[COOP] access reporting: test with redirects.

There are some properties added to reports depending on the redirects.
This adds tests so that we can verify what is reported.

body.{referrer,initialPopupURL} depends directly from the redirects.
body.{openeeURL,openerURL,otherDocumentURL} might depend in the future
from the redirects.

Bug: 1090273
Change-Id: I2ca80ee2664005bd156e4cbf2c08f1d2983b91b7
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2424136
Commit-Queue: Pâris Meuleman <pmeuleman@chromium.org>
Commit-Queue: Arthur Sonzogni <arthursonzogni@chromium.org>
Reviewed-by: Pâris Meuleman <pmeuleman@chromium.org>
Cr-Commit-Position: refs/heads/master@{#810222}

third_party/blink/web_tests/external/wpt/html/cross-origin-opener-policy/reporting/access-reporting/access-from-coop-page-to-openee_coop-ro.https.html

@@ -13,10 +13,11 @@
 
 const directory = "/html/cross-origin-opener-policy/reporting";
 const executor_path = directory + "/resources/executor.html?pipe=";
+const redirect_path = directory + "/resources/redirect.py?";
 const same_origin = get_host_info().HTTPS_ORIGIN;
 const coep_header = '|header(Cross-Origin-Embedder-Policy,require-corp)';
 
-promise_test(async t => {
+let runTest = (openee_redirect, name) => promise_test(async t => {
   // The test window.
   const this_window_token = token();
 
@@ -29,9 +30,12 @@ promise_test(async t => {
     `&uuid=${opener_token}`;
 
   // The "openee" window. This is same origin with the "opener".
-  const openee_report_token= token();
+  const openee_report_token = token();
   const openee_token = token();
   const openee_url = same_origin + executor_path + `&uuid=${openee_token}`;
+  const openee_redirect_url = same_origin + redirect_path + openee_url
+  const openee_requested_url = openee_redirect ? openee_redirect_url
+                                               : openee_url;
 
   // 1. Create the opener window.
   let opener_window_proxy = window.open(opener_url);
@@ -39,7 +43,7 @@ promise_test(async t => {
 
   // 2. The opener opens it openee.
   send(opener_token, `
-    openee = window.open("${openee_url}");
+    openee = window.open("${openee_requested_url}");
     send("${this_window_token}", "ACK 1");
   `);
   assert_equals("ACK 1", await receive(this_window_token));
@@ -66,7 +70,9 @@ promise_test(async t => {
   assert_equals(report.body.effectivePolicy, "same-origin-plus-coep");
   assert_equals(report.body.property, "blur");
   assert_source_location_found(report);
-  // TODO(arthursonzogni): Check the window-blocked-url.
-}, "Opener (COOP-RO+COEP) accesses openee. Report to opener");
+}, name);
+
+runTest(false, "access-from-coop-page-to-openee, same-origin");
+runTest(true , "access-from-coop-page-to-openee, same-origin + redirect");
 
 </script>

third_party/blink/web_tests/external/wpt/html/cross-origin-opener-policy/reporting/access-reporting/access-from-coop-page-to-openee_coop-ro_cross-origin.https.html

@@ -13,11 +13,12 @@
 
 const directory = "/html/cross-origin-opener-policy/reporting";
 const executor_path = directory + "/resources/executor.html?pipe=";
+const redirect_path = directory + "/resources/redirect.py?";
 const same_origin = get_host_info().HTTPS_ORIGIN;
 const cross_origin = get_host_info().HTTPS_REMOTE_ORIGIN;
 const coep_header = '|header(Cross-Origin-Embedder-Policy,require-corp)';
 
-promise_test(async t => {
+let runTest = (openee_redirect, name) => promise_test(async t => {
   // The test window.
   const this_window_token = token();
 
@@ -33,6 +34,9 @@ promise_test(async t => {
   const openee_report_token= token();
   const openee_token = token();
   const openee_url = cross_origin + executor_path + `&uuid=${openee_token}`;
+  const openee_redirect_url = same_origin + redirect_path + openee_url
+  const openee_requested_url = openee_redirect ? openee_redirect_url
+                                               : openee_url;
 
   // 1. Create the opener window.
   let opener_window_proxy = window.open(opener_url);
@@ -40,7 +44,7 @@ promise_test(async t => {
 
   // 2. The opener opens it openee.
   send(opener_token, `
-    openee = window.open("${openee_url}");
+    openee = window.open("${openee_requested_url}");
     send("${this_window_token}", "ACK 1");
   `);
   assert_equals("ACK 1", await receive(this_window_token));
@@ -67,7 +71,9 @@ promise_test(async t => {
   assert_equals(report.body.effectivePolicy, "same-origin-plus-coep");
   assert_equals(report.body.property, "blur");
   assert_source_location_found(report);
-  // TODO(arthursonzogni): Check the window-blocked-url.
-}, "Opener (COOP-RO+COEP) accesses openee. Report to opener");
+}, name);
+
+runTest(false, "access-from-coop-page-to-openee, cross-origin");
+runTest(true , "access-from-coop-page-to-openee, cross-origin + redirect");
 
 </script>

third_party/blink/web_tests/external/wpt/html/cross-origin-opener-policy/reporting/access-reporting/access-from-coop-page-to-opener_coop-ro.https.html

@@ -13,10 +13,11 @@
 
 const directory = "/html/cross-origin-opener-policy/reporting";
 const executor_path = directory + "/resources/executor.html?pipe=";
+const redirect_path = directory + "/resources/redirect.py?";
 const same_origin = get_host_info().HTTPS_ORIGIN;
 const coep_header = '|header(Cross-Origin-Embedder-Policy,require-corp)';
 
-promise_test(async t => {
+let runTest = (openee_redirect, name) => promise_test(async t => {
   const report_token = token();
   const openee_token = token();
 
@@ -24,7 +25,11 @@ promise_test(async t => {
   const openee_url = same_origin + executor_path +
     reportTo.header + reportTo.coopReportOnlySameOriginHeader + coep_header +
     `&uuid=${openee_token}`;
-  const openee = window.open(openee_url);
+  const openee_redirect_url = same_origin + redirect_path + openee_url
+  const openee_requested_url = openee_redirect ? openee_redirect_url
+                                               : openee_url;
+
+  const openee = window.open(openee_requested_url);
   t.add_cleanup(() => send(openee_token, "window.close()"))
 
   // 1. Try to access the opener. A report is sent, because of COOP-RO+COEP.
@@ -42,6 +47,9 @@ promise_test(async t => {
   assert_equals(report.body.effectivePolicy, "same-origin-plus-coep");
   assert_equals(report.body.property, "blur");
   assert_source_location_found(report);
-}, "Openee (COOP-RO+COEP) accesses opener. Report to openee");
+}, name);
+
+runTest(false, "access-from-coop-page-to-opener, same-origin");
+runTest(true , "access-from-coop-page-to-opener, same-origin + redirect");
 
 </script>

third_party/blink/web_tests/external/wpt/html/cross-origin-opener-policy/reporting/access-reporting/access-from-coop-page-to-opener_coop-ro_cross-origin.https.html

@@ -13,10 +13,12 @@
 
 const directory = "/html/cross-origin-opener-policy/reporting";
 const executor_path = directory + "/resources/executor.html?pipe=";
+const redirect_path = directory + "/resources/redirect.py?";
+const same_origin = get_host_info().HTTPS_ORIGIN;
 const cross_origin = get_host_info().HTTPS_REMOTE_ORIGIN;
 const coep_header = '|header(Cross-Origin-Embedder-Policy,require-corp)';
 
-promise_test(async t => {
+let runTest = (openee_redirect, name) => promise_test(async t => {
   const report_token = token();
   const openee_token = token();
 
@@ -24,7 +26,11 @@ promise_test(async t => {
   const openee_url = cross_origin + executor_path +
     reportTo.header + reportTo.coopReportOnlySameOriginHeader + coep_header +
     `&uuid=${openee_token}`;
-  const openee = window.open(openee_url);
+  const openee_redirect_url = same_origin + redirect_path + openee_url
+  const openee_requested_url = openee_redirect ? openee_redirect_url
+                                               : openee_url;
+
+  const openee = window.open(openee_requested_url);
   t.add_cleanup(() => send(openee_token, "window.close()"))
 
   // 1. Try to access the opener. A report is sent, because of COOP-RO+COEP.
@@ -42,6 +48,9 @@ promise_test(async t => {
   assert_equals(report.body.effectivePolicy, "same-origin-plus-coep");
   assert_equals(report.body.property, "blur");
   assert_source_location_found(report);
-}, "Openee (COOP-RO+COEP) accesses opener. Report to openee");
+}, name);
+
+runTest(false, "access-from-coop-page-to-opener, cross-origin");
+runTest(true , "access-from-coop-page-to-opener, cross-origin + redirect");
 
 </script>

third_party/blink/web_tests/external/wpt/html/cross-origin-opener-policy/reporting/access-reporting/access-to-coop-page-from-openee_coop-ro.https.html

@@ -13,10 +13,11 @@
 
 const directory = "/html/cross-origin-opener-policy/reporting";
 const executor_path = directory + "/resources/executor.html?pipe=";
+const redirect_path = directory + "/resources/redirect.py?";
 const same_origin = get_host_info().HTTPS_ORIGIN;
 const coep_header = '|header(Cross-Origin-Embedder-Policy,require-corp)';
 
-promise_test(async t => {
+let runTest = (openee_redirect, name) => promise_test(async t => {
   // The test window.
   const this_window_token = token();
 
@@ -32,6 +33,9 @@ promise_test(async t => {
   const openee_report_token= token();
   const openee_token = token();
   const openee_url = same_origin + executor_path + `&uuid=${openee_token}`;
+  const openee_redirect_url = same_origin + redirect_path + openee_url
+  const openee_requested_url = openee_redirect ? openee_redirect_url
+                                               : openee_url;
 
   // 1. Create the opener window.
   let opener_window_proxy = window.open(opener_url);
@@ -39,7 +43,7 @@ promise_test(async t => {
 
   // 2. The opener opens its openee.
   send(opener_token, `
-    openee = window.open("${openee_url}");
+    openee = window.open("${openee_requested_url}");
     send("${this_window_token}", "ACK 1");
   `);
   assert_equals("ACK 1", await receive(this_window_token));
@@ -60,7 +64,9 @@ promise_test(async t => {
   assert_equals(report.body.effectivePolicy, "same-origin-plus-coep");
   assert_equals(report.body.property, "blur");
   assert_source_location_missing(report);
-  // TODO(arthursonzogni): Check the window-blocked-url.
-}, "Openee accesses opener (COOP-RO-COEP). Report to opener");
+}, name);
+
+runTest(false, "access-to-coop-page-from-openee, same-origin");
+runTest(true , "access-to-coop-page-from-openee, same-origin + redirect");
 
 </script>

third_party/blink/web_tests/external/wpt/html/cross-origin-opener-policy/reporting/access-reporting/access-to-coop-page-from-openee_coop-ro_cross-origin.https.html

@@ -13,11 +13,12 @@
 
 const directory = "/html/cross-origin-opener-policy/reporting";
 const executor_path = directory + "/resources/executor.html?pipe=";
+const redirect_path = directory + "/resources/redirect.py?";
 const same_origin = get_host_info().HTTPS_REMOTE_ORIGIN;
 const cross_origin= get_host_info().HTTPS_ORIGIN;
 const coep_header = '|header(Cross-Origin-Embedder-Policy,require-corp)';
 
-promise_test(async t => {
+let runTest = (openee_redirect, name) => promise_test(async t => {
   // The test window.
   const this_window_token = token();
 
@@ -33,6 +34,9 @@ promise_test(async t => {
   const openee_report_token= token();
   const openee_token = token();
   const openee_url = cross_origin + executor_path + `&uuid=${openee_token}`;
+  const openee_redirect_url = same_origin + redirect_path + openee_url
+  const openee_requested_url = openee_redirect ? openee_redirect_url
+                                               : openee_url;
 
   // 1. Create the opener window.
   let opener_window_proxy = window.open(opener_url);
@@ -40,7 +44,7 @@ promise_test(async t => {
 
   // 2. The opener opens its openee.
   send(opener_token, `
-    openee = window.open("${openee_url}");
+    openee = window.open("${openee_requested_url}");
     send("${this_window_token}", "ACK 1");
   `);
   assert_equals("ACK 1", await receive(this_window_token));
@@ -61,7 +65,9 @@ promise_test(async t => {
   assert_equals(report.body.effectivePolicy, "same-origin-plus-coep");
   assert_equals(report.body.property, "blur");
   assert_source_location_missing(report);
-  // TODO(arthursonzogni): Check the window-blocked-url.
-}, "Openee accesses opener (COOP-RO-COEP). Report to opener");
+}, name);
+
+runTest(false, "access-to-coop-page-from-openee, cross-origin");
+runTest(true , "access-to-coop-page-from-openee, cross-origin + redirect)");
 
 </script>

third_party/blink/web_tests/external/wpt/html/cross-origin-opener-policy/reporting/access-reporting/access-to-coop-page-from-opener_coop-ro.https.html

@@ -13,10 +13,11 @@
 
 const directory = "/html/cross-origin-opener-policy/reporting";
 const executor_path = directory + "/resources/executor.html?pipe=";
+const redirect_path = directory + "/resources/redirect.py?";
 const same_origin = get_host_info().HTTPS_ORIGIN;
 const coep_header = '|header(Cross-Origin-Embedder-Policy,require-corp)';
 
-promise_test(async t => {
+let runTest = (openee_redirect, name) => promise_test(async t => {
   const report_token = token();
   const openee_token = token();
   const opener_token = token(); // The current test window.
@@ -25,7 +26,12 @@ promise_test(async t => {
   const openee_url = same_origin + executor_path + reportTo.header +
     reportTo.coopReportOnlySameOriginHeader + coep_header +
     `&uuid=${openee_token}`;
-  const openee = window.open(openee_url);
+  const openee_redirect_url = same_origin + redirect_path + openee_url
+  const openee_requested_url = openee_redirect ? openee_redirect_url
+                                               : openee_url;
+
+
+  const openee = window.open(openee_requested_url);
   t.add_cleanup(() => send(openee_token, "window.close()"))
 
   // 1. Make sure the new document to be loaded.
@@ -48,7 +54,9 @@ promise_test(async t => {
   assert_equals(report.body.effectivePolicy, "same-origin-plus-coep");
   assert_equals(report.body.property, "blur");
   assert_source_location_missing(report);
-  // TODO(arthursonzogni): Add check for report > body > blocked-window-url
-}, "Opener accesses openee (COOP-RO+COEP). Report to openee");
+}, name);
+
+runTest(false, "access-to-coop-page-from-opener, same-origin");
+runTest(true , "access-to-coop-page-from-opener, same-origin + redirect");
 
 </script>

third_party/blink/web_tests/external/wpt/html/cross-origin-opener-policy/reporting/access-reporting/access-to-coop-page-from-opener_coop-ro_cross-origin.https.html

@@ -13,10 +13,12 @@
 
 const directory = "/html/cross-origin-opener-policy/reporting";
 const executor_path = directory + "/resources/executor.html?pipe=";
+const redirect_path = directory + "/resources/redirect.py?";
+const same_origin = get_host_info().HTTPS_ORIGIN;
 const cross_origin = get_host_info().HTTPS_REMOTE_ORIGIN;
 const coep_header = '|header(Cross-Origin-Embedder-Policy,require-corp)';
 
-promise_test(async t => {
+let runTest = (openee_redirect, name) => promise_test(async t => {
   const report_token = token();
   const openee_token = token();
   const opener_token = token(); // The current test window.
@@ -25,7 +27,12 @@ promise_test(async t => {
   const openee_url = cross_origin + executor_path +
     reportTo.header + reportTo.coopReportOnlySameOriginHeader + coep_header +
     `&uuid=${openee_token}`;
-  const openee = window.open(openee_url);
+  const openee_redirect_url = same_origin + redirect_path + openee_url
+  const openee_requested_url = openee_redirect ? openee_redirect_url
+                                               : openee_url;
+
+
+  const openee = window.open(openee_requested_url);
   t.add_cleanup(() => send(openee_token, "window.close()"))
 
   // 1. Make sure the new document to be loaded.
@@ -48,7 +55,9 @@ promise_test(async t => {
   assert_equals(report.body.effectivePolicy, "same-origin-plus-coep");
   assert_equals(report.body.property, "blur");
   assert_source_location_missing(report);
-  // TODO(arthursonzogni): Add check for report > body > blocked-window-url
-}, "Opener accesses openee (COOP-RO+COEP). Report to openee");
+}, name);
+
+runTest(false, "access-to-coop-page-from-opener, cross-origin");
+runTest(true , "access-to-coop-page-from-opener, cross-origin + redirect");
 
 </script>

third_party/blink/web_tests/external/wpt/html/cross-origin-opener-policy/reporting/resources/dispatcher.js

@@ -18,7 +18,7 @@ const send = function(uuid, message) {
 }
 
 const receive = async function(uuid) {
-  const timeout = 3000;
+  const timeout = 2500;
   const retry_delay = 100;
   for(let i = 0; i * retry_delay < timeout; ++i) {
     let response = await fetch(dispatcher_url + `?uuid=${uuid}`);

third_party/blink/web_tests/external/wpt/html/cross-origin-opener-policy/reporting/resources/redirect.py

+def main(request, response):
+    response.status = 302
+    response.headers.set(b"Location", request.url[request.url.find('?')+1:])