Skip to content

Commit

Permalink
Shared Storage: Allow writes from headers in all sandboxed frames
Browse files Browse the repository at this point in the history 
Previously, writing to shared storage via response headers by way of
a fetch or image request would work inside a sandboxed iframe only if
the iframe had sandbox flag "allow-same-origin". We remove this
unnecessary restriction by correcting the origin used for the
opaqueness check for sharedStorageWritable image and fetch requests:
instead of checking the environment's origin for opaqueness, we now
check the request's origin for opaqueness in order to determine
eligibility for the 'Sec-Shared-Storage-Writable' request header.

See WICG/shared-storage#155 for the related
specification fix.

Bug: 339172115
Change-Id: Ia3d048c8441bb99ea48d3943c55fe83c943bcadf
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5527770
Reviewed-by: Nate Chapin <japhet@chromium.org>
Reviewed-by: Yao Xiao <yaoxia@chromium.org>
Commit-Queue: Cammie Smith Barnes <cammie@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1303509}
  • Loading branch information
@pythagoraskitty @chromium-wpt-export-bot
pythagoraskitty authored and chromium-wpt-export-bot committed May 20, 2024
1 parent 10dbaea commit a05ac39
Show file tree
Hide file tree
Showing 7 changed files with 215 additions and 43 deletions.
18 changes: 18 additions & 0 deletions shared-storage/shared-storage-writable-fetch-request-for-data-url.tentative.https.sub.html
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
<!doctype html>
<body>
<script src=/resources/testharness.js></script>
<script src=/resources/testharnessreport.js></script>
<script>
'use strict';

promise_test(async t => {
const innerCode =
`window.parent.postMessage({fetchStatus: "success"}, '*');`;
const dataURL = 'data:text/javascript;base64,'
+ btoa(unescape(encodeURIComponent(innerCode)));
await promise_rejects_js(t, TypeError,
fetch(dataURL, {sharedStorageWritable: true}));

}, 'shared storage fetch request disallowed for data URL');
</script>
</body>
69 changes: 69 additions & 0 deletions shared-storage/shared-storage-writable-fetch-request-in-data-url.tentative.https.sub.html
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,69 @@
<!doctype html>
<body>
<script src=/resources/testharness.js></script>
<script src=/resources/testharnessreport.js></script>
<script src=/common/utils.js></script>
<script src=/fenced-frame/resources/utils.js></script>
<script src=/shared-storage/resources/util.js></script>
<script>
'use strict';
const origin = window.location.origin;
const rawSetHeader = 'set;key=hello;value=world';
const setHeader = encodeURIComponent(rawSetHeader);

promise_test(async t => {
let frame = document.createElement('iframe');
const promise = new Promise((resolve, reject) => {
window.addEventListener('message', async function handler(evt) {
if (evt.source === frame.contentWindow &&
evt.data.sharedStorageFetchStatus) {
document.body.removeChild(frame);
window.removeEventListener('message', handler);
resolve(evt.data.sharedStorageFetchStatus);
}
});
window.addEventListener('error', (error) => {
reject(error);
});
});

const fetchUrl =
`${origin}\\/shared-storage\\/resources\\/shared-storage-write.py`
+ `?write=${setHeader}`;
const fetchCode = `
let parentOrOpener = window.opener || window.parent;
let innerFrame = document.createElement('iframe');
window.addEventListener('message', async (evt) => {
if (evt.source === innerFrame.contentWindow) {
parentOrOpener.postMessage({sharedStorageFetchStatus: "success"}, '*');
}
});
window.addEventListener('error', (error) => {
parentOrOpener.postMessage({sharedStorageFetchStatus: error.message}, '*');
});
fetch('${fetchUrl}', {sharedStorageWritable: true})
.then(response => response.text())
.then(htmlContent => {
innerFrame.srcdoc = htmlContent;
document.body.appendChild(innerFrame);
})
.catch(error => {
parentOrOpener.postMessage({sharedStorageFetchStatus: error.name},
"*");
});
`;

const dataURL = 'data:text/html;base64,'
+ btoa(unescape('%3Chtml%3E%3Cbody%3E%3Cscript%3E'
+ encodeURIComponent(fetchCode) +
'%3C%2Fscript%3E%3C%2Fbody%3E%3C%2Fhtml%3E'));
frame.src = dataURL;
document.body.appendChild(frame);

const result = await promise;
assert_equals(result, "TypeError");
await verifyKeyNotFoundForOrigin('hello', origin);

}, 'shared storage fetch request disallowed in opaque origin from data URL');
</script>
</body>
2 changes: 1 addition & 1 deletion shared-storage/shared-storage-writable-fetch-request-in-sandboxed-frame.tentative.https.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -79,7 +79,7 @@
/*key=*/'c',
/*value=*/'d',
/*sandbox_flags=*/'allow-scripts',
/*expect_success=*/false);
/*expect_success=*/true);
}, 'test sharedStorageWritable fetch request in sandboxed iframe without '
+ '"allow-same-origin"');
</script>
Expand Down
64 changes: 64 additions & 0 deletions shared-storage/shared-storage-writable-iframe-request-in-data-url.tentative.https.sub.html
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,64 @@
<!doctype html>
<body>
<script src=/resources/testharness.js></script>
<script src=/resources/testharnessreport.js></script>
<script src=/common/utils.js></script>
<script src=/fenced-frame/resources/utils.js></script>
<script src=/shared-storage/resources/util.js></script>
<script>
'use strict';
const origin = window.location.origin;
const rawSetHeader = 'set;key=hello;value=world';
const setHeader = encodeURIComponent(rawSetHeader);

promise_test(async t => {
let frame = document.createElement('iframe');
const promise = new Promise((resolve, reject) => {
window.addEventListener('message', async function handler(evt) {
if (evt.source === frame.contentWindow &&
evt.data.sharedStorageWritableHeader) {
document.body.removeChild(frame);
window.removeEventListener('message', handler);
resolve(evt.data.sharedStorageWritableHeader);
}
});
window.addEventListener('error', (error) => {
reject(error);
});
});

const innerUrl =
`${origin}\\/shared-storage\\/resources\\/shared-storage-write-`
+ `notify-parent.py?write=${setHeader}`;
const innerCode = `
let parentOrOpener = window.opener || window.parent;
let innerFrame = document.createElement('iframe');
window.addEventListener('message', async (evt) => {
if (evt.source === innerFrame.contentWindow &&
evt.data.sharedStorageWritableHeader) {
parentOrOpener.postMessage({sharedStorageWritableHeader:
evt.data.sharedStorageWritableHeader}, '*');
}
});
window.addEventListener('error', (error) => {
parentOrOpener.postMessage({sharedStorageWritableHeader: error.message}, '*');
});
innerFrame.src = '${innerUrl}';
innerFrame.sharedStorageWritable = true;
document.body.appendChild(innerFrame);
`;

const dataURL = 'data:text/html;base64,'
+ btoa(unescape('%3Chtml%3E%3Cbody%3E%3Cscript%3E'
+ encodeURIComponent(innerCode) +
'%3C%2Fscript%3E%3C%2Fbody%3E%3C%2Fhtml%3E'));
frame.src = dataURL;
document.body.appendChild(frame);

const result = await promise;
assert_equals(result, "NO_SHARED_STORAGE_WRITABLE_HEADER");
await verifyKeyNotFoundForOrigin('hello', origin);

}, 'shared storage iframe request disallowed in opaque origin from data URL');
</script>
</body>
62 changes: 62 additions & 0 deletions shared-storage/shared-storage-writable-img-request-in-data-url.tentative.https.sub.html
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,62 @@
<!doctype html>
<body>
<script src=/resources/testharness.js></script>
<script src=/resources/testharnessreport.js></script>
<script src=/common/utils.js></script>
<script src=/fenced-frame/resources/utils.js></script>
<script src=/shared-storage/resources/util.js></script>
<script>
'use strict';
const origin = window.location.origin;
const rawSetHeader = 'set;key=hello;value=world';
const setHeader = encodeURIComponent(rawSetHeader);

promise_test(async t => {
let frame = document.createElement('iframe');
const promise = new Promise((resolve, reject) => {
window.addEventListener('message', async function handler(evt) {
if (evt.source === frame.contentWindow &&
evt.data.sharedStorageWritableLoadStatus) {
document.body.removeChild(frame);
window.removeEventListener('message', handler);
resolve(evt.data.sharedStorageWritableLoadStatus);
}
});
window.addEventListener('error', (error) => {
reject(error);
});
});

const imageUrl =
`${origin}\\/shared-storage\\/resources\\/shared-storage-writable-`
+ `pixel-write.png?write=${setHeader}`;
const innerCode = `
let parentOrOpener = window.opener || window.parent;
let image = document.createElement('img');
window.addEventListener('load', async (evt) => {
parentOrOpener.postMessage({sharedStorageWritableLoadStatus:
'loaded'}, '*');
});
window.addEventListener('error', (error) => {
parentOrOpener.postMessage({sharedStorageWritableLoadStatus: error.message},
'*');
});
image.src = '${imageUrl}';
image.sharedStorageWritable = true;
document.body.appendChild(image);
`;

const dataURL = 'data:text/html;base64,'
+ btoa(unescape('%3Chtml%3E%3Cbody%3E%3Cscript%3E'
+ encodeURIComponent(innerCode) +
'%3C%2Fscript%3E%3C%2Fbody%3E%3C%2Fhtml%3E'));
frame.src = dataURL;
document.body.appendChild(frame);

const result = await promise;
assert_equals(result, "loaded");
await verifyKeyNotFoundForOrigin('hello', origin);

}, 'shared storage iframe request disallowed in opaque origin from data URL');
</script>
</body>
2 changes: 1 addition & 1 deletion shared-storage/shared-storage-writable-img-request-in-sandboxed-frame.tentative.https.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -72,7 +72,7 @@
/*key=*/'c',
/*value=*/'d',
/*sandbox_flags=*/'allow-scripts',
/*expect_success=*/false);
/*expect_success=*/true);
}, 'test sharedStorageWritable img request in sandboxed iframe without '
+ '"allow-same-origin"');
</script>
Expand Down
41 changes: 0 additions & 41 deletions shared-storage/shared-storage-writable-opaque-origin.tentative.https.sub.html
View file

This file was deleted.

0 comments on commit a05ac39

Please sign in to comment.