tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

popup-coop-by-sw.https.html (5036B)

      1 <meta name="timeout" content="long">
      2 <meta name="variant" content="?1-4">
      3 <meta name="variant" content="?5-last">
      4 <script src=/resources/testharness.js></script>
      5 <script src=/resources/testharnessreport.js></script>
      6 <script src="/common/subset-tests.js"></script>
      7 <script src="/service-workers/service-worker/resources/test-helpers.sub.js"></script>
      8 <script src="/common/utils.js"></script>
      9 <script src="/common/dispatcher/dispatcher.js"></script>
     10 <script src="/common/get-host-info.sub.js"></script>
     11 <script>
     12 
     13 const executor_path = '/common/dispatcher/executor.html?pipe=';
     14 const executor_service_worker_path = '/common/dispatcher/executor-service-worker.js?pipe=';
     15 
     16 const coop_header = `|header(Cross-Origin-Opener-Policy,same-origin)`;
     17 const coep_header = `|header(Cross-Origin-Embedder-Policy,require-corp)`;
     18 
     19 const https_origin = get_host_info().HTTPS_ORIGIN;
     20 
     21 const swap_browsing_context_group = true;
     22 const keep_browsing_context_group = false;
     23 
     24 const opener_basic = "";
     25 const opener_coi = coop_header + coep_header;
     26 
     27 const sw_basic = "";
     28 const sw_coi = coop_header + coep_header;
     29 
     30 const openee_basic = {
     31  'content-type': 'text/html',
     32 };
     33 const openee_coi = {
     34  'content-type': 'text/html',
     35  'cross-origin-embedder-policy': 'require-corp',
     36  'cross-origin-opener-policy': 'same-origin',
     37 };
     38 
     39 // A document opens a popup. The popup's document is served from a synthetic
     40 // response by a ServiceWorker. Check how cross-origin isolation works in this
     41 // case.
     42 const popupCoopBySwTest = (
     43  description,
     44  // Test parameters:
     45  opener_headers,
     46  openee_headers,
     47  sw_headers,
     48  // Test expectations:
     49  expected_browing_context_group
     50 ) => {
     51  subsetTest(promise_test, async test => {
     52    const driver_token = token();
     53 
     54    // 1. Create the opener.
     55    const opener_token = token();
     56    const opener_url = https_origin + executor_path + opener_headers +
     57      `&uuid=${opener_token}`;
     58    const opener_window = window.open(opener_url);
     59    test.add_cleanup(() => opener_window.close());
     60 
     61    // 2. Define the openee's URL as being served by the service worker.
     62    const openee_url = https_origin + "/common/dispatcher/proxied?" + token();
     63 
     64    // 3. Register, install and activate a ServiceWorker serving the openee_url.
     65    const sw_token = token();
     66    const sw_url = https_origin + executor_service_worker_path + sw_headers +
     67      `&uuid=${sw_token}`;
     68    const sw_scope = openee_url; // One-time scope, because of the token.
     69 
     70    const sw_registration =
     71      await service_worker_unregister_and_register(test, sw_url, sw_scope);
     72    test.add_cleanup(() => sw_registration.unregister());
     73    await wait_for_state(test, sw_registration.installing, 'activated');
     74 
     75    send(sw_token, `
     76      fetchHandler = event => {
     77        if (!event.request.url.includes("proxied"))
     78          return;
     79 
     80        const response = new Response(\`
     81          <script src="/common/dispatcher/dispatcher.js"></scr\`+\`ipt>
     82          <script>
     83            send("${driver_token}", opener ? "opener is set"
     84                                           : "opener is null");
     85          </scr\` + \`ipt>
     86        \`, {
     87          status: 200,
     88          headers: ${JSON.stringify(openee_headers)},
     89        });
     90        event.respondWith(response);
     91      }
     92 
     93      await clients.claim();
     94 
     95      send("${driver_token}", serviceWorker.state);
     96    `)
     97    assert_equals(await receive(driver_token), "activated");
     98 
     99    // 4. The opener opens a popup. Its document is a synthetic response served
    100    // from the Service Worker.
    101    send(opener_token, `
    102        window.open("${openee_url}");
    103    `);
    104 
    105    assert_equals(await receive(driver_token),
    106     (expected_browing_context_group == swap_browsing_context_group)
    107            ? "opener is null"
    108            : "opener is set");
    109  }, description);
    110 };
    111 
    112 popupCoopBySwTest("opener:basic, openee:basic, sw:basic",
    113                   opener_basic, openee_basic, sw_basic,
    114                   keep_browsing_context_group);
    115 popupCoopBySwTest("opener:basic, openee:basic, sw:coi",
    116                   opener_basic, openee_basic, sw_coi,
    117                   keep_browsing_context_group);
    118 popupCoopBySwTest("opener:basic, openee:coi, sw:basic",
    119                   opener_basic, openee_coi, sw_basic,
    120                   swap_browsing_context_group);
    121 popupCoopBySwTest("opener:basic, openee:coi, sw:coi",
    122                   opener_basic, openee_coi, sw_coi,
    123                   swap_browsing_context_group);
    124 popupCoopBySwTest("opener:coi, openee:basic, sw:basic",
    125                   opener_coi, openee_basic, sw_basic,
    126                   swap_browsing_context_group);
    127 popupCoopBySwTest("opener:coi, openee:basic, sw:coi",
    128                   opener_coi, openee_basic, sw_coi,
    129                   swap_browsing_context_group);
    130 popupCoopBySwTest("opener:coi, openee:coi, sw:basic",
    131                   opener_coi, openee_coi, sw_basic,
    132                   keep_browsing_context_group);
    133 popupCoopBySwTest("opener:coi, openee:coi, sw:coi",
    134                   opener_coi, openee_coi, sw_coi,
    135                   keep_browsing_context_group);
    136 </script>