COEP: Add CacheStorage+DedicatedWorker WPT tests.

Test CacheStorage responses entering in a COEP DedicatedWorker are enforced against CORP/CORS. In a follow-up, the implementation: https://chromium-review.googlesource.com/c/chromium/src/+/2080355/2 Bug: 1031542 Change-Id: Ia7b03317eb30727331ff00b49b8d61ad1b06e676 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2080353 Commit-Queue: Arthur Sonzogni <arthursonzogni@chromium.org> Reviewed-by: Yutaka Hirano <yhirano@chromium.org> Cr-Commit-Position: refs/heads/master@{#745517}

COEP: Add CacheStorage+DedicatedWorker WPT tests.
Test CacheStorage responses entering in a COEP DedicatedWorker are enforced against CORP/CORS. In a follow-up, the implementation: https://chromium-review.googlesource.com/c/chromium/src/+/2080355/2 Bug: 1031542 Change-Id: Ia7b03317eb30727331ff00b49b8d61ad1b06e676 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2080353 Commit-Queue: Arthur Sonzogni <arthursonzogni@chromium.org> Reviewed-by: Yutaka Hirano <yhirano@chromium.org> Cr-Commit-Position: refs/heads/master@{#745517}
f73c9cfb · arthursonzogni · Commit Bot · a2086c05 · f73c9cfb · f73c9cfb
Commit f73c9cfb authored Feb 28, 2020 by arthursonzogni Committed by Commit Bot Feb 28, 2020
4 changed files
--- a/third_party/blink/web_tests/external/wpt/html/cross-origin-embedder-policy/dedicated-worker-cache-storage.https-expected.txt
+++ b/third_party/blink/web_tests/external/wpt/html/cross-origin-embedder-policy/dedicated-worker-cache-storage.https-expected.txt
+This is a testharness.js-based test.
+PASS coep-none coep-none corp-cross-origin
+PASS coep-none coep-none corp-undefined
+PASS coep-none coep-require-corp corp-cross-origin
+PASS coep-none coep-require-corp corp-undefined
+PASS coep-require-corp coep-none corp-cross-origin
+FAIL coep-require-corp coep-none corp-undefined assert_equals: expected false but got true
+PASS coep-require-corp coep-require-corp corp-cross-origin
+FAIL coep-require-corp coep-require-corp corp-undefined assert_equals: expected false but got true
+Harness: the test ran to completion.
+
--- a/third_party/blink/web_tests/external/wpt/html/cross-origin-embedder-policy/dedicated-worker-cache-storage.https.html
+++ b/third_party/blink/web_tests/external/wpt/html/cross-origin-embedder-policy/dedicated-worker-cache-storage.https.html
+<!doctype html>
+<html>
+<title> Check enforcement of COEP in a DedicatedWorker using CacheStorage. </title>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+<script src="/common/get-host-info.sub.js"></script>
+<script>
+
+function remote(path) {
+  const REMOTE_ORIGIN = get_host_info().HTTPS_REMOTE_ORIGIN;
+  return new URL(path, REMOTE_ORIGIN);
+}
+
+const iframe_path = "./resources/iframe.html?pipe=";
+const dedicated_worker_path = "./dedicated-worker.js?pipe=";
+const ressource_path = "/images/blue.png?pipe=";
+
+const coep_header= {
+  "coep-none"         : "|header(Cross-Origin-Embedder-Policy,none)",
+  "coep-require-corp" : "|header(Cross-Origin-Embedder-Policy,require-corp)",
+}
+
+const corp_header = {
+  "corp-undefined": "",
+  "corp-cross-origin": "|header(Cross-Origin-Resource-Policy,cross-origin)",
+}
+
+// Check enforcement of COEP in a DedicatedWorker using CacheStorage.
+//
+// 1) Fetch a response from a document with COEP:none. Store it in the
+//    CacheStorage. The response is cross-origin without any CORS header.
+// 2) From an iframe, start a DedicatedWorker and try to retrieve the response
+//    from the CacheStorage.
+//
+// Test parameters:
+// - |iframe_coep| the COEP header of the iframe's document response
+// - |worker_coep| the COEP header of the DedicatedWorker's script response.
+// - |response_corp| the CORP header of the response.
+//
+// Test expectations:
+// |loaded| is true whenever the worker is able to fetch the response from
+// the CacheStorage. According to the specification:
+// https://mikewest.github.io/corpp/#initialize-embedder-policy-for-global
+// it must be false when:
+// - |iframe_coep| is 'coep-require-corp' and
+// - |response-corp| is 'corp-undefined'.
+//
+// |worker_coep| must be ignored.
+function check(
+  // Test parameters:
+  iframe_coep,
+  worker_coep,
+  response_corp,
+
+  // Test expectations:
+  loaded) {
+
+  promise_test(async (t) => {
+    // 1) Fetch a response from a document with COEP:none. Store it in the
+    //    CacheStorage. The response is cross-origin without any CORS header.
+    const resource_path = ressource_path + corp_header[response_corp];
+    const resource_url = remote(resource_path);
+    const fetch_request = new Request(resource_url, {mode: 'no-cors'});
+    const cache = await caches.open('v1');
+    const fetch_response = await fetch(fetch_request);
+    await cache.put(fetch_request, fetch_response);
+
+    // 2) From an iframe, start a DedicatedWorker and try to retrieve the
+    //    response from the CacheStorage.
+    const worker_url = dedicated_worker_path + coep_header[worker_coep];
+    const worker_eval = `
+      (async function() {
+        const cache = await caches.open('v1');
+        const request = new Request('${resource_url}', {
+          mode: 'no-cors'
+        });
+        try {
+          const response = await cache.match(request);
+          postMessage('success');
+        } catch(error) {
+          postMessage('error');
+        }
+      })()
+    `;
+
+    const iframe_url = iframe_path + coep_header[iframe_coep];
+    const iframe_eval = `
+      (async function() {
+        const w = new Worker('${worker_url}');
+        const worker_response = new Promise(resolve => w.onmessage = resolve);
+        w.postMessage(\`${worker_eval}\`);
+        const response = await worker_response;
+        parent.postMessage(response.data);
+      })();
+    `;
+
+    const iframe = document.createElement("iframe");
+    t.add_cleanup(() => iframe.remove());
+    iframe.src = iframe_url;
+    const iframe_loaded = new Promise(resolve => iframe.onload = resolve);
+    document.body.appendChild(iframe);
+    await iframe_loaded;
+
+    const iframe_response = new Promise(resolve => {
+      window.addEventListener("message", resolve);
+    })
+    iframe.contentWindow.postMessage(iframe_eval);
+
+    const {data} = await iframe_response;
+    assert_equals(data == "success", loaded);
+  }, `${iframe_coep} ${worker_coep} ${response_corp}`)
+}
+
+// -----------------------------------------------------------------------------
+//    iframe_coep         , worker_coep         , response_corp       , loaded
+// -----------------------------------------------------------------------------
+check("coep-none"         , "coep-none"         , "corp-cross-origin" , true);
+check("coep-none"         , "coep-none"         , "corp-undefined"    , true);
+check("coep-none"         , "coep-require-corp" , "corp-cross-origin" , true);
+check("coep-none"         , "coep-require-corp" , "corp-undefined"    , true);
+check("coep-require-corp" , "coep-none"         , "corp-cross-origin" , true);
+check("coep-require-corp" , "coep-none"         , "corp-undefined"    , false);
+check("coep-require-corp" , "coep-require-corp" , "corp-cross-origin" , true);
+check("coep-require-corp" , "coep-require-corp" , "corp-undefined"    , false);
+
+</script>
+</html>
--- a/third_party/blink/web_tests/external/wpt/html/cross-origin-embedder-policy/resources/dedicated-worker.js
+++ b/third_party/blink/web_tests/external/wpt/html/cross-origin-embedder-policy/resources/dedicated-worker.js
+onmessage = message => eval(message.data);
--- a/third_party/blink/web_tests/external/wpt/html/cross-origin-embedder-policy/resources/iframe.html
+++ b/third_party/blink/web_tests/external/wpt/html/cross-origin-embedder-policy/resources/iframe.html
+<script>
+  window.addEventListener("message", message => eval(message.data));
+</script>