Fenced frames: Fix reportEvent request initiator
The request initiator for beacons is now whoever chose the destination
URL:
* For destination enum beacons (including all automatic beacons), this
is the reporting worklet's origin.
* For destination URL beacons (with macro substitution), this is the
reportEvent caller's origin.
Bug: 1498474
Change-Id: I426ac8a05f8c197669df72fb6a82394029993029
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5037514
Reviewed-by: Dominic Farolino <dom@chromium.org>
Reviewed-by: Matt Menke <mmenke@chromium.org>
Commit-Queue: Garrett Tanzer <gtanzer@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1227504}
diff --git a/fenced-frame/automatic-beacon-anchor-click-handler.https.html b/fenced-frame/automatic-beacon-anchor-click-handler.https.html
index 4c2a648..d6e52f9 100644
--- a/fenced-frame/automatic-beacon-anchor-click-handler.https.html
+++ b/fenced-frame/automatic-beacon-anchor-click-handler.https.html
@@ -8,13 +8,15 @@
<script src="/resources/testdriver.js"></script>
<script src="/resources/testdriver-actions.js"></script>
<script src="/resources/testdriver-vendor.js"></script>
+<script src="/common/get-host-info.sub.js"></script>
<body>
<script>
promise_test(async(t) => {
const actions = new test_driver.Actions();
const fencedframe = await attachFencedFrameContext(
- {generator_api: 'fledge', automatic_beacon: true});
+ {generator_api: 'fledge', automatic_beacon: true,
+ origin: get_host_info().HTTPS_REMOTE_ORIGIN});
const new_url = new URL("resources/dummy.html", location.href);
const beacon_data = "This is the second test's beacon data!";
@@ -50,8 +52,8 @@
.pointerUp()
.send();
- const received_beacon_data = await nextAutomaticBeacon(beacon_data);
- assert_equals(received_beacon_data, beacon_data);
+ const beacon_initiator_origin = await nextAutomaticBeacon(beacon_data);
+ assert_equals(beacon_initiator_origin, get_host_info().HTTPS_ORIGIN);
// Leaving this fenced frame around for subsequent tests can lead to
// flakiness.
diff --git a/fenced-frame/automatic-beacon-click-handler.https.html b/fenced-frame/automatic-beacon-click-handler.https.html
index 47ecdbd..0dac25b 100644
--- a/fenced-frame/automatic-beacon-click-handler.https.html
+++ b/fenced-frame/automatic-beacon-click-handler.https.html
@@ -8,13 +8,15 @@
<script src="/resources/testdriver.js"></script>
<script src="/resources/testdriver-actions.js"></script>
<script src="/resources/testdriver-vendor.js"></script>
+<script src="/common/get-host-info.sub.js"></script>
<body>
<script>
promise_test(async(t) => {
const actions = new test_driver.Actions();
const fencedframe = await attachFencedFrameContext(
- {generator_api: 'fledge', automatic_beacon: true});
+ {generator_api: 'fledge', automatic_beacon: true,
+ origin: get_host_info().HTTPS_REMOTE_ORIGIN});
const new_url = new URL("resources/dummy.html", location.href);
const start_beacon_data = "This is the start beacon data!";
const commit_beacon_data = "This is the commit beacon data!";
@@ -43,10 +45,10 @@
.pointerUp()
.send();
- const received_beacon_data = await nextAutomaticBeacon(start_beacon_data);
- assert_equals(received_beacon_data, start_beacon_data);
- const received_beacon_data_2 = await nextAutomaticBeacon(commit_beacon_data);
- assert_equals(received_beacon_data_2, commit_beacon_data);
+ const beacon_1_initiator_origin = await nextAutomaticBeacon(start_beacon_data);
+ assert_equals(beacon_1_initiator_origin, get_host_info().HTTPS_ORIGIN);
+ const beacon_2_initiator_origin = await nextAutomaticBeacon(commit_beacon_data);
+ assert_equals(beacon_2_initiator_origin, get_host_info().HTTPS_ORIGIN);
// Leaving this fenced frame around for subsequent tests can lead to
// flakiness.
diff --git a/fenced-frame/automatic-beacon-no-destination.https.html b/fenced-frame/automatic-beacon-no-destination.https.html
index 76eee46..65281b1 100644
--- a/fenced-frame/automatic-beacon-no-destination.https.html
+++ b/fenced-frame/automatic-beacon-no-destination.https.html
@@ -8,6 +8,7 @@
<script src="/resources/testdriver.js"></script>
<script src="/resources/testdriver-actions.js"></script>
<script src="/resources/testdriver-vendor.js"></script>
+<script src="/common/get-host-info.sub.js"></script>
<body>
<script>
@@ -16,6 +17,7 @@
const fencedframe = await attachFencedFrameContext({
generator_api: "fledge",
automatic_beacon: true,
+ origin: get_host_info().HTTPS_REMOTE_ORIGIN
});
const new_url = new URL("resources/dummy.html", location.href);
const beacon_data = "This is the beacon data!";
@@ -45,8 +47,8 @@
// of the beacon because the "buyer" destination was not specified in
// setReportEventDataForAutomaticBeacons().
const expected_data = "<No data>";
- const received_beacon_data = await nextAutomaticBeacon(expected_data);
- assert_equals(received_beacon_data, expected_data);
+ const beacon_initiator_origin = await nextAutomaticBeacon(expected_data);
+ assert_equals(beacon_initiator_origin, get_host_info().HTTPS_ORIGIN);
}, "Set and trigger an automatic beacon with no destination specified");
</script>
diff --git a/fenced-frame/automatic-beacon-shared-storage.https.html b/fenced-frame/automatic-beacon-shared-storage.https.html
index eb0a4be..e93bde4 100644
--- a/fenced-frame/automatic-beacon-shared-storage.https.html
+++ b/fenced-frame/automatic-beacon-shared-storage.https.html
@@ -9,13 +9,15 @@
<script src="/resources/testdriver.js"></script>
<script src="/resources/testdriver-actions.js"></script>
<script src="/resources/testdriver-vendor.js"></script>
+<script src="/common/get-host-info.sub.js"></script>
<body>
<script>
promise_test(async(t) => {
const actions = new test_driver.Actions();
const fencedframe = await attachFencedFrameContext(
- {generator_api: 'sharedstorage'});
+ {generator_api: 'sharedstorage',
+ origin: get_host_info().HTTPS_REMOTE_ORIGIN});
const new_url = new URL("resources/dummy.html", location.href);
const start_beacon_data = "This is the start beacon data!";
const commit_beacon_data = "This is the commit beacon data!";
@@ -44,10 +46,10 @@
.pointerUp()
.send();
- const received_beacon_data_1 = await nextAutomaticBeacon(start_beacon_data);
- assert_equals(received_beacon_data_1, start_beacon_data);
- const received_beacon_data_2 = await nextAutomaticBeacon(commit_beacon_data);
- assert_equals(received_beacon_data_2, commit_beacon_data);
+ const beacon_1_initiator_origin = await nextAutomaticBeacon(start_beacon_data);
+ assert_equals(beacon_1_initiator_origin, get_host_info().HTTPS_ORIGIN);
+ const beacon_2_initiator_origin = await nextAutomaticBeacon(commit_beacon_data);
+ assert_equals(beacon_2_initiator_origin, get_host_info().HTTPS_ORIGIN);
}, 'Set and trigger an automatic beacon in a click handler for SharedStorage');
</script>
diff --git a/fenced-frame/automatic-beacon-two-events-clear.https.html b/fenced-frame/automatic-beacon-two-events-clear.https.html
index 482dee1..8ad2f4e 100644
--- a/fenced-frame/automatic-beacon-two-events-clear.https.html
+++ b/fenced-frame/automatic-beacon-two-events-clear.https.html
@@ -8,13 +8,15 @@
<script src="/resources/testdriver.js"></script>
<script src="/resources/testdriver-actions.js"></script>
<script src="/resources/testdriver-vendor.js"></script>
+<script src="/common/get-host-info.sub.js"></script>
<body>
<script>
promise_test(async(t) => {
const actions = new test_driver.Actions();
const fencedframe = await attachFencedFrameContext(
- {generator_api: 'fledge', automatic_beacon: true});
+ {generator_api: 'fledge', automatic_beacon: true,
+ origin: get_host_info().HTTPS_REMOTE_ORIGIN});
const new_url = new URL("resources/dummy.html", location.href);
const beacon_data = "This is the beacon data!";
@@ -37,8 +39,8 @@
.pointerDown()
.pointerUp()
.send();
- const received_beacon_data_1 = await nextAutomaticBeacon(beacon_data);
- assert_equals(received_beacon_data_1, beacon_data);
+ const beacon_initiator_origin = await nextAutomaticBeacon(beacon_data);
+ assert_equals(beacon_initiator_origin, get_host_info().HTTPS_ORIGIN);
// The second click should not have any associated automatic beacon info, so
// no beacon should be sent.
diff --git a/fenced-frame/automatic-beacon-two-events-persist.https.html b/fenced-frame/automatic-beacon-two-events-persist.https.html
index aadc1fe..769c8f3 100644
--- a/fenced-frame/automatic-beacon-two-events-persist.https.html
+++ b/fenced-frame/automatic-beacon-two-events-persist.https.html
@@ -8,13 +8,15 @@
<script src="/resources/testdriver.js"></script>
<script src="/resources/testdriver-actions.js"></script>
<script src="/resources/testdriver-vendor.js"></script>
+<script src="/common/get-host-info.sub.js"></script>
<body>
<script>
promise_test(async(t) => {
const actions = new test_driver.Actions();
const fencedframe = await attachFencedFrameContext(
- {generator_api: 'fledge', automatic_beacon: true});
+ {generator_api: 'fledge', automatic_beacon: true,
+ origin: get_host_info().HTTPS_REMOTE_ORIGIN});
const new_url = new URL("resources/dummy.html", location.href);
const beacon_data = "This is the beacon data!";
@@ -37,8 +39,8 @@
.pointerDown()
.pointerUp()
.send();
- const received_beacon_data_1 = await nextAutomaticBeacon(beacon_data);
- assert_equals(received_beacon_data_1, beacon_data);
+ const beacon_1_initiator_origin = await nextAutomaticBeacon(beacon_data);
+ assert_equals(beacon_1_initiator_origin, get_host_info().HTTPS_ORIGIN);
// The second click should still have associated automatic beacon data, and a
// beacon should be sent.
@@ -46,8 +48,8 @@
.pointerDown()
.pointerUp()
.send();
- const received_beacon_data_2 = await nextAutomaticBeacon(beacon_data);
- assert_equals(received_beacon_data_2, beacon_data);
+ const beacon_2_initiator_origin = await nextAutomaticBeacon(beacon_data);
+ assert_equals(beacon_2_initiator_origin, get_host_info().HTTPS_ORIGIN);
}, 'Set persisting automatic beacon but trigger two events in a click handler');
</script>
diff --git a/fenced-frame/automatic-beacon-unfenced-top.https.html b/fenced-frame/automatic-beacon-unfenced-top.https.html
index d628084..6b6c4af 100644
--- a/fenced-frame/automatic-beacon-unfenced-top.https.html
+++ b/fenced-frame/automatic-beacon-unfenced-top.https.html
@@ -8,6 +8,7 @@
<script src="/resources/testdriver.js"></script>
<script src="/resources/testdriver-actions.js"></script>
<script src="/resources/testdriver-vendor.js"></script>
+<script src="/common/get-host-info.sub.js"></script>
<body>
<script>
@@ -24,7 +25,8 @@
async function init() {
const actions = new test_driver.Actions();
const fencedframe = await attachFencedFrameContext(
- {generator_api: 'fledge', automatic_beacon: true});
+ {generator_api: 'fledge', automatic_beacon: true,
+ origin: get_host_info().HTTPS_REMOTE_ORIGIN});
const new_url = new URL("resources/automatic-beacon-unfenced-page.html",
location.href);
diff --git a/fenced-frame/resources/automatic-beacon-store.py b/fenced-frame/resources/automatic-beacon-store.py
index e652615..00007b8 100644
--- a/fenced-frame/resources/automatic-beacon-store.py
+++ b/fenced-frame/resources/automatic-beacon-store.py
@@ -31,7 +31,8 @@
# that this only stores the most recent beacon that was sent.
if request.method == "POST":
request_body = request.body or NO_DATA_STRING
- stash.put(string_to_uuid(request_body), request_body)
+ request_headers = request.headers.get("Origin") or NO_DATA_STRING
+ stash.put(string_to_uuid(request_body), request_headers)
return (200, [], b"")
# Requests without a body imply they were sent as the request from
diff --git a/fenced-frame/resources/automatic-beacon-unfenced-page.html b/fenced-frame/resources/automatic-beacon-unfenced-page.html
index c63df3b..4559d81 100644
--- a/fenced-frame/resources/automatic-beacon-unfenced-page.html
+++ b/fenced-frame/resources/automatic-beacon-unfenced-page.html
@@ -4,6 +4,7 @@
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
<script src="utils.js"></script>
+<script src="/common/get-host-info.sub.js"></script>
<body>
<script>
@@ -12,8 +13,8 @@
// '../automatic-beacon-unfenced-top.https.html'. An automatic beacon will
// have been sent as a result of the navigation.
const beacon_data = "This is the beacon data!";
- const received_beacon_data = await nextAutomaticBeacon(beacon_data);
- assert_equals(received_beacon_data, beacon_data);
+ const beacon_initiator_origin = await nextAutomaticBeacon(beacon_data);
+ assert_equals(beacon_initiator_origin, get_host_info().HTTPS_ORIGIN);
});
</script>
-</body>
\ No newline at end of file
+</body>