| <meta name=timeout content=long> |
| <title>reporting same origin with report-to</title> |
| <script src=/resources/testharness.js></script> |
| <script src=/resources/testharnessreport.js></script> |
| <script src="/common/get-host-info.sub.js"></script> |
| <script src="/common/utils.js"></script> |
| <script src="../../resources/common.js"></script> |
| <script src="../resources/dispatcher.js"></script> |
| <script src="../resources/reporting-common.js"></script> |
| <script> |
| |
| let tests = [ |
| // popup origin, popup COOP, popup COEP, popup COOP report only, popup COEP report only, expected reports |
| |
| // Open and navigate a popup to a same-origin page with the same COOP-COEP |
| // settings: no browsing context group switch hence no report expected. |
| [ |
| SAME_ORIGIN, |
| `same-origin; report-to="${popupReportEndpoint.name}"`, |
| "require-corp", |
| "", |
| "", |
| [] |
| ], |
| // Open a same-origin popup with a same-origin COOP but no COEP. Produces two |
| // reports (one from and one to). The from report has an effective-policy of |
| // same-origin-plus-coep, both pages being same origin, the entire |
| // next/pervious document urls are available. |
| [ |
| SAME_ORIGIN, |
| `same-origin; report-to="${popupReportEndpoint.name}"`, |
| "", |
| "", |
| "", |
| [ |
| { |
| "endpoint": reportEndpoint, |
| "report": { |
| "body": { |
| "disposition": "enforce", |
| "document-uri": `${location.href}`, |
| "effective-policy": "same-origin-plus-coep", |
| "navigation-uri": /uuid=EXECUTOR_UUID$/, // next destination url |
| "violation-type": "navigation-from-document" |
| }, |
| "url": `${location.href}`, |
| "type": "coop" |
| } |
| }, |
| { |
| "endpoint": popupReportEndpoint, |
| "report": { |
| "body": { |
| "disposition": "enforce", |
| "document-uri": /uuid=EXECUTOR_UUID$/, |
| "effective-policy": "same-origin", |
| "navigation-uri": `${location.href}`, // previous document url |
| "violation-type": "navigation-to-document" |
| }, |
| "url": /uuid=EXECUTOR_UUID$/, |
| "type": "coop" |
| } |
| } |
| ] |
| ], |
| // Open a cross-origin popup with a same-origin COOP and COEP. Produces two |
| // reports (one from and one to). The from report has an effective-policy of |
| // same-origin-plus-coep, both pages being cross origin, the next/pervious |
| // document urls are not available and the initial document url/referrer are |
| // used instead. |
| [ |
| CROSS_ORIGIN, |
| `same-origin; report-to="${popupReportEndpoint.name}"`, |
| "require-corp", |
| "", |
| "", |
| [ |
| { |
| "endpoint": reportEndpoint, |
| "report": { |
| "body": { |
| "disposition": "enforce", |
| "document-uri": `${location.href}`, |
| "effective-policy": "same-origin-plus-coep", |
| "navigation-uri": /uuid=EXECUTOR_UUID$/, // initial navigation url |
| "violation-type": "navigation-from-document" |
| }, |
| "url": `${location.href}`, |
| "type": "coop" |
| } |
| }, |
| { |
| "endpoint": popupReportEndpoint, |
| "report": { |
| "body": { |
| "disposition": "enforce", |
| "document-uri": /uuid=EXECUTOR_UUID$/, |
| "effective-policy": "same-origin-plus-coep", |
| "navigation-uri": `${location.origin}/`, // referrer (origin, as dictated by the referrer policy) |
| "violation-type": "navigation-to-document" |
| }, |
| "url": /uuid=EXECUTOR_UUID$/, |
| "type": "coop" |
| } |
| } |
| ] |
| ], |
| ]; |
| |
| runNavigationReportingTests(document.title, tests); |
| |
| </script> |