CookieStore: Add behavior for opaque origins

This change adds behavior for opaque origins specified here [1], and wpt
to validate its behavior.

[1] https://wicg.github.io/cookie-store/#CookieStore-get

Change-Id: Id947c964910857ba85dffdc6d7c1e45ef8b49029
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2137926
Commit-Queue: Ayu Ishii <ayui@chromium.org>
Reviewed-by: Victor Costan <pwnall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#757543}

third_party/blink/renderer/modules/cookie_store/cookie_store.cc

@@ -397,6 +397,13 @@ ScriptPromise CookieStore::DoRead(
     const CookieStoreGetOptions* options,
     DoReadBackendResultConverter backend_result_converter,
     ExceptionState& exception_state) {
+  ExecutionContext* context = ExecutionContext::From(script_state);
+  if (!context->GetSecurityOrigin()->CanAccessCookies()) {
+    exception_state.ThrowSecurityError(
+        "Access to the CookieStore API is denied in this context.");
+    return ScriptPromise();
+  }
+
   network::mojom::blink::CookieManagerGetOptionsPtr backend_options =
       ToBackendOptions(options, exception_state);
   KURL cookie_url = CookieUrlForRead(options, default_cookie_url_, script_state,
@@ -462,6 +469,13 @@ void CookieStore::GetAllForUrlToGetResult(
 ScriptPromise CookieStore::DoWrite(ScriptState* script_state,
                                    const CookieStoreSetExtraOptions* options,
                                    ExceptionState& exception_state) {
+  ExecutionContext* context = ExecutionContext::From(script_state);
+  if (!context->GetSecurityOrigin()->CanAccessCookies()) {
+    exception_state.ThrowSecurityError(
+        "Access to the CookieStore API is denied in this context.");
+    return ScriptPromise();
+  }
+
   base::Optional<CanonicalCookie> canonical_cookie =
       ToCanonicalCookie(default_cookie_url_, options, exception_state);
   if (!canonical_cookie) {

third_party/blink/web_tests/external/wpt/cookie-store/cookieStore_get_arguments.tentative.https.any.js

@@ -139,11 +139,6 @@ promise_test(async testCase => {
 }, 'cookieStore.get with relative url in options');
 
 promise_test(async testCase => {
-  await cookieStore.set('cookie-name', 'cookie-value');
-  testCase.add_cleanup(async () => {
-    await cookieStore.delete('cookie-name');
-  });
-
   const invalid_url =
       `${self.location.protocol}//${self.location.host}/different/path`;
   await promise_rejects_js(testCase, TypeError, cookieStore.get(
@@ -151,11 +146,6 @@ promise_test(async testCase => {
 }, 'cookieStore.get with invalid url path in options');
 
 promise_test(async testCase => {
-  await cookieStore.set('cookie-name', 'cookie-value');
-  testCase.add_cleanup(async () => {
-    await cookieStore.delete('cookie-name');
-  });
-
   const invalid_url =
       `${self.location.protocol}//www.example.com${self.location.pathname}`;
   await promise_rejects_js(testCase, TypeError, cookieStore.get(

third_party/blink/web_tests/external/wpt/cookie-store/cookieStore_opaque_origin.tentative.https.html

+<!DOCTYPE html>
+<meta charset=utf-8>
+<title>Cookie Store API: Opaque origins for cookieStore</title>
+<link rel=help href="https://wicg.github.io/cookie-store/">
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+<script>
+
+const apiCalls = {
+  'get': 'cookieStore.get()',
+  'getAll': 'cookieStore.getAll()',
+  'set': 'cookieStore.set("cookie-name", "cookie-value")',
+  'delete': 'cookieStore.delete("cookie-name")'
+};
+
+const script = `
+<script>
+  "use strict";
+  window.onmessage = async () => {
+    try {
+      await %s;
+      window.parent.postMessage({result: "no exception"}, "*");
+    } catch (ex) {
+      window.parent.postMessage({result: ex.name}, "*");
+    };
+  };
+<\/script>
+`;
+
+function load_iframe(apiCall, sandbox) {
+  return new Promise(resolve => {
+    const iframe = document.createElement('iframe');
+    iframe.onload = () => { resolve(iframe); };
+    if (sandbox)
+      iframe.sandbox = sandbox;
+    iframe.srcdoc = script.replace("%s", apiCalls[apiCall]);
+    iframe.style.display = 'none';
+    document.documentElement.appendChild(iframe);
+  });
+}
+
+function wait_for_message(iframe) {
+  return new Promise(resolve => {
+    self.addEventListener('message', function listener(e) {
+      if (e.source === iframe.contentWindow) {
+        resolve(e.data);
+        self.removeEventListener('message', listener);
+      }
+    });
+  });
+}
+
+promise_test(async t => {
+  for (apiCall in apiCalls) {
+    const iframe = await load_iframe(apiCall);
+    iframe.contentWindow.postMessage({}, '*');
+    const message = await wait_for_message(iframe);
+    assert_equals(message.result, 'no exception',
+      'cookieStore ${apiCall} should not throw');
+  }
+}, 'cookieStore in non-sandboxed iframe should not throw');
+
+promise_test(async t => {
+  for (apiCall in apiCalls) {
+    const iframe = await load_iframe(apiCall, 'allow-scripts');
+    iframe.contentWindow.postMessage({}, '*');
+    const message = await wait_for_message(iframe);
+    assert_equals(message.result, 'SecurityError',
+      'cookieStore ${apiCall} should throw SecurityError');
+  }
+}, 'cookieStore in sandboxed iframe should throw SecurityError');
+
+</script>