navigate-to-aboutblank.https.html (6753B)
1 <title> 2 This tests the inheritance of COOP for navigations to about:blank. 3 </title> 4 <meta name=timeout content=long> 5 <script src="/resources/testharness.js"></script> 6 <script src="/resources/testharnessreport.js"></script> 7 <script src="/common/get-host-info.sub.js"></script> 8 <script src="/common/utils.js"></script> 9 <script src="/common/dispatcher/dispatcher.js"></script> 10 11 <p>Non-initial empty documents (about:blank) should inherit their 12 cross-origin-opener-policy from the navigation's initiator top level document, 13 if the initiator and its top level document are same-origin, or default 14 (unsafe-none) otherwise. 15 </p> 16 17 <ol> 18 <li>Create the opener popup with a given COOP <code>openerCOOP</code>.</li> 19 <li>Add iframe to the opener popup that is either same-origin or 20 cross-origin. 21 </li> 22 <li>Opener's iframe opens a new window, to a network document with <code>openeeCOOP</code>.</li> 23 <li>Opener's iframe navigates the openee popup to about:blank.</li> 24 </ol> 25 26 <script> 27 const executor_path = "/common/dispatcher/executor.html?pipe="; 28 const same_origin = get_host_info().HTTPS_ORIGIN; 29 const cross_origin = get_host_info().HTTPS_REMOTE_ORIGIN; 30 const coop_same_origin_header = 31 '|header(Cross-Origin-Opener-Policy,same-origin)'; 32 const coep_require_corp_header = 33 '|header(Cross-Origin-Embedder-Policy,require-corp)'; 34 const coop_same_origin_plus_coep_header = 35 coop_same_origin_header + coep_require_corp_header; 36 const coop_same_origin_allow_popups_header = 37 '|header(Cross-Origin-Opener-Policy,same-origin-allow-popups)'; 38 const coop_unsafe_none_header = 39 '|header(Cross-Origin-Opener-Policy,unsafe-none)'; 40 41 function navigateToAboutBlankTest( 42 opener_COOP_header, 43 iframe_origin, 44 openee_COOP_header, 45 openee_origin, 46 iframe_header, 47 expect_openee_closed 48 ){ 49 return promise_test(async t => { 50 const this_window_token = token(); 51 const opener_token = token(); 52 const openee_token = token(); 53 const iframe_token = token(); 54 55 const opener_url = same_origin + executor_path + opener_COOP_header + 56 `&uuid=${opener_token}`; 57 const openee_url = openee_origin + executor_path + openee_COOP_header + 58 `&uuid=${openee_token}`; 59 const iframe_url = iframe_origin + executor_path + iframe_header + `&uuid=${iframe_token}`; 60 61 t.add_cleanup(() => { 62 send(openee_token, "window.close()"); 63 send(opener_token, "window.close()"); 64 }); 65 66 // 1. Create the opener window. 67 let opener_window_proxy = window.open(opener_url, opener_token); 68 69 // 2. Create the iframe. 70 send(opener_token, ` 71 iframe = document.createElement('iframe'); 72 iframe.src = "${iframe_url}"; 73 document.body.appendChild(iframe); 74 `); 75 76 // 3. The iframe opens its openee window. 77 send(iframe_token, ` 78 window.openee = window.open( 79 '${openee_url.replace(/,/g, '\\,')}', 80 "${openee_token}" 81 ); 82 `); 83 84 // 4. Ensure the popup is fully loaded. 85 send(openee_token, `send("${this_window_token}", "Ack");`); 86 assert_equals(await receive(this_window_token), "Ack"); 87 88 // 5. The iframe navigates openee to about:blank. 89 send(iframe_token, ` 90 window.openee_blank = window.open('about:blank', "${openee_token}"); 91 (async function() { 92 const timeout = 2000; 93 const retry_delay = 100; 94 for(let i = 0; i * retry_delay < timeout; ++i) { 95 // A try-catch block is used, because of same-origin policy, 96 // preventing access to the document before committing about:blank. 97 try { 98 if (window.openee_blank.closed || 99 window.openee_blank.document.location.href == "about:blank") { 100 send("${this_window_token}", "about:blank loaded"); 101 return; 102 } 103 } catch(e) {} 104 await new Promise(resolve => setTimeout(resolve, retry_delay)); 105 } 106 send("${this_window_token}", "about:blank not loaded"); 107 })() 108 `); 109 assert_equals(await receive(this_window_token), "about:blank loaded"); 110 111 // 6. Retrieve and check the results. 112 send(iframe_token, ` 113 send("${this_window_token}", window.openee.closed); 114 `); 115 assert_equals(await receive(this_window_token), `${expect_openee_closed}`); 116 }, `Navigate to about:blank from iframe with opener.top \ 117 COOP: ${opener_COOP_header}, iframe origin: ${iframe_origin}, \ 118 openee COOP: ${openee_COOP_header}, openee origin: ${openee_origin}.`); 119 }; 120 121 // iframe same-origin with its top-level embedder: 122 // initial empty document and about:blank navigations initiated from the 123 // same-origin iframe will inherit the COOP from the iframe's top-level embedder. 124 125 // Since all navigations of openee are within same-origin pages with the 126 // same COOP value, there are no browsing context group switches. 127 navigateToAboutBlankTest( 128 coop_same_origin_header, 129 same_origin, 130 coop_same_origin_header, 131 same_origin, 132 "", 133 false 134 ); 135 136 // Since all navigations of openee are within same-origin pages with the 137 // same COOP value, there are no browsing context group switches. 138 // Test with both COOP and COEP. 139 navigateToAboutBlankTest( 140 coop_same_origin_plus_coep_header, 141 same_origin, 142 coop_same_origin_plus_coep_header, 143 same_origin, 144 coep_require_corp_header, 145 false 146 ); 147 148 // Since all navigations of openee are within same-origin pages with the 149 // same COOP value, there are no browsing context group switches. 150 navigateToAboutBlankTest( 151 coop_same_origin_allow_popups_header, 152 same_origin, 153 coop_same_origin_allow_popups_header, 154 same_origin, 155 "", 156 false 157 ); 158 159 // The first openee navigation, from initial empty document to 160 // cross-origin will not switch the browsing context group, thanks to the 161 // same-origin-allow-popups behavior. 162 // The second openee navigation, to about:blank, will inherit from the 163 // iniatiator's, the iframe, top. Navigating from a COOP: unsafe-none page to 164 // a COOP: same-origin-allow-popups page causes a browsing context group 165 // switch. 166 navigateToAboutBlankTest( 167 coop_same_origin_allow_popups_header, 168 same_origin, 169 coop_unsafe_none_header, 170 cross_origin, 171 "", 172 true 173 ); 174 175 // iframe cross-origin with its top-level embedder: 176 // initial empty document and about:blank navigations initiated from the 177 // cross-origin iframe will default COOP to unsafe-none. 178 179 // The navigation from the initial empty document and the cross_origin url 180 // does not cause a browsing context group switch 181 // (both have COOP: unsafe-none). 182 // The navigation from the cross-origin url to about:blank does not cause a 183 // browsing context group swich, about:blank defaulted its COOP value to 184 // unsafe-none. 185 navigateToAboutBlankTest( 186 coop_same_origin_allow_popups_header, 187 cross_origin, 188 coop_unsafe_none_header, 189 cross_origin, 190 "", 191 false 192 ); 193 </script>