commit 4397d58a075acbd23aa19f4aba9a33ae6ffc5254 parent d1615a7e90fa3623befd6981697168cdf2ebada6 Author: Ari Chivukula <arichiv@chromium.org> Date: Mon, 10 Nov 2025 22:20:47 +0000 Bug 1999161 [wpt PR 55955] - [Partitioned Popins Removal] Remove WPTs, a=testonly Automatic update from web-platform-tests [Partitioned Popins Removal] Remove WPTs This is the first of a series of CLs to remove the popins code. The Popins code touches a lot of sensitive areas so needs real review. This is being done in multiple steps to reduce reviewer overhead. The removal will be completed before the M144 branch so risk is low. This only ever got to the DevTrial phase so no formal deprecation or removal process is needed. We're starting with the WPTs since that's an easy cut anyone can approve. Bug: 458633862 Change-Id: Iaa9836db171eec2fc40f62c93d113e7c1f8869c2 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/7136300 Commit-Queue: Vladimir Levin <vmpstr@chromium.org> Commit-Queue: Ari Chivukula <arichiv@chromium.org> Auto-Submit: Ari Chivukula <arichiv@chromium.org> Reviewed-by: Vladimir Levin <vmpstr@chromium.org> Cr-Commit-Position: refs/heads/main@{#1542376} -- wpt-commits: c5b875840cefd723813b003635d82facd03d01fb wpt-pr: 55955 Diffstat:
53 files changed, 0 insertions(+), 1427 deletions(-)
diff --git a/testing/web-platform/tests/html/browsers/browsing-the-web/remote-context-helper/resources/executor-window.py b/testing/web-platform/tests/html/browsers/browsing-the-web/remote-context-helper/resources/executor-window.py @@ -25,10 +25,6 @@ def main(request, response): start_on_s = f"'{start_on[0]}'" if start_on else "null" headers = [("Content-Type", "text/html")] - # We always permit partitioned popins to be loaded for testing. - # See https://explainers-by-googlers.github.io/partitioned-popins/ - if request.headers.get(b"Sec-Popin-Context") == b"partitioned": - headers.append((b'Popin-Policy', b"partitioned=*")) # This sets a base href so that even if this content e.g. data or blob URLs # document, relative URLs will resolve. diff --git a/testing/web-platform/tests/partitioned-popins/META.yml b/testing/web-platform/tests/partitioned-popins/META.yml @@ -1,4 +0,0 @@ -spec: https://explainers-by-googlers.github.io/partitioned-popins/ -suggested_reviewers: - - arichiv - - johannhof diff --git a/testing/web-platform/tests/partitioned-popins/partitioned-popins.cookies-allowed.tentative.sub.https.window.js b/testing/web-platform/tests/partitioned-popins/partitioned-popins.cookies-allowed.tentative.sub.https.window.js @@ -1,52 +0,0 @@ -// META: script=/resources/testdriver.js -// META: script=/resources/testdriver-vendor.js -// META: script=/storage-access-api/helpers.js - -'use strict'; - -// Spec: https://explainers-by-googlers.github.io/partitioned-popins/ -// Step 1 (main-window) Set up listener to resolve messages as they come in. -// Step 2 (main-window) Open window for other origin. -// Step 3 (other-window) Write first-party cookies and report success. -// Step 4 (main-window) Embed iframe for other origin. -// Step 5 (main-iframe) Write third-party cookies and report success. -// Step 6 (main-window) Open partitioned popin for other origin. -// Step 7 (popin) Check for first-/third-party cookies. -// Step 8 (popin) Report success. -// Step 9 (main-window) Cleanup. - -async_test(t => { - const id = String(Math.random()); - document.cookie = "FirstPartyStrict=" + id + "; SameSite=Strict; Secure"; - document.cookie = "FirstPartyLax=" + id + "; SameSite=Lax; Secure"; - document.cookie = "FirstPartyNone=" + id + "; SameSite=None; Secure"; - // Step 1 - window.addEventListener("message", t.step_func(e => { - switch (e.data.type) { - case 'window-set': - // Step 4 - assert_equals(e.data.message, "Set first-party data"); - const iframe = document.createElement("iframe"); - iframe.src = "https://{{hosts[alt][]}}:{{ports[https][0]}}/partitioned-popins/resources/partitioned-popins.cookies-iframe.html?id="+id; - document.body.appendChild(iframe); - break; - case 'iframe-set': - // Step 6 - assert_equals(e.data.message, "Set third-party data"); - window.open("https://{{hosts[alt][]}}:{{ports[https][0]}}/partitioned-popins/resources/partitioned-popins.cookies-popin.sub.py?id="+id, '_blank', 'popin'); - break; - case 'popin-read': - // Step 9 - // We want to see the same behavior a cross-site iframe would have, only SameSite=None available, with the ability to set additional cookies in the popin. - assert_equals(e.data.message, "ReadOnLoad:ThirdPartyNone-,ReadOnFetch:ThirdPartyNone-ThirdPartyNonePopin-,ReadOnDocument:ThirdPartyNone-ThirdPartyNonePopin-,ReadOnFetchAfterRSA:ThirdPartyNone-ThirdPartyNonePopin-ThirdPartyNonePopinAfterRSA-,ReadOnDocumentAfterRSA:ThirdPartyNone-ThirdPartyNonePopin-ThirdPartyNonePopinAfterRSA-"); - t.done(); - break; - } - })); - // This doesn't work as intended in most cases. - // See https://github.com/privacycg/storage-access/issues/162. - MaybeSetStorageAccess("*", "*", "allowed").then(() => { - // Step 2 - window.open("https://{{hosts[alt][]}}:{{ports[https][0]}}/partitioned-popins/resources/partitioned-popins.cookies-window.html?id="+id, '_blank', 'popup'); - }); -}, "Verify Partitioned Popins cookie access when third-party cookie access allowed"); diff --git a/testing/web-platform/tests/partitioned-popins/partitioned-popins.cookies-blocked.tentative.sub.https.window.js b/testing/web-platform/tests/partitioned-popins/partitioned-popins.cookies-blocked.tentative.sub.https.window.js @@ -1,52 +0,0 @@ -// META: script=/resources/testdriver.js -// META: script=/resources/testdriver-vendor.js -// META: script=/storage-access-api/helpers.js - -'use strict'; - -// Spec: https://explainers-by-googlers.github.io/partitioned-popins/ -// Step 1 (main-window) Set up listener to resolve messages as they come in. -// Step 2 (main-window) Open window for other origin. -// Step 3 (other-window) Write first-party cookies and report success. -// Step 4 (main-window) Embed iframe for other origin. -// Step 5 (main-iframe) Write third-party cookies and report success. -// Step 6 (main-window) Open partitioned popin for other origin. -// Step 7 (popin) Check for first-/third-party cookies. -// Step 8 (popin) Report success. -// Step 9 (main-window) Cleanup. - -async_test(t => { - const id = String(Math.random()); - document.cookie = "FirstPartyStrict=" + id + "; SameSite=Strict; Secure"; - document.cookie = "FirstPartyLax=" + id + "; SameSite=Lax; Secure"; - document.cookie = "FirstPartyNone=" + id + "; SameSite=None; Secure"; - // Step 1 - window.addEventListener("message", t.step_func(e => { - switch (e.data.type) { - case 'window-set': - // Step 4 - assert_equals(e.data.message, "Set first-party data"); - const iframe = document.createElement("iframe"); - iframe.src = "https://{{hosts[alt][]}}:{{ports[https][0]}}/partitioned-popins/resources/partitioned-popins.cookies-iframe.html?id="+id; - document.body.appendChild(iframe); - break; - case 'iframe-set': - // Step 6 - assert_equals(e.data.message, "Set third-party data"); - window.open("https://{{hosts[alt][]}}:{{ports[https][0]}}/partitioned-popins/resources/partitioned-popins.cookies-popin.sub.py?id="+id, '_blank', 'popin'); - break; - case 'popin-read': - // Step 9 - // We want to see the same behavior a cross-site iframe would have, only SameSite=None available, with the ability to set additional cookies in the popin. - assert_equals(e.data.message, "ReadOnLoad:ThirdPartyNone-,ReadOnFetch:ThirdPartyNone-ThirdPartyNonePopin-,ReadOnDocument:ThirdPartyNone-ThirdPartyNonePopin-,ReadOnFetchAfterRSA:ThirdPartyNone-ThirdPartyNonePopin-ThirdPartyNonePopinAfterRSA-,ReadOnDocumentAfterRSA:ThirdPartyNone-ThirdPartyNonePopin-ThirdPartyNonePopinAfterRSA-"); - t.done(); - break; - } - })); - // This doesn't work as intended in most cases. - // See https://github.com/privacycg/storage-access/issues/162. - MaybeSetStorageAccess("*", "*", "blocked").then(() => { - // Step 2 - window.open("https://{{hosts[alt][]}}:{{ports[https][0]}}/partitioned-popins/resources/partitioned-popins.cookies-window.html?id="+id, '_blank', 'popup'); - }); -}, "Verify Partitioned Popins cookie access when third-party cookie access blocked"); diff --git a/testing/web-platform/tests/partitioned-popins/partitioned-popins.limit.tentative.https.window.js b/testing/web-platform/tests/partitioned-popins/partitioned-popins.limit.tentative.https.window.js @@ -1,29 +0,0 @@ -// META: script=/resources/testdriver.js -// META: script=/resources/testdriver-vendor.js - -'use strict'; - -// Spec: https://explainers-by-googlers.github.io/partitioned-popins/ -// Step 1 - Open a popin and succeed. -// Step 2 - Open a second popin and fail. -// Step 3 - Cleanup. - -async_test(t => { - let message = ""; - - // Step 1 - try { - let popin_1 = window.open("/partitioned-popins/resources/partitioned-popins.wait.html", '_blank', 'popin'); - message += popin_1 ? "FirstPopinOpened-" : ""; - } catch (_) {} - - // Step 2 - try { - let popin_2 = window.open("/partitioned-popins/resources/partitioned-popins.wait.html", '_blank', 'popin'); - message += popin_2 ? "SecondPopinOpened-" : ""; - } catch (_) {} - - // Step 3 - assert_equals(message, "FirstPopinOpened-"); - t.done(); -}, "Verify only one partitioned popin can be open at a time."); diff --git a/testing/web-platform/tests/partitioned-popins/partitioned-popins.localStorage.tentative.sub.https.window.js b/testing/web-platform/tests/partitioned-popins/partitioned-popins.localStorage.tentative.sub.https.window.js @@ -1,46 +0,0 @@ -// META: script=/resources/testdriver.js -// META: script=/resources/testdriver-vendor.js -// META: script=/storage-access-api/helpers.js - -'use strict'; - -// Spec: https://explainers-by-googlers.github.io/partitioned-popins/ -// Step 1 (main-window) Set up listener to resolve messages as they come in. -// Step 2 (main-window) Open window for other origin. -// Step 3 (other-window) Write first-party localStorage key and report success. -// Step 4 (main-window) Embed iframe for other origin. -// Step 5 (main-iframe) Write third-party localStorage key and report success. -// Step 6 (main-window) Open partitioned popin for other origin. -// Step 7 (main-popin) Check localStorage for first-/third-party keys and report success. -// Step 8 (main-window) Cleanup. - -async_test(t => { - const id = String(Date.now()); - // Step 1 - window.addEventListener("message", t.step_func(e => { - switch (e.data.type) { - case 'window-set': - // Step 4 - assert_equals(e.data.message, "Set first-party data"); - const iframe = document.createElement("iframe"); - iframe.src = "https://{{hosts[alt][]}}:{{ports[https][0]}}/partitioned-popins/resources/partitioned-popins.localStorage-iframe.html?id="+id; - document.body.appendChild(iframe); - break; - case 'iframe-set': - // Step 6 - assert_equals(e.data.message, "Set third-party data"); - window.open("https://{{hosts[alt][]}}:{{ports[https][0]}}/partitioned-popins/resources/partitioned-popins.localStorage-popin.html?id="+id, '_blank', 'popin'); - break; - case 'popin-read': - // Step 8 - assert_equals(e.data.message, "Found:ThirdParty-FirstPartyRSA-"); - t.done(); - break; - } - })); - - MaybeSetStorageAccess("*", "*", "blocked").then(() => { - // Step 2 - window.open("https://{{hosts[alt][]}}:{{ports[https][0]}}/partitioned-popins/resources/partitioned-popins.localStorage-window.html?id="+id, '_blank', 'popup'); - }); -}, "Verify Partitioned Popins only have access to third-party localStorage"); diff --git a/testing/web-platform/tests/partitioned-popins/partitioned-popins.partitions.tentative.https.window.js b/testing/web-platform/tests/partitioned-popins/partitioned-popins.partitions.tentative.https.window.js @@ -1,354 +0,0 @@ -// META: script=/resources/testdriver.js -// META: script=/resources/testdriver-vendor.js -// META: script=/common/dispatcher/dispatcher.js -// META: script=/common/get-host-info.sub.js -// META: script=/common/utils.js -// META: script=/common/subset-tests-by-key.js -// META: script=/html/browsers/browsing-the-web/remote-context-helper/resources/remote-context-helper.js -// META: variant=?include=variant-1-test -// META: variant=?include=variant-2-test -// META: variant=?include=variant-3-test -// META: variant=?include=variant-4-test -// META: variant=?include=variant-5-test -// META: variant=?include=variant-6-test -// META: variant=?include=variant-7-test -// META: variant=?include=variant-8-test -// META: variant=?include=variant-9-test -// META: variant=?include=variant-10-test -// META: variant=?include=variant-11-test -// META: timeout=long - -'use strict'; - -const TEST_VALUE = "popin-partition-test"; - -async function seedPartition(remoteContextWrapper, name) { - await remoteContextWrapper.executeScript((name, TEST_VALUE) => { - window.localStorage.setItem(name, TEST_VALUE); - document.cookie = name + "-strict=" + TEST_VALUE + "; SameSite=Strict; Secure"; - document.cookie = name + "-lax=" + TEST_VALUE + "; SameSite=Lax; Secure"; - document.cookie = name + "-none=" + TEST_VALUE + "; SameSite=None; Secure"; - document.cookie = name + "-partitioned-strict=" + TEST_VALUE + "; Partitioned; SameSite=Strict; Secure"; - document.cookie = name + "-partitioned-lax=" + TEST_VALUE + "; Partitioned; SameSite=Lax; Secure"; - document.cookie = name + "-partitioned-none=" + TEST_VALUE + "; Partitioned; SameSite=None; Secure"; - }, [name, TEST_VALUE]); -} - -async function openPopin(test, remoteContextWrapper, origin) { - const popin = await remoteContextWrapper.addWindow( - /*extraConfig=*/ origin ? { origin } : null, - /*options=*/ { features: "popin" }); - assert_equals(await popin.executeScript(() => window.popinContextType()), "partitioned"); - test.add_cleanup(async () => { - await popin.executeScript(() => window.close()); - }); - return popin; -} - -async function getCookies(remoteContextWrapper) { - return await remoteContextWrapper.executeScript((TEST_VALUE) => { - if (!document.cookie) { - return []; - } - const cookies = document.cookie.split(";"); - let cookieNames = []; - for (let i = 0; i < cookies.length; i++) { - let cookieName = cookies[i].split("=")[0].trim(); - let cookieValue = cookies[i].split("=")[1].trim(); - if (cookieValue === TEST_VALUE) { - cookieNames.push(cookieName); - } - } - return cookieNames.sort(); - }, [TEST_VALUE]); -} - -async function getLocalStorage(remoteContextWrapper) { - return await remoteContextWrapper.executeScript((TEST_VALUE) => { - let storageNames = []; - for (let i = 0; i < window.localStorage.length; i++) { - if (window.localStorage.getItem(window.localStorage.key(i)) === TEST_VALUE) { - storageNames.push(window.localStorage.key(i)); - } - } - return storageNames.sort(); - }, [TEST_VALUE]); -} - -const rcHelper = new RemoteContextHelper(); -const handles = {}; - -promise_setup(async () => { - assert_in_array("partitioned", window.popinContextTypesSupported()); - - handles.main = await rcHelper.addWindow(); - handles.frameSameSite = await handles.main.addIframe(); - handles.frameCrossSite = await handles.main.addIframe( - /*extraConfig=*/ { - origin: "HTTPS_NOTSAMESITE_ORIGIN", - }, - /*attributes=*/ { - allow: "popins", - } - ); - handles.frameSameSiteWithCrossSiteAncestor = - await handles.frameCrossSite.addIframe( - /*extraConfig=*/ null, - /*attributes=*/ { - allow: "popins", - } - ); - handles.crossSite = await rcHelper.addWindow( - /*extraConfig=*/ { - origin: "HTTPS_NOTSAMESITE_ORIGIN", - } - ); - handles.crossSiteFrameSameSite = await handles.crossSite.addIframe(); - Object.freeze(handles); - - await seedPartition(handles.main, "main"); - await seedPartition(handles.frameSameSite, "frameSameSite"); - await seedPartition(handles.frameCrossSite, "frameCrossSite"); - await seedPartition(handles.frameSameSiteWithCrossSiteAncestor, "frameSameSiteWithCrossSiteAncestor"); - await seedPartition(handles.crossSite, "crossSite"); - await seedPartition(handles.crossSiteFrameSameSite, "crossSiteFrameSameSite"); -}); - -subsetTestByKey("variant-1-test", promise_test, async t => { - const popin = await openPopin(t, handles.main); - - // The popin, it's opener and all their ancestors are same-site, so the popin - // should have access to all cookies and storage of the main host. - assert_array_equals( - await getCookies(popin), - [ - "crossSiteFrameSameSite-none", - "frameSameSite-lax", - "frameSameSite-none", - "frameSameSite-partitioned-lax", - "frameSameSite-partitioned-none", - "frameSameSite-partitioned-strict", - "frameSameSite-strict", - "frameSameSiteWithCrossSiteAncestor-none", - "main-lax", - "main-none", - "main-partitioned-lax", - "main-partitioned-none", - "main-partitioned-strict", - "main-strict", - ]); - assert_array_equals(await getLocalStorage(popin), ["frameSameSite", "main"]); - - t.done(); -}, "Verify Partitioned Popins have access to the proper cookie/storage partitions - Main site opens same-site popin."); - -subsetTestByKey("variant-2-test", promise_test, async t => { - const popin = await openPopin(t, handles.main, "HTTPS_NOTSAMESITE_ORIGIN"); - - // The popin is cross-site to its opener, so the popin should only have access - // to the local storage variable and SameSite=None cookies of the cross-site - // frame, and the unpartitioned SameSite=None cookie of the cross-site window. - assert_array_equals(await getCookies(popin), ["crossSite-none", "frameCrossSite-none", "frameCrossSite-partitioned-none"]); - assert_array_equals(await getLocalStorage(popin), ["frameCrossSite"]); - - t.done(); -}, "Verify Partitioned Popins have access to the proper cookie/storage partitions - Main site opens cross-site popin."); - -subsetTestByKey("variant-3-test", promise_test, async t => { - const popin = await openPopin(t, handles.frameSameSite); - - // The popin, it's opener and all their ancestors are same-site, so the popin - // should have access to all cookies and storage of the main host. - assert_array_equals( - await getCookies(popin), - [ - "crossSiteFrameSameSite-none", - "frameSameSite-lax", - "frameSameSite-none", - "frameSameSite-partitioned-lax", - "frameSameSite-partitioned-none", - "frameSameSite-partitioned-strict", - "frameSameSite-strict", - "frameSameSiteWithCrossSiteAncestor-none", - "main-lax", - "main-none", - "main-partitioned-lax", - "main-partitioned-none", - "main-partitioned-strict", - "main-strict", - ]); - assert_array_equals(await getLocalStorage(popin), ["frameSameSite", "main"]); - - t.done(); -}, "Verify Partitioned Popins have access to the proper cookie/storage partitions - Same-site frame opens same-site popin."); - -subsetTestByKey("variant-4-test", promise_test, async t => { - const popin = await openPopin(t, handles.frameCrossSite); - - // The main-host popin has a cross-site ancestor, so it should only have - // access to the local storage variable and SameSite=None cookies set in a - // cross-site ancestor context, and the unpartitioned SameSite=None cookies of - // the main-host contexts. - assert_array_equals(await getCookies(popin), - [ - "crossSiteFrameSameSite-none", - "frameSameSite-none", - "frameSameSiteWithCrossSiteAncestor-none", - "frameSameSiteWithCrossSiteAncestor-partitioned-none", - "main-none", - ]); - assert_array_equals(await getLocalStorage(popin), ["frameSameSiteWithCrossSiteAncestor"]); - - t.done(); -}, "Verify Partitioned Popins have access to the proper cookie/storage partitions - Cross-site frame opens main-host popin."); - -subsetTestByKey("variant-5-test", promise_test, async t => { - const popin = await openPopin(t, handles.frameCrossSite, "HTTPS_NOTSAMESITE_ORIGIN"); - - // The popin and its opener is cross-site to the main frame, so the popin - // should only have access to the local storage variable and SameSite=None - // cookies of the cross-site frame, and the unpartitioned SameSite=None cookie - // of the cross-site window. - assert_array_equals(await getCookies(popin), ["crossSite-none", "frameCrossSite-none", "frameCrossSite-partitioned-none"]); - assert_array_equals(await getLocalStorage(popin), ["frameCrossSite"]); - - t.done(); -}, "Verify Partitioned Popins have access to the proper cookie/storage partitions - Cross-site frame opens alternative-host popin."); - -subsetTestByKey("variant-6-test", promise_test, async t => { - const popin = await openPopin(t, handles.frameSameSiteWithCrossSiteAncestor); - - // The main-host popin has a cross-site ancestor, so it should only have - // access to the local storage variable and SameSite=None cookies set in a - // cross-site ancestor context, and the unpartitioned SameSite=None cookies of - // the main-host contexts. - assert_array_equals(await getCookies(popin), - [ - "crossSiteFrameSameSite-none", - "frameSameSite-none", - "frameSameSiteWithCrossSiteAncestor-none", - "frameSameSiteWithCrossSiteAncestor-partitioned-none", - "main-none", - ]); - assert_array_equals(await getLocalStorage(popin), ["frameSameSiteWithCrossSiteAncestor"]); - - t.done(); -}, "Verify Partitioned Popins have access to the proper cookie/storage partitions - Same-site frame with cross-site ancestor opens main-host popin."); - -subsetTestByKey("variant-7-test", promise_test, async t => { - const popin = await openPopin(t, handles.main); - - // The frame in the popin, the popin, it's opener and all their ancestors are - // same-site, so the popin should have access to all cookies and storage of - // the main host. - const popinFrame = await popin.addIframe(); - assert_array_equals( - await getCookies(popinFrame), - [ - "crossSiteFrameSameSite-none", - "frameSameSite-lax", - "frameSameSite-none", - "frameSameSite-partitioned-lax", - "frameSameSite-partitioned-none", - "frameSameSite-partitioned-strict", - "frameSameSite-strict", - "frameSameSiteWithCrossSiteAncestor-none", - "main-lax", - "main-none", - "main-partitioned-lax", - "main-partitioned-none", - "main-partitioned-strict", - "main-strict", - ]); - assert_array_equals(await getLocalStorage(popinFrame), ["frameSameSite", "main"]); - - t.done(); -}, "Verify Partitioned Popins have access to the proper cookie/storage partitions - Main site opens same-site popin with same-site frame."); - -subsetTestByKey("variant-8-test", promise_test, async t => { - const popin = await openPopin(t, handles.main); - - const popinFrame = await popin.addIframe( - /*extraConfig=*/ { - origin: "HTTPS_NOTSAMESITE_ORIGIN", - }, - /*attributes=*/ { - allow: "popins", - } - ); - - // The frame in the popin is cross-site to the main frame, so the popin should - // only have access to the local storage variable and SameSite=None cookies of - // the cross-site frame, and the unpartitioned SameSite=None cookie of the - // cross-site window. - assert_array_equals(await getCookies(popinFrame), ["crossSite-none", "frameCrossSite-none", "frameCrossSite-partitioned-none"]); - assert_array_equals(await getLocalStorage(popinFrame), ["frameCrossSite"]); - - t.done(); -}, "Verify Partitioned Popins have access to the proper cookie/storage partitions - Main site opens same-site popin with cross-site frame."); - -subsetTestByKey("variant-9-test", promise_test, async t => { - const popin = await openPopin(t, handles.main, "HTTPS_NOTSAMESITE_ORIGIN"); - - const popinFrame = await popin.addIframe(); - - // The main-host frame in the popin has a cross-site ancestor, so it should - // only have access to the local storage variable and SameSite=None cookies - // set in a cross-site ancestor context, and the unpartitioned SameSite=None - // cookies of the main-host contexts. - assert_array_equals(await getCookies(popinFrame), - [ - "crossSiteFrameSameSite-none", - "frameSameSite-none", - "frameSameSiteWithCrossSiteAncestor-none", - "frameSameSiteWithCrossSiteAncestor-partitioned-none", - "main-none", - ]); - assert_array_equals(await getLocalStorage(popinFrame), ["frameSameSiteWithCrossSiteAncestor"]); - - t.done(); -}, "Verify Partitioned Popins have access to the proper cookie/storage partitions - Main site opens cross-site popin with main-host frame."); - -subsetTestByKey("variant-10-test", promise_test, async t => { - const popin = await openPopin(t, handles.frameCrossSite); - - const popinFrame = await popin.addIframe( - /*extraConfig=*/ { - origin: "HTTPS_NOTSAMESITE_ORIGIN", - }, - /*attributes=*/ { - allow: "popins", - } - ); - - // The frame in the popin is cross-site to the main frame, so the popin should - // only have access to the local storage variable and SameSite=None cookies of - // the cross-site frame, and the unpartitioned SameSite=Nonecookie of the - // cross-site window. - assert_array_equals(await getCookies(popinFrame), ["crossSite-none", "frameCrossSite-none", "frameCrossSite-partitioned-none"]); - assert_array_equals(await getLocalStorage(popinFrame), ["frameCrossSite"]); - - t.done(); -}, "Verify Partitioned Popins have access to the proper cookie/storage partitions - Cross-site frame opens main-host popin with cross-site frame."); - -subsetTestByKey("variant-11-test", promise_test, async t => { - const popin = await openPopin(t, handles.frameCrossSite, "HTTPS_NOTSAMESITE_ORIGIN"); - - const popinFrame = await popin.addIframe(); - - // The main-host frame in the popin has a cross-site ancestor, so it should - // only have access to the local storage variable and SameSite=None cookies - //set in a cross-site ancestor context, and the unpartitioned SameSite=None - // cookies of the main-host contexts. - assert_array_equals(await getCookies(popinFrame), - [ - "crossSiteFrameSameSite-none", - "frameSameSite-none", - "frameSameSiteWithCrossSiteAncestor-none", - "frameSameSiteWithCrossSiteAncestor-partitioned-none", - "main-none", - ]); - assert_array_equals(await getLocalStorage(popinFrame), ["frameSameSiteWithCrossSiteAncestor"]); - - t.done(); -}, "Verify Partitioned Popins have access to the proper cookie/storage partitions - Cross-site frame opens alternative-host popin with main-host frame."); diff --git a/testing/web-platform/tests/partitioned-popins/partitioned-popins.permission-all.tentative.sub.https.window.js b/testing/web-platform/tests/partitioned-popins/partitioned-popins.permission-all.tentative.sub.https.window.js @@ -1,32 +0,0 @@ -// META: script=/resources/testdriver.js -// META: script=/resources/testdriver-vendor.js - -'use strict'; - -// Spec: https://explainers-by-googlers.github.io/partitioned-popins/ -// Step 1 (window) Set up listener to resolve messages as they come in. -// Step 2 (window) Open iframe for other origin. -// Step 3 (iframe) Open partitioned popin. -// Step 4 (popin) Cleanup. -// Step 5 (iframe) Report success. -// Step 6 (window) Cleanup. - -async_test(t => { - const id = String(Date.now()); - // Step 1 - window.addEventListener("message", t.step_func(e => { - switch (e.data.type) { - case 'popin': - // Step 6 - assert_equals(e.data.message, "Success"); - t.done(); - break; - } - })); - - // Step 2 - const iframe = document.createElement("iframe"); - iframe.allow = "popins"; - iframe.src = "https://{{hosts[alt][]}}:{{ports[https][0]}}/partitioned-popins/resources/partitioned-popins.permissions-iframe.html"; - document.body.appendChild(iframe); -}, "Verify Partitioned Popins in an iframe work when the policy is *"); diff --git a/testing/web-platform/tests/partitioned-popins/partitioned-popins.permission-all.tentative.sub.https.window.js.headers b/testing/web-platform/tests/partitioned-popins/partitioned-popins.permission-all.tentative.sub.https.window.js.headers @@ -1 +0,0 @@ -Permissions-Policy: popins=* diff --git a/testing/web-platform/tests/partitioned-popins/partitioned-popins.permission-default.tentative.sub.https.window.js b/testing/web-platform/tests/partitioned-popins/partitioned-popins.permission-default.tentative.sub.https.window.js @@ -1,31 +0,0 @@ -// META: script=/resources/testdriver.js -// META: script=/resources/testdriver-vendor.js - -'use strict'; - -// Spec: https://explainers-by-googlers.github.io/partitioned-popins/ -// Step 1 (window) Set up listener to resolve messages as they come in. -// Step 2 (window) Open iframe for other origin. -// Step 3 (iframe) Open partitioned popin. -// Step 4 (popin) Cleanup. -// Step 5 (iframe) Report failure. -// Step 6 (window) Cleanup. - -async_test(t => { - const id = String(Date.now()); - // Step 1 - window.addEventListener("message", t.step_func(e => { - switch (e.data.type) { - case 'popin': - // Step 6 - assert_equals(e.data.message, "Failure"); - t.done(); - break; - } - })); - - // Step 2 - const iframe = document.createElement("iframe"); - iframe.src = "https://{{hosts[alt][]}}:{{ports[https][0]}}/partitioned-popins/resources/partitioned-popins.permissions-iframe.html"; - document.body.appendChild(iframe); -}, "Verify Partitioned Popins in an iframe fails when the policy isn't set"); diff --git a/testing/web-platform/tests/partitioned-popins/partitioned-popins.permission-self.tentative.sub.https.window.js b/testing/web-platform/tests/partitioned-popins/partitioned-popins.permission-self.tentative.sub.https.window.js @@ -1,32 +0,0 @@ -// META: script=/resources/testdriver.js -// META: script=/resources/testdriver-vendor.js - -'use strict'; - -// Spec: https://explainers-by-googlers.github.io/partitioned-popins/ -// Step 1 (window) Set up listener to resolve messages as they come in. -// Step 2 (window) Open iframe for other origin. -// Step 3 (iframe) Open partitioned popin. -// Step 4 (popin) Cleanup. -// Step 5 (iframe) Report failure. -// Step 6 (window) Cleanup. - -async_test(t => { - const id = String(Date.now()); - // Step 1 - window.addEventListener("message", t.step_func(e => { - switch (e.data.type) { - case 'popin': - // Step 6 - assert_equals(e.data.message, "Failure"); - t.done(); - break; - } - })); - - // Step 2 - const iframe = document.createElement("iframe"); - iframe.allow = "popins"; - iframe.src = "https://{{hosts[alt][]}}:{{ports[https][0]}}/partitioned-popins/resources/partitioned-popins.permissions-iframe.html"; - document.body.appendChild(iframe); -}, "Verify Partitioned Popins in an iframe fail when the policy is 'self'"); diff --git a/testing/web-platform/tests/partitioned-popins/partitioned-popins.permission-self.tentative.sub.https.window.js.headers b/testing/web-platform/tests/partitioned-popins/partitioned-popins.permission-self.tentative.sub.https.window.js.headers @@ -1 +0,0 @@ -Permissions-Policy: popins=self diff --git a/testing/web-platform/tests/partitioned-popins/partitioned-popins.proxy-cross.tentative.sub.https.window.js b/testing/web-platform/tests/partitioned-popins/partitioned-popins.proxy-cross.tentative.sub.https.window.js @@ -1,37 +0,0 @@ -// META: script=/resources/testdriver.js -// META: script=/resources/testdriver-vendor.js -// META: script=/partitioned-popins/resources/proxy-helpers.js - -'use strict'; - -// Spec: https://explainers-by-googlers.github.io/partitioned-popins/ -// Step 1 (window) Set up listener to resolve messages as they come in. -// Step 2 (window) Open cross-site popin. -// Step 3 (popin) Set up listener to resolve messages as they come in. -// Step 4 (popin) Test and report usable methods against window. -// Step 5 (window) Test and compare usable methods against popin. -// Step 6 (popin) Cleanup. -// Step 7 (window) Cleanup. - -async_test(t => { - let popin_proxy; - - // Step 1 - window.addEventListener("message", t.step_func(e => { - switch (e.data.type) { - case 'ready': - // Step 5 - assert_equals(e.data.message, "Closed,Then,"); - assert_equals(getUsableMethods(popin_proxy), "Closed,Then,"); - popin_proxy.postMessage({type: "cleanup"}, "*"); - break; - case 'cleanup': - // Step 7 - t.done(); - break; - } - })); - - // Step 2 - popin_proxy = window.open("https://{{hosts[alt][]}}:{{ports[https][0]}}/partitioned-popins/resources/partitioned-popins.proxy-popin.html", '_blank', 'popin'); -}, "Verify cross-site Partitioned Popins proxies only have access to postMessage and closed methods."); diff --git a/testing/web-platform/tests/partitioned-popins/partitioned-popins.proxy-same.tentative.https.window.js b/testing/web-platform/tests/partitioned-popins/partitioned-popins.proxy-same.tentative.https.window.js @@ -1,39 +0,0 @@ -// META: script=/resources/testdriver.js -// META: script=/resources/testdriver-vendor.js -// META: script=/partitioned-popins/resources/proxy-helpers.js - -'use strict'; - -// Spec: https://explainers-by-googlers.github.io/partitioned-popins/ -// Step 1 (window) Set up listener to resolve messages as they come in. -// Step 2 (window) Open same-origin popin. -// Step 3 (popin) Set up listener to resolve messages as they come in. -// Step 4 (popin) Test and report usable methods against window. -// Step 5 (window) Test and compare usable methods against popin. -// Step 6 (popin) Cleanup. -// Step 7 (window) Cleanup. - -// TODO(crbug.com/340606651): Remove expectations file and secure same-origin popins. - -async_test(t => { - let popin_proxy; - - // Step 1 - window.addEventListener("message", t.step_func(e => { - switch (e.data.type) { - case 'ready': - // Step 5 - assert_equals(e.data.message, "Closed,Then,"); - assert_equals(getUsableMethods(popin_proxy), "Closed,Then,"); - popin_proxy.postMessage({type: "cleanup"}, "*"); - break; - case 'cleanup': - // Step 7 - t.done(); - break; - } - })); - - // Step 2 - popin_proxy = window.open("/partitioned-popins/resources/partitioned-popins.proxy-popin.html", '_blank', 'popin'); -}, "Verify same-origin Partitioned Popins proxies only have access to postMessage and closed methods."); diff --git a/testing/web-platform/tests/partitioned-popins/partitioned-popins.recursive.tentative.https.window.js b/testing/web-platform/tests/partitioned-popins/partitioned-popins.recursive.tentative.https.window.js @@ -1,26 +0,0 @@ -// META: script=/resources/testdriver.js -// META: script=/resources/testdriver-vendor.js - -'use strict'; - -// Spec: https://explainers-by-googlers.github.io/partitioned-popins/ -// Step 1 (window) Set up listener to resolve messages as they come in. -// Step 2 (window) Open popin. -// Step 3 (popin) Try to open popin and report failure. -// Step 4 (main-window) Cleanup. - -async_test(t => { - // Step 1 - window.addEventListener("message", t.step_func(e => { - switch (e.data.type) { - case 'popin': - // Step 4 - assert_equals(e.data.message, "Could not open inner popin"); - t.done(); - break; - } - })); - - // Step 2 - window.open("/partitioned-popins/resources/partitioned-popins.recursive.html", '_blank', 'popin'); -}, "Verify Partitioned Popins cannot open their own popin"); diff --git a/testing/web-platform/tests/partitioned-popins/partitioned-popins.request-header.tentative.https.window.js b/testing/web-platform/tests/partitioned-popins/partitioned-popins.request-header.tentative.https.window.js @@ -1,32 +0,0 @@ -// META: script=/resources/testdriver.js -// META: script=/resources/testdriver-vendor.js - -'use strict'; - -// Spec: https://explainers-by-googlers.github.io/partitioned-popins/ -// Step 1 (window) Set up listener to resolve messages as they come in. -// Step 2 (window) Open popin. -// Step 3 (popin) Record header and do HTTP redirect. -// Step 4 (popin) Record header and do JS redirect. -// Step 5 (popin) Record header. -// Step 6 (popin) Do fetch. -// Step 7 (popin-fetch) Record header. -// Step 8 (popin) Open iframe. -// Step 9 (popin-iframe) Record header and send message. -// Step 10 (window) Cleanup. - -async_test(t => { - // Step 1 - window.addEventListener("message", t.step_func(e => { - switch (e.data.type) { - case 'popin': - // Step 10 - assert_equals(e.data.message, "Initial(partitioned)-HTTP(partitioned)-JS(partitioned)-fetch(missing)-iframe(missing)-"); - t.done(); - break; - } - })); - - // Step 2 - window.open("/partitioned-popins/resources/partitioned-popins.request-header.initial.py", '_blank', 'popin'); -}, "Verify Request Header seen on all popin navigations/redirects"); diff --git a/testing/web-platform/tests/partitioned-popins/partitioned-popins.secure.tentative.sub.http.window.js b/testing/web-platform/tests/partitioned-popins/partitioned-popins.secure.tentative.sub.http.window.js @@ -1,41 +0,0 @@ -// META: script=/resources/testdriver.js -// META: script=/resources/testdriver-vendor.js - -'use strict'; - -// Spec: https://explainers-by-googlers.github.io/partitioned-popins/ -// Step 1 - Try to open secure popin and see failure. -// Step 2 - Try to open insecure popin and see failure. -// Step 3 - Try to open path-only popin and see failure. -// Step 3 - Try to open empty popin and see failure. - -async_test(t => { - let targets = ""; - - // Step 1 - try { - window.open("https://{{hosts[alt][]}}:{{ports[https][0]}}/partitioned-popins/resources/partitioned-popins.close.html", '_blank', 'popin'); - targets += "Secure-"; - } catch (_) {} - - // Step 2 - try { - window.open("http://{{hosts[alt][]}}:{{ports[http][0]}}/partitioned-popins/resources/partitioned-popins.close.html", '_blank', 'popin'); - targets += "Insecure-"; - } catch (_) {} - - // Step 3 - try { - window.open("/partitioned-popins/resources/partitioned-popins.close.html", '_blank', 'popin'); - targets += "PathOnly-"; - } catch (_) {} - - // Step 4 - try { - window.open("", '_blank', 'popin'); - targets += "Empty-"; - } catch (_) {} - - assert_equals(targets, ""); - t.done(); -}, "Verify no Partitioned Popins can be opened from insecure page"); diff --git a/testing/web-platform/tests/partitioned-popins/partitioned-popins.secure.tentative.sub.https.window.js b/testing/web-platform/tests/partitioned-popins/partitioned-popins.secure.tentative.sub.https.window.js @@ -1,41 +0,0 @@ -// META: script=/resources/testdriver.js -// META: script=/resources/testdriver-vendor.js - -'use strict'; - -// Spec: https://explainers-by-googlers.github.io/partitioned-popins/ -// Step 1 - Try to open secure popin and see success. -// Step 2 - Try to open insecure popin and see failure. -// Step 3 - Try to open path-only popin and see success. -// Step 4 - Try to open empty popin and see failure. - -async_test(t => { - let targets = ""; - - // Step 1 - try { - window.open("https://{{hosts[alt][]}}:{{ports[https][0]}}/partitioned-popins/resources/partitioned-popins.close.html", '_blank', 'popin'); - targets += "Secure-"; - } catch (_) {} - - // Step 2 - try { - window.open("http://{{hosts[alt][]}}:{{ports[http][0]}}/partitioned-popins/resources/partitioned-popins.close.html", '_blank', 'popin'); - targets += "Insecure-"; - } catch (_) {} - - // Step 3 - try { - window.open("/partitioned-popins/resources/partitioned-popins.close.html", '_blank', 'popin'); - targets += "PathOnly-"; - } catch (_) {} - - // Step 4 - try { - window.open("", '_blank', 'popin'); - targets += "Empty-"; - } catch (_) {} - - assert_equals(targets, "Secure-PathOnly-"); - t.done(); -}, "Verify only secure Partitioned Popins can be opened from secure page"); diff --git a/testing/web-platform/tests/partitioned-popins/popinContextType.in-popin.tentative.https.window.js b/testing/web-platform/tests/partitioned-popins/popinContextType.in-popin.tentative.https.window.js @@ -1,26 +0,0 @@ -// META: script=/resources/testdriver.js -// META: script=/resources/testdriver-vendor.js - -'use strict'; - -// Spec: https://explainers-by-googlers.github.io/partitioned-popins/ -// Step 1 (window) Set up listener to resolve messages as they come in. -// Step 2 (window) Open popin. -// Step 3 (popin) Call `window.popinContextType()` and send result to opener. -// Step 4 (main-window) Assert and cleanup. - -async_test(t => { - // Step 1 - window.addEventListener("message", t.step_func(e => { - switch (e.data.type) { - case 'popin': - // Step 4 - assert_equals(e.data.message, "partitioned"); - t.done(); - break; - } - })); - - // Step 2 - window.open("/partitioned-popins/resources/popinContextType.html", '_blank', 'popin'); -}, "Verify PopinContextType is 'partitioned' in a Partitioned Popin"); diff --git a/testing/web-platform/tests/partitioned-popins/popinContextType.tentative.https.window.js b/testing/web-platform/tests/partitioned-popins/popinContextType.tentative.https.window.js @@ -1,12 +0,0 @@ -// META: script=/resources/testdriver.js -// META: script=/resources/testdriver-vendor.js - -'use strict'; - -// Spec: https://explainers-by-googlers.github.io/partitioned-popins/ -// Step 1 - Call `window.popinContextType()` and receive null. - -async_test(t => { - assert_equals(window.popinContextType(), null); - t.done(); -}, "Verify PopinContextType is null on top-level page"); diff --git a/testing/web-platform/tests/partitioned-popins/popinContextTypesSupported.in-popin.tentative.https.window.js b/testing/web-platform/tests/partitioned-popins/popinContextTypesSupported.in-popin.tentative.https.window.js @@ -1,26 +0,0 @@ -// META: script=/resources/testdriver.js -// META: script=/resources/testdriver-vendor.js - -'use strict'; - -// Spec: https://explainers-by-googlers.github.io/partitioned-popins/ -// Step 1 (window) Set up listener to resolve messages as they come in. -// Step 2 (window) Open popin. -// Step 3 (popin) Call `window.popinContextTypesSupported()` and send result to opener. -// Step 4 (main-window) Assert and cleanup. - -async_test(t => { - // Step 1 - window.addEventListener("message", t.step_func(e => { - switch (e.data.type) { - case 'popin': - // Step 4 - assert_array_equals(e.data.message, []); - t.done(); - break; - } - })); - - // Step 2 - window.open("/partitioned-popins/resources/popinContextTypesSupported.html", '_blank', 'popin'); -}, "Verify no PopinContextType is supported inside of a popin"); diff --git a/testing/web-platform/tests/partitioned-popins/popinContextTypesSupported.tentative.http.window.js b/testing/web-platform/tests/partitioned-popins/popinContextTypesSupported.tentative.http.window.js @@ -1,13 +0,0 @@ -// META: script=/resources/testdriver.js -// META: script=/resources/testdriver-vendor.js - -'use strict'; - -// Spec: https://explainers-by-googlers.github.io/partitioned-popins/ -// Step 1 - Call `window.popinContextTypesSupported()` and receive an empty array. - -async_test(t => { - // Step 1 - assert_array_equals(window.popinContextTypesSupported(), []); - t.done(); -}, "Verify no PopinContextType is supported on an insecure page"); diff --git a/testing/web-platform/tests/partitioned-popins/popinContextTypesSupported.tentative.https.window.js b/testing/web-platform/tests/partitioned-popins/popinContextTypesSupported.tentative.https.window.js @@ -1,12 +0,0 @@ -// META: script=/resources/testdriver.js -// META: script=/resources/testdriver-vendor.js - -'use strict'; - -// Spec: https://explainers-by-googlers.github.io/partitioned-popins/ -// Step 1 - Call `window.popinContextTypesSupported()` and receive an empty array. - -async_test(t => { - assert_array_equals(window.popinContextTypesSupported(), ["partitioned"]); - t.done(); -}, "Verify 'partitioned' PopinContextType is supported on a secure page"); diff --git a/testing/web-platform/tests/partitioned-popins/resources/cookie-helpers.js b/testing/web-platform/tests/partitioned-popins/resources/cookie-helpers.js @@ -1,15 +0,0 @@ -'use strict'; - -function getCookieMessage(cookie_string, prefix, suffix, expected_id) { - let message = ""; - if (cookie_string.includes(prefix + "Strict" + suffix + "=" + expected_id)) { - message += prefix + "Strict" + suffix + "-"; - } - if (cookie_string.includes(prefix + "Lax" + suffix + "=" + expected_id)) { - message += prefix + "Lax" + suffix + "-"; - } - if (cookie_string.includes(prefix + "None" + suffix + "=" + expected_id)) { - message += prefix + "None" + suffix + "-"; - } - return message; -} diff --git a/testing/web-platform/tests/partitioned-popins/resources/get_cookies.py b/testing/web-platform/tests/partitioned-popins/resources/get_cookies.py @@ -1,10 +0,0 @@ -import json -from cookies.resources.helpers import makeCookieHeader, readCookies, setNoCacheAndCORSHeaders - -from wptserve.utils import isomorphic_decode - -def main(request, response): - headers = setNoCacheAndCORSHeaders(request, response) - cookies = readCookies(request) - decoded_cookies = [isomorphic_decode(key) + "=" + isomorphic_decode(val) for key, val in cookies.items()] - return headers, ";".join(decoded_cookies) diff --git a/testing/web-platform/tests/partitioned-popins/resources/partitioned-popins.close.html b/testing/web-platform/tests/partitioned-popins/resources/partitioned-popins.close.html @@ -1,10 +0,0 @@ -<!doctype html> -<meta charset="utf-8"> -<script src="/resources/testdriver.js"></script> -<script src="/resources/testdriver-vendor.js"></script> -<script> -(async function() { - test_driver.set_test_context(window.opener); - window.close(); -})(); -</script> diff --git a/testing/web-platform/tests/partitioned-popins/resources/partitioned-popins.close.html.headers b/testing/web-platform/tests/partitioned-popins/resources/partitioned-popins.close.html.headers @@ -1 +0,0 @@ -Popin-Policy: partitioned=* diff --git a/testing/web-platform/tests/partitioned-popins/resources/partitioned-popins.cookies-iframe.html b/testing/web-platform/tests/partitioned-popins/resources/partitioned-popins.cookies-iframe.html @@ -1,16 +0,0 @@ -<!doctype html> -<meta charset="utf-8"> -<script src="/resources/testdriver.js"></script> -<script src="/resources/testdriver-vendor.js"></script> -<script> -(async function() { - test_driver.set_test_context(window.top); - - // Step 5 (partitioned-popins/partitioned-popins.cookies-*.tentative.sub.https.window.js) - const id = (new URLSearchParams(window.location.search)).get("id"); - document.cookie = "ThirdPartyStrict=" + id + "; Partitioned; SameSite=Strict; Secure"; - document.cookie = "ThirdPartyLax=" + id + "; Partitioned; SameSite=Lax; Secure"; - document.cookie = "ThirdPartyNone=" + id + "; Partitioned; SameSite=None; Secure"; - window.top.postMessage({type: "iframe-set", message: "Set third-party data"}, "*"); -})(); -</script> diff --git a/testing/web-platform/tests/partitioned-popins/resources/partitioned-popins.cookies-popin.sub.py b/testing/web-platform/tests/partitioned-popins/resources/partitioned-popins.cookies-popin.sub.py @@ -1,75 +0,0 @@ -from cookies.resources.helpers import makeCookieHeader, readCookies, setNoCacheAndCORSHeaders -def main(request, response): - id = request.GET[b'id'] - headers = setNoCacheAndCORSHeaders(request, response) - headers[0] = (b"Content-Type", b"text/html") - headers.append((b'Popin-Policy', b"partitioned=*")) - cookies = readCookies(request) - decoded_cookies = [key + b"=" + val for key, val in cookies.items()] - cookie_string = b";".join(decoded_cookies) - document = b""" -<!doctype html> -<meta charset="utf-8"> -<script src="/resources/testdriver.js"></script> -<script src="/resources/testdriver-vendor.js"></script> -<script src="/partitioned-popins/resources/cookie-helpers.js"></script> -<script> -(async function() { - test_driver.set_test_context(window.opener); - - // Step 7 (partitioned-popins/partitioned-popins.cookies-*.tentative.sub.https.window.js) - const id = (new URLSearchParams(window.location.search)).get("id"); - let cookie_string_on_load = \"""" + cookie_string + b"""\"; - let message = "ReadOnLoad:"; - message += getCookieMessage(cookie_string_on_load, "FirstParty", "", id); - message += getCookieMessage(cookie_string_on_load, "ThirdParty", "", id); - document.cookie = "FirstPartyStrictPopin=" + id + "; SameSite=Strict; Secure"; - document.cookie = "FirstPartyLaxPopin=" + id + "; SameSite=Lax; Secure"; - document.cookie = "FirstPartyNonePopin=" + id + "; SameSite=None; Secure"; - document.cookie = "ThirdPartyStrictPopin=" + id + "; Partitioned; SameSite=Strict; Secure"; - document.cookie = "ThirdPartyLaxPopin=" + id + "; Partitioned; SameSite=Lax; Secure"; - document.cookie = "ThirdPartyNonePopin=" + id + "; Partitioned; SameSite=None; Secure"; - let resp = await fetch("/partitioned-popins/resources/get_cookies.py", {credentials: 'include'}); - let resp_text = await resp.text(); - message += ",ReadOnFetch:"; - message += getCookieMessage(resp_text, "FirstParty", "", id); - message += getCookieMessage(resp_text, "ThirdParty", "", id); - message += getCookieMessage(resp_text, "FirstParty", "Popin", id); - message += getCookieMessage(resp_text, "ThirdParty", "Popin", id); - message += ",ReadOnDocument:"; - message += getCookieMessage(document.cookie, "FirstParty", "", id); - message += getCookieMessage(document.cookie, "ThirdParty", "", id); - message += getCookieMessage(document.cookie, "FirstParty", "Popin", id); - message += getCookieMessage(document.cookie, "ThirdParty", "Popin", id); - await test_driver.set_permission({ name: 'storage-access' }, 'granted'); - await test_driver.bless("fake user interaction", () => document.requestStorageAccess()); - document.cookie = "FirstPartyStrictPopinAfterRSA=" + id + "; SameSite=Strict; Secure"; - document.cookie = "FirstPartyLaxPopinAfterRSA=" + id + "; SameSite=Lax; Secure"; - document.cookie = "FirstPartyNonePopinAfterRSA=" + id + "; SameSite=None; Secure"; - document.cookie = "ThirdPartyStrictPopinAfterRSA=" + id + "; Partitioned; SameSite=Strict; Secure"; - document.cookie = "ThirdPartyLaxPopinAfterRSA=" + id + "; Partitioned; SameSite=Lax; Secure"; - document.cookie = "ThirdPartyNonePopinAfterRSA=" + id + "; Partitioned; SameSite=None; Secure"; - resp = await fetch("/partitioned-popins/resources/get_cookies.py", {credentials: 'include'}); - resp_text = await resp.text(); - message += ",ReadOnFetchAfterRSA:"; - message += getCookieMessage(resp_text, "FirstParty", "", id); - message += getCookieMessage(resp_text, "ThirdParty", "", id); - message += getCookieMessage(resp_text, "FirstParty", "Popin", id); - message += getCookieMessage(resp_text, "ThirdParty", "Popin", id); - message += getCookieMessage(resp_text, "FirstParty", "PopinAfterRSA", id); - message += getCookieMessage(resp_text, "ThirdParty", "PopinAfterRSA", id); - message += ",ReadOnDocumentAfterRSA:"; - message += getCookieMessage(document.cookie, "FirstParty", "", id); - message += getCookieMessage(document.cookie, "ThirdParty", "", id); - message += getCookieMessage(document.cookie, "FirstParty", "Popin", id); - message += getCookieMessage(document.cookie, "ThirdParty", "Popin", id); - message += getCookieMessage(document.cookie, "FirstParty", "PopinAfterRSA", id); - message += getCookieMessage(document.cookie, "ThirdParty", "PopinAfterRSA", id); - - // Step 8 (partitioned-popins/partitioned-popins.cookies-*.tentative.sub.https.window.js) - window.opener.postMessage({type: "popin-read", message: message}, "*"); - window.close(); -})(); -</script> -""" - return headers, document -\ No newline at end of file diff --git a/testing/web-platform/tests/partitioned-popins/resources/partitioned-popins.cookies-window.html b/testing/web-platform/tests/partitioned-popins/resources/partitioned-popins.cookies-window.html @@ -1,17 +0,0 @@ -<!doctype html> -<meta charset="utf-8"> -<script src="/resources/testdriver.js"></script> -<script src="/resources/testdriver-vendor.js"></script> -<script> -(async function() { - test_driver.set_test_context(window.opener); - - // Step 3 (partitioned-popins/partitioned-popins.cookies-*.tentative.sub.https.window.js) - const id = (new URLSearchParams(window.location.search)).get("id"); - document.cookie = "FirstPartyStrict=" + id + "; SameSite=Strict; Secure"; - document.cookie = "FirstPartyLax=" + id + "; SameSite=Lax; Secure"; - document.cookie = "FirstPartyNone=" + id + "; SameSite=None; Secure"; - window.opener.postMessage({type: "window-set", message: "Set first-party data"}, "*"); - window.close(); -})(); -</script> diff --git a/testing/web-platform/tests/partitioned-popins/resources/partitioned-popins.localStorage-iframe.html b/testing/web-platform/tests/partitioned-popins/resources/partitioned-popins.localStorage-iframe.html @@ -1,13 +0,0 @@ -<!doctype html> -<meta charset="utf-8"> -<script src="/resources/testdriver.js"></script> -<script src="/resources/testdriver-vendor.js"></script> -<script> -(async function() { - test_driver.set_test_context(window.top); - - // Step 5 (partitioned-popins/partitioned-popins.localStorage.tentative.sub.https.window.js) - window.localStorage.setItem("third-party", (new URLSearchParams(window.location.search)).get("id")); - window.top.postMessage({type: "iframe-set", message: "Set third-party data"}, "*"); -})(); -</script> diff --git a/testing/web-platform/tests/partitioned-popins/resources/partitioned-popins.localStorage-popin.html b/testing/web-platform/tests/partitioned-popins/resources/partitioned-popins.localStorage-popin.html @@ -1,25 +0,0 @@ -<!doctype html> -<meta charset="utf-8"> -<script src="/resources/testdriver.js"></script> -<script src="/resources/testdriver-vendor.js"></script> -<script> -(async function() { - test_driver.set_test_context(window.opener); - - // Step 7 (partitioned-popins/partitioned-popins.localStorage.tentative.sub.https.window.js) - const id = (new URLSearchParams(window.location.search)).get("id"); - let message = "Found:"; - if (window.localStorage.getItem("first-party") == id) { - message += "FirstParty-"; - } else if (window.localStorage.getItem("third-party") == id) { - message += "ThirdParty-"; - } - await test_driver.set_permission({ name: 'storage-access' }, 'granted'); - let handle = await document.requestStorageAccess({localStorage: true}); - if (handle && handle.localStorage.getItem("first-party") == id) { - message += "FirstPartyRSA-"; - } - window.opener.postMessage({type: "popin-read", message: message}, "*"); - window.close(); -})(); -</script> diff --git a/testing/web-platform/tests/partitioned-popins/resources/partitioned-popins.localStorage-popin.html.headers b/testing/web-platform/tests/partitioned-popins/resources/partitioned-popins.localStorage-popin.html.headers @@ -1 +0,0 @@ -Popin-Policy: partitioned=* diff --git a/testing/web-platform/tests/partitioned-popins/resources/partitioned-popins.localStorage-window.html b/testing/web-platform/tests/partitioned-popins/resources/partitioned-popins.localStorage-window.html @@ -1,14 +0,0 @@ -<!doctype html> -<meta charset="utf-8"> -<script src="/resources/testdriver.js"></script> -<script src="/resources/testdriver-vendor.js"></script> -<script> -(async function() { - test_driver.set_test_context(window.opener); - - // Step 3 (partitioned-popins/partitioned-popins.localStorage.tentative.sub.https.window.js) - window.localStorage.setItem("first-party", (new URLSearchParams(window.location.search)).get("id")); - window.opener.postMessage({type: "window-set", message: "Set first-party data"}, "*"); - window.close(); -})(); -</script> diff --git a/testing/web-platform/tests/partitioned-popins/resources/partitioned-popins.permissions-iframe.html b/testing/web-platform/tests/partitioned-popins/resources/partitioned-popins.permissions-iframe.html @@ -1,20 +0,0 @@ -<!doctype html> -<meta charset="utf-8"> -<script src="/resources/testdriver.js"></script> -<script src="/resources/testdriver-vendor.js"></script> -<script> -(async function() { - test_driver.set_test_context(window.top); - - // Step 3 (partitioned-popins/partitioned-popins.permission-{}.tentative.sub.https.window.js) - let message = "Success"; - try { - window.open("/partitioned-popins/resources/partitioned-popins.permissions-popin.html", '_blank', 'popin'); - } catch (_) { - message = "Failure"; - } - - // Step 5 (partitioned-popins/partitioned-popins.permission-{}.tentative.sub.https.window.js) - window.top.postMessage({type: "popin", message: message}, "*"); -})(); -</script> diff --git a/testing/web-platform/tests/partitioned-popins/resources/partitioned-popins.permissions-popin.html b/testing/web-platform/tests/partitioned-popins/resources/partitioned-popins.permissions-popin.html @@ -1,12 +0,0 @@ -<!doctype html> -<meta charset="utf-8"> -<script src="/resources/testdriver.js"></script> -<script src="/resources/testdriver-vendor.js"></script> -<script> -(async function() { - test_driver.set_test_context(window.opener); - - // Step 4 (partitioned-popins/partitioned-popins.permission-{}.tentative.sub.https.window.js) - window.close(); -})(); -</script> diff --git a/testing/web-platform/tests/partitioned-popins/resources/partitioned-popins.permissions-popin.html.headers b/testing/web-platform/tests/partitioned-popins/resources/partitioned-popins.permissions-popin.html.headers @@ -1 +0,0 @@ -Popin-Policy: partitioned=* diff --git a/testing/web-platform/tests/partitioned-popins/resources/partitioned-popins.proxy-popin.html b/testing/web-platform/tests/partitioned-popins/resources/partitioned-popins.proxy-popin.html @@ -1,24 +0,0 @@ -<!doctype html> -<meta charset="utf-8"> -<script src="/resources/testdriver.js"></script> -<script src="/resources/testdriver-vendor.js"></script> -<script src="/partitioned-popins/resources/proxy-helpers.js"></script> -<script> -(async function() { - test_driver.set_test_context(window.opener); - - // Step 3 (partitioned-popins/partitioned-popins.proxy-{}.tentative.sub.https.window.js) - window.addEventListener("message", e => { - switch (e.data.type) { - case 'cleanup': - // Step 6 (partitioned-popins/partitioned-popins.proxy-{}.tentative.sub.https.window.js) - window.opener.postMessage({type: "cleanup"}, "*"); - window.close(); - break; - } - }); - - // Step 4 (partitioned-popins/partitioned-popins.proxy-{}.tentative.sub.https.window.js) - window.opener.postMessage({type: "ready", message: getUsableMethods(window.opener)}, "*"); -})(); -</script> diff --git a/testing/web-platform/tests/partitioned-popins/resources/partitioned-popins.proxy-popin.html.headers b/testing/web-platform/tests/partitioned-popins/resources/partitioned-popins.proxy-popin.html.headers @@ -1 +0,0 @@ -Popin-Policy: partitioned=* diff --git a/testing/web-platform/tests/partitioned-popins/resources/partitioned-popins.recursive.html b/testing/web-platform/tests/partitioned-popins/resources/partitioned-popins.recursive.html @@ -1,18 +0,0 @@ -<!doctype html> -<meta charset="utf-8"> -<script src="/resources/testdriver.js"></script> -<script src="/resources/testdriver-vendor.js"></script> -<script> -(async function() { - test_driver.set_test_context(window.opener); - - // Step 3 (partitioned-popins/partitioned-popins.recursive.tentative.sub.https.window.js) - let message = "Could not open inner popin"; - try { - window.open("/partitioned-popins/resources/partitioned-popins.close.html", '_blank', 'popin'); - message = "Did open inner popin"; - } catch (_) {} - window.opener.postMessage({type: "popin", message: message}, "*"); - window.close(); -})(); -</script> diff --git a/testing/web-platform/tests/partitioned-popins/resources/partitioned-popins.recursive.html.headers b/testing/web-platform/tests/partitioned-popins/resources/partitioned-popins.recursive.html.headers @@ -1 +0,0 @@ -Popin-Policy: partitioned=* diff --git a/testing/web-platform/tests/partitioned-popins/resources/partitioned-popins.request-header.fetch.py b/testing/web-platform/tests/partitioned-popins/resources/partitioned-popins.request-header.fetch.py @@ -1,10 +0,0 @@ -from cookies.resources.helpers import setNoCacheAndCORSHeaders -def main(request, response): - # Step 7 (partitioned-popins/partitioned-popins.request-header.tentative.https.window.js) - headers = setNoCacheAndCORSHeaders(request, response) - headers[0] = (b"Content-Type", b"application/json") - message = request.GET[b'message'] - message += b"fetch(" - message += request.headers.get(b"Sec-Popin-Context", b"missing") - message += b")-" - return headers, b'{"message": "' + message + b'"}' -\ No newline at end of file diff --git a/testing/web-platform/tests/partitioned-popins/resources/partitioned-popins.request-header.http.py b/testing/web-platform/tests/partitioned-popins/resources/partitioned-popins.request-header.http.py @@ -1,23 +0,0 @@ -from cookies.resources.helpers import setNoCacheAndCORSHeaders -def main(request, response): - # Step 4 (partitioned-popins/partitioned-popins.request-header.tentative.https.window.js) - headers = setNoCacheAndCORSHeaders(request, response) - headers[0] = (b"Content-Type", b"text/html") - headers.append((b'Popin-Policy', b"partitioned=*")) - message = request.GET[b'message'] - message += b"HTTP(" - message += request.headers.get(b"Sec-Popin-Context", b"missing") - message += b")-" - document = b""" -<!doctype html> -<meta charset="utf-8"> -<script src="/resources/testdriver.js"></script> -<script src="/resources/testdriver-vendor.js"></script> -<script> -(async function() { - test_driver.set_test_context(window.opener); - window.location = "/partitioned-popins/resources/partitioned-popins.request-header.js.py?message=""" + message + b""""; -})(); -</script> -""" - return headers, document -\ No newline at end of file diff --git a/testing/web-platform/tests/partitioned-popins/resources/partitioned-popins.request-header.iframe.py b/testing/web-platform/tests/partitioned-popins/resources/partitioned-popins.request-header.iframe.py @@ -1,22 +0,0 @@ -from cookies.resources.helpers import setNoCacheAndCORSHeaders -def main(request, response): - # Step 9 (partitioned-popins/partitioned-popins.request-header.tentative.https.window.js) - headers = setNoCacheAndCORSHeaders(request, response) - headers[0] = (b"Content-Type", b"text/html") - message = request.GET[b'message'] - message += b"iframe(" - message += request.headers.get(b"Sec-Popin-Context", b"missing") - message += b")-" - document = b""" -<!doctype html> -<meta charset="utf-8"> -<script src="/resources/testdriver.js"></script> -<script src="/resources/testdriver-vendor.js"></script> -<script> -(async function() { - test_driver.set_test_context(window.top.opener); - window.top.opener.postMessage({type: "popin", message: \"""" + message + b"""\"}, "*"); -})(); -</script> -""" - return headers, document -\ No newline at end of file diff --git a/testing/web-platform/tests/partitioned-popins/resources/partitioned-popins.request-header.initial.py b/testing/web-platform/tests/partitioned-popins/resources/partitioned-popins.request-header.initial.py @@ -1,10 +0,0 @@ -from cookies.resources.helpers import setNoCacheAndCORSHeaders -def main(request, response): - # Step 3 (partitioned-popins/partitioned-popins.request-header.tentative.https.window.js) - message = b"Initial(" - message += request.headers.get(b"Sec-Popin-Context", b"missing") - message += b")-" - headers = setNoCacheAndCORSHeaders(request, response) - headers.append((b'Location', b"/partitioned-popins/resources/partitioned-popins.request-header.http.py?message=" + message)) - headers.append((b'Popin-Policy', b"partitioned=*")) - return 302, headers, b'{"redirect": true}' -\ No newline at end of file diff --git a/testing/web-platform/tests/partitioned-popins/resources/partitioned-popins.request-header.js.py b/testing/web-platform/tests/partitioned-popins/resources/partitioned-popins.request-header.js.py @@ -1,35 +0,0 @@ -from cookies.resources.helpers import setNoCacheAndCORSHeaders -def main(request, response): - # Step 5 (partitioned-popins/partitioned-popins.request-header.tentative.https.window.js) - headers = setNoCacheAndCORSHeaders(request, response) - headers[0] = (b"Content-Type", b"text/html") - headers.append((b'Popin-Policy', b"partitioned=*")) - message = request.GET[b'message'] - message += b"JS(" - message += request.headers.get(b"Sec-Popin-Context", b"missing") - message += b")-" - document = b""" -<!doctype html> -<meta charset="utf-8"> -<script src="/resources/testdriver.js"></script> -<script src="/resources/testdriver-vendor.js"></script> -<body> -<script> -(async function() { - test_driver.set_test_context(window.opener); - let message = \"""" + message + b"""\"; - - // Step 6 (partitioned-popins/partitioned-popins.request-header.tentative.https.window.js) - const response = await fetch("/partitioned-popins/resources/partitioned-popins.request-header.fetch.py?message=" + message); - const json = await response.json(); - message = json["message"]; - - // Step 8 (partitioned-popins/partitioned-popins.request-header.tentative.https.window.js) - const iframe = document.createElement("iframe"); - iframe.src = "/partitioned-popins/resources/partitioned-popins.request-header.iframe.py?message=" + message; - document.body.appendChild(iframe); -})(); -</script> -</body> -""" - return headers, document -\ No newline at end of file diff --git a/testing/web-platform/tests/partitioned-popins/resources/partitioned-popins.wait.html b/testing/web-platform/tests/partitioned-popins/resources/partitioned-popins.wait.html @@ -1,9 +0,0 @@ -<!doctype html> -<meta charset="utf-8"> -<script src="/resources/testdriver.js"></script> -<script src="/resources/testdriver-vendor.js"></script> -<script> -(async function() { - test_driver.set_test_context(window.opener); -})(); -</script> diff --git a/testing/web-platform/tests/partitioned-popins/resources/partitioned-popins.wait.html.headers b/testing/web-platform/tests/partitioned-popins/resources/partitioned-popins.wait.html.headers @@ -1 +0,0 @@ -Popin-Policy: partitioned=* diff --git a/testing/web-platform/tests/partitioned-popins/resources/popinContextType.html b/testing/web-platform/tests/partitioned-popins/resources/popinContextType.html @@ -1,17 +0,0 @@ -<!doctype html> -<meta charset="utf-8"> -<script src="/resources/testdriver.js"></script> -<script src="/resources/testdriver-vendor.js"></script> -<script> - (async function () { - test_driver.set_test_context(window.opener); - - // Step 3 (partitioned-popins/popinContextType.in-popin.tentative.sub.https.window.js) - let message = "popinContextType is not supported"; - try { - message = window.popinContextType(); - } catch (_) { } - window.opener.postMessage({ type: "popin", message: message }, "*"); - window.close(); - })(); -</script> diff --git a/testing/web-platform/tests/partitioned-popins/resources/popinContextType.html.headers b/testing/web-platform/tests/partitioned-popins/resources/popinContextType.html.headers @@ -1 +0,0 @@ -Popin-Policy: partitioned=* diff --git a/testing/web-platform/tests/partitioned-popins/resources/popinContextTypesSupported.html b/testing/web-platform/tests/partitioned-popins/resources/popinContextTypesSupported.html @@ -1,17 +0,0 @@ -<!doctype html> -<meta charset="utf-8"> -<script src="/resources/testdriver.js"></script> -<script src="/resources/testdriver-vendor.js"></script> -<script> - (async function () { - test_driver.set_test_context(window.opener); - - // Step 3 (partitioned-popins/popinContextTypesSupported.in-popin.tentative.sub.https.window.js) - let message = "popinContextTypesSupported is not supported"; - try { - message = window.popinContextTypesSupported(); - } catch (_) { } - window.opener.postMessage({ type: "popin", message: message }, "*"); - window.close(); - })(); -</script> diff --git a/testing/web-platform/tests/partitioned-popins/resources/popinContextTypesSupported.html.headers b/testing/web-platform/tests/partitioned-popins/resources/popinContextTypesSupported.html.headers @@ -1 +0,0 @@ -Popin-Policy: partitioned=* diff --git a/testing/web-platform/tests/partitioned-popins/resources/proxy-helpers.js b/testing/web-platform/tests/partitioned-popins/resources/proxy-helpers.js @@ -1,58 +0,0 @@ -'use strict'; - -function customMethod() { -} - -let customAttribute = ""; - -function getUsableMethods(proxy) { - let message = ""; - try { - proxy.closed; - message += "Closed," - } catch (_) {} - try { - proxy.blur(); - message += "Blur," - } catch (_) {} - try { - proxy.onblur; - message += "OnBlur," - } catch (_) {} - try { - proxy.opener; - message += "Opener," - } catch (_) {} - try { - proxy.length; - message += "Length," - } catch (_) {} - try { - proxy.name = "foo"; - message += "Name," - } catch (_) {} - try { - proxy[0]; - message += "AnonymousIndex," - } catch (_) {} - try { - proxy['test']; - message += "AnonymousName," - } catch (_) {} - try { - proxy.customMethod(); - message += "CustomMethod," - } catch (_) {} - try { - proxy.customAttribute; - message += "CustomAttributeGet," - } catch (_) {} - try { - proxy.customAttribute = ""; - message += "CustomAttributeSet," - } catch (_) {} - if (proxy.then == undefined) { - message += "Then," - } - return message; -}