coop-csp-sandbox-navigate.https.html (1918B)
1 <!doctype html> 2 <title>CSP sandbox popup navigate to Cross-Origin-Opener-Policy document should work</title> 3 <meta name="timeout" content="long"> 4 <script src=/resources/testharness.js></script> 5 <script src=/resources/testharnessreport.js></script> 6 <script src="/common/utils.js"></script> <!-- Use token() to allow running tests in parallel --> 7 <div id=log> 8 <script> 9 [ 10 "allow-popups allow-scripts allow-same-origin", 11 "allow-popups allow-scripts", 12 ].forEach(sandboxValue => { 13 async_test(t => { 14 const channel = new BroadcastChannel(token()); 15 let popup; 16 channel.onmessage = t.step_func_done(e => { 17 assert_equals(e.data.name, '', 'e.data.name'); 18 assert_false(e.data.opener, 'e.data.opener'); 19 // `popup` is still the WindowProxy that holds the CSP sandbox document, not the 20 // after-navigation COOP document. The CSP sandbox only applies to the before navigation 21 // document/window. 22 assert_true(popup.closed, 'popup.closed'); 23 // Same-origin check (with the CSP sandbox document) should not throw when 'allow-same-origin' 24 if (sandboxValue.includes('allow-same-origin')) { 25 assert_true(!!popup.document, 'same-origin check'); 26 } else { 27 assert_throws_dom("SecurityError", () => { popup.document; }, 'same-origin check'); 28 } 29 }); 30 const navigateTo = `/html/cross-origin-opener-policy/resources/coop-coep.py?coop=same-origin&coep=&channel=${channel.name}`; 31 popup = window.open(`resources/csp-sandbox.py?coop=&coep=&sandbox=${sandboxValue}&channel=&navigate=${encodeURIComponent(navigateTo)}`, sandboxValue.replace(/ /g, '_')); 32 t.add_cleanup(() => { popup.close(); }); 33 addEventListener('load', t.step_func(() => { 34 t.step_timeout(() => { 35 assert_unreached('Navigation from CSP sandbox to COOP document failed') 36 }, 10000); 37 })); 38 }, `CSP: sandbox ${sandboxValue}; ${document.title}`); 39 }); 40 </script>