tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

requestStorageAccess-cross-site-sibling-iframes.sub.https.window.js (5130B)

      1 // META: script=helpers.js
      2 // META: script=/cookies/resources/cookie-helper.sub.js
      3 // META: script=/resources/testdriver.js
      4 // META: script=/resources/testdriver-vendor.js
      5 // META: timeout=long
      6 'use strict';
      7 
      8 (async function() {
      9  // This is on the www subdomain, so it's cross-origin from the current document.
     10  const www = "https://{{domains[www]}}:{{ports[https][0]}}";
     11  // This is on the alt host, so it's cross-site from the current document.
     12  const wwwAlt = "https://{{hosts[alt][]}}:{{ports[https][0]}}";
     13  const url_suffix = "/storage-access-api/resources/script-with-cookie-header.py?script=embedded_responder.js";
     14 
     15  promise_test(async (t) => {
     16    await MaybeSetStorageAccess("*", "*", "blocked");
     17    await SetFirstPartyCookie(wwwAlt);
     18    const responder_html = `${wwwAlt}${url_suffix}`;
     19    const [frame1, frame2] = await Promise.all([
     20      CreateFrame(responder_html),
     21      CreateFrame(responder_html),
     22    ]);
     23 
     24    t.add_cleanup(async () => {
     25      await test_driver.delete_all_cookies();
     26      await SetPermissionInFrame(frame1, [{ name: 'storage-access' }, 'prompt']);
     27      await MaybeSetStorageAccess("*", "*", "allowed");
     28    });
     29 
     30    await SetPermissionInFrame(frame1, [{ name: 'storage-access' }, 'granted']);
     31 
     32    const hasStorageAccess = await FrameHasStorageAccess(frame1);
     33    if (hasStorageAccess) {
     34      // Nothing to test here, since access is not blocked.
     35      // See https://github.com/privacycg/storage-access/issues/162.
     36      return;
     37    }
     38    assert_false(await FrameHasStorageAccess(frame2), "frame2 should not have storage access initially.");
     39 
     40    assert_false(await HasUnpartitionedCookie(frame1), "frame1 should not have cookie access.");
     41    assert_false(await HasUnpartitionedCookie(frame2), "frame2 should not have cookie access.");
     42 
     43    assert_true(await RequestStorageAccessInFrame(frame1), "requestStorageAccess doesn't require a gesture since the permission has already been granted.");
     44 
     45    assert_true(await FrameHasStorageAccess(frame1), "frame1 should have storage access now.");
     46    assert_true(await HasUnpartitionedCookie(frame1), "frame1 should now have cookie access.");
     47 
     48    assert_false(await FrameHasStorageAccess(frame2), "frame2 should still not have storage access.");
     49    assert_false(await HasUnpartitionedCookie(frame2), "frame2 should still have cookie access.");
     50 
     51    assert_true(await RequestStorageAccessInFrame(frame2), "frame2 should be able to get storage access without a gesture.");
     52 
     53    assert_true(await FrameHasStorageAccess(frame2), "frame2 should have storage access after it requested it.");
     54    assert_true(await HasUnpartitionedCookie(frame2), "frame2 should have cookie access after getting storage access.");
     55  }, "Grants have per-frame scope");
     56 
     57  promise_test(async (t) => {
     58    await MaybeSetStorageAccess("*", "*", "blocked");
     59    const [crossOriginFrame, crossSiteFrame] = await Promise.all([
     60      CreateFrame(`${www}${url_suffix}`),
     61      CreateFrame(`${wwwAlt}${url_suffix}`),
     62    ]);
     63    await SetFirstPartyCookie(www, "initial-cookie=unpartitioned;Secure;SameSite=None;Path=/");
     64    await SetFirstPartyCookie(wwwAlt, "initial-cookie=unpartitioned;Secure;SameSite=None;Path=/");
     65 
     66    t.add_cleanup(async () => {
     67      await test_driver.delete_all_cookies();
     68      await SetPermissionInFrame(crossOriginFrame, [{ name: 'storage-access' }, 'prompt']);
     69      await SetPermissionInFrame(crossSiteFrame, [{ name: 'storage-access' }, 'prompt']);
     70      await MaybeSetStorageAccess("*", "*", "allowed");
     71    });
     72 
     73    const hasStorageAccess = await FrameHasStorageAccess(crossSiteFrame);
     74    if (hasStorageAccess) {
     75      // Nothing to test here, since cross-site access is not blocked.
     76      return;
     77    }
     78 
     79    await SetPermissionInFrame(crossOriginFrame, [{ name: 'storage-access' }, 'granted']);
     80    await SetPermissionInFrame(crossSiteFrame, [{ name: 'storage-access' }, 'granted']);
     81 
     82    assert_true(await RequestStorageAccessInFrame(crossOriginFrame), "crossOriginFrame should be able to get storage access without a gesture.");
     83    assert_true(await RequestStorageAccessInFrame(crossSiteFrame), "crossSiteFrame should be able to get storage access without a gesture.");
     84 
     85    await SetDocumentCookieFromFrame(crossOriginFrame, `cookie=monster;Secure;SameSite=None;Path=/`);
     86    await SetDocumentCookieFromFrame(crossSiteFrame, `foo=bar;Secure;SameSite=None;Path=/`);
     87 
     88    assert_true(cookieStringHasCookie("cookie", "monster", await FetchSubresourceCookiesFromFrame(crossOriginFrame, www)),"crossOriginFrame making same-origin subresource request can access cookies.");
     89    assert_true(cookieStringHasCookie("foo", "bar", await FetchSubresourceCookiesFromFrame(crossSiteFrame, wwwAlt)),"crossSiteFrame making same-origin subresource request can access cookies.");
     90 
     91    assert_false(cookieStringHasCookie("foo", "bar",  await FetchSubresourceCookiesFromFrame(crossOriginFrame, wwwAlt)), "crossOriginFrame making cross-site subresource request to sibling iframe's host should not include cookies.");
     92  }, "Cross-site sibling iframes should not be able to take advantage of the existing permission grant requested by others.");
     93 
     94 })();