tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

access-to-noopener-page-from-no-coop-ro.https.html (2747B)

      1 <!DOCTYPE html>
      2 <title>
      3  COOP reports are sent when the openee used COOP-RO+COEP and then its
      4  same-origin opener tries to access it.
      5 </title>
      6 <meta name=timeout content=long>
      7 <script src=/resources/testharness.js></script>
      8 <script src=/resources/testharnessreport.js></script>
      9 <script src=/common/get-host-info.sub.js></script>
     10 <script src="/common/utils.js"></script>
     11 <script src="/common/dispatcher/dispatcher.js"></script>
     12 <script src="/html/cross-origin-opener-policy/reporting/resources/reporting-common.js"></script>
     13 <script src="/html/cross-origin-opener-policy/reporting/resources/try-access.js"></script>
     14 <script>
     15 
     16 const directory = "/html/cross-origin-opener-policy";
     17 const redirect_path = directory + "/resources/redirect.py?";
     18 const same_origin = get_host_info().HTTPS_ORIGIN;
     19 
     20 let runTest = (openee_redirect, name) => promise_test(async t => {
     21  const report_token = token();
     22  const openee_token = token();
     23  const opener_token = token(); // The current test window.
     24 
     25  const opener_url = location.href;
     26 
     27  const reportTo = reportToHeaders(report_token);
     28  const openee_url = same_origin + executor_path + reportTo.header +
     29    reportTo.coopReportOnlyNoopenerAllowPopupsHeader + coep_header +
     30    `&uuid=${openee_token}`;
     31  const openee_redirect_url = same_origin + redirect_path + openee_url
     32  const openee_requested_url = openee_redirect ? openee_redirect_url
     33                                               : openee_url;
     34 
     35 
     36  const openee = window.open(openee_requested_url);
     37  t.add_cleanup(() => send(openee_token, "window.close()"))
     38 
     39  // 1. Make sure the new document to be loaded.
     40  send(openee_token, `
     41    send("${opener_token}", "Ready");
     42  `);
     43  let reply = await receive(opener_token);
     44  assert_equals(reply, "Ready");
     45 
     46  // 2. Try to access the openee. A report is sent, because of COOP-RO+COEP.
     47  tryAccess(openee);
     48 
     49  // 3. Check a report is sent to the openee.
     50  let report =
     51    await receiveReport(report_token, "access-to-coop-page-from-opener")
     52  assert_equals(report.type, "coop");
     53  assert_equals(report.url, openee_url.replace(/"/g, '%22'));
     54  assert_equals(report.body.disposition, "reporting");
     55  assert_equals(report.body.effectivePolicy, "noopener-allow-popups");
     56  assert_equals(report.body.property, "blur");
     57  assert_source_location_missing(report);
     58  assert_equals(report.body.openerURL, opener_url);
     59  assert_equals(report.body.openeeURL, undefined);
     60  assert_equals(report.body.otherDocumentURL, undefined);
     61  assert_equals(report.body.referrer, opener_url);
     62  assert_equals(report.body.initialPopupURL, undefined);
     63 }, name);
     64 
     65 runTest(false, "access-to-coop-page-from-opener, noopener-allow-popups");
     66 runTest(true , "access-to-coop-page-from-opener, noopener-allow-popups + redirect");
     67 
     68 </script>