testing/web-platform/tests/html/cross-origin-opener-policy/reporting/navigation-reporting/reporting-redirect-with-same-origin-allow-popups.https.html

   1 <title>
   2   Tests the redirect interaction with COOP same-origin-allow-popups.
   3 </title>
   4 <meta name=timeout content=long>
   5 <script src=/resources/testharness.js></script>
   6 <script src=/resources/testharnessreport.js></script>
   7 <script src=/common/get-host-info.sub.js></script>
   8 <script src="/common/utils.js"></script>
   9 <script src="../resources/dispatcher.js"></script>
  10 <script>
  11
  12 const directory = "/html/cross-origin-opener-policy/reporting";
  13 const executor_path = directory + "/resources/executor.html?pipe=";
  14 const same_origin = {
  15   host: get_host_info().HTTPS_ORIGIN,
  16   name: "Same origin"
  17 };
  18 const cross_origin = {
  19   host: get_host_info().HTTPS_REMOTE_ORIGIN,
  20   name: "Cross origin"
  21 };
  22 const coep_header = '|header(Cross-Origin-Embedder-Policy,require-corp)';
  23
  24 // Tests the redirect interaction with COOP same-origin-allow-popups and
  25 // reporting:
  26 // 1 - open the opener document on origin same_origin wit COOP
  27 // same-origin-allow-popups.
  28 // 2 - opener opens popup with document on origin popup_origin, no COOP and a
  29 // redirect header (HTTP 302, location).
  30 // 3 - redirection to a document with origin same_origin and COOP
  31 // same-origin-allow-popups.
  32 //
  33 // The navigation (2) to the first document of the popup stays in the same
  34 // browsing context group due to the same-origin-allow-popups COOP of the
  35 // opener.
  36 // The redirect (3) to the final document does since it compares the
  37 // popup_origin/unsafe-none document with the
  38 // same-origin/same-origin-allow-popups document.
  39 //
  40 // A opens B, B redirects to C.
  41 //
  42 // Document  Origin        COOP
  43 // --------  ------------  ------------------------
  44 // A         same-origin   same-origin-allow-popups
  45 // B         popup-origin  unsafe-none
  46 // C         same-origin   same-origin-allow-popups
  47 function redirect_test( popup_origin ) {
  48   promise_test(async t => {
  49     // The test window.
  50     const this_window_token = token();
  51
  52     // The "opener" window. This has COOP same-origin-allow-popups and a
  53     // reporter.
  54     const opener_report_token= token();
  55     const opener_token = token();
  56     const opener_reportTo = reportToHeaders(opener_report_token);
  57     const opener_url = same_origin.host + executor_path +
  58       opener_reportTo.header + opener_reportTo.coopSameOriginAllowPopupsHeader +
  59       `&uuid=${opener_token}`;
  60
  61     // The "openee" window.
  62     // The initial document does not have COOP and is on popup_origin, it
  63     // redirects to a same-origin (with the opener) document with COOP
  64     // same-origin-allow-popups.
  65     const openee_token = token();
  66     const openee_redirect_url = same_origin.host + executor_path +
  67       opener_reportTo.header + opener_reportTo.coopSameOriginAllowPopupsHeader +
  68       `&uuid=${openee_token}`;
  69     const redirect_header = 'status(302)' +
  70       `|header(Location,${encodeURIComponent(
  71         openee_redirect_url
  72           .replace(/,/g, "\\,")
  73           .replace(/\\\\,/g, "\\\\\\,")
  74           .replace(/\(/g, "%28")
  75           .replace(/\)/g, "%29"))})`;
  76     const openee_url = popup_origin.host + executor_path + redirect_header +
  77       `&uuid=${openee_token}`;
  78     // 1. Create the opener window.
  79     let opener_window_proxy = window.open(opener_url);
  80     t.add_cleanup(() => send(opener_token, "window.close()"));
  81
  82     // 2. The opener opens its openee.
  83     send(opener_token, `
  84       openee = window.open("${openee_url}");
  85     `);
  86     t.add_cleanup(() => send(openee_token, "window.close()"));
  87
  88     // 3. Check the opener status on the openee.
  89     send(openee_token, `
  90       send("${this_window_token}", opener !== null);
  91     `);
  92     assert_equals(await receive(this_window_token), "false", "opener");
  93
  94     // 4. Check the openee status on the opener.
  95     send(opener_token, `
  96       send("${this_window_token}", openee.closed);
  97     `);
  98     assert_equals(await receive(this_window_token), "true", "openee.closed");
  99
 100     // 5. Check a report sent to the openee.
 101     let report = await receiveReport(
 102         opener_report_token,
 103         "navigation-to-document");
 104     assert_not_equals(report, "timeout", "Report not received");
 105     assert_equals(report.type, "coop");
 106     assert_equals(report.body.disposition, "enforce");
 107     assert_equals(report.body.effectivePolicy, "same-origin-allow-popups");
 108   }, `${popup_origin.name} openee redirected to same-origin with same-origin-allow-popups`);
 109 }
 110
 111 redirect_test(same_origin);
 112 redirect_test(cross_origin);
 113 </script>