| <title> |
| This tests the inheritance of COOP for navigations to about:blank. |
| </title> |
| <meta name=timeout content=long> |
| <script src="/resources/testharness.js"></script> |
| <script src="/resources/testharnessreport.js"></script> |
| <script src="/common/get-host-info.sub.js"></script> |
| <script src="/common/utils.js"></script> |
| <script src="/html/cross-origin-opener-policy/resources/dispatcher.js"></script> |
| |
| <p>Non-initial empty documents (about:blank) should inherit their |
| cross-origin-opener-policy from the navigation's initiator top level document, |
| if the initiator and its top level document are same-origin, or default |
| (unsafe-none) otherwise. |
| </p> |
| |
| <ol> |
| <li>Create the opener popup with a given COOP <code>openerCOOP</code>.</li> |
| <li>Add iframe to the opener popup that is either same-origin or |
| cross-origin. |
| </li> |
| <li>Opener's iframe opens a new window, to a network document with <code>openeeCOOP</code>.</li> |
| <li>Opener's iframe navigates the openee popup to about:blank.</li> |
| </ol> |
| |
| <script> |
| const directory = "/html/cross-origin-opener-policy"; |
| const executor_path = directory + "/resources/executor.html?pipe="; |
| const same_origin = get_host_info().HTTPS_ORIGIN; |
| const cross_origin = get_host_info().HTTPS_REMOTE_ORIGIN; |
| const coop_same_origin_header = |
| '|header(Cross-Origin-Opener-Policy,same-origin)'; |
| const coop_same_origin_allow_popups_header = |
| '|header(Cross-Origin-Opener-Policy,same-origin-allow-popups)'; |
| const coop_unsafe_none_header = |
| '|header(Cross-Origin-Opener-Policy,unsafe-none)'; |
| |
| function navigateToAboutBlankTest( |
| opener_COOP_header, |
| iframe_origin, |
| openee_COOP_header, |
| openee_origin, |
| expect_openee_closed |
| ){ |
| return promise_test(async t => { |
| const this_window_token = token(); |
| const opener_token = token(); |
| const openee_token = token(); |
| const iframe_token = token(); |
| |
| const opener_url = same_origin + executor_path + opener_COOP_header + |
| `&uuid=${opener_token}`; |
| const openee_url = openee_origin + executor_path + openee_COOP_header + |
| `&uuid=${openee_token}`; |
| const iframe_url = iframe_origin + executor_path + `&uuid=${iframe_token}`; |
| |
| t.add_cleanup(() => { |
| send(openee_token, "window.close()"); |
| send(opener_token, "window.close()"); |
| }); |
| |
| // 1. Create the opener window. |
| let opener_window_proxy = window.open(opener_url, opener_token); |
| |
| // 2. Create the iframe. |
| send(opener_token, ` |
| iframe = document.createElement('iframe'); |
| iframe.src = "${iframe_url}"; |
| document.body.appendChild(iframe); |
| `); |
| |
| // 3. The iframe opens its openee window. |
| send(iframe_token, ` |
| window.openee = window.open( |
| '${openee_url.replace(/,/g, '\\,')}', |
| "${openee_token}" |
| ); |
| `); |
| |
| // 4. Ensure the popup is fully loaded. |
| send(openee_token, `send("${this_window_token}", "Ack");`); |
| assert_equals(await receive(this_window_token), "Ack"); |
| |
| // 5. The iframe navigates openee to about:blank. |
| send(iframe_token, ` |
| window.openee_blank = window.open('about:blank', "${openee_token}"); |
| (async function() { |
| const timeout = 2000; |
| const retry_delay = 100; |
| for(let i = 0; i * retry_delay < timeout; ++i) { |
| // A try-catch block is used, because of same-origin policy, |
| // preventing access to the document before committing about:blank. |
| try { |
| if (window.openee_blank.closed || |
| window.openee_blank.document.location.href == "about:blank") { |
| send("${this_window_token}", "about:blank loaded"); |
| return; |
| } |
| } catch(e) {} |
| await new Promise(resolve => setTimeout(resolve, retry_delay)); |
| } |
| send("${this_window_token}", "about:blank not loaded"); |
| })() |
| `); |
| assert_equals(await receive(this_window_token), "about:blank loaded"); |
| |
| |
| // 6. Retrieve and check the results. |
| send(iframe_token, ` |
| send("${this_window_token}", window.openee.closed); |
| `); |
| assert_equals(await receive(this_window_token), `${expect_openee_closed}`); |
| }, `Navigate to about:blank from iframe with opener.top \ |
| COOP: ${opener_COOP_header}, iframe origin: ${iframe_origin}, \ |
| openee COOP: ${openee_COOP_header}, openee origin: ${openee_origin}.`); |
| }; |
| |
| // iframe same-origin with its top-level embedder: |
| // initial empty document and about:blank navigations initiated from the |
| // same-origin iframe will inherit the COOP from the iframe's top-level embedder. |
| |
| // Since all navigations of openee are within same-origin pages with the |
| // same COOP value, there are no browsing context group switches. |
| navigateToAboutBlankTest( |
| coop_same_origin_header, |
| same_origin, |
| coop_same_origin_header, |
| same_origin, |
| false |
| ); |
| |
| // Since all navigations of openee are within same-origin pages with the |
| // same COOP value, there are no browsing context group switches. |
| navigateToAboutBlankTest( |
| coop_same_origin_allow_popups_header, |
| same_origin, |
| coop_same_origin_allow_popups_header, |
| same_origin, |
| false |
| ); |
| |
| // The first openee navigation, from initial empty document to |
| // cross-origin will not switch the browsing context group, thanks to the |
| // same-origin-allow-popups behavior. |
| // The second openee navigation, to about:blank, will inherit from the |
| // iniatiator's, the iframe, top. Navigating from a COOP: unsafe-none page to |
| // a COOP: same-origin-allow-popups page causes a browsing context group |
| // switch. |
| navigateToAboutBlankTest( |
| coop_same_origin_allow_popups_header, |
| same_origin, |
| coop_unsafe_none_header, |
| cross_origin, |
| true |
| ); |
| |
| // iframe cross-origin with its top-level embedder: |
| // initial empty document and about:blank navigations initiated from the |
| // cross-origin iframe will default COOP to unsafe-none. |
| |
| // The navigation from the initial empty document and the cross_origin url |
| // does not cause a browsing context group switch |
| // (both have COOP: unsafe-none). |
| // The navigation from the cross-origin url to about:blank does not cause a |
| // browsing context group swich, about:blank defaulted its COOP value to |
| // unsafe-none. |
| navigateToAboutBlankTest( |
| coop_same_origin_allow_popups_header, |
| cross_origin, |
| coop_unsafe_none_header, |
| cross_origin, |
| false |
| ); |
| </script> |