tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

requestStorageAccess-cross-origin-iframe-navigation.sub.https.window.js (4818B)

      1 // META: script=helpers.js
      2 // META: script=/cookies/resources/cookie-helper.sub.js
      3 // META: script=/resources/testdriver.js
      4 // META: script=/resources/testdriver-vendor.js
      5 // META: timeout=long
      6 'use strict';
      7 
      8 (async function() {
      9  // This is cross-domain from the current document.
     10  const altWww = "https://{{hosts[alt][www]}}:{{ports[https][0]}}";
     11  const altRoot = "https://{{hosts[alt][]}}:{{ports[https][0]}}";
     12  const responderPath = "/storage-access-api/resources/script-with-cookie-header.py?script=embedded_responder.js";
     13 
     14  const altWwwResponder = `${altWww}${responderPath}`;
     15  const altRootResponder = `${altRoot}${responderPath}`;
     16 
     17  async function SetUpResponderFrame(t, url) {
     18    const frame = await CreateFrame(url);
     19 
     20    await SetPermissionInFrame(frame, [{ name: 'storage-access' }, 'granted']);
     21    t.add_cleanup(async () => {
     22      await test_driver.delete_all_cookies();
     23      await SetPermissionInFrame(frame, [{ name: 'storage-access' }, 'prompt']);
     24      await MaybeSetStorageAccess("*", "*", "allowed");
     25    });
     26 
     27    const hasStorageAccess = await FrameHasStorageAccess(frame);
     28    if (hasStorageAccess) {
     29      // Nothing to test here, since cookies are not blocked.
     30      // See https://github.com/privacycg/storage-access/issues/162.
     31      return null;
     32    }
     33    assert_false(await HasUnpartitionedCookie(frame), "frame initially does not have access to cookies.");
     34 
     35    assert_true(await RequestStorageAccessInFrame(frame), "requestStorageAccess resolves without requiring a gesture.");
     36 
     37    assert_true(await FrameHasStorageAccess(frame), "frame has storage access after request.");
     38    assert_true(await HasUnpartitionedCookie(frame), "frame has access to cookies after request.");
     39 
     40    return frame;
     41  }
     42 
     43  promise_test(async (t) => {
     44    await MaybeSetStorageAccess("*", "*", "blocked");
     45    await SetFirstPartyCookie(altWww);
     46 
     47    const frame = await SetUpResponderFrame(t, altWwwResponder);
     48    if (!frame) {
     49      return;
     50    }
     51 
     52    await FrameInitiatedReload(frame);
     53 
     54    assert_true(await FrameHasStorageAccess(frame), "frame has storage access after refresh.");
     55    assert_true(await HasUnpartitionedCookie(frame), "frame has access to cookies after refresh.");
     56 
     57    let cookieOnLoad = await GetHTTPCookiesFromFrame(frame);
     58    assert_true(cookieStringHasCookie("cookie", "unpartitioned", cookieOnLoad), "innermost frame has cookie in initial load");
     59  }, "Self-initiated reloads preserve storage access");
     60 
     61  promise_test(async (t) => {
     62    await MaybeSetStorageAccess("*", "*", "blocked");
     63    await SetFirstPartyCookie(altWww);
     64 
     65    const frame = await SetUpResponderFrame(t, altWwwResponder);
     66    if (!frame) {
     67      return;
     68    }
     69 
     70    await FrameInitiatedNavigation(frame, altWwwResponder);
     71 
     72    assert_true(await FrameHasStorageAccess(frame), "frame has storage access after refresh.");
     73    assert_true(await HasUnpartitionedCookie(frame), "frame has access to cookies after refresh.");
     74    let cookieOnLoad = await GetHTTPCookiesFromFrame(frame);
     75    assert_true(cookieStringHasCookie("cookie", "unpartitioned", cookieOnLoad), "innermost frame has cookie in initial load");
     76  }, "Self-initiated same-origin navigations preserve storage access");
     77 
     78  promise_test(async (t) => {
     79    await MaybeSetStorageAccess("*", "*", "blocked");
     80    await SetFirstPartyCookie(altWww);
     81 
     82    const frame = await SetUpResponderFrame(t, altWwwResponder);
     83    if (!frame) {
     84      return;
     85    }
     86 
     87    await new Promise((resolve) => {
     88      frame.addEventListener("load", () => resolve());
     89      frame.src = altWwwResponder;
     90    });
     91 
     92    assert_false(await FrameHasStorageAccess(frame), "frame does not have storage access after refresh.");
     93    assert_false(await HasUnpartitionedCookie(frame), "frame has access to cookies after refresh.");
     94    let cookieOnLoad = await GetHTTPCookiesFromFrame(frame);
     95    assert_false(cookieStringHasCookie("cookie", "unpartitioned", cookieOnLoad), "innermost frame has no cookie in initial load");
     96  }, "Non-self-initiated same-origin navigations do not preserve storage access");
     97 
     98  promise_test(async (t) => {
     99    await MaybeSetStorageAccess("*", "*", "blocked");
    100    await SetFirstPartyCookie(altWww);
    101 
    102    const frame = await SetUpResponderFrame(t, altWwwResponder);
    103    if (!frame) {
    104      return;
    105    }
    106 
    107    await FrameInitiatedNavigation(frame, altRootResponder);
    108 
    109    assert_false(await FrameHasStorageAccess(frame), "frame does not have storage access after refresh.");
    110    assert_false(await HasUnpartitionedCookie(frame), "frame has access to cookies after refresh.");
    111    let cookieOnLoad = await GetHTTPCookiesFromFrame(frame);
    112    assert_false(cookieStringHasCookie("cookie", "unpartitioned", cookieOnLoad), "innermost frame has no cookie in initial load");
    113  }, "Self-initiated cross-origin navigations do not preserve storage access");
    114 })();