[COOP] access reporting: Add body.initialPopupURL

The [coop-reporting-explainer] defined several URLs that might be reported: - initial_popup_url - openee_url - opener_url - other_document_url - referrer This patch adds body.initialPopupURL [coop-reporting-explainer]: https://github.com/camillelamy/explainers/blob/master/coop_reporting.md Bug: 1090273 Change-Id: I535e44e66578fc90f449be59586f19b154677caf Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2424092 Commit-Queue: Arthur Sonzogni <arthursonzogni@chromium.org> Reviewed-by: Camille Lamy <clamy@chromium.org> Reviewed-by: Mike West <mkwst@chromium.org> Cr-Commit-Position: refs/heads/master@{#812588}

[COOP] access reporting: Add body.initialPopupURL
The [coop-reporting-explainer] defined several URLs that might be reported: - initial_popup_url - openee_url - opener_url - other_document_url - referrer This patch adds body.initialPopupURL [coop-reporting-explainer]: https://github.com/camillelamy/explainers/blob/master/coop_reporting.md Bug: 1090273 Change-Id: I535e44e66578fc90f449be59586f19b154677caf Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2424092 Commit-Queue: Arthur Sonzogni <arthursonzogni@chromium.org> Reviewed-by: Camille Lamy <clamy@chromium.org> Reviewed-by: Mike West <mkwst@chromium.org> Cr-Commit-Position: refs/heads/master@{#812588}
034bb9ca · arthursonzogni · Commit Bot · d304ade7 · 034bb9ca · 034bb9ca
Commit 034bb9ca authored Oct 01, 2020 by arthursonzogni Committed by Commit Bot Oct 01, 2020
19 changed files
--- a/content/browser/net/cross_origin_opener_policy_reporter.cc
+++ b/content/browser/net/cross_origin_opener_policy_reporter.cc
@@ -24,6 +24,7 @@ namespace {
 constexpr char kColumnNumber[] = "columnNumber";
 constexpr char kDisposition[] = "disposition";
 constexpr char kEffectivePolicy[] = "effectivePolicy";
+constexpr char kInitialPopupURL[] = "initialPopupURL";
 constexpr char kLineNumber[] = "lineNumber";
 constexpr char kNextURL[] = "nextResponseURL";
 constexpr char kOpeneeURL[] = "openeeURL";
@@ -127,6 +128,30 @@ std::string SanitizedURL(const GURL& url) {
  return url.GetAsReferrer().spec();
 }

+class Receiver : public network::mojom::CrossOriginOpenerPolicyReporter {
+ public:
+  Receiver(content::CrossOriginOpenerPolicyReporter* reporter,
+           std::string initial_popup_url)
+      : reporter_(reporter), initial_popup_url_(initial_popup_url) {}
+  ~Receiver() final = default;
+  Receiver(const Receiver&) = delete;
+  Receiver& operator=(const Receiver&) = delete;
+
+ private:
+  void QueueAccessReport(network::mojom::CoopAccessReportType report_type,
+                         const std::string& property,
+                         network::mojom::SourceLocationPtr source_location,
+                         const std::string& reported_window_url) final {
+    reporter_->QueueAccessReport(report_type, property,
+                                 std::move(source_location),
+                                 reported_window_url, initial_popup_url_);
+  }
+
+  // |reporter_| is always valid, because it owns |this|.
+  const content::CrossOriginOpenerPolicyReporter* reporter_;
+  const std::string initial_popup_url_;
+};
+
 }  // namespace

 CrossOriginOpenerPolicyReporter::CrossOriginOpenerPolicyReporter(
@@ -185,7 +210,8 @@ void CrossOriginOpenerPolicyReporter::QueueAccessReport(
    network::mojom::CoopAccessReportType report_type,
    const std::string& property,
    network::mojom::SourceLocationPtr source_location,
-    const std::string& reported_window_url) {
+    const std::string& reported_window_url,
+    const std::string& initial_popup_url) const {
  // Cross-Origin-Opener-Policy-Report-Only is not required to provide
  // endpoints.
  if (!coop_.report_only_reporting_endpoint)
@@ -221,7 +247,7 @@ void CrossOriginOpenerPolicyReporter::QueueAccessReport(
    case network::mojom::CoopAccessReportType::kAccessFromCoopPageToOpenee:
    case network::mojom::CoopAccessReportType::kAccessToCoopPageFromOpenee:
      body.SetStringPath(kOpeneeURL, reported_window_url);
-      // TODO(arthursonzogni): Fill body.initial_popup_url.
+      body.SetStringPath(kInitialPopupURL, initial_popup_url);
      break;

    // Other:
@@ -235,12 +261,6 @@ void CrossOriginOpenerPolicyReporter::QueueAccessReport(
      "coop", endpoint, context_url_, base::nullopt, std::move(body));
 }

-void CrossOriginOpenerPolicyReporter::Clone(
-    mojo::PendingReceiver<network::mojom::CrossOriginOpenerPolicyReporter>
-        receiver) {
-  receiver_set_.Add(this, std::move(receiver));
-}
-
 // static
 void CrossOriginOpenerPolicyReporter::InstallAccessMonitorsIfNeeded(
    FrameTreeNode* frame) {
@@ -312,10 +332,6 @@ void CrossOriginOpenerPolicyReporter::MonitorAccesses(
  if (!accessed_window_token)
    return;

-  mojo::PendingRemote<network::mojom::CrossOriginOpenerPolicyReporter>
-      remote_reporter;
-  Clone(remote_reporter.InitWithNewPipeAndPassReceiver());
-
  bool access_from_coop_page =
      this == accessing_node->current_frame_host()->coop_reporter();

@@ -341,12 +357,33 @@ void CrossOriginOpenerPolicyReporter::MonitorAccesses(
      accessed_rfh->GetLastCommittedOrigin());
  RenderFrameHostImpl* reported_rfh =
      access_from_coop_page ? accessed_rfh : accessing_rfh;
+  RenderFrameHostImpl* reporting_rfh =
+      access_from_coop_page ? accessing_rfh : accessed_rfh;
  std::string reported_window_url =
      same_origin ? SanitizedURL(reported_rfh->GetLastCommittedURL()) : "";

  bool endpoint_defined =
      coop_.report_only_reporting_endpoint || coop_.reporting_endpoint;

+  // If the COOP window is the opener, and the other window's popup creator is
+  // same-origin with the COOP document, the openee' initial popup URL is
+  // reported.
+  std::string reported_initial_popup_url;
+  if (report_type == CoopAccessReportType::kAccessFromCoopPageToOpenee ||
+      report_type == CoopAccessReportType::kAccessToCoopPageFromOpenee) {
+    if (reporting_rfh->GetLastCommittedOrigin().IsSameOriginWith(
+            reported_rfh->frame_tree_node()->popup_creator_origin())) {
+      reported_initial_popup_url =
+          SanitizedURL(reported_rfh->frame_tree_node()->initial_popup_url());
+    }
+  }
+
+  mojo::PendingRemote<network::mojom::CrossOriginOpenerPolicyReporter>
+      remote_reporter;
+  receiver_set_.Add(
+      std::make_unique<Receiver>(this, reported_initial_popup_url),
+      remote_reporter.InitWithNewPipeAndPassReceiver());
+
  // Warning: Do not send cross-origin sensitive data. They will be read from:
  // 1) A potentially compromised renderer (the accessing window).
  // 2) A network server (defined from the reporter).

--- a/content/browser/net/cross_origin_opener_policy_reporter.h
+++ b/content/browser/net/cross_origin_opener_policy_reporter.h
@@ -10,7 +10,7 @@
 #include "base/optional.h"
 #include "content/common/content_export.h"
 #include "content/public/browser/global_routing_id.h"
-#include "mojo/public/cpp/bindings/receiver_set.h"
+#include "mojo/public/cpp/bindings/unique_receiver_set.h"
 #include "services/network/public/mojom/cross_origin_opener_policy.mojom.h"
 #include "services/network/public/mojom/source_location.mojom-forward.h"
 #include "url/gurl.h"
@@ -29,14 +29,13 @@ class RenderFrameHostImpl;
 // pass the receiver to other processes.
 // Any functions other than the destructor must not be called after the
 // associated StoragePartition is destructed.
-class CONTENT_EXPORT CrossOriginOpenerPolicyReporter final
-    : public network::mojom::CrossOriginOpenerPolicyReporter {
+class CONTENT_EXPORT CrossOriginOpenerPolicyReporter {
 public:
  CrossOriginOpenerPolicyReporter(StoragePartition* storage_partition,
                                  const GURL& context_url,
                                  const GURL& context_referrer_url,
                                  const network::CrossOriginOpenerPolicy& coop);
-  ~CrossOriginOpenerPolicyReporter() override;
+  ~CrossOriginOpenerPolicyReporter();
  CrossOriginOpenerPolicyReporter(const CrossOriginOpenerPolicyReporter&) =
      delete;
  CrossOriginOpenerPolicyReporter& operator=(
@@ -46,11 +45,11 @@ class CONTENT_EXPORT CrossOriginOpenerPolicyReporter final
    storage_partition_ = storage_partition;
  }

-  // network::mojom::CrossOriginOpenerPolicyReporter implementation.
  void QueueAccessReport(network::mojom::CoopAccessReportType report_type,
                         const std::string& property,
                         network::mojom::SourceLocationPtr source_location,
-                         const std::string& reported_window_url) final;
+                         const std::string& reported_window_url,
+                         const std::string& initial_popup_url) const;

  // Sends reports when COOP causing a browsing context group switch that
  // breaks opener relationships.
@@ -67,10 +66,6 @@ class CONTENT_EXPORT CrossOriginOpenerPolicyReporter final
  // CoopAccessMonitor. The first window is identified by |node|.
  static void InstallAccessMonitorsIfNeeded(FrameTreeNode* node);

-  void Clone(
-      mojo::PendingReceiver<network::mojom::CrossOriginOpenerPolicyReporter>
-          receiver) override;
-
  // Generate a new, previously unused, virtualBrowsingContextId.
  static int NextVirtualBrowsingContextGroup();

@@ -92,7 +87,7 @@ class CONTENT_EXPORT CrossOriginOpenerPolicyReporter final
  const std::string context_referrer_url_;
  const network::CrossOriginOpenerPolicy coop_;

-  mojo::ReceiverSet<network::mojom::CrossOriginOpenerPolicyReporter>
+  mojo::UniqueReceiverSet<network::mojom::CrossOriginOpenerPolicyReporter>
      receiver_set_;
 };


--- a/content/browser/net/cross_origin_opener_policy_reporter_unittest.cc
+++ b/content/browser/net/cross_origin_opener_policy_reporter_unittest.cc
@@ -136,31 +136,4 @@ TEST_F(CrossOriginOpenerPolicyReporterTest, UserAndPassSanitization) {
            "https://www2.example.com/x");
 }

-TEST_F(CrossOriginOpenerPolicyReporterTest, Clone) {
-  auto reporter = GetReporter();
-  std::string url1 = "https://www1.example.com/y?bar=baz#foo";
-  std::string url1_sanitized = "https://www1.example.com/y?bar=baz";
-
-  mojo::Remote<network::mojom::CrossOriginOpenerPolicyReporter> remote;
-  reporter->Clone(remote.BindNewPipeAndPassReceiver());
-
-  reporter->QueueNavigationToCOOPReport(GURL(url1), true, false);
-
-  remote.FlushForTesting();
-
-  ASSERT_EQ(1u, network_context().reports().size());
-  const Report& r1 = network_context().reports()[0];
-
-  EXPECT_EQ(r1.type, "coop");
-  EXPECT_EQ(r1.url, context_url());
-  EXPECT_EQ(r1.body.FindKey("disposition")->GetString(), "enforce");
-  EXPECT_EQ(r1.body.FindKey("previousResponseURL")->GetString(),
-            url1_sanitized);
-  EXPECT_EQ(r1.body.FindKey("referrer")->GetString(),
-            "https://referrer.com/?a");
-  EXPECT_EQ(r1.body.FindKey("type")->GetString(), "navigation-to-response");
-  EXPECT_EQ(r1.body.FindKey("effectivePolicy")->GetString(),
-            "same-origin-plus-coep");
-}
-
 }  // namespace content
--- a/content/browser/renderer_host/frame_tree_node.cc
+++ b/content/browser/renderer_host/frame_tree_node.cc
@@ -763,4 +763,16 @@ void FrameTreeNode::SetAdFrameType(blink::mojom::AdFrameType ad_frame_type) {
  }
 }

+void FrameTreeNode::SetInitialPopupURL(const GURL& initial_popup_url) {
+  DCHECK(initial_popup_url_.is_empty());
+  DCHECK(!has_committed_real_load_);
+  initial_popup_url_ = initial_popup_url;
+}
+
+void FrameTreeNode::SetPopupCreatorOrigin(
+    const url::Origin& popup_creator_origin) {
+  DCHECK(!has_committed_real_load_);
+  popup_creator_origin_ = popup_creator_origin;
+}
+
 }  // namespace content
--- a/content/browser/renderer_host/frame_tree_node.h
+++ b/content/browser/renderer_host/frame_tree_node.h
@@ -427,6 +427,25 @@ class CONTENT_EXPORT FrameTreeNode {

  void SetAdFrameType(blink::mojom::AdFrameType ad_frame_type);

+  // The initial popup URL for new window opened using:
+  // `window.open(initial_popup_url)`.
+  // An empty GURL otherwise.
+  //
+  // [WARNING] There is no guarantee the FrameTreeNode will ever host a
+  // document served from this URL. The FrameTreeNode always starts hosting the
+  // initial empty document and attempts a navigation toward this URL. However
+  // the navigation might be delayed, redirected and even cancelled.
+  void SetInitialPopupURL(const GURL& initial_popup_url);
+  const GURL& initial_popup_url() const { return initial_popup_url_; }
+
+  // The origin of the document that used window.open() to create this frame.
+  // Otherwise, an opaque Origin with a nonce different from all previously
+  // existing Origins.
+  void SetPopupCreatorOrigin(const url::Origin& popup_creator_origin);
+  const url::Origin& popup_creator_origin() const {
+    return popup_creator_origin_;
+  }
+
 private:
  FRIEND_TEST_ALL_PREFIXES(SitePerProcessFeaturePolicyBrowserTest,
                           ContainerPolicyDynamic);
@@ -496,6 +515,14 @@ class CONTENT_EXPORT FrameTreeNode {
  // destroyed.
  std::unique_ptr<OpenerDestroyedObserver> original_opener_observer_;

+  // When created by an opener, the URL specified in window.open(url)
+  // Please refer to {Get,Set}InitialPopupURL() documentation.
+  GURL initial_popup_url_;
+
+  // When created using window.open, the origin of the creator.
+  // Please refer to {Get,Set}PopupCreatorOrigin() documentation.
+  url::Origin popup_creator_origin_;
+
  // Whether this frame has committed any real load, replacing its initial
  // about:blank page.
  bool has_committed_real_load_;

--- a/content/browser/web_contents/web_contents_impl.cc
+++ b/content/browser/web_contents/web_contents_impl.cc
@@ -1028,6 +1028,9 @@ std::unique_ptr<WebContentsImpl> WebContentsImpl::CreateWithOpener(
      new_root->SetOpenerFeaturePolicyState(
          opener_rfh->feature_policy()->GetFeatureState());
    }
+
+    new_root->SetInitialPopupURL(params.initial_popup_url);
+    new_root->SetPopupCreatorOrigin(opener_rfh->GetLastCommittedOrigin());
  }

  // Apply starting sandbox flags.
@@ -3632,6 +3635,7 @@ RenderFrameHostDelegate* WebContentsImpl::CreateNewWindow(
  create_params.opener_render_frame_id = opener->GetRoutingID();
  create_params.opener_suppressed = params.opener_suppressed;
  create_params.initially_hidden = renderer_started_hidden;
+  create_params.initial_popup_url = params.target_url;

  // Even though all codepaths leading here are in response to a renderer
  // tryng to open a new window, if the new window ends up in a different

--- a/content/public/browser/web_contents.h
+++ b/content/public/browser/web_contents.h
@@ -151,6 +151,12 @@ class WebContents : public PageNavigator,
    // window.open('', 'bar')).
    std::string main_frame_name;

+    // New window starts from the initial empty document. When created by an
+    // opener, the latter can request an initial navigation attempt to be made.
+    // This is the url specified in: `window.open(initial_popup_url, ...)`.
+    // This is empty otherwise.
+    GURL initial_popup_url;
+
    // True if the contents should be initially hidden.
    bool initially_hidden;


--- a/services/network/public/mojom/cross_origin_opener_policy.mojom
+++ b/services/network/public/mojom/cross_origin_opener_policy.mojom
@@ -18,8 +18,6 @@ enum CoopAccessReportType {
 };

 // Reports potential COOP violations. Implemented in the browser process.
-// TODO(ahemery, pmeuleman): Add extra coop breakage cases as listed in
-// https://docs.google.com/document/d/1zWqwI8PFrezwQpBSejIMUfdtsIYl9-h8epasdrDXVIM/edit
 interface CrossOriginOpenerPolicyReporter {
  // Sends a report when two browsing contexts from different virtual browsing
  // context groups tries to access each other.
@@ -30,9 +28,6 @@ interface CrossOriginOpenerPolicyReporter {
  QueueAccessReport(CoopAccessReportType report_type, string property,
                    SourceLocation source_location,
                    string reported_window_url);
-
-  // Connects a new pipe to this instance.
-  Clone(pending_receiver<CrossOriginOpenerPolicyReporter> receiver);
 };

 // Cross-Origin-Opener-Policy enum representing parsed values.

--- a/third_party/blink/web_tests/external/wpt/html/cross-origin-opener-policy/reporting/access-reporting/access-from-coop-page-to-openee_coop-ro.https.html
+++ b/third_party/blink/web_tests/external/wpt/html/cross-origin-opener-policy/reporting/access-reporting/access-from-coop-page-to-openee_coop-ro.https.html
@@ -73,6 +73,7 @@ let runTest = (openee_redirect, name) => promise_test(async t => {
  assert_equals(report.body.openeeURL, openee_url);
  assert_equals(report.body.otherDocumentURL, undefined);
  assert_equals(report.body.referrer, undefined);
+  assert_equals(report.body.initialPopupURL, openee_requested_url);
 }, name);

 runTest(false, "access-from-coop-page-to-openee, same-origin");

--- a/third_party/blink/web_tests/external/wpt/html/cross-origin-opener-policy/reporting/access-reporting/access-from-coop-page-to-openee_coop-ro_cross-origin.https.html
+++ b/third_party/blink/web_tests/external/wpt/html/cross-origin-opener-policy/reporting/access-reporting/access-from-coop-page-to-openee_coop-ro_cross-origin.https.html
@@ -74,6 +74,7 @@ let runTest = (openee_redirect, name) => promise_test(async t => {
  assert_equals(report.body.openeeURL, "");
  assert_equals(report.body.otherDocumentURL, undefined);
  assert_equals(report.body.referrer, undefined);
+  assert_equals(report.body.initialPopupURL, openee_requested_url);
 }, name);

 runTest(false, "access-from-coop-page-to-openee, cross-origin");

--- a/third_party/blink/web_tests/external/wpt/html/cross-origin-opener-policy/reporting/access-reporting/access-from-coop-page-to-opener_coop-ro.https.html
+++ b/third_party/blink/web_tests/external/wpt/html/cross-origin-opener-policy/reporting/access-reporting/access-from-coop-page-to-opener_coop-ro.https.html
@@ -52,6 +52,7 @@ let runTest = (openee_redirect, name) => promise_test(async t => {
  assert_equals(report.body.openeeURL, undefined);
  assert_equals(report.body.otherDocumentURL, undefined);
  assert_equals(report.body.referrer, opener_url);
+  assert_equals(report.body.initialPopupURL, undefined);
 }, name);

 runTest(false, "access-from-coop-page-to-opener, same-origin");

--- a/third_party/blink/web_tests/external/wpt/html/cross-origin-opener-policy/reporting/access-reporting/access-from-coop-page-to-opener_coop-ro_cross-origin.https.html
+++ b/third_party/blink/web_tests/external/wpt/html/cross-origin-opener-policy/reporting/access-reporting/access-from-coop-page-to-opener_coop-ro_cross-origin.https.html
@@ -53,6 +53,7 @@ let runTest = (openee_redirect, name) => promise_test(async t => {
  assert_equals(report.body.openeeURL, undefined);
  assert_equals(report.body.otherDocumentURL, undefined);
  assert_equals(report.body.referrer, opener_url);
+  assert_equals(report.body.initialPopupURL, undefined);
 }, name);

 runTest(false, "access-from-coop-page-to-opener, cross-origin");

--- a/third_party/blink/web_tests/external/wpt/html/cross-origin-opener-policy/reporting/access-reporting/access-from-coop-page-to-other_coop-ro.https.html
+++ b/third_party/blink/web_tests/external/wpt/html/cross-origin-opener-policy/reporting/access-reporting/access-from-coop-page-to-other_coop-ro.https.html
@@ -85,6 +85,7 @@ promise_test(async t => {
  assert_equals(report.body.openeeURL, undefined);
  assert_equals(report.body.otherDocumentURL, other_url.replace(/"/g, '%22'));
  assert_equals(report.body.referrer, undefined);
+  assert_equals(report.body.initialPopupURL, undefined);
 }, "access-from-coop-page-to-other (COOP-RO)");

 </script>
--- a/third_party/blink/web_tests/external/wpt/html/cross-origin-opener-policy/reporting/access-reporting/access-to-coop-page-from-openee_coop-ro.https.html
+++ b/third_party/blink/web_tests/external/wpt/html/cross-origin-opener-policy/reporting/access-reporting/access-to-coop-page-from-openee_coop-ro.https.html
@@ -67,6 +67,7 @@ let runTest = (openee_redirect, name) => promise_test(async t => {
  assert_equals(report.body.openeeURL, openee_url);
  assert_equals(report.body.otherDocumentURL, undefined);
  assert_equals(report.body.referrer, undefined);
+  assert_equals(report.body.initialPopupURL, openee_requested_url);
 }, name);

 runTest(false, "access-to-coop-page-from-openee, same-origin");

--- a/third_party/blink/web_tests/external/wpt/html/cross-origin-opener-policy/reporting/access-reporting/access-to-coop-page-from-openee_coop-ro_cross-origin.https.html
+++ b/third_party/blink/web_tests/external/wpt/html/cross-origin-opener-policy/reporting/access-reporting/access-to-coop-page-from-openee_coop-ro_cross-origin.https.html
@@ -68,6 +68,8 @@ let runTest = (openee_redirect, name) => promise_test(async t => {
  assert_equals(report.body.openeeURL, "");
  assert_equals(report.body.otherDocumentURL, undefined);
  assert_equals(report.body.referrer, undefined);
+  assert_equals(report.body.referrer, undefined);
+  assert_equals(report.body.initialPopupURL, openee_requested_url);
 }, name);

 runTest(false, "access-to-coop-page-from-openee, cross-origin");

--- a/third_party/blink/web_tests/external/wpt/html/cross-origin-opener-policy/reporting/access-reporting/access-to-coop-page-from-opener_coop-ro.https.html
+++ b/third_party/blink/web_tests/external/wpt/html/cross-origin-opener-policy/reporting/access-reporting/access-to-coop-page-from-opener_coop-ro.https.html
@@ -59,6 +59,7 @@ let runTest = (openee_redirect, name) => promise_test(async t => {
  assert_equals(report.body.openeeURL, undefined);
  assert_equals(report.body.otherDocumentURL, undefined);
  assert_equals(report.body.referrer, opener_url);
+  assert_equals(report.body.initialPopupURL, undefined);
 }, name);

 runTest(false, "access-to-coop-page-from-opener, same-origin");

--- a/third_party/blink/web_tests/external/wpt/html/cross-origin-opener-policy/reporting/access-reporting/access-to-coop-page-from-opener_coop-ro_cross-origin.https.html
+++ b/third_party/blink/web_tests/external/wpt/html/cross-origin-opener-policy/reporting/access-reporting/access-to-coop-page-from-opener_coop-ro_cross-origin.https.html
@@ -60,6 +60,7 @@ let runTest = (openee_redirect, name) => promise_test(async t => {
  assert_equals(report.body.openeeURL, undefined);
  assert_equals(report.body.otherDocumentURL, undefined);
  assert_equals(report.body.referrer, opener_url);
+  assert_equals(report.body.initialPopupURL, undefined);
 }, name);

 runTest(false, "access-to-coop-page-from-opener, cross-origin");

--- a/third_party/blink/web_tests/external/wpt/html/cross-origin-opener-policy/reporting/access-reporting/access-to-coop-page-from-other_coop-ro.https.html
+++ b/third_party/blink/web_tests/external/wpt/html/cross-origin-opener-policy/reporting/access-reporting/access-to-coop-page-from-other_coop-ro.https.html
@@ -73,6 +73,7 @@ promise_test(async t => {
  assert_equals(report.body.openeeURL, undefined);
  assert_equals(report.body.otherDocumentURL, other_url);
  assert_equals(report.body.referrer, undefined);
+  assert_equals(report.body.initialPopupURL, undefined);
 }, "access-to-coop-page-from-other (COOP-RO)");

 </script>
--- a/third_party/blink/web_tests/external/wpt/html/cross-origin-opener-policy/reporting/access-reporting/access-to-coop-page-from-other_coop-ro_cross-origin.https.html
+++ b/third_party/blink/web_tests/external/wpt/html/cross-origin-opener-policy/reporting/access-reporting/access-to-coop-page-from-other_coop-ro_cross-origin.https.html
@@ -74,6 +74,7 @@ promise_test(async t => {
  assert_equals(report.body.openeeURL, undefined);
  assert_equals(report.body.otherDocumentURL, "");
  assert_equals(report.body.referrer, undefined);
+  assert_equals(report.body.initialPopupURL, undefined);
 }, "access-to-coop-page-from-other (COOP-RO)");

 </script>