-
Notifications
You must be signed in to change notification settings - Fork 3k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Reporting: Allow document token to change
Since the RenderFrameHostImpl is reused for same-origin navigations, the reporting source token must be able to change when a new document is loaded into the frame. This is important for reporting isolation when reports are still queued for the old document. WPT is added to catch the situation where not changing this token would cause previously queued reports to be sent to the new document's configured endpoints. This is part of a series of CLs implementing V1 reporting isolation. A summary of the architectural changes introduced can be found at https://docs.google.com/document/d/1RmEz17pGSUQITPoRKV4s3IBgbyHjv-HLZqtVYYZ4lMg/edit CLs in this series: https://crrev.com/c/2878175 Update NEL browser tests to require Report-To https://crrev.com/c/2878376 Separate parsing from processing Reporting-Endpoints https://crrev.com/c/2889833 Add reporting source to worker objects https://crrev.com/c/2889975 Add reporting source to COOP/COEP reporters https://crrev.com/c/3039579 Add source token to reports https://crrev.com/c/3041880 Add source token to IPC calls https://crrev.com/c/3042463 Isolate v1 reports from each other https://crrev.com/c/3042465 (This CL) Allow document source token to change https://crrev.com/c/3042521 Clean up when docs/workers are destroyed Bug: 1062359 Change-Id: I908e49b7b773c57335f8c527843643c896082ce4 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3042465 Commit-Queue: Ian Clelland <iclelland@chromium.org> Reviewed-by: Matt Menke <mmenke@chromium.org> Reviewed-by: Matt Falkenhagen <falken@chromium.org> Reviewed-by: Lily Chen <chlily@chromium.org> Reviewed-by: Kinuko Yasuda <kinuko@chromium.org> Cr-Commit-Position: refs/heads/main@{#914491}
- Loading branch information
1 parent
a966f07
commit b5c4ae1
Showing
6 changed files
with
108 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
56 changes: 56 additions & 0 deletions
56
reporting/reporting-isolated-across-navigations.https.sub.html
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,56 @@ | ||
<!DOCTYPE html> | ||
<meta charset="utf-8"> | ||
<title>Bug test page 1</title> | ||
<script src="/resources/testharness.js"></script> | ||
<script src="/resources/testharnessreport.js"></script> | ||
<script src="resources/report-helper.js"></script> | ||
<script> | ||
promise_test(async t => { | ||
await new Promise(resolve => { | ||
window.addEventListener("message", resolve); | ||
}); | ||
// At this point, the reporting endpoint should have received all three | ||
// reports. Ensure that reports from the first page are not batched with | ||
// those from the second, or sent to its endpoint. | ||
const csp1_uuid = "112868aa-4b59-57c7-a388-db909ef24295"; | ||
const csp2_uuid = "612bf2ee-b9b8-5f8d-a239-0981c6ff057e"; | ||
const reports1 = await pollReports('/reporting/resources/report.py', csp1_uuid); | ||
const reports2 = await pollReports('/reporting/resources/report.py', csp2_uuid); | ||
|
||
const url_prefix = "https://{{location[host]}}/reporting/resources/"; | ||
|
||
// Validate that both received reports were CSP img-src violations from the | ||
// same reporting source. Each image should be represented once, although the | ||
// order does not matter. | ||
|
||
assert_equals(reports1.length, 2, "First endpoint should receive two reports"); | ||
|
||
assert_equals(reports1[0].type, "csp-violation"); | ||
assert_equals(reports1[0].url, url_prefix + "first-csp-report.https.sub.html"); | ||
assert_equals(reports1[0].body.disposition, "enforce"); | ||
assert_equals(reports1[0].body.effectiveDirective, "img-src"); | ||
|
||
assert_equals(reports1[1].type, "csp-violation"); | ||
assert_equals(reports1[1].url, url_prefix + "first-csp-report.https.sub.html"); | ||
assert_equals(reports1[1].body.disposition, "enforce"); | ||
assert_equals(reports1[1].body.effectiveDirective, "img-src"); | ||
|
||
var image_sources = [reports1[0].body.blockedURL, reports1[1].body.blockedURL].sort(); | ||
assert_equals(image_sources[0], url_prefix + "missing1.png"); | ||
assert_equals(image_sources[1], url_prefix + "missing2.png"); | ||
|
||
// Validate that the report received from the second endpoint was also a CSP | ||
// img-source violation, from a different URL. | ||
|
||
assert_equals(reports2.length, 1, "Second endpoint should reecive one report"); | ||
assert_equals(reports2[0].type, "csp-violation"); | ||
assert_equals(reports2[0].url, url_prefix + "second-csp-report.https.sub.html"); | ||
assert_equals(reports2[0].body.disposition, "enforce"); | ||
assert_equals(reports2[0].body.effectiveDirective, "img-src"); | ||
assert_equals(reports2[0].body.blockedURL, url_prefix + "missing3.png"); | ||
}, "Reports should be sent to the correct endpoints"); | ||
</script> | ||
<body> | ||
<h1>Bug test main frame</h1> | ||
<iframe id="frame" src="resources/first-csp-report.https.sub.html"></iframe> | ||
</body> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,22 @@ | ||
<!DOCTYPE html> | ||
<html> | ||
<head> | ||
<title>Bug test page 1</title> | ||
</head> | ||
<body> | ||
<h1>Bug test page 1</h1> | ||
<!-- This image will cause a CSP violation, which will trigger an immediate report --> | ||
<img src="missing1.png"> | ||
<script> | ||
setTimeout(()=>{ | ||
var img = document.createElement('img'); | ||
img.src = "missing2.png"; | ||
// Appending this image will cause a second CSP violation, which will trigger | ||
// a second report. | ||
document.body.appendChild(img); | ||
location.href = "second-csp-report.https.sub.html"; | ||
}, 1); | ||
</script> | ||
</body> | ||
</html> | ||
|
2 changes: 2 additions & 0 deletions
2
reporting/resources/first-csp-report.https.sub.html.sub.headers
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,2 @@ | ||
Reporting-Endpoints: csp="/reporting/resources/report.py?pipe=trickle(d1)&endpoint=csp1" | ||
Content-Security-Policy: img-src 'none'; report-to csp |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,24 @@ | ||
<!DOCTYPE html> | ||
<html> | ||
<head> | ||
<title>Bug test page 2</title> | ||
</head> | ||
<body> | ||
<h1>Bug test page 2</h1> | ||
<script> | ||
var img = document.createElement('img'); | ||
img.src = "missing3.png"; | ||
// Appending this image will cause a third CSP violation. The report generated | ||
// here must not be batched with the reports from the previous page, regardless | ||
// of whether they have been sent or not. | ||
document.body.appendChild(img); | ||
// Give the report handler enough time to finish handling any reports from the | ||
// previous page (Reports there are delayed by 1 second because of the trickle | ||
// pipe in the headers in first-csp-report.https.sub.html.sub.headers) and then | ||
// inform the parent that reports may be checked. | ||
setTimeout(()=>{ | ||
parent.postMessage("ready", "*"); | ||
},1250); | ||
</script> | ||
</body> | ||
</html> |
2 changes: 2 additions & 0 deletions
2
reporting/resources/second-csp-report.https.sub.html.sub.headers
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,2 @@ | ||
Reporting-Endpoints: csp="/reporting/resources/report.py?endpoint=csp2" | ||
Content-Security-Policy: img-src 'none'; report-to csp |