialless embeds cross-origin COEP:none", | ||
parent_coep_credentialless, cross_origin, coep_none, EXPECT_BLOCK); | ||
iframeTestCORP("COEP:credentialless embeds same-origin COEP:credentialless", | ||
parent_coep_credentialless, same_origin, coep_credentialless, EXPECT_LOAD); | ||
iframeTestCORP("COEP:credentialless embeds cross-origin COEP:credentialless", | ||
parent_coep_credentialless, cross_origin, coep_credentialless, EXPECT_LOAD); | ||
iframeTestCORP("COEP:credentialless embeds same-origin COEP:require-corp", | ||
parent_coep_credentialless, same_origin, coep_require_corp, EXPECT_LOAD); | ||
iframeTestCORP("COEP:credentialless embeds cross-origin COEP:require-corp", | ||
parent_coep_credentialless, cross_origin, coep_require_corp, EXPECT_LOAD); | ||
|
||
</script> |
25 changes: 25 additions & 0 deletions
25
html/cross-origin-embedder-policy/credentialless/iframe-coep-none.tentative.https.html
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,25 @@ | ||
<script src="/resources/testharness.js"></script> | ||
<script src="/resources/testharnessreport.js"></script> | ||
<script src="/common/get-host-info.sub.js"></script> | ||
<script src="/common/utils.js"></script> | ||
<script src="./resources/common.js"></script> | ||
<script src="./resources/dispatcher.js"></script> | ||
<script src="./resources/iframeTest.js"></script> | ||
|
||
<script> | ||
|
||
const parent_coep_none = newWindow(coep_none); | ||
iframeTest("COEP:none embeds same-origin COEP:none", | ||
parent_coep_none, same_origin, coep_none, EXPECT_LOAD); | ||
iframeTest("COEP:none embeds cross-origin COEP:none", | ||
parent_coep_none, cross_origin, coep_none, EXPECT_LOAD); | ||
iframeTest("COEP:none embeds same-origin COEP:credentialless", | ||
parent_coep_none, same_origin, coep_credentialless, EXPECT_LOAD); | ||
iframeTest("COEP:none embeds cross-origin COEP:credentialless", | ||
parent_coep_none, cross_origin, coep_credentialless, EXPECT_LOAD); | ||
iframeTest("COEP:none embeds same-origin COEP:require-corp", | ||
parent_coep_none, same_origin, coep_require_corp, EXPECT_LOAD); | ||
iframeTest("COEP:none embeds cross-origin COEP:require-corp", | ||
parent_coep_none, cross_origin, coep_require_corp, EXPECT_LOAD); | ||
|
||
</script> |
39 changes: 39 additions & 0 deletions
39
...cross-origin-embedder-policy/credentialless/iframe-coep-require-corp.tentative.https.html
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,39 @@ | ||
<script src="/resources/testharness.js"></script> | ||
<script src="/resources/testharnessreport.js"></script> | ||
<script src="/common/get-host-info.sub.js"></script> | ||
<script src="/common/utils.js"></script> | ||
<script src="./resources/common.js"></script> | ||
<script src="./resources/dispatcher.js"></script> | ||
<script src="./resources/iframeTest.js"></script> | ||
|
||
<script> | ||
|
||
const parent_coep_require_corp = newWindow(coep_require_corp); | ||
iframeTest("COEP:require-corp embeds same-origin COEP:none", | ||
parent_coep_require_corp, same_origin, coep_none, EXPECT_BLOCK); | ||
iframeTest("COEP:require-corp embeds cross-origin COEP:none", | ||
parent_coep_require_corp, cross_origin, coep_none, EXPECT_BLOCK); | ||
iframeTest("COEP:require-corp embeds same-origin COEP:credentialless", | ||
parent_coep_require_corp, same_origin, coep_credentialless, EXPECT_BLOCK); | ||
iframeTest("COEP:require-corp embeds cross-origin COEP:credentialless", | ||
parent_coep_require_corp, cross_origin, coep_credentialless, EXPECT_BLOCK); | ||
iframeTest("COEP:require-corp embeds same-origin COEP:require-corp", | ||
parent_coep_require_corp, same_origin, coep_require_corp, EXPECT_LOAD); | ||
iframeTest("COEP:require-corp embeds cross-origin COEP:require-corp", | ||
parent_coep_require_corp, cross_origin, coep_require_corp, EXPECT_BLOCK); | ||
|
||
// Using CORP:cross-origin might unblock previously blocked iframes. | ||
iframeTestCORP("COEP:require-corp embeds same-origin COEP:none", | ||
parent_coep_require_corp, same_origin, coep_none, EXPECT_BLOCK); | ||
iframeTestCORP("COEP:require-corp embeds cross-origin COEP:none", | ||
parent_coep_require_corp, cross_origin, coep_none, EXPECT_BLOCK); | ||
iframeTestCORP("COEP:require-corp embeds same-origin COEP:credentialless", | ||
parent_coep_require_corp, same_origin, coep_credentialless, EXPECT_BLOCK); | ||
iframeTestCORP("COEP:require-corp embeds cross-origin COEP:credentialless", | ||
parent_coep_require_corp, cross_origin, coep_credentialless, EXPECT_BLOCK); | ||
iframeTestCORP("COEP:require-corp embeds same-origin COEP:require-corp", | ||
parent_coep_require_corp, same_origin, coep_require_corp, EXPECT_LOAD); | ||
iframeTestCORP("COEP:require-corp embeds cross-origin COEP:require-corp", | ||
parent_coep_require_corp, cross_origin, coep_require_corp, EXPECT_LOAD); | ||
|
||
</script> |
16 changes: 14 additions & 2 deletions
16
html/cross-origin-embedder-policy/credentialless/resources/common.js
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
75 changes: 75 additions & 0 deletions
75
html/cross-origin-embedder-policy/credentialless/resources/iframeTest.js
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,75 @@ | ||
// One document embeds another in an iframe. Both are loaded from the network. | ||
// Depending on the response headers: | ||
// - Cross-Origin-Embedder-Policy (COEP) | ||
// - Cross-Origin-Resource-Policy (CORP) | ||
// The child must load or must be blocked. | ||
// | ||
// What to do for: | ||
// - COEP:credentialless | ||
// - COEP:credentialless-on-children | ||
// is currently an active open question. This test will be updated/completed | ||
// later. | ||
|
||
// There are no interoperable ways to check an iframe failed to load. So a | ||
// timeout is being used. See https://github.com/whatwg/html/issues/125 | ||
// Moreover, we want to track progress, managing timeout explicitly allows to | ||
// get a per-test results, even in case of failure of one. | ||
setup({ explicit_timeout: true }); | ||
|
||
const same_origin = get_host_info().HTTPS_ORIGIN; | ||
const cross_origin = get_host_info().HTTPS_REMOTE_ORIGIN; | ||
|
||
// Open a new window loaded with the given |headers|. The new document will | ||
// execute any script sent toward the token it returns. | ||
const newWindow = (headers) => { | ||
const executor_token = token(); | ||
const url = same_origin + executor_path + headers + `&uuid=${executor_token}`; | ||
const w = window.open(url); | ||
add_completion_callback(() => w.close()); | ||
return executor_token; | ||
}; | ||
|
||
const EXPECT_LOAD = "load"; | ||
const EXPECT_BLOCK = "block"; | ||
|
||
// Load in iframe. Control both the parent and the child headers. Check whether | ||
// it loads or not. | ||
const iframeTest = function( | ||
description, | ||
parent_token, | ||
child_origin, | ||
child_headers, | ||
expectation | ||
) { | ||
promise_test_parallel(async test => { | ||
const test_token = token(); | ||
|
||
const child_token = token(); | ||
const child_url = child_origin + executor_path + child_headers + | ||
`&uuid=${child_token}`; | ||
|
||
send(parent_token, ` | ||
let iframe = document.createElement("iframe"); | ||
iframe.src = "${child_url}"; | ||
document.body.appendChild(iframe); | ||
`); | ||
|
||
send(child_token, ` | ||
send("${test_token}", "load"); | ||
`); | ||
|
||
// There are no interoperable ways to check an iframe failed to load. So a | ||
// timeout is being used. | ||
// See https://github.com/whatwg/html/issues/125 | ||
step_timeout(()=>send(test_token, "block"), 3000); | ||
|
||
assert_equals(await receive(test_token), expectation); | ||
}, description); | ||
} | ||
|
||
// A decorated version of iframeTest, adding CORP:cross-origin to the child. | ||
const iframeTestCORP = function() { | ||
arguments[0] += ", CORP:cross-origin"; // description | ||
arguments[3] += corp_cross_origin; // child_headers | ||
iframeTest(...arguments); | ||
} |