Source code

Revision control

Copy as Markdown

Other Tools

Test Info: Warnings

<title>
Tests the interaction of COOP same-origin-allow-popups with redirects in a
newly opened popup.
</title>
<meta charset=utf-8>
<meta name=timeout content=long>
<script src=/resources/testharness.js></script>
<script src=/resources/testharnessreport.js></script>
<script src="/common/get-host-info.sub.js"></script>
<script src="/common/utils.js"></script>
<script src="/common/dispatcher/dispatcher.js"></script>
<div id=log></div>
<script>
const executor_path = "/common/dispatcher/executor.html?pipe=";
const same_origin = {
host: get_host_info().HTTPS_ORIGIN,
name: "Same origin"
};
const cross_origin = {
host: get_host_info().HTTPS_REMOTE_ORIGIN,
name: "Cross origin"
};
const coep_header = '|header(Cross-Origin-Embedder-Policy,unsafe-none)';
// Tests the interaction of COOP same-origin-allow-popups with redirects in a
// newly created popup.
// 1- Creates a page with origin SAME_ORIGIN and COOP same-origin-allow-popups.
// 2- This page opens a popup.
// 3- The popup navigates and gets a redirect response with COOP unsafe none
// and origin either SAME_ORIGIN or CROSS_ORIGIN
// 4- The popup follows the redirect and ends up on a final page with COOP
// same-origin-allow-popups and origin SAME_ORIGIN
// 5- The popup and its opener should no longer be in the same browsing context
// group (ie the popup doesn't have an opener and the window that opened the
// popup sees it as closed).
function redirect_test(popup_redirect_origin) {
promise_test(async t => {
// Identifies the test window.
const this_window_token = token();
// Identifies the first window that will open the popup. It has COOP
// same-origin-allow-popups.
const opener_token= token();
const same_origin_allow_popups_header =
`|header(Cross-Origin-Opener-Policy,same-origin-allow-popups)`;
const opener_url = same_origin.host + executor_path +
same_origin_allow_popups_header + `&uuid=${opener_token}`;
// Identifies the popup. It will initial try to navigate to
// popup_redirect_origin, which has COOP unsafe-none. The navigation is
// then redirected to a final response of SAME_ORIGIN and COOP
// same-origin-allow-popups.
const popup_token = token();
const popup_final_url = same_origin.host + executor_path +
same_origin_allow_popups_header + `&uuid=${popup_token}`;
const redirect_header = 'status(302)' +
`|header(Location,${encodeURIComponent(
popup_final_url
.replace(/,/g, "\\,")
.replace(/\\\\,/g, "\\\\\\,")
.replace(/\(/g, "%28")
.replace(/\)/g, "%29"))})`;
const popup_initial_url = popup_redirect_origin.host + executor_path +
redirect_header + `&uuid=${popup_token}`;
// 1. Create the initial window.
let opener_window_proxy = window.open(opener_url);
t.add_cleanup(() => send(opener_token, "window.close()"));
// 2. The initial window opens a popup.
send(opener_token, `
popup = window.open("${popup_initial_url}");
`);
t.add_cleanup(() => send(popup_token, "window.close()"));
// 3. Check the opener status on the popup.
send(popup_token, `
send("${this_window_token}", window.opener !== null);
`);
assert_equals(await receive(this_window_token), "false", "opener");
// 4. Check the status of the popup from the initial window.
send(opener_token, `
send("${this_window_token}", popup.closed);
`);
assert_equals(await receive(this_window_token), "true", "popup.closed");
}, `${popup_redirect_origin.name} popup redirects to same-origin with same-origin-allow-popups`);
}
redirect_test(same_origin);
redirect_test(cross_origin);
</script>