| commit | f77848b7dfc61c92038d545ac498cbb6e42e173c | |
| author | Nathan Memmott <memmott@chromium.org> | |
| Sun, 11 Jun 2023 18:59:09 +0000 (11 18:59 +0000) | ||
| committer | moz-wptsync-bot <wptsync@mozilla.com> | |
| Tue, 13 Jun 2023 07:15:48 +0000 (13 07:15 +0000) | ||
| tree | 413bb34003293856ce999a7d1585f14aa920fd48 | treesnapshot (tar.gz zip) |
| parent | acc2a1265a241c2c6650609a8b6c5ae7b2441a0e | commitdiff |
Bug 1837087 [wpt PR 40406] - Revert "Fenced frames: Local network access.", a=testonly
Automatic update from web-platform-tests
Revert "Fenced frames: Local network access."
This reverts commit c02af164b8b7cee63e3c97901113c386f9100e67.
Reason for revert: The tests introduced in this CL are failing.
Original change's description:
> Fenced frames: Local network access.
>
> Fenced frames are only allowed in secure context. So the tests are
> all in secure contexts.
>
> 1. Subresource fetch:
>
> Fenced frame's IP address space is set to `kPublic` in order to make
> it subject to local network access check.
>
> web_tests/external/wpt/fetch/local-network-access/
> fetch.https.window.js is replicated and replaced iframes with fenced
> frames. All test cases are passing with the same behaviors as iframes.
>
> 2. Document fetch:
>
> Fenced frame's document fetch initiator can only be the parent.
> Fenced frames can only be navigated in two ways:
>
> 1. Directly by their parent, and never by another frame at a distance
> via `window.location` or `window.open`; in this case the `ClientSecurityState` needs to come from the parent.
> 2. By themselves; in this case the `ClientSecurityState` also needs to
> come from its embedder/parent.
>
> The ClientSecurityState of its parent is supplied to the
> NavigationURLLoader.
>
> web_tests/external/wpt/fetch/local-network-access/
> iframe.tentative.https.window.js is replicated and replaced iframes
> with fenced frames. All test cases have the same results as the
> iframe test expectations, except one:
>
> treat-as-public-address to local (same-origin): no preflight
> required
>
> - Iframe: the request is made without preflight. The nested iframe is
> loaded successfully.
>
> - Fenced frame: a preflight is made, and gets blocked. See a. below.
>
> I changed the test expectation for this test only. (PASS for iframe,
> but FAIL for fenced frame)
>
> Here are some noteworthy things we observed for document fetch. The
> following only applies to embedder-initiated navigations (i.e., the
> initial navigation of the frame):
> a. Fenced frame's document fetch's preflight request is always sent
> with `Origin: null`. This applies to embedder-initiated navigations
> (i.e., the initial navigation of the frame). I think this affects the
> outcome of Local Network Access check algorithm.
> https://source.chromium.org/chromium/chromium/src/+/main:content/browser/fenced_frame/fenced_frame.cc;l=119-126?q=fencedframe::n&ss=chromium%2Fchromium%2Fsrc
>
> A `null` origin implies
> LocalNetworkAccessChecker::is_potentially_trustworthy_same_origin_
> will always be false.
>
> b. For testing purposes, we tried manually overriding the initiator
> origin with a real origin and found that the preflight request still
> failed. This is because the credentials mode of the navigation is
> `'include'`, which prevents `Access-Control-Allow-Origin: '*'` from
> working, which iframes equivalently suffer from: https://source.chromium.org/chromium/chromium/src/+/main:third_party/blink/web_tests/external/wpt/fetch/local-network-access/iframe.tentative.https.window-expected.txt?q=%22FAIL%20%22%20f:third_party%2Fblink%2Fweb_tests%2Fexternal%2Fwpt%2Ffetch%2Flocal-network-access%2Fiframe.tentative.https.window-expected.txt.
>
> Bug: 1420626
> Change-Id: I74c97369d235e1725c650bfe87f29372992cb56b
> Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4532557
> Reviewed-by: Titouan Rigoudy <titouan@chromium.org>
> Reviewed-by: Alex Moshchuk <alexmos@chromium.org>
> Reviewed-by: Weizhong Xia <weizhong@google.com>
> Commit-Queue: Xiaochen Zhou <xiaochenzh@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#1154027}
Bug: 1420626, 1451954
Change-Id: I6782a98adb7536062c2192a0b815c0d2e8146ac2
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4595360
Owners-Override: Nathan Memmott <memmott@chromium.org>
Commit-Queue: Nathan Memmott <memmott@chromium.org>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#1154123}
--
wpt-commits: c5e4b7fd15ebf1230a050e064faf06d7224947dd
wpt-pr: 40406
Automatic update from web-platform-tests
Revert "Fenced frames: Local network access."
This reverts commit c02af164b8b7cee63e3c97901113c386f9100e67.
Reason for revert: The tests introduced in this CL are failing.
Original change's description:
> Fenced frames: Local network access.
>
> Fenced frames are only allowed in secure context. So the tests are
> all in secure contexts.
>
> 1. Subresource fetch:
>
> Fenced frame's IP address space is set to `kPublic` in order to make
> it subject to local network access check.
>
> web_tests/external/wpt/fetch/local-network-access/
> fetch.https.window.js is replicated and replaced iframes with fenced
> frames. All test cases are passing with the same behaviors as iframes.
>
> 2. Document fetch:
>
> Fenced frame's document fetch initiator can only be the parent.
> Fenced frames can only be navigated in two ways:
>
> 1. Directly by their parent, and never by another frame at a distance
> via `window.location` or `window.open`; in this case the `ClientSecurityState` needs to come from the parent.
> 2. By themselves; in this case the `ClientSecurityState` also needs to
> come from its embedder/parent.
>
> The ClientSecurityState of its parent is supplied to the
> NavigationURLLoader.
>
> web_tests/external/wpt/fetch/local-network-access/
> iframe.tentative.https.window.js is replicated and replaced iframes
> with fenced frames. All test cases have the same results as the
> iframe test expectations, except one:
>
> treat-as-public-address to local (same-origin): no preflight
> required
>
> - Iframe: the request is made without preflight. The nested iframe is
> loaded successfully.
>
> - Fenced frame: a preflight is made, and gets blocked. See a. below.
>
> I changed the test expectation for this test only. (PASS for iframe,
> but FAIL for fenced frame)
>
> Here are some noteworthy things we observed for document fetch. The
> following only applies to embedder-initiated navigations (i.e., the
> initial navigation of the frame):
> a. Fenced frame's document fetch's preflight request is always sent
> with `Origin: null`. This applies to embedder-initiated navigations
> (i.e., the initial navigation of the frame). I think this affects the
> outcome of Local Network Access check algorithm.
> https://source.chromium.org/chromium/chromium/src/+/main:content/browser/fenced_frame/fenced_frame.cc;l=119-126?q=fencedframe::n&ss=chromium%2Fchromium%2Fsrc
>
> A `null` origin implies
> LocalNetworkAccessChecker::is_potentially_trustworthy_same_origin_
> will always be false.
>
> b. For testing purposes, we tried manually overriding the initiator
> origin with a real origin and found that the preflight request still
> failed. This is because the credentials mode of the navigation is
> `'include'`, which prevents `Access-Control-Allow-Origin: '*'` from
> working, which iframes equivalently suffer from: https://source.chromium.org/chromium/chromium/src/+/main:third_party/blink/web_tests/external/wpt/fetch/local-network-access/iframe.tentative.https.window-expected.txt?q=%22FAIL%20%22%20f:third_party%2Fblink%2Fweb_tests%2Fexternal%2Fwpt%2Ffetch%2Flocal-network-access%2Fiframe.tentative.https.window-expected.txt.
>
> Bug: 1420626
> Change-Id: I74c97369d235e1725c650bfe87f29372992cb56b
> Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4532557
> Reviewed-by: Titouan Rigoudy <titouan@chromium.org>
> Reviewed-by: Alex Moshchuk <alexmos@chromium.org>
> Reviewed-by: Weizhong Xia <weizhong@google.com>
> Commit-Queue: Xiaochen Zhou <xiaochenzh@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#1154027}
Bug: 1420626, 1451954
Change-Id: I6782a98adb7536062c2192a0b815c0d2e8146ac2
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4595360
Owners-Override: Nathan Memmott <memmott@chromium.org>
Commit-Queue: Nathan Memmott <memmott@chromium.org>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#1154123}
--
wpt-commits: c5e4b7fd15ebf1230a050e064faf06d7224947dd
wpt-pr: 40406