Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

COOP: use BroadcastChannel as opener isn't always there #22411

Merged
merged 1 commit into from Mar 24, 2020
Merged

COOP: use BroadcastChannel as opener isn't always there #22411

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
13 changes: 11 additions & 2 deletions html/cross-origin-embedder-policy/resources/script-factory.js
View file
Open in desktop
@@ -1,8 +1,9 @@
// This creates a serialized <script> element that is useful for blob/data/srcdoc-style tests.

function createScript(sameOrigin, crossOrigin, parent="parent", id="") {
function createScript(sameOrigin, crossOrigin, type="parent", id="") {
return `<script>
const data = { id: "${id}",
opener: !!window.opener,
origin: window.origin,
sameOriginNoCORPSuccess: false,
crossOriginNoCORPFailure: false };
Expand All @@ -18,6 +19,14 @@ if ("${sameOrigin}" !== "null") {
records.push(record(fetch("${sameOrigin}/common/blank.html", { mode: "no-cors" }), "sameOriginNoCORPSuccess", true));
}

Promise.all(records).then(() => window.${parent}.postMessage(data, "*"));
Promise.all(records).then(() => {
// Using BroadcastChannel is useful for blob: URLs, which are always same-origin
if ("${type}" === "channel") {
const bc = new BroadcastChannel("${id}");
bc.postMessage(data);
} else {
window.${type}.postMessage(data, "*");
}
});
<\/script>`;
}
12 changes: 9 additions & 3 deletions html/cross-origin-opener-policy/coep-blob-popup.https.html
View file
Open in desktop
Expand Up @@ -9,8 +9,9 @@
promise_test(t => {
const origins = get_host_info();
const id = `tut mir leid ${type}`;
const blob = new Blob([createScript(origins.ORIGIN, origins.HTTPS_REMOTE_ORIGIN, "opener", id)], {type: "text/html"});
const blob = new Blob([createScript(origins.ORIGIN, origins.HTTPS_REMOTE_ORIGIN, "channel", id)], {type: "text/html"});
const blobURL = URL.createObjectURL(blob);
const bc = new BroadcastChannel(id);

if (type === "window.open()") {
const popup = window.open(blobURL);
Expand All @@ -32,13 +33,18 @@
}

return new Promise(resolve => {
window.addEventListener("message", t.step_func(({ data }) => {
bc.onmessage = t.step_func(({ data }) => {
assert_equals(data.id, id);
assert_equals(data.origin, window.origin);
assert_true(data.sameOriginNoCORPSuccess, "Same-origin without CORP did not succeed");
assert_true(data.crossOriginNoCORPFailure, "Cross-origin without CORP did not fail");
if (type === "<a rel=noopener>") {
assert_false(data.opener);
} else {
assert_true(data.opener);
}
resolve();
}));
});
});
}, `COOP+COEP blob URL popup: ${type}`);
});
Expand Down