Reland "Anonymous iframe: regression test with COI."
This is a reland of commit ab76764559964056dd98d168273e1ec7dfd938f3
https://chromium-review.googlesource.com/c/chromium/src/+/3653848
It was reverted in:
https://chromium-review.googlesource.com/c/chromium/src/+/3660186
This introduce a regression test. The test "Crash" in debug mode
and "Failure" in release mode. I forgot to add "Failure" too in
the TestExpectation file.
Original change's description:
> Anonymous iframe: regression test with COI.
>
> When embedding inside a cross-origin-isolated page, the
> NavigationRequest::CoopCoepSanityCheck() throw an error in debug mode,
> and causes the navigation to never complete in release mode.
>
> This patch adds regressions tests.
>
> Bug: 1314369
> Change-Id: Ia2273c58fb034f21152d71e211e311f71e25011d
> Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3653848
> Reviewed-by: Arthur Hemery <ahemery@chromium.org>
> Commit-Queue: Arthur Sonzogni <arthursonzogni@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#1006363}
Bug: 1314369
Change-Id: I06f5d1068691be17994fd4c33aa688f4f1365e13
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3660170
Auto-Submit: Arthur Sonzogni <arthursonzogni@chromium.org>
Reviewed-by: Maksim Moskvitin <mmoskvitin@google.com>
Commit-Queue: Maksim Moskvitin <mmoskvitin@google.com>
Commit-Queue: Arthur Sonzogni <arthursonzogni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1006417}
diff --git a/html/anonymous-iframe/embedding.tentative.https.window.js b/html/anonymous-iframe/embedding.tentative.https.window.js
new file mode 100644
index 0000000..1a02394
--- /dev/null
+++ b/html/anonymous-iframe/embedding.tentative.https.window.js
@@ -0,0 +1,117 @@
+// META: variant=?1-2
+// META: variant=?3-4
+// META: variant=?5-6
+// META: variant=?7-8
+// META: variant=?9-10
+// META: variant=?11-12
+// META: variant=?13-last
+// META: script=/common/get-host-info.sub.js
+// META: script=/common/utils.js
+// META: script=/common/subset-tests.js
+// META: script=/common/dispatcher/dispatcher.js
+// META: script=/html/cross-origin-embedder-policy/credentialless/resources/common.js
+// META: script=./resources/common.js
+// META: script=./resources/embedding-test.js
+
+const {REMOTE_ORIGIN} = get_host_info();
+
+// variant = 1
+subsetTest(embeddingTest,
+ "Parent embeds same-origin anonymous iframe", {
+ expectation: EXPECT_LOAD,
+});
+
+// variant = 2
+subsetTest(embeddingTest,
+ "Parent embeds cross-origin anonymous iframe", {
+ child_origin: REMOTE_ORIGIN,
+ expectation: EXPECT_LOAD,
+});
+
+// variant = 3
+subsetTest(embeddingTest,
+ "COEP:require-corp parent embeds same-origin anonymous iframe", {
+ parent_headers: coep_require_corp,
+ expectation: EXPECT_LOAD,
+});
+
+// variant = 4
+subsetTest(embeddingTest,
+ "COEP:require-corp parent embeds cross-origin anonymous iframe", {
+ parent_headers: coep_require_corp,
+ child_origin: REMOTE_ORIGIN,
+ expectation: EXPECT_LOAD,
+});
+
+// variant = 5
+subsetTest(embeddingTest,
+ "COEP:credentialless parent embeds same-origin anonymous iframe", {
+ parent_headers: coep_credentialless,
+ expectation: EXPECT_LOAD,
+});
+
+// variant = 6
+subsetTest(embeddingTest,
+ "COEP:credentialless parent embeds cross-origin anonymous iframe", {
+ parent_headers: coep_credentialless,
+ child_origin: REMOTE_ORIGIN,
+ expectation: EXPECT_LOAD,
+});
+
+// variant = 7
+// Regression test for https://crbug.com/1314369
+subsetTest(embeddingTest,
+ "COOP:same-origin + COEP:require-corp embeds same-origin anonymous iframe", {
+ parent_headers: coop_same_origin + coep_require_corp,
+ expectation: EXPECT_LOAD,
+});
+
+// variant = 8
+// Regression test for https://crbug.com/1314369
+subsetTest(embeddingTest,
+ "COOP:same-origin + COEP:require-corp embeds cross-origin anonymous iframe", {
+ parent_headers: coop_same_origin + coep_require_corp,
+ child_origin: REMOTE_ORIGIN,
+ expectation: EXPECT_LOAD,
+});
+
+// variant = 9
+// Regression test for https://crbug.com/1314369
+subsetTest(embeddingTest,
+ "COOP:same-origin + COEP:credentialless embeds same-origin anonymous iframe", {
+ parent_headers: coop_same_origin + coep_credentialless,
+ expectation: EXPECT_LOAD,
+});
+
+// variant = 10
+// Regression test for https://crbug.com/1314369
+subsetTest(embeddingTest,
+ "COOP:same-origin + COEP:credentialless embeds cross-origin anonymous iframe", {
+ parent_headers: coop_same_origin + coep_credentialless,
+ child_origin: REMOTE_ORIGIN,
+ expectation: EXPECT_LOAD,
+});
+
+// variant = 11
+subsetTest(embeddingTest,
+ "Parents embeds a CSP:frame-ancestore anonymous iframe", {
+ child_headers: "|headers(Content-Security-Policy,frame-ancestors 'none')",
+ expectation: EXPECT_BLOCK,
+});
+
+// variant = 12
+subsetTest(embeddingTest,
+ "Cross-Origin-Isolated parent embeds same-origin COEP anonymous iframe", {
+ parent_headers: coop_same_origin + coep_require_corp,
+ child_headers: coop_same_origin + coep_require_corp,
+ expectation: EXPECT_LOAD,
+});
+
+// variant = 13
+subsetTest(embeddingTest,
+ "Cross-Origin-Isolated parent embeds cross-origin COEP anonymous iframe", {
+ parent_headers: coop_same_origin + coep_require_corp,
+ child_headers: coop_same_origin + coep_require_corp,
+ child_origin: REMOTE_ORIGIN,
+ expectation: EXPECT_LOAD,
+});
diff --git a/html/anonymous-iframe/resources/embedding-test.js b/html/anonymous-iframe/resources/embedding-test.js
new file mode 100644
index 0000000..a21cee52
--- /dev/null
+++ b/html/anonymous-iframe/resources/embedding-test.js
@@ -0,0 +1,55 @@
+// One document embeds another in an iframe. Both are loaded from the network.
+// Check whether or not the child can load.
+
+const EXPECT_LOAD = "load";
+const EXPECT_BLOCK = "block";
+
+// Load an anonymous iframe. Control both the parent and the child headers.
+// Check whether it loaded or not.
+const embeddingTest = (description, {
+ parent_headers,
+ child_headers,
+ child_origin,
+ expectation,
+}) => {
+ // Default values:
+ child_origin ||= globalThis.origin;
+ parent_headers ||= "";
+ child_headers||= "";
+
+ const parent_origin = window.origin;
+
+ promise_test_parallel(async test => {
+ const parent_token = token();
+ const parent_url = parent_origin + executor_path + parent_headers +
+ `&uuid=${parent_token}`;
+
+ const child_token = token();
+ const child_url = child_origin + executor_path + child_headers +
+ `&uuid=${child_token}`;
+
+ // Create the parent:
+ window.open(parent_url);
+ add_completion_callback(() => send(parent_token, "close()"));
+
+ // The parent creates its child:
+ await send(parent_token, `
+ const iframe = document.createElement("iframe");
+ iframe.anonymous = true;
+ iframe.src = "${child_url}";
+ document.body.appendChild(iframe);
+ `);
+
+ // Ping the child to know whether it was allowed to load or not:
+ const reply_token = token();
+ await send(child_token, `
+ send("${reply_token}", "load");
+ `);
+
+ // There are no interoperable ways to check an iframe failed to load. So a
+ // timeout is being used. See https://github.com/whatwg/html/issues/125
+ step_timeout(() => send(reply_token, "block"), 4000)
+
+ assert_equals(await receive(reply_token), expectation);
+ }, description);
+};