Source code
Revision control
Copy as Markdown
Other Tools
Test Info:
- This WPT test may be referenced by the following Test IDs:
- /html/cross-origin-opener-policy/coop-same-origin-allow-popups-document-write.html - WPT Dashboard Interop Dashboard
<!doctype html>
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
<script src="/common/get-host-info.sub.js"></script>
<script src="/common/utils.js"></script>
<script src="/common/dispatcher/dispatcher.js"></script>
<script>
/*
From a window using Cross-Origin-Opener-Policy:same-origin-allow-popup, open
a new blank window and navigate it cross-origin using document.write and a
meta refresh. The openee/opener relationship must hold.
*/
const executor_path = '/common/dispatcher/executor.html?pipe=';
const coep_soap =
"|header(Cross-Origin-Opener-Policy,same-origin-allow-popups)";
const same_origin = get_host_info().HTTPS_ORIGIN;
const cross_origin = get_host_info().HTTPS_REMOTE_ORIGIN;
promise_test(async t => {
// This window:
const this_window_token = token();
// The opener, using COEP:same-origin-allow-popups:
const opener_token = token();
const opener_url = same_origin + executor_path + coep_soap +
`&uuid=${opener_token}`;
const opener = window.open(opener_url);
// Open a blank window, then use document.write and a meta refresh to navigate
// cross-origin.
const openee_token = token();
const openee_url = cross_origin + executor_path + `&uuid=${openee_token}`;
send(opener_token, `
openee = window.open();
openee.document.write(\`
<meta http-equiv="refresh" content="0; url=${openee_url}">
\`);
openee.document.close();
`);
// Check the openee is loaded without access to the opener.
send(openee_token, `
send("${this_window_token}", opener == null)
`);
assert_equals(await receive(this_window_token), "true", "opener == null");
// To get the state of the openee reflected into the opener's process, waiting
// for the openee' document to load and the various fetch() with the
// dispatcher should be largely enough. However these aren't causal guarantee.
// So wait a bit to be sure:
await new Promise(r => t.step_timeout(r, 1000));
// Check the opener see the openee as 'closed' after the navigation.
send(opener_token, `
send("${this_window_token}", openee.closed)
`);
assert_equals(await receive(this_window_token), "true", "openee.closed");
});
</script>