Skip to content

Commit

Permalink
[html] Add tests for parsing COOP values
Browse files Browse the repository at this point in the history
  • Loading branch information
@jugglinmike
jugglinmike committed Dec 18, 2019
1 parent 455a12e commit bb1376b
Show file tree
Hide file tree
Showing 2 changed files with 60 additions and 0 deletions.
36 changes: 36 additions & 0 deletions html/cross-origin-opener-policy/header-parsing.https.html
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,36 @@
<!doctype html>
<meta charset=utf-8>
<script src=/resources/testharness.js></script>
<script src=/resources/testharnessreport.js></script>
<script src="/common/get-host-info.sub.js"></script>
<script src="resources/common.js"></script>

<div id=log></div>
<script>

let tests = [
// popup Origin, popup COOP, expect opener

// None of the following should be recognized as "same-site" (hence the
// "expected opener" value of `true`).
[SAME_ORIGIN, "same-site;", true],
[SAME_ORIGIN, "same-site\0", true],
[SAME_ORIGIN, "Same-site", true],
[SAME_ORIGIN, "same-site same-site", true],
[SAME_ORIGIN, "same-site;same-site", true],

// All of the following should be recognized as "same-site" (hence the
// "expected opener" value of `false`).
[SAME_ORIGIN, " \tsame-site", false],
[SAME_ORIGIN, "same-site\t ", false],
];

run_coop_tests("unspecified", tests);

async_test((t) => {
const channelName = `none_to_${SAME_ORIGIN.name}_duplicated-header`;
const url = `${SAME_ORIGIN.origin}/html/cross-origin-opener-policy/resources/coop-same-site-repeated.asis?channel=${channelName}`;

url_test(t, url, channelName, true);
}, `unspecified document opening popup to ${SAME_ORIGIN.origin} with repeated COOP header`);
</script>
24 changes: 24 additions & 0 deletions html/cross-origin-opener-policy/resources/coop-same-site-repeated.asis
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,24 @@
HTTP/1.1 200 OK
Cross-Origin-Opener-Policy: same-site
Cross-Origin-Opener-Policy: same-site
Server: BaseHTTP/0.3 Python/2.7.15+
Date: Wed, 18 Dec 2019 00:47:08 GMT

<!doctype html>
<meta charset=utf-8>
<script src="/common/get-host-info.sub.js"></script>
<iframe></iframe>
<script>
const navigate = new URL(location).searchParams.get("navigate");
if (navigate !== null) {
self.location = navigate;
} else {
const iframe = document.querySelector("iframe");
iframe.onload = () => {
const payload = { name: self.name, opener: !!self.opener };
iframe.contentWindow.postMessage(payload, "*");
};
const channelName = new URL(location).searchParams.get("channel");
iframe.src = `${get_host_info().HTTPS_ORIGIN}/html/cross-origin-opener-policy/resources/postback.html?channel=${channelName}`;
}
</script>

2 comments on commit bb1376b

@zcorpan
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Use same-origin instead of same-site since the latter should not be supported.

@zcorpan
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

As far as I can tell, it's possible to get duplicated headers with a .headers file. I think that is nicer than .asis.

Please sign in to comment.