Reland "COOP: restrict-properties reporting 1/*: new basic tests."
This reverts commit e89d67b6a314e2334ebc22ab6e8997fb357c306e.
Reason for revert: This was part of a relation chain and broke more builbots like https://ci.chromium.org/ui/p/chromium/builders/ci/Linux%20Tests/130242/overview
Original change's description:
> Revert "COOP: restrict-properties reporting 1/*: new basic tests."
>
> This reverts commit 709620830594d38628e176906d2e98ae2093387f.
>
> Reason for revert: This breaks Mac11 Tests like https://ci.chromium.org/ui/p/chromium/builders/ci/Mac11%20Tests/18091/test-results?sortby=&groupby=
>
> Original change's description:
> > COOP: restrict-properties reporting 1/*: new basic tests.
> >
> > This patch adds a minimal set of WPTs for COOP: restrict-properties
> > reporting:
> > - Navigation reports
> > - From COOP: RP report.
> > - From COOP: RP report-only.
> > - To COOP: RP report.
> > - To COOP: RP report-only.
> > - Access reports
> > - Openee has COOP: RP report-only.
> > - Opener has COOP: RP report-only.
> > - Access to postMessage() is not reported.
> > - Access to closed is not reported.
> >
> > Bug: 1424417
> > Change-Id: Ib1f499d91047ea0aa8d5577aba9d447a077b83c4
> > Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4514429
> > Commit-Queue: Arthur Hemery <ahemery@chromium.org>
> > Reviewed-by: Arthur Sonzogni <arthursonzogni@chromium.org>
> > Cr-Commit-Position: refs/heads/main@{#1143153}
>
> Bug: 1424417, 1445040
> Change-Id: Id826629721aec076e999871462fab9178bb8533e
> No-Presubmit: true
> No-Tree-Checks: true
> No-Try: true
> Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4526142
> Owners-Override: Bastian Kersting <bkersting@google.com>
> Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
> Commit-Queue: Bastian Kersting <bkersting@google.com>
> Cr-Commit-Position: refs/heads/main@{#1143194}
Bug: 1424417, 1445040
Change-Id: Ic362f59b52f385051b4a216f82cea555e0d16d52
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4526498
Owners-Override: Bastian Kersting <bkersting@google.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Auto-Submit: Bastian Kersting <bkersting@google.com>
Cr-Commit-Position: refs/heads/main@{#1143255}
diff --git a/html/cross-origin-opener-policy/reporting/resources/reporting-common.js b/html/cross-origin-opener-policy/reporting/resources/reporting-common.js
index 19f6410..70bb489 100644
--- a/html/cross-origin-opener-policy/reporting/resources/reporting-common.js
+++ b/html/cross-origin-opener-policy/reporting/resources/reporting-common.js
@@ -353,14 +353,31 @@
}
}
-// Build a set of 'Cross-Origin-Opener-Policy' and
-// 'Cross-Origin-Opener-Policy-Report-Only' headers.
const coopHeaders = function (uuid) {
+ // Use a custom function instead of convertToWPTHeaderPipe(), to avoid
+ // encoding double quotes as %22, which messes with the reporting endpoint
+ // registration.
+ let getHeader = (uuid, coop_value, is_report_only) => {
+ const header_name =
+ is_report_only ?
+ "Cross-Origin-Opener-Policy-Report-Only":
+ "Cross-Origin-Opener-Policy";
+ return `|header(${header_name},${coop_value}%3Breport-to="${uuid}")`;
+ }
+
return {
- coopSameOriginHeader: `|header(Cross-Origin-Opener-Policy,same-origin%3Breport-to="${uuid}")`,
- coopSameOriginAllowPopupsHeader: `|header(Cross-Origin-Opener-Policy,same-origin-allow-popups%3Breport-to="${uuid}")`,
- coopReportOnlySameOriginHeader: `|header(Cross-Origin-Opener-Policy-Report-Only,same-origin%3Breport-to="${uuid}")`,
- coopReportOnlySameOriginAllowPopupsHeader: `|header(Cross-Origin-Opener-Policy-Report-Only,same-origin-allow-popups%3Breport-to="${uuid}")`
+ coopSameOriginHeader:
+ getHeader(uuid, "same-origin", is_report_only = false),
+ coopSameOriginAllowPopupsHeader:
+ getHeader(uuid, "same-origin-allow-popups", is_report_only = false),
+ coopRestrictPropertiesHeader:
+ getHeader(uuid, "restrict-properties", is_report_only = false),
+ coopReportOnlySameOriginHeader:
+ getHeader(uuid, "same-origin", is_report_only = true),
+ coopReportOnlySameOriginAllowPopupsHeader:
+ getHeader(uuid, "same-origin-allow-popups", is_report_only = true),
+ coopReportOnlyRestrictPropertiesHeader:
+ getHeader(uuid, "restrict-properties", is_report_only = true),
};
}
diff --git a/html/cross-origin-opener-policy/reporting/resources/test-access-property.js b/html/cross-origin-opener-policy/reporting/resources/test-access-property.js
index fe01e91..a405202 100644
--- a/html/cross-origin-opener-policy/reporting/resources/test-access-property.js
+++ b/html/cross-origin-opener-policy/reporting/resources/test-access-property.js
@@ -7,7 +7,12 @@
];
let escapeComma = url => url.replace(/,/g, '\\,');
-let testAccessProperty = (property, op, expectReport = true) => {
+let testAccessProperty = (
+ property,
+ op,
+ expectReport = true,
+ use_restrict_properties = false,
+) => {
origin.forEach(([origin_name, origin]) => {
promise_test(async t => {
const this_window_token = token();
@@ -21,9 +26,12 @@
const openee_token = token();
const openee_report_token = token();
const openee_report_to = reportToHeaders(openee_report_token);
+ const coop_ro_header =
+ use_restrict_properties
+ ? openee_report_to.coopReportOnlyRestrictPropertiesHeader
+ : openee_report_to.coopReportOnlySameOriginHeader;
const openee_url = origin + executor_path + openee_report_to.header +
- openee_report_to.coopReportOnlySameOriginHeader + coep_header +
- `&uuid=${openee_token}`;
+ coop_ro_header + coep_header + `&uuid=${openee_token}`;
t.add_cleanup(() => {
send(opener_token, "window.close()")
diff --git a/html/cross-origin-opener-policy/tentative/restrict-properties/access-reporting-closed.https.html b/html/cross-origin-opener-policy/tentative/restrict-properties/access-reporting-closed.https.html
new file mode 100644
index 0000000..1c315b3
--- /dev/null
+++ b/html/cross-origin-opener-policy/tentative/restrict-properties/access-reporting-closed.https.html
@@ -0,0 +1,19 @@
+<!doctype html>
+<title> Check openee.closed access is allowed for COOP: restrict-properties</title>
+<script src=/resources/testharness.js></script>
+<script src=/resources/testharnessreport.js></script>
+<script src=/common/get-host-info.sub.js></script>
+<script src="/common/utils.js"></script>
+<script src="/common/dispatcher/dispatcher.js"></script>
+<script src="/html/cross-origin-opener-policy/reporting/resources/reporting-common.js"></script>
+<script src="/html/cross-origin-opener-policy/reporting/resources/test-access-property.js"></script>
+<script>
+
+testAccessProperty(
+ "closed",
+ w => w.closed,
+ expectReport = false,
+ use_restrict_properties = true
+);
+
+</script>
diff --git a/html/cross-origin-opener-policy/tentative/restrict-properties/access-reporting-openee-rp-ro.https.html b/html/cross-origin-opener-policy/tentative/restrict-properties/access-reporting-openee-rp-ro.https.html
new file mode 100644
index 0000000..7a96f4f
--- /dev/null
+++ b/html/cross-origin-opener-policy/tentative/restrict-properties/access-reporting-openee-rp-ro.https.html
@@ -0,0 +1,62 @@
+<!doctype html>
+<title>
+ COOP reports are sent to the openee when the openee used COOP-RO:
+ restrict-properties and its same-origin opener tries to access it.
+</title>
+<meta name=timeout content=long>
+<script src=/resources/testharness.js></script>
+<script src=/resources/testharnessreport.js></script>
+<script src=/common/get-host-info.sub.js></script>
+<script src="/common/utils.js"></script>
+<script src="/common/dispatcher/dispatcher.js"></script>
+<script src="/html/cross-origin-opener-policy/reporting/resources/reporting-common.js"></script>
+<script src="/html/cross-origin-opener-policy/reporting/resources/try-access.js"></script>
+<script>
+
+const directory = "/html/cross-origin-opener-policy";
+const same_origin = get_host_info().HTTPS_ORIGIN;
+
+promise_test(async t => {
+ const report_token = token();
+ const openee_token = token();
+ const opener_token = token(); // The current test window.
+
+ const opener_url = location.href;
+
+ const reportTo = reportToHeaders(report_token);
+ const openee_url = same_origin + executor_path + reportTo.header +
+ reportTo.coopReportOnlyRestrictPropertiesHeader +
+ `&uuid=${openee_token}`;
+
+ const openee = window.open(openee_url);
+ t.add_cleanup(() => send(openee_token, "window.close()"))
+
+ // 1. Make sure the new document to be loaded.
+ send(openee_token, `
+ send("${opener_token}", "Ready");
+ `);
+ let reply = await receive(opener_token);
+ assert_equals(reply, "Ready");
+
+ // 2. Try to access the openee. A report is sent, because of COOP-RO:
+ // restrict-properties.
+ tryAccess(openee);
+
+ // 3. Check a report is sent to the openee.
+ let report =
+ await receiveReport(report_token, "access-to-coop-page-from-opener");
+ assert_equals(report.type, "coop");
+ assert_equals(report.url, openee_url.replace(/"/g, '%22'));
+ assert_equals(report.body.disposition, "reporting");
+ assert_equals(report.body.effectivePolicy, "restrict-properties");
+ assert_equals(report.body.property, "blur");
+ assert_source_location_missing(report);
+ assert_equals(report.body.openerURL, opener_url);
+ assert_equals(report.body.openeeURL, undefined);
+ assert_equals(report.body.otherDocumentURL, undefined);
+ assert_equals(report.body.referrer, opener_url);
+ assert_equals(report.body.initialPopupURL, undefined);
+}, "access-reporting-openee-rp-ro");
+
+</script>
+
diff --git a/html/cross-origin-opener-policy/tentative/restrict-properties/access-reporting-opener-rp-ro.https.html b/html/cross-origin-opener-policy/tentative/restrict-properties/access-reporting-opener-rp-ro.https.html
new file mode 100644
index 0000000..9e1e85b
--- /dev/null
+++ b/html/cross-origin-opener-policy/tentative/restrict-properties/access-reporting-opener-rp-ro.https.html
@@ -0,0 +1,71 @@
+<!doctype html>
+<title>
+ COOP reports are sent to the opener when the opener used COOP-RO:
+ restrict-properties and its same-origin openee tries to access it.
+</title>
+<meta name=timeout content=long>
+<script src=/resources/testharness.js></script>
+<script src=/resources/testharnessreport.js></script>
+<script src=/common/get-host-info.sub.js></script>
+<script src="/common/utils.js"></script>
+<script src="/common/dispatcher/dispatcher.js"></script>
+<script src="/html/cross-origin-opener-policy/resources/common.js"></script>
+<script src="/html/cross-origin-opener-policy/reporting/resources/reporting-common.js"></script>
+<script src="/html/cross-origin-opener-policy/reporting/resources/try-access.js"></script>
+<script>
+
+const directory = "/html/cross-origin-opener-policy";
+const same_origin = get_host_info().HTTPS_ORIGIN;
+
+promise_test(async t => {
+ // The test window.
+ const this_window_token = token();
+
+ // The "opener" window. This has COOP and a reporter.
+ const opener_report_token= token();
+ const opener_token = token();
+ const opener_reportTo = reportToHeaders(opener_report_token);
+ const opener_url = same_origin + executor_path + opener_reportTo.header +
+ opener_reportTo.coopReportOnlyRestrictPropertiesHeader +
+ `&uuid=${opener_token}`;
+
+ // The "openee" window. This is same origin with the "opener".
+ const openee_report_token= token();
+ const openee_token = token();
+ const openee_url = same_origin + executor_path + `&uuid=${openee_token}`;
+
+ // 1. Create the opener window.
+ let opener_window_proxy = window.open(opener_url);
+ t.add_cleanup(() => send(opener_token, "window.close()"));
+
+ // 2. The opener opens its openee.
+ send(opener_token, `
+ openee = window.open("${openee_url}");
+ send("${this_window_token}", "ACK 1");
+ `);
+ assert_equals("ACK 1", await receive(this_window_token));
+ t.add_cleanup(() => send(openee_token, "window.close()"));
+
+ // 3. The openee tries to access its opener.
+ send(openee_token, addScriptAndTriggerOnload(
+ directory + "/reporting/resources/try-access.js",
+ "tryAccess(opener);")
+ );
+
+ // 4. Check a report sent to the opener.
+ let report =
+ await receiveReport(opener_report_token, "access-to-coop-page-from-openee");
+ assert_equals(report.type, "coop");
+ assert_equals(report.url, opener_url.replace(/"/g, '%22'));
+ assert_equals(report.body.disposition, "reporting");
+ assert_equals(report.body.effectivePolicy, "restrict-properties");
+ assert_equals(report.body.property, "blur");
+ assert_source_location_missing(report);
+ assert_equals(report.body.openerURL, undefined);
+ assert_equals(report.body.openeeURL, openee_url);
+ assert_equals(report.body.otherDocumentURL, undefined);
+ assert_equals(report.body.referrer, undefined);
+ assert_equals(report.body.initialPopupURL, openee_url);
+}, "access-reporting-opener-rp-ro");
+
+</script>
diff --git a/html/cross-origin-opener-policy/tentative/restrict-properties/access-reporting-post-message.https.html b/html/cross-origin-opener-policy/tentative/restrict-properties/access-reporting-post-message.https.html
new file mode 100644
index 0000000..4c8e96f
--- /dev/null
+++ b/html/cross-origin-opener-policy/tentative/restrict-properties/access-reporting-post-message.https.html
@@ -0,0 +1,26 @@
+<!doctype html>
+<title> Check openee.postMessage() access is allowed for COOP: restrict-properties</title>
+<script src=/resources/testharness.js></script>
+<script src=/resources/testharnessreport.js></script>
+<script src=/common/get-host-info.sub.js></script>
+<script src="/common/utils.js"></script>
+<script src="/common/dispatcher/dispatcher.js"></script>
+<script src="/html/cross-origin-opener-policy/reporting/resources/reporting-common.js"></script>
+<script src="/html/cross-origin-opener-policy/reporting/resources/test-access-property.js"></script>
+<script>
+
+testAccessProperty(
+ "postMessage single arg",
+ w => w.postMessage(""),
+ expectReport = false,
+ use_restrict_properties = true
+);
+
+testAccessProperty(
+ "postMessage double arg",
+ w => w.postMessage("", ""),
+ expectReport = false,
+ use_restrict_properties = true
+);
+
+</script>
diff --git a/html/cross-origin-opener-policy/tentative/restrict-properties/reporting-from-rp-ro.https.html b/html/cross-origin-opener-policy/tentative/restrict-properties/reporting-from-rp-ro.https.html
new file mode 100644
index 0000000..60322bf
--- /dev/null
+++ b/html/cross-origin-opener-policy/tentative/restrict-properties/reporting-from-rp-ro.https.html
@@ -0,0 +1,83 @@
+<!doctype html>
+<meta name=timeout content=long>
+<title>Opening a restrict-properties</title>
+<script src=/resources/testharness.js></script>
+<script src=/resources/testharnessreport.js></script>
+<script src="/common/get-host-info.sub.js"></script>
+<script src="/common/utils.js"></script>
+<script src="/common/dispatcher/dispatcher.js"></script>
+<script src="/html/cross-origin-opener-policy/resources/common.js"></script>
+<script
+ src="/html/cross-origin-opener-policy/reporting/resources/reporting-common.js?pipe=sub&report_id=4f545c5dbcce012cd30af173b08dcdfb&report_only_id=c265b07fbb3bffa2cd2a5179d686ced2"></script>
+
+<script>
+
+let tests = [
+ // popup origin, popup COOP, popup COEP, popup COOP report-only, popup COEP report-only, expected reports
+
+ // Open a same-origin popup with COOP unsafe-none, which mismatches with the
+ // current document (opener) COOP report-only (restrict-properties) values.
+ [
+ SAME_ORIGIN,
+ "unsafe-none",
+ "",
+ "",
+ "",
+ [
+ {
+ "endpoint": reportOnlyEndpoint,
+ "report": {
+ "body": {
+ "disposition": "reporting",
+ "effectivePolicy": "restrict-properties",
+ "nextResponseURL": /uuid=EXECUTOR_UUID$/, // next document URL
+ "type": "navigation-from-response"
+ },
+ "url": `${location.href}`,
+ "type": "coop"
+ }
+ }
+ ]
+ ],
+
+ // Open a cross-origin popup with COOP unsafe-none, which mismatches with the
+ // current document (opener) COOP report-only (restrict-properties) values.
+ [
+ CROSS_ORIGIN,
+ "unsafe-none",
+ "",
+ "",
+ "",
+ [
+ {
+ "endpoint": reportOnlyEndpoint,
+ "report": {
+ "body": {
+ "disposition": "reporting",
+ "effectivePolicy": "restrict-properties",
+ "nextResponseURL": /uuid=EXECUTOR_UUID$/, // next document URL
+ "type": "navigation-from-response"
+ },
+ "url": `${location.href}`,
+ "type": "coop"
+ }
+ }
+ ]
+ ],
+
+ // Open a same-origin popup with COOP restrict-properties, which matches with
+ // the current document (opener) COOP report-only (restrict-properties) value.
+ [
+ SAME_ORIGIN,
+ "restrict-properties",
+ "",
+ "",
+ "",
+ []
+ ],
+];
+
+runNavigationReportingTests(document.title, tests);
+
+</script>
+
diff --git a/html/cross-origin-opener-policy/tentative/restrict-properties/reporting-from-rp-ro.https.html.sub.headers b/html/cross-origin-opener-policy/tentative/restrict-properties/reporting-from-rp-ro.https.html.sub.headers
new file mode 100644
index 0000000..424ad3e
--- /dev/null
+++ b/html/cross-origin-opener-policy/tentative/restrict-properties/reporting-from-rp-ro.https.html.sub.headers
@@ -0,0 +1,2 @@
+Cross-Origin-Opener-Policy-Report-Only: restrict-properties; report-to="coop-report-only-endpoint"
+Reporting-Endpoints: coop-report-endpoint="https://{{host}}:{{ports[https][0]}}/reporting/resources/report.py?reportID=4f545c5dbcce012cd30af173b08dcdfb", coop-report-only-endpoint="https://{{host}}:{{ports[https][0]}}/reporting/resources/report.py?reportID=c265b07fbb3bffa2cd2a5179d686ced2"
diff --git a/html/cross-origin-opener-policy/tentative/restrict-properties/reporting-from-rp.https.html b/html/cross-origin-opener-policy/tentative/restrict-properties/reporting-from-rp.https.html
new file mode 100644
index 0000000..5deb115
--- /dev/null
+++ b/html/cross-origin-opener-policy/tentative/restrict-properties/reporting-from-rp.https.html
@@ -0,0 +1,83 @@
+<!doctype html>
+<meta name=timeout content=long>
+<title>Opening a restrict-properties</title>
+<script src=/resources/testharness.js></script>
+<script src=/resources/testharnessreport.js></script>
+<script src="/common/get-host-info.sub.js"></script>
+<script src="/common/utils.js"></script>
+<script src="/common/dispatcher/dispatcher.js"></script>
+<script src="/html/cross-origin-opener-policy/resources/common.js"></script>
+<script
+ src="/html/cross-origin-opener-policy/reporting/resources/reporting-common.js?pipe=sub&report_id=c265b07fbb3bffa2cd2a5179d686ced2&report_only_id=b4ea2bc3c537541b4fd408dc8f2b5c39"></script>
+
+<script>
+
+let tests = [
+ // popup origin, popup COOP, popup COEP, popup COOP report-only, popup COEP report-only, expected reports
+
+ // Open a same-origin popup with COOP unsafe-none, which mismatches
+ // with the current document (opener) COOP (restrict-properties) values.
+ [
+ SAME_ORIGIN,
+ "unsafe-none",
+ "",
+ "",
+ "",
+ [
+ {
+ "endpoint": reportEndpoint,
+ "report": {
+ "body": {
+ "disposition": "enforce",
+ "effectivePolicy": "restrict-properties",
+ "nextResponseURL": /uuid=EXECUTOR_UUID$/, // next document URL
+ "type": "navigation-from-response"
+ },
+ "url": `${location.href}`,
+ "type": "coop"
+ }
+ }
+ ]
+ ],
+
+ // Open a cross-origin popup with COOP unsafe-none, which mismatches
+ // with the current document (opener) COOP (restrict-properties) values.
+ [
+ CROSS_ORIGIN,
+ "unsafe-none",
+ "",
+ "",
+ "",
+ [
+ {
+ "endpoint": reportEndpoint,
+ "report": {
+ "body": {
+ "disposition": "enforce",
+ "effectivePolicy": "restrict-properties",
+ "nextResponseURL": /uuid=EXECUTOR_UUID$/, // next document URL
+ "type": "navigation-from-response"
+ },
+ "url": `${location.href}`,
+ "type": "coop"
+ }
+ }
+ ]
+ ],
+
+ // Open a same-origin popup with COOP restrict-properties, which matches with
+ // the current document (opener) COOP (restrict-properties) value.
+ [
+ SAME_ORIGIN,
+ "restrict-properties",
+ "",
+ "",
+ "",
+ []
+ ],
+];
+
+runNavigationReportingTests(document.title, tests);
+
+</script>
+
diff --git a/html/cross-origin-opener-policy/tentative/restrict-properties/reporting-from-rp.https.html.sub.headers b/html/cross-origin-opener-policy/tentative/restrict-properties/reporting-from-rp.https.html.sub.headers
new file mode 100644
index 0000000..6339ea3
--- /dev/null
+++ b/html/cross-origin-opener-policy/tentative/restrict-properties/reporting-from-rp.https.html.sub.headers
@@ -0,0 +1,2 @@
+Cross-Origin-Opener-Policy: restrict-properties; report-to="coop-report-endpoint"
+Reporting-Endpoints: coop-report-endpoint="https://{{host}}:{{ports[https][0]}}/reporting/resources/report.py?reportID=d9fe7e0e1a72f4ff2c4ea6d9dd44b5f1", coop-report-only-endpoint="https://{{host}}:{{ports[https][0]}}/reporting/resources/report.py?reportID=b4ea2bc3c537541b4fd408dc8f2b5c39"
diff --git a/html/cross-origin-opener-policy/tentative/restrict-properties/reporting-to-rp-ro.https.html b/html/cross-origin-opener-policy/tentative/restrict-properties/reporting-to-rp-ro.https.html
new file mode 100644
index 0000000..cf1385e
--- /dev/null
+++ b/html/cross-origin-opener-policy/tentative/restrict-properties/reporting-to-rp-ro.https.html
@@ -0,0 +1,73 @@
+<!doctype html>
+<meta name=timeout content=long>
+<title>reporting same origin with report-to</title>
+<script src=/resources/testharness.js></script>
+<script src=/resources/testharnessreport.js></script>
+<script src="/common/get-host-info.sub.js"></script>
+<script src="/common/utils.js"></script>
+<script src="/common/dispatcher/dispatcher.js"></script>
+<script src="/html/cross-origin-opener-policy/resources/common.js"></script>
+<script src="/html/cross-origin-opener-policy/reporting/resources/reporting-common.js"></script>
+
+<script>
+
+let tests = [
+ // popup origin, popup COOP, popup COEP, popup COOP report-only, popup COEP report-only, expected reports
+
+ // Open a same-origin popup with COOP report-only restrict-properties, which
+ // mismatches with the current document (opener) COOP (unsafe-none).
+ [
+ SAME_ORIGIN,
+ "",
+ "",
+ `restrict-properties; report-to="${popupReportOnlyEndpoint.name}"`,
+ "",
+ [
+ {
+ "endpoint": popupReportOnlyEndpoint,
+ "report": {
+ "body": {
+ "disposition": "reporting",
+ "effectivePolicy": "restrict-properties",
+ "previousResponseURL": `${location.href}`,
+ "referrer": `${location.origin}/`,
+ "type": "navigation-to-response"
+ },
+ "url": /uuid=EXECUTOR_UUID$/,
+ "type": "coop"
+ }
+ }
+ ]
+ ],
+
+ // Open a cross-origin popup with COOP report-only restrict-properties, which
+ // mismatches with the current document (opener) COOP (unsafe-none).
+ [
+ CROSS_ORIGIN,
+ "",
+ "",
+ `restrict-properties; report-to="${popupReportOnlyEndpoint.name}"`,
+ "",
+ [
+ {
+ "endpoint": popupReportOnlyEndpoint,
+ "report": {
+ "body": {
+ "disposition": "reporting",
+ "effectivePolicy": "restrict-properties",
+ "previousResponseURL": `${location.href}`,
+ "referrer": `${location.origin}/`,
+ "type": "navigation-to-response"
+ },
+ "url": /uuid=EXECUTOR_UUID$/,
+ "type": "coop"
+ }
+ }
+ ]
+ ],
+];
+
+runNavigationReportingTests(document.title, tests);
+
+</script>
+
diff --git a/html/cross-origin-opener-policy/tentative/restrict-properties/reporting-to-rp-ro.https.html.headers b/html/cross-origin-opener-policy/tentative/restrict-properties/reporting-to-rp-ro.https.html.headers
new file mode 100644
index 0000000..1690332
--- /dev/null
+++ b/html/cross-origin-opener-policy/tentative/restrict-properties/reporting-to-rp-ro.https.html.headers
@@ -0,0 +1,2 @@
+Cross-Origin-Opener-Policy: unsafe-none
+Referrer-Policy: origin
diff --git a/html/cross-origin-opener-policy/tentative/restrict-properties/reporting-to-rp.https.html b/html/cross-origin-opener-policy/tentative/restrict-properties/reporting-to-rp.https.html
new file mode 100644
index 0000000..9ff374c
--- /dev/null
+++ b/html/cross-origin-opener-policy/tentative/restrict-properties/reporting-to-rp.https.html
@@ -0,0 +1,73 @@
+<!doctype html>
+<meta name=timeout content=long>
+<title>reporting same origin with report-to</title>
+<script src=/resources/testharness.js></script>
+<script src=/resources/testharnessreport.js></script>
+<script src="/common/get-host-info.sub.js"></script>
+<script src="/common/utils.js"></script>
+<script src="/common/dispatcher/dispatcher.js"></script>
+<script src="/html/cross-origin-opener-policy/resources/common.js"></script>
+<script src="/html/cross-origin-opener-policy/reporting/resources/reporting-common.js"></script>
+
+<script>
+
+let tests = [
+ // popup origin, popup COOP, popup COEP, popup COOP report-only, popup COEP report-only, expected reports
+
+ // Open a same-origin popup with COOP report-only restrict-properties, which
+ // mismatches with the current document (opener) COOP (unsafe-none).
+ [
+ SAME_ORIGIN,
+ `restrict-properties; report-to="${popupReportEndpoint.name}"`,
+ "",
+ "",
+ "",
+ [
+ {
+ "endpoint": popupReportEndpoint,
+ "report": {
+ "body": {
+ "disposition": "enforce",
+ "effectivePolicy": "restrict-properties",
+ "previousResponseURL": `${location.href}`,
+ "referrer": `${location.origin}/`,
+ "type": "navigation-to-response"
+ },
+ "url": /uuid=EXECUTOR_UUID$/,
+ "type": "coop"
+ }
+ }
+ ]
+ ],
+
+ // Open a cross-origin popup with COOP report-only restrict-properties, which
+ // mismatches with the current document (opener) COOP (unsafe-none).
+ [
+ CROSS_ORIGIN,
+ `restrict-properties; report-to="${popupReportEndpoint.name}"`,
+ "",
+ "",
+ "",
+ [
+ {
+ "endpoint": popupReportEndpoint,
+ "report": {
+ "body": {
+ "disposition": "enforce",
+ "effectivePolicy": "restrict-properties",
+ "previousResponseURL": `${location.href}`,
+ "referrer": `${location.origin}/`,
+ "type": "navigation-to-response"
+ },
+ "url": /uuid=EXECUTOR_UUID$/,
+ "type": "coop"
+ }
+ }
+ ]
+ ],
+];
+
+runNavigationReportingTests(document.title, tests);
+
+</script>
+
diff --git a/html/cross-origin-opener-policy/tentative/restrict-properties/reporting-to-rp.https.html.headers b/html/cross-origin-opener-policy/tentative/restrict-properties/reporting-to-rp.https.html.headers
new file mode 100644
index 0000000..1690332
--- /dev/null
+++ b/html/cross-origin-opener-policy/tentative/restrict-properties/reporting-to-rp.https.html.headers
@@ -0,0 +1,2 @@
+Cross-Origin-Opener-Policy: unsafe-none
+Referrer-Policy: origin
