Source code

Revision control

Other Tools

Test Info:

This tests the inheritance of COOP for navigations of the top document to about:blank.
<meta name=timeout content=long>
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
<script src="/common/get-host-info.sub.js"></script>
<script src="/common/utils.js"></script>
<script src="/common/dispatcher/dispatcher.js"></script>
<script src="/html/cross-origin-opener-policy/resources/common.js"></script>
<p>Non-initial empty documents (about:blank) should inherit their
cross-origin-opener-policy from the navigation's initiator top level document,
if the initiator and its top level document are same-origin, or default (to
unsafe-none) otherwise.
<li>Create the opener popup with a given COOP <code>openerCOOP</code>.</li>
<li>Add iframe to the opener popup that is either same-origin or
<li>Opener opens a new window, to a network document with the same origin and
COOP value as opener.</li>
<li>Opener's iframe navigates its parent frame (opener) to about:blank.</li>
<li>Verify the openee still has access to its opener.</li>
const executor_path = "/common/dispatcher/executor.html?pipe=";
const same_origin = get_host_info().HTTPS_ORIGIN;
const cross_origin = get_host_info().HTTPS_REMOTE_ORIGIN;
const coop_same_origin_header =
const coop_same_origin_allow_popups_header =
const coop_unsafe_none_header =
function navigateToAboutBlankTest(
return promise_test(async t => {
const this_window_token = token();
const opener_token = token();
const openee_token = token();
const iframe_token = token();
const opener_url = same_origin + executor_path + COOP_header +
const openee_url = same_origin + executor_path + COOP_header +
const iframe_url = iframe_origin + executor_path + `&uuid=${iframe_token}`;
t.add_cleanup(() => {
send(opener_token, "window.close()");
send(openee_token, "window.close()");
// 1. Create the opener window.
let opener_window_proxy =, opener_token);
// 2. Create the iframe.
send(opener_token, `
iframe = document.createElement('iframe');
iframe.src = "${iframe_url}";
// 3. The opener opens openee window.
send(opener_token, `
window.openee =
'${openee_url.replace(/,/g, '\\,')}'
// 4. Ensure the popup is fully loaded.
send(openee_token, `send("${this_window_token}", "Ack");`);
assert_equals(await receive(this_window_token), "Ack");
// 5. The iframe navigates its top-level document to about:blank. It needs
// to receive a user action as it may be cross-origin and it navigates top
// to a cross-origin document.
send(iframe_token, addScriptAndTriggerOnload(
test_driver.bless('navigate top to about:blank', () => {
open("about:blank", "_top");
// 6. Ensure opener is fully loaded and then retrieve the results.
send(openee_token, `
(async function() {
const timeout = 2000;
const retry_delay = 100;
for(let i = 0; i * retry_delay < timeout; ++i) {
// A try-catch block is used, because of same-origin policy,
// which may prevent the access to the opener if its origin changed,
// after a navigation to about:blank from the cross origin iframe.
try {
if (
window.opener === null ||
window.opener.closed ||
window.opener.document.location.href == "about:blank") {
send("${this_window_token}", "about:blank loaded");
} catch(e) {
// The exception is thrown when about:blank is loaded and is
// cross-origin with openee.
send("${this_window_token}", "about:blank loaded");
await new Promise(resolve => setTimeout(resolve, retry_delay));
send("${this_window_token}", "about:blank NOT loaded");
assert_equals(await receive(this_window_token), "about:blank loaded");
// 7. Retrieve and check the results.
send(openee_token, `
window.opener === null || window.opener.closed);
assert_equals(await receive(this_window_token), `${expect_opener_closed}`);
}, `Navigate top to about:blank from iframe with \
opener COOP: ${COOP_header}, iframe origin: ${iframe_origin}`);
// iframe same-origin with its top-level embedder:
// initial empty document and about:blank navigations initiated from the
// same-origin iframe will inherit COOP from the iframe's top-level embedder.
// Opener's navigation to about:blank stays in the same browsing context group.
// iframe cross-origin with its top-level embedder:
// initial empty document and about:blank navigations initiated from the
// cross-origin iframe will default COOP to unsafe-none.
// Opener's navigation to about:blank doesn't inherit COOP, leading to a
// browsing context group switch.
// Same origin allow popups allows the navigation of top to the cross-origin
// about:blank (origin inherited from the iframe) page, which does not have COOP
// (initiator is a cross origin iframe).