Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[COOP] "check if enforcing report-only COOP would require a browsing context group switch" algorithm doesn't seem to match WPT tests #7041

Closed
cdumez opened this issue Sep 8, 2021 · 2 comments
Closed

[COOP] "check if enforcing report-only COOP would require a browsing context group switch" algorithm doesn't seem to match WPT tests #7041

cdumez opened this issue Sep 8, 2021 · 2 comments

Comments

@cdumez
Copy link

cdumez commented Sep 8, 2021
edited
Loading

I am referring to this algorithm.

The last subtest of html/cross-origin-opener-policy/reporting/navigation-reporting/reporting-popup-same-origin.https.html, does not expect a report when navigating a popup same-origin with COOP-ReportOnly=same-origin; report-to="${popupReportOnlyEndpoint.name}". The active document COOP (not reportOnly) is "same-origin".

The algorithm says:

If the result of checking if COOP values require a browsing context group switch given isInitialAboutBlank, responseOrigin, activeDocumentNavigationOrigin, responseCOOP's report-only value and activeDocumentCOOPReportOnly's report-only value is false, then return false.

responseCOOP's report-only value is 'same-origin' and activeDocumentCOOPReportOnly's report-only value is 'unsafe-none'. They don't match so this should trigger a switch and we shouldn't return false here.

If the result of checking if COOP values require a browsing context group switch given isInitialAboutBlank, responseOrigin, activeDocumentNavigationOrigin, responseCOOP's value and activeDocumentCOOPReportOnly's report-only value is true, then return true.

responseCOOP's value is 'unsafe-none' and activeDocumentCOOPReportOnly's report-only value is 'unsafe-none' and we are same-origin. As a result, I wouldn't expect a switch here and we shouldn't return true here.

If the result of checking if COOP values require a browsing context group switch given isInitialAboutBlank, responseOrigin, activeDocumentNavigationOrigin, responseCOOP's report-only value and activeDocumentCOOPReportOnly's value is true, then return true.

responseCOOP's report-only value is 'same-origin' and activeDocumentCOOPReportOnly's value is 'unsafe-none'. They don't match, therefore, I would expect a switch and we should return true.

As a result of returning true here, I think a report should be sent. Am I missing something? Is the subtest wrong or is there an issue with the algorithm in the spec?
@cdumez
Copy link
Author

cdumez commented Sep 8, 2021

cc @camillelamy.

@cdumez
Copy link
Author

cdumez commented Sep 9, 2021

Oh, when I implemented this part of the spec, then this subtest started passing:

If browsingContext's group's browsing context set's size is greater than 1, then:
Queue a violation report...

I was missing the check of the browsing context group size.

@cdumez cdumez closed this as completed Sep 9, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@cdumez