commit 9d543e0f7da0a060412e01e86e97f9b1516d9668 parent 0946e78ab1023584e50a0cd4149a7d387ab778f4 Author: Chris Fredrickson <cfredric@chromium.org> Date: Thu, 6 Nov 2025 21:32:01 +0000 Bug 1990311 [wpt PR 55018] - [SAA] Fix test failures due to default cookie availability, a=testonly Automatic update from web-platform-tests [SAA] Fix test failures due to default cookie availability This fixes the tests such that they no longer assume that third-party cookies are blocked by default (or that test_driver.set_storage_access does anything; see https://github.com/privacycg/storage-access/issues/162 for discussion). Fixed: b:446148374 Change-Id: I11c1e4fee88cbde810d31445357b233fcebc566b Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/6973284 Commit-Queue: Chris Fredrickson <cfredric@chromium.org> Auto-Submit: Chris Fredrickson <cfredric@chromium.org> Reviewed-by: Dylan Cutler <dylancutler@google.com> Cr-Commit-Position: refs/heads/main@{#1519499} -- Remove new assertion -- wpt-commits: c3f887e7f1f9ff410de609304f95e550d4a37570, 8539bf6cb4b87d36ceef4cee1b951f203cfda2e8 wpt-pr: 55018 Diffstat:
9 files changed, 101 insertions(+), 8 deletions(-)
diff --git a/testing/web-platform/tests/fedcm/fedcm-storage-access-api-autogrant.tentative.https.sub.html b/testing/web-platform/tests/fedcm/fedcm-storage-access-api-autogrant.tentative.https.sub.html @@ -35,6 +35,11 @@ fedcm_test(async t => { const frame = await CreateFrame(www_alt + responder_html_load_ack, false, undefined, `identity-credentials-get ${www_alt};`); assert_equals(await frame_loaded, "loaded"); + if (await FrameHasStorageAccess(frame)) { + // Nothing to test here, as cross-site cookies are not blocked. + // See https://github.com/privacycg/storage-access/issues/162. + return; + } assert_true(await RequestStorageAccessInFrame(frame), "requestStorageAccess doesn't require a gesture since the FedCM account is already connected."); @@ -59,6 +64,11 @@ fedcm_test(async t => { }); const frame = await CreateFrame(www_alt + responder_html_load_ack, false); assert_equals(await frame_loaded, "loaded"); + if (await FrameHasStorageAccess(frame)) { + // Nothing to test here, as cross-site cookies are not blocked. + // See https://github.com/privacycg/storage-access/issues/162. + return; + } assert_false(await RequestStorageAccessInFrame(frame), "requestStorageAccess requires a gesture since the 'identity-credentials-get' policy is absent."); @@ -90,6 +100,11 @@ fedcm_test(async t => { const frame = await CreateFrame(www_alt + responder_html_load_ack, false, undefined, `identity-credentials-get ${www_alt};`); assert_equals(await frame_loaded, "loaded"); + if (await FrameHasStorageAccess(frame)) { + // Nothing to test here, as cross-site cookies are not blocked. + // See https://github.com/privacycg/storage-access/issues/162. + return; + } assert_false(await RequestStorageAccessInFrame(frame), "requestStorageAccess requires a gesture since the preventSilentAccess flag is true."); diff --git a/testing/web-platform/tests/storage-access-api/hasStorageAccess.sub.https.window.js b/testing/web-platform/tests/storage-access-api/hasStorageAccess.sub.https.window.js @@ -1,6 +1,7 @@ // META: script=helpers.js // META: script=/resources/testdriver.js // META: script=/resources/testdriver-vendor.js +// META: script=/cookies/resources/cookie-helper.sub.js 'use strict'; const {testPrefix, topLevelDocument} = processQueryParams(); @@ -11,15 +12,25 @@ promise_test(async () => { }, "[" + testPrefix + "] document.hasStorageAccess() should exist on the document interface"); promise_test(async () => { - await MaybeSetStorageAccess("*", "*", "blocked"); const hasAccess = await document.hasStorageAccess(); if (topLevelDocument || testPrefix.includes('same-origin')) { assert_true(hasAccess, "Access should be granted in top-level frame or iframe that is in first-party context by default."); - } else if (testPrefix == 'ABA') { - assert_false(hasAccess, "Access should not be granted in secure same-origin iframe that is in a third-party context by default."); - } else { - assert_false(hasAccess, "Access should not be granted in secure cross-origin iframes."); + return; } + if (CanAccessCookiesViaJS()) { + // Nothing to test here, since cross-site cookies are not blocked. + // See https://github.com/privacycg/storage-access/issues/162. + return; + } + if (testPrefix == "ABA") { + assert_false( + hasAccess, + "Access should not be granted in secure same-origin iframe that is in a third-party context by default when cookies are blocked."); + return; + } + assert_false( + hasAccess, + "Access should not be granted in secure cross-origin iframes."); }, "[" + testPrefix + "] document.hasStorageAccess() should not be allowed by default unless in top-level frame or same-origin iframe."); promise_test(async (t) => { diff --git a/testing/web-platform/tests/storage-access-api/requestStorageAccess-cross-origin-iframe-navigation-relax.sub.https.window.js b/testing/web-platform/tests/storage-access-api/requestStorageAccess-cross-origin-iframe-navigation-relax.sub.https.window.js @@ -25,7 +25,12 @@ await MaybeSetStorageAccess("*", "*", "allowed"); }); - assert_false(await FrameHasStorageAccess(frame), "frame initially does not have storage access."); + const hasStorageAccess = await FrameHasStorageAccess(frame); + if (hasStorageAccess) { + // Cookies are not blocked, so there's nothing to test here. + // See https://github.com/privacycg/storage-access/issues/162. + return null; + } assert_false(await HasUnpartitionedCookie(frame), "frame initially does not have access to cookies."); assert_true(await RequestStorageAccessInFrame(frame), "requestStorageAccess resolves without requiring a gesture."); @@ -41,6 +46,9 @@ await SetFirstPartyCookie(altWww); const frame = await SetUpResponderFrame(t, altWwwNestedCrossOriginResponder); + if (!frame) { + return; + } await NavigateChild(frame, altWwwResponder); @@ -55,6 +63,9 @@ await SetFirstPartyCookie(altWww); const frame = await SetUpResponderFrame(t, altWwwNestedCrossOriginResponder); + if (!frame) { + return; + } await NavigateChild(frame, altRootResponder); diff --git a/testing/web-platform/tests/storage-access-api/requestStorageAccess-cross-origin-iframe-navigation.sub.https.window.js b/testing/web-platform/tests/storage-access-api/requestStorageAccess-cross-origin-iframe-navigation.sub.https.window.js @@ -24,7 +24,12 @@ await MaybeSetStorageAccess("*", "*", "allowed"); }); - assert_false(await FrameHasStorageAccess(frame), "frame initially does not have storage access."); + const hasStorageAccess = await FrameHasStorageAccess(frame); + if (hasStorageAccess) { + // Nothing to test here, since cookies are not blocked. + // See https://github.com/privacycg/storage-access/issues/162. + return null; + } assert_false(await HasUnpartitionedCookie(frame), "frame initially does not have access to cookies."); assert_true(await RequestStorageAccessInFrame(frame), "requestStorageAccess resolves without requiring a gesture."); @@ -40,6 +45,9 @@ await SetFirstPartyCookie(altWww); const frame = await SetUpResponderFrame(t, altWwwResponder); + if (!frame) { + return; + } await FrameInitiatedReload(frame); @@ -55,6 +63,9 @@ await SetFirstPartyCookie(altWww); const frame = await SetUpResponderFrame(t, altWwwResponder); + if (!frame) { + return; + } await FrameInitiatedNavigation(frame, altWwwResponder); @@ -69,6 +80,9 @@ await SetFirstPartyCookie(altWww); const frame = await SetUpResponderFrame(t, altWwwResponder); + if (!frame) { + return; + } await new Promise((resolve) => { frame.addEventListener("load", () => resolve()); @@ -86,6 +100,9 @@ await SetFirstPartyCookie(altWww); const frame = await SetUpResponderFrame(t, altWwwResponder); + if (!frame) { + return; + } await FrameInitiatedNavigation(frame, altRootResponder); diff --git a/testing/web-platform/tests/storage-access-api/requestStorageAccess-cross-site-sibling-iframes.sub.https.window.js b/testing/web-platform/tests/storage-access-api/requestStorageAccess-cross-site-sibling-iframes.sub.https.window.js @@ -29,7 +29,12 @@ await SetPermissionInFrame(frame1, [{ name: 'storage-access' }, 'granted']); - assert_false(await FrameHasStorageAccess(frame1), "frame1 should not have storage access initially."); + const hasStorageAccess = await FrameHasStorageAccess(frame1); + if (hasStorageAccess) { + // Nothing to test here, since access is not blocked. + // See https://github.com/privacycg/storage-access/issues/162. + return; + } assert_false(await FrameHasStorageAccess(frame2), "frame2 should not have storage access initially."); assert_false(await HasUnpartitionedCookie(frame1), "frame1 should not have cookie access."); @@ -65,6 +70,12 @@ await MaybeSetStorageAccess("*", "*", "allowed"); }); + const hasStorageAccess = await FrameHasStorageAccess(crossSiteFrame); + if (hasStorageAccess) { + // Nothing to test here, since cross-site access is not blocked. + return; + } + await SetPermissionInFrame(crossOriginFrame, [{ name: 'storage-access' }, 'granted']); await SetPermissionInFrame(crossSiteFrame, [{ name: 'storage-access' }, 'granted']); diff --git a/testing/web-platform/tests/storage-access-api/requestStorageAccess-dedicated-worker.sub.https.window.js b/testing/web-platform/tests/storage-access-api/requestStorageAccess-dedicated-worker.sub.https.window.js @@ -31,6 +31,11 @@ await SetFirstPartyCookie(altRoot); const frame = await SetUpResponderFrame(t, altRootResponder); + if (CanAccessCookiesViaJS()) { + // Nothing to test here, as cookies are not blocked in cross-site frames. + // See https://github.com/privacycg/storage-access/issues/162. + return; + } assert_true(await RequestStorageAccessInFrame(frame), "requestStorageAccess resolves without requiring a gesture."); assert_true(await FrameHasStorageAccess(frame), "frame has storage access after request."); assert_true(await HasUnpartitionedCookie(frame), "frame has access to cookies after request."); @@ -50,6 +55,10 @@ await SetFirstPartyCookie(altRoot); const frame = await SetUpResponderFrame(t, altRootResponder); + if (CanAccessCookiesViaJS()) { + // Nothing to test here, as cookies are not blocked in cross-site frames. + return; + } assert_false(await FrameHasStorageAccess(frame), "frame lacks storage access before request."); assert_false(await HasUnpartitionedCookie(frame), "frame lacks access to cookies before request."); diff --git a/testing/web-platform/tests/storage-access-api/requestStorageAccess-web-socket.sub.https.window.js b/testing/web-platform/tests/storage-access-api/requestStorageAccess-web-socket.sub.https.window.js @@ -21,6 +21,12 @@ async function SetUpResponderFrame(t, url) { await MaybeSetStorageAccess("*", "*", "allowed"); }); + if (await FrameHasStorageAccess(frame)) { + // Nothing to test here, since cookie access is not blocked. + // See https://github.com/privacycg/storage-access/issues/162. + return null; + } + return frame; } @@ -29,6 +35,9 @@ promise_test(async (t) => { await SetFirstPartyCookie(altRoot); const frame = await SetUpResponderFrame(t, altRootResponder); + if (!frame) { + return; + } assert_true(await RequestStorageAccessInFrame(frame), "requestStorageAccess resolves without requiring a gesture."); assert_true(await FrameHasStorageAccess(frame), "frame has storage access after request."); @@ -44,6 +53,9 @@ promise_test(async (t) => { await MaybeSetStorageAccess("*", "*", "blocked"); await SetFirstPartyCookie(altRoot); const frame = await SetUpResponderFrame(t, altRootResponder); + if (!frame) { + return; + } assert_false(cookieStringHasCookie("cookie", "unpartitioned", await ReadCookiesFromWebSocketConnection(frame, altRootWss)), diff --git a/testing/web-platform/tests/storage-access-api/resources/hasStorageAccess-iframe.https.html b/testing/web-platform/tests/storage-access-api/resources/hasStorageAccess-iframe.https.html @@ -4,6 +4,7 @@ <script src="/resources/testharness.js"></script> <script src="/resources/testdriver.js"></script> <script src="/resources/testdriver-vendor.js"></script> +<script src="/cookies/resources/cookie-helper.sub.js"></script> <!-- no testharnessreport.js --> <script src="../helpers.js"></script> <div id=log></div> diff --git a/testing/web-platform/tests/storage-access-api/resources/sandboxed-iframe-allow-storage-access.html b/testing/web-platform/tests/storage-access-api/resources/sandboxed-iframe-allow-storage-access.html @@ -21,6 +21,12 @@ 'sandbox attribute should be supported'); }, '`allow-storage-access-by-user-activation` sandbox attribute is supported'); + if (CanAccessCookiesViaJS()) { + // Nothing to test here, as cookie access is not blocked. + // See https://github.com/privacycg/storage-access/issues/162. + return; + } + // Ideally this would check whether the user-activation condition changes // the behavior; however, due to limitations in the test driver, the // 'prompt' permission state is effectively the same as 'denied' from the