requestStorageAccess-cross-origin-iframe-navigation-relax.sub.https.window.js (3530B)
1 // META: script=helpers.js 2 // META: script=/cookies/resources/cookie-helper.sub.js 3 // META: script=/resources/testdriver.js 4 // META: script=/resources/testdriver-vendor.js 5 'use strict'; 6 7 (async function() { 8 // This is cross-domain from the current document. 9 const altWww = "https://{{hosts[alt][www]}}:{{ports[https][0]}}"; 10 const altRoot = "https://{{hosts[alt][]}}:{{ports[https][0]}}"; 11 const responderPath = "/storage-access-api/resources/script-with-cookie-header.py?script=embedded_responder.js"; 12 const forwarderPath = "/storage-access-api/resources/script-with-cookie-header.py?script=embedded_forwarder.js"; 13 14 const altWwwResponder = `${altWww}${responderPath}`; 15 const altRootResponder = `${altRoot}${responderPath}`; 16 const altWwwNestedCrossOriginResponder = `${altRoot}${forwarderPath}&inner_url=${encodeURI(altWwwResponder)}`; 17 18 async function SetUpResponderFrame(t, url) { 19 const frame = await CreateFrame(url); 20 21 await SetPermissionInFrame(frame, [{ name: 'storage-access' }, 'granted']); 22 t.add_cleanup(async () => { 23 await test_driver.delete_all_cookies(); 24 await SetPermissionInFrame(frame, [{ name: 'storage-access' }, 'prompt']); 25 await MaybeSetStorageAccess("*", "*", "allowed"); 26 }); 27 28 const hasStorageAccess = await FrameHasStorageAccess(frame); 29 if (hasStorageAccess) { 30 // Cookies are not blocked, so there's nothing to test here. 31 // See https://github.com/privacycg/storage-access/issues/162. 32 return null; 33 } 34 assert_false(await HasUnpartitionedCookie(frame), "frame initially does not have access to cookies."); 35 36 assert_true(await RequestStorageAccessInFrame(frame), "requestStorageAccess resolves without requiring a gesture."); 37 38 assert_true(await FrameHasStorageAccess(frame), "frame has storage access after request."); 39 assert_true(await HasUnpartitionedCookie(frame), "frame has access to cookies after request."); 40 41 return frame; 42 } 43 44 promise_test(async (t) => { 45 await MaybeSetStorageAccess("*", "*", "blocked"); 46 await SetFirstPartyCookie(altWww); 47 48 const frame = await SetUpResponderFrame(t, altWwwNestedCrossOriginResponder); 49 if (!frame) { 50 return; 51 } 52 53 await NavigateChild(frame, altWwwResponder); 54 55 assert_true(await FrameHasStorageAccess(frame), "innermost frame has storage access after refresh."); 56 assert_true(await HasUnpartitionedCookie(frame), "innermost frame has access to cookies after refresh."); 57 let cookieOnLoad = await GetHTTPCookiesFromFrame(frame); 58 assert_true(cookieStringHasCookie("cookie", "unpartitioned", cookieOnLoad), "innermost frame has cookie in initial load"); 59 }, "Same-site-initiated same-origin navigations preserve storage access"); 60 61 promise_test(async (t) => { 62 await MaybeSetStorageAccess("*", "*", "blocked"); 63 await SetFirstPartyCookie(altWww); 64 65 const frame = await SetUpResponderFrame(t, altWwwNestedCrossOriginResponder); 66 if (!frame) { 67 return; 68 } 69 70 await NavigateChild(frame, altRootResponder); 71 72 assert_false(await FrameHasStorageAccess(frame), "innermost frame has no storage access after refresh."); 73 assert_false(await HasUnpartitionedCookie(frame), "innermost frame has no access to cookies after refresh."); 74 let cookieOnLoad = await GetHTTPCookiesFromFrame(frame); 75 assert_false(cookieStringHasCookie("cookie", "unpartitioned", cookieOnLoad), "innermost frame has no cookie in initial load"); 76 }, "Same-site-initiated cross-origin navigations do not preserve storage access"); 77 78 })();