From 01241ec90081870c1e919348930c18cab97f9d1e Mon Sep 17 00:00:00 2001
From: arthursonzogni <arthursonzogni@chromium.org>
Date: Mon, 25 Nov 2019 16:15:56 +0000
Subject: [PATCH] Bug 1592294 [wpt PR 19978] - Force error page to be
 classified as cross-document., a=testonly

Automatic update from web-platform-tests
Force error page to be classified as cross-document.

Bug https://crbug.com/1018385 is caused by navigation initially
classified as "same-document" committing error pages.

During the commit phase of the navigation, the NavigationRequest is
transfered in one of these RenderFrameHostImpl's bucket:
 - same_document_navigation_request_
 - navigation_requests_

A navigation classified as "same-document" ends up in the bucket
incompatible with error pages.
DidCommitPerNavigationMojoInterfaceNavigation expects to find the
navigation is the other bucket.

Add several regressions tests, including WPT tests.

Bug: 1018385
Change-Id: I3d92af1dd487f7b60a3e50a792716a07b074e5eb
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1886339
Commit-Queue: Arthur Sonzogni <arthursonzogni@chromium.org>
Reviewed-by: Nasko Oskov <nasko@chromium.org>
Cr-Commit-Position: refs/heads/master@{#712541}

--

wpt-commits: f099d1524bd576cc415e51407d9dcf870ca9bbc6
wpt-pr: 19978
---
 .../frame-src/frame-src-same-document-meta.html    | 54 ++++++++++++++++++++++
 .../frame-src/frame-src-same-document.html         | 25 ++++++++++
 .../frame-src/frame-src-same-document.html.headers |  1 +
 3 files changed, 80 insertions(+)
 create mode 100644 testing/web-platform/tests/content-security-policy/frame-src/frame-src-same-document-meta.html
 create mode 100644 testing/web-platform/tests/content-security-policy/frame-src/frame-src-same-document.html
 create mode 100644 testing/web-platform/tests/content-security-policy/frame-src/frame-src-same-document.html.headers

diff --git a/testing/web-platform/tests/content-security-policy/frame-src/frame-src-same-document-meta.html b/testing/web-platform/tests/content-security-policy/frame-src/frame-src-same-document-meta.html
new file mode 100644
index 000000000000..f3750b1e7d83
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/frame-src/frame-src-same-document-meta.html
@@ -0,0 +1,54 @@
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+<html>
+<body></body>
+<script>
+    async_test(async test => {
+      // 1. Load an iframe (not blocked).
+      let iframe = document.createElement("iframe");
+      {
+        iframe.name = "theiframe";
+        iframe.src =
+          "http://www1.{{host}}/content-security-policy/support/frame.html#0";
+        let iframeLoaded = new Promise(resolve => { iframe.onload = resolve; });
+        document.body.appendChild(iframe);
+        await iframeLoaded;
+      }
+
+      // 2. Start blocking iframes using CSP frame-src 'none'.
+      {
+        let meta = document.createElement('meta');
+        meta.httpEquiv = "Content-Security-Policy";
+        meta.content = "frame-src 'none'";
+        document.getElementsByTagName('head')[0].appendChild(meta);
+      }
+
+      // 3. Blocked same-document navigation using iframe.src.
+      {
+        let violation = new Promise(resolve => {
+          window.addEventListener('securitypolicyviolation', resolve);
+        });
+        iframe.src =
+          "http://www1.{{host}}/content-security-policy/support/frame.html#1";
+        await violation;
+      }
+
+      // 4. Blocked same-document navigation using window.open.
+      {
+        let violation = new Promise(resolve => {
+          window.addEventListener('securitypolicyviolation', resolve);
+        });
+        window.open(
+          "http://www1.{{host}}/content-security-policy/support/frame.html#2",
+          "theiframe");
+        await violation;
+      }
+
+      // 5. Regression test for https://crbug.com/1018385. The browser should
+      // not crash while displaying the error page.
+      await new Promise(resolve => window.setTimeout(resolve, 1000));
+
+      test.done();
+    }, "Same-document navigations in an iframe blocked by CSP frame-src dynamically using the <meta> tag");
+</script>
+</html>
diff --git a/testing/web-platform/tests/content-security-policy/frame-src/frame-src-same-document.html b/testing/web-platform/tests/content-security-policy/frame-src/frame-src-same-document.html
new file mode 100644
index 000000000000..398d0223bcb7
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/frame-src/frame-src-same-document.html
@@ -0,0 +1,25 @@
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+<html>
+<body></body>
+<script>
+    let crossOriginUrl =
+      "http://www1.{{host}}/content-security-policy/support/frame.html";
+
+    async_test(async test => {
+      test.done();
+      let iframe = document.createElement("iframe");
+      document.body.appendChild(iframe);
+
+      for(let hash of ["#0", "#1"]) {
+        let violation = new Promise(resolve => {
+          window.addEventListener('securitypolicyviolation', resolve);
+        });
+        iframe.src = crossOriginUrl + hash;
+        await violation;
+      }
+
+      test.done();
+    }, "Same-document navigation in an iframe blocked by CSP frame-src");
+</script>
+</html>
diff --git a/testing/web-platform/tests/content-security-policy/frame-src/frame-src-same-document.html.headers b/testing/web-platform/tests/content-security-policy/frame-src/frame-src-same-document.html.headers
new file mode 100644
index 000000000000..6502444407f5
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/frame-src/frame-src-same-document.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: frame-src 'none'
-- 
2.11.4.GIT