Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Origin isolation: test location.href access #24259

Merged
merged 1 commit into from
Jun 22, 2020
Merged

Origin isolation: test location.href access #24259

merged 1 commit into from
Jun 22, 2020

Conversation

chromium-wpt-export-bot
Copy link
Collaborator

@chromium-wpt-export-bot chromium-wpt-export-bot commented Jun 19, 2020
edited
Loading

location.href access is one of the things that is guarded by the
"same-origin domain" check, but it goes down a different code path
than generic synchronous property access such as we test with
window.document. So, it's worth testing it additionally.

Bug: 1042415
Change-Id: I92fc222f895bf25fc1767e7ffddd3d7f7f1f1e86
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2255102
Reviewed-by: James MacLean <wjmaclean@chromium.org>
Commit-Queue: Domenic Denicola <domenic@chromium.org>
Cr-Commit-Position: refs/heads/master@{#780787}

wpt-pr-bot
wpt-pr-bot approved these changes Jun 19, 2020
View reviewed changes
Copy link
Collaborator

@wpt-pr-bot wpt-pr-bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The review process for this patch is being conducted in the Chromium project.

@domenic @chromium-wpt-export-bot
Origin isolation: test location.href access
72fbef1 
location.href access is one of the things that is guarded by the
"same-origin domain" check, but it goes down a different code path
than generic synchronous property access such as we test with
window.document. So, it's worth testing it additionally.

Bug: 1042415
Change-Id: I92fc222f895bf25fc1767e7ffddd3d7f7f1f1e86
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2255102
Reviewed-by: James MacLean <wjmaclean@chromium.org>
Commit-Queue: Domenic Denicola <domenic@chromium.org>
Cr-Commit-Position: refs/heads/master@{#780787}
@LukeZielinski
Copy link
Contributor

Seeing flakiness on Chrome Dev:

Unstable results

Test Subtest Results Messages
/origin-isolation/removing-iframes.sub.https.html ERROR: 5/10, OK: 5/10
/origin-isolation/removing-iframes.sub.https.html Before: messageerror event must occur PASS: 5/10, MISSING: 5/10
/origin-isolation/removing-iframes.sub.https.html Before: setting document.domain must not give sync access PASS: 5/10, MISSING: 5/10
/origin-isolation/removing-iframes.sub.https.html Remove the iframe and insert new ones PASS: 5/10, MISSING: 5/10
/origin-isolation/removing-iframes.sub.https.html Parent to child2: messageerror event must occur PASS: 5/10, MISSING: 5/10
/origin-isolation/removing-iframes.sub.https.html Parent to child2: setting document.domain must not give sync access PASS: 5/10, MISSING: 5/10
/origin-isolation/removing-iframes.sub.https.html Parent to child3: messageerror event must occur PASS: 5/10, MISSING: 5/10
/origin-isolation/removing-iframes.sub.https.html Parent to child3: setting document.domain must not give sync access PASS: 5/10, MISSING: 5/10
/origin-isolation/removing-iframes.sub.https.html child2 to child3: message event must occur FAIL: 5/10, MISSING: 5/10 assert_equals: expected "WebAssembly.Module message received" but got "messageerror"
/origin-isolation/removing-iframes.sub.https.html child2 to child3: setting document.domain must give sync access FAIL: 5/10, MISSING: 5/10 assert_equals: expected "accessed document successfully" but got "SecurityError"
/origin-isolation/removing-iframes.sub.https.html child3 to child2: message event must occur FAIL: 5/10, MISSING: 5/10 assert_equals: expected "WebAssembly.Module message received" but got "messageerror"
/origin-isolation/removing-iframes.sub.https.html child3 to child2: setting document.domain must give sync access FAIL: 5/10, MISSING: 5/10 assert_equals: expected "accessed document successfully" but got "SecurityError"

@LukeZielinski
Copy link
Contributor

Filed crbug.com/1097980 @Hexcles could you please admin merge this?

@Hexcles Hexcles merged commit 30dda65 into master Jun 22, 2020
@Hexcles Hexcles deleted the chromium-export-cl-2255102 branch June 22, 2020 19:12
@stephenmcgruer stephenmcgruer mentioned this pull request Jun 22, 2020
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@wpt-pr-bot wpt-pr-bot wpt-pr-bot approved these changes

Assignees
No one assigned
Labels
chromium-export origin-isolation
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@chromium-wpt-export-bot @LukeZielinski @wpt-pr-bot @Hexcles @moz-wptsync-bot @domenic