[COOP] Add same-origin test for redirect+SOAP

Follow up on [1] adding the same-origin version of the test. I.e. the first document of the popup is same-origin instead of cross-origin. 1: https://chromium-review.googlesource.com/c/chromium/src/+/2332260 Change-Id: I30a187b2c6a943abe44c5e3cff4e95ea36f5fccd Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2338874 Commit-Queue: Pâris Meuleman <pmeuleman@chromium.org> Auto-Submit: Pâris Meuleman <pmeuleman@chromium.org> Reviewed-by: Arthur Sonzogni <arthursonzogni@chromium.org> Reviewed-by: Camille Lamy <clamy@chromium.org> Cr-Commit-Position: refs/heads/master@{#795414}

[COOP] Add same-origin test for redirect+SOAP
Follow up on [1] adding the same-origin version of the test. I.e. the first document of the popup is same-origin instead of cross-origin. 1: https://chromium-review.googlesource.com/c/chromium/src/+/2332260 Change-Id: I30a187b2c6a943abe44c5e3cff4e95ea36f5fccd Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2338874 Commit-Queue: Pâris Meuleman <pmeuleman@chromium.org> Auto-Submit: Pâris Meuleman <pmeuleman@chromium.org> Reviewed-by: Arthur Sonzogni <arthursonzogni@chromium.org> Reviewed-by: Camille Lamy <clamy@chromium.org> Cr-Commit-Position: refs/heads/master@{#795414}
bd9e2836 · Pâris MEULEMAN · Commit Bot · 09248296 · bd9e2836 · bd9e2836
Commit bd9e2836 authored Aug 06, 2020 by Pâris MEULEMAN Committed by Commit Bot Aug 06, 2020
2 changed files
--- a/third_party/blink/web_tests/external/wpt/html/cross-origin-opener-policy/reporting/navigation-reporting/reporting-redirect-with-same-origin-allow-popups.https-expected.txt
+++ b/third_party/blink/web_tests/external/wpt/html/cross-origin-opener-policy/reporting/navigation-reporting/reporting-redirect-with-same-origin-allow-popups.https-expected.txt
 This is a testharness.js-based test.
-FAIL Cross-origin openee redirected to same-origin with same-origin-allow-popups assert_equals: opener expected "false" but got "true"
+FAIL Same origin openee redirected to same-origin with same-origin-allow-popups assert_equals: opener expected "false" but got "true"
+FAIL Cross origin openee redirected to same-origin with same-origin-allow-popups assert_equals: opener expected "false" but got "true"
 Harness: the test ran to completion.
--- a/third_party/blink/web_tests/external/wpt/html/cross-origin-opener-policy/reporting/navigation-reporting/reporting-redirect-with-same-origin-allow-popups.https.html
+++ b/third_party/blink/web_tests/external/wpt/html/cross-origin-opener-policy/reporting/navigation-reporting/reporting-redirect-with-same-origin-allow-popups.https.html
 <title>
-  COOP reports are to the opener when the opener used COOP-RO+COEP and then its
+  Tests the redirect interaction with COOP same-origin-allow-popups.
-  cross-origin openee tries to access it.
 </title>
 <meta name=timeout content=long>
 <script src=/resources/testharness.js></script>
@@ -12,72 +11,105 @@
 const directory = "/html/cross-origin-opener-policy/reporting";
 const executor_path = directory + "/resources/executor.html?pipe=";
-const same_origin = get_host_info().HTTPS_ORIGIN;
+const same_origin = {
-const cross_origin = get_host_info().HTTPS_REMOTE_ORIGIN;
+  host: get_host_info().HTTPS_ORIGIN,
+  name: "Same origin"
+};
+const cross_origin = {
+  host: get_host_info().HTTPS_REMOTE_ORIGIN,
+  name: "Cross origin"
+};
 const coep_header = '|header(Cross-Origin-Embedder-Policy,require-corp)';
-promise_test(async t => {
+// Tests the redirect interaction with COOP same-origin-allow-popups and
-  // The test window.
+// reporting:
-  const this_window_token = token();
+// 1 - open the opener document on origin same_origin wit COOP
+// same-origin-allow-popups.
+// 2 - opener opens popup with document on origin popup_origin, no COOP and a
+// redirect header (HTTP 302, location).
+// 3 - redirection to a document with origin same_origin and COOP
+// same-origin-allow-popups.
+//
+// The navigation (2) to the first document of the popup stays in the same
+// browsing context group due to the same-origin-allow-popups COOP of the
+// opener.
+// The redirect (3) to the final document does since it compares the
+// popup_origin/unsafe-none document with the
+// same-origin/same-origin-allow-popups document.
+//
+// A opens B, B redirects to C.
+//
+// Document  Origin        COOP
+// --------  ------------  ------------------------
+// A         same-origin   same-origin-allow-popups
+// B         popup-origin  unsafe-none
+// C         same-origin   same-origin-allow-popups
+function redirect_test( popup_origin ) {
+  promise_test(async t => {
+    // The test window.
+    const this_window_token = token();
-  // The "opener" window. This has COOP same-origin-allow-popups and a reporter.
+    // The "opener" window. This has COOP same-origin-allow-popups and a
-  const opener_report_token= token();
+    // reporter.
-  const opener_token = token();
+    const opener_report_token= token();
-  const opener_reportTo = reportToHeaders(opener_report_token);
+    const opener_token = token();
-  const opener_url = same_origin + executor_path + opener_reportTo.header +
+    const opener_reportTo = reportToHeaders(opener_report_token);
-    opener_reportTo.coopSameOriginAllowPopupsHeader +
+    const opener_url = same_origin.host + executor_path +
-    `&uuid=${opener_token}`;
+      opener_reportTo.header + opener_reportTo.coopSameOriginAllowPopupsHeader +
+      `&uuid=${opener_token}`;
-  // The "openee" window.
+    // The "openee" window.
-  // The initial URL is cross-origin with the opener, and redirects to a
+    // The initial document does not have COOP and is on popup_origin, it
-  // same-origin page with same-origin-allow-popups.
+    // redirects to a same-origin (with the opener) document with COOP
-  // The navigation to the cross-origin page stays in the same browsing context
+    // same-origin-allow-popups.
-  // group due to the same-origin-allow-popups policy, but the redirect to the
+    const openee_token = token();
-  // final page does since it compares the cross-origin/unsafe-none document
+    const openee_redirect_url = same_origin.host + executor_path +
-  // with the same-origin/same-origin-allow-popups document.
+      opener_reportTo.header + opener_reportTo.coopSameOriginAllowPopupsHeader +
-  const openee_token = token();
+      `&uuid=${openee_token}`;
-  const openee_redirect_url = same_origin + executor_path +
+    const redirect_header = 'status(302)' +
-    opener_reportTo.header + opener_reportTo.coopSameOriginAllowPopupsHeader +
+      `|header(Location,${encodeURIComponent(
-    `&uuid=${openee_token}`;
+        openee_redirect_url
-  const redirect_header = 'status(302)' +
+          .replace(/,/g, "\\,")
-    `|header(Location,${encodeURIComponent(
+          .replace(/\\\\,/g, "\\\\\\,")
-      openee_redirect_url
+          .replace(/\(/g, "%28")
-        .replace(/,/g, "\\,")
+          .replace(/\)/g, "%29"))})`;
-        .replace(/\\\\,/g, "\\\\\\,")
+    const openee_url = popup_origin.host + executor_path + redirect_header +
-        .replace(/\(/g, "%28")
+      `&uuid=${openee_token}`;
-        .replace(/\)/g, "%29"))})`;
+    // 1. Create the opener window.
-  const openee_url = cross_origin + executor_path + redirect_header +
+    let opener_window_proxy = window.open(opener_url);
-    `&uuid=${openee_token}`;
+    t.add_cleanup(() => send(opener_token, "window.close()"));
-  // 1. Create the opener window.
-  let opener_window_proxy = window.open(opener_url);
-  t.add_cleanup(() => send(opener_token, "window.close()"));
-  // 2. The opener opens its openee.
+    // 2. The opener opens its openee.
-  send(opener_token, `
+    send(opener_token, `
-    openee = window.open("${openee_url}");
+      openee = window.open("${openee_url}");
-  `);
+    `);
-  t.add_cleanup(() => send(openee_token, "window.close()"));
+    t.add_cleanup(() => send(openee_token, "window.close()"));
-  // 3. Check the opener status on the openee.
+    // 3. Check the opener status on the openee.
-  send(openee_token, `
+    send(openee_token, `
-    send("${this_window_token}", opener !== null);
+      send("${this_window_token}", opener !== null);
-  `);
+    `);
-  assert_equals(await receive(this_window_token), "false", "opener");
+    assert_equals(await receive(this_window_token), "false", "opener");
-  // 4. Check the openee status on the opener.
+    // 4. Check the openee status on the opener.
-  send(opener_token, `
+    send(opener_token, `
-    send("${this_window_token}", openee.closed);
+      send("${this_window_token}", openee.closed);
-  `);
+    `);
-  assert_equals(await receive(this_window_token), "true", "openee.closed");
+    assert_equals(await receive(this_window_token), "true", "openee.closed");
-  // 5. Check a report sent to the openee.
+    // 5. Check a report sent to the openee.
-  let report = await receiveReport(opener_report_token, "navigation-to-document")
+    let report = await receiveReport(
-  assert_not_equals(report, "timeout", "Report not received");
+        opener_report_token,
-  assert_equals(report.type, "coop");
+        "navigation-to-document");
-  assert_equals(report.url, openee_redirect_url.replace(/"/g, '%22'));
+    assert_not_equals(report, "timeout", "Report not received");
-  assert_equals(report.body["disposition"], "enforce");
+    assert_equals(report.type, "coop");
-  assert_equals(report.body["effective-policy"], "same-origin-allow-popups");
+    assert_equals(report.url, openee_redirect_url.replace(/"/g, '%22'));
-  assert_equals(report.body["document-uri"], openee_url);
+    assert_equals(report.body["disposition"], "enforce");
-}, "Cross-origin openee redirected to same-origin with same-origin-allow-popups");
+    assert_equals(report.body["effective-policy"], "same-origin-allow-popups");
+    assert_equals(report.body["document-uri"], openee_url);
+  }, `${popup_origin.name} openee redirected to same-origin with same-origin-allow-popups`);
+}
+redirect_test(same_origin);
+redirect_test(cross_origin);
 </script>