tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

cross-partition.https.tentative.html (14939B)

      1 <!DOCTYPE html>
      2 <meta charset=utf-8>
      3 <meta name="timeout" content="long">
      4 <script src="/resources/testharness.js"></script>
      5 <script src="/resources/testharnessreport.js"></script>
      6 <script src="/common/get-host-info.sub.js"></script>
      7 <script src="/common/utils.js"></script>
      8 <script src="/common/dispatcher/dispatcher.js"></script>
      9 <!-- Pull in executor_path needed by newPopup / newIframe -->
     10 <script src="/html/cross-origin-embedder-policy/credentialless/resources/common.js"></script>
     11 <!-- Pull in importScript / newPopup / newIframe -->
     12 <script src="/html/anonymous-iframe/resources/common.js"></script>
     13 <body>
     14 <script>
     15 
     16 const bc_postmessage_js = (channel_name, message, done_queue_name) => `
     17  const bc = new BroadcastChannel("${channel_name}");
     18  bc.postMessage("${message}");
     19  send("${done_queue_name}", "done");
     20 `;
     21 
     22 const add_iframe_js = (iframe_origin, response_queue_uuid) => `
     23  const importScript = ${importScript};
     24  await importScript("/html/cross-origin-embedder-policy/credentialless" +
     25                   "/resources/common.js");
     26  await importScript("/html/anonymous-iframe/resources/common.js");
     27  await importScript("/common/utils.js");
     28  send("${response_queue_uuid}", newIframe("${iframe_origin}"));
     29 `;
     30 
     31 const same_site_origin = get_host_info().HTTPS_ORIGIN;
     32 const cross_site_origin = get_host_info().HTTPS_NOTSAMESITE_ORIGIN;
     33 
     34 async function create_test_iframes(t, response_queue_uuid) {
     35 
     36  // Create a same-origin iframe in a cross-site popup.
     37  const not_same_site_popup_uuid = newPopup(t, cross_site_origin);
     38  send(not_same_site_popup_uuid,
     39       add_iframe_js(same_site_origin, response_queue_uuid));
     40  const iframe_1_uuid = await receive(response_queue_uuid);
     41 
     42  // Create a same-origin iframe in a same-site popup.
     43  const same_origin_popup_uuid = newPopup(t, same_site_origin);
     44  send(same_origin_popup_uuid,
     45       add_iframe_js(same_site_origin, response_queue_uuid));
     46  const iframe_2_uuid = await receive(response_queue_uuid);
     47 
     48  return [iframe_1_uuid, iframe_2_uuid];
     49 }
     50 
     51 promise_test(t => {
     52  return new Promise(async (resolve, reject) => {
     53    const response_queue_uuid = token();
     54 
     55    const [iframe_1_uuid, iframe_2_uuid] =
     56      await create_test_iframes(t, response_queue_uuid);
     57 
     58    const channel_name = token();
     59    const bc = new BroadcastChannel(channel_name);
     60    bc.onmessage = resolve;
     61 
     62    // Instruct the not-same-top-level-site iframe to send a message on the BC
     63    // channel we are listening on. This message should not be received since
     64    // the iframe should be in a different partition.
     65    send(iframe_1_uuid,
     66         bc_postmessage_js(channel_name, "iframe1 msg", response_queue_uuid));
     67    if (await receive(response_queue_uuid) != "done") {
     68      reject("Unable to trigger iframe1 BroadcastChannel message creation");
     69    }
     70 
     71    // Now instruct the same-top-level-site iframe to send a BC message. By
     72    // the time we send the script to execute, have it send the BC message,
     73    // and then receive the BC message in our BC instance, it should be
     74    // reasonable to assume that the message from the first iframe would have
     75    // been delivered if it was going to be.
     76    send(iframe_2_uuid,
     77         bc_postmessage_js(channel_name, "iframe2 msg", response_queue_uuid));
     78    if (await receive(response_queue_uuid) != "done") {
     79      reject("Unable to trigger iframe2 BroadcastChannel message creation");
     80    }
     81 
     82  }).then(event => {
     83    assert_equals(event.data, "iframe2 msg");
     84  });
     85 
     86 }, "BroadcastChannel messages aren't received from a cross-partition iframe");
     87 
     88 // Optional Test: Checking for partitioned BroadcastChannels in an A->B->A
     89 // (nested-iframe with cross-site ancestor chain) scenario.
     90 promise_test(t => {
     91  return new Promise(async (resolve, reject) => {
     92    const response_queue_uuid = token();
     93 
     94    const [cross_site_iframe_uuid, all_same_parent_iframe_uuid] =
     95      await create_test_iframes(t, response_queue_uuid);
     96 
     97    // Create a same-origin iframe in a cross-site iframe in a same-site popup.
     98    // Create the same-site child iframe of the cross-site iframe (A->B->A).
     99    send(cross_site_iframe_uuid,
    100         add_iframe_js(same_site_origin, response_queue_uuid));
    101    const same_site_iframe_uuid = await receive(response_queue_uuid);
    102 
    103    // Create a same-origin iframe in a same-site iframe in a same-site popup.
    104    // Create the same-site child iframe of the same-site parent iframe (A->A->A).
    105    send(all_same_parent_iframe_uuid,
    106         add_iframe_js(same_site_origin, response_queue_uuid));
    107    const all_same_child_iframe_uuid = await receive(response_queue_uuid);
    108 
    109    const channel_name = token();
    110    const bc = new BroadcastChannel(channel_name);
    111    bc.onmessage = resolve;
    112 
    113    // Instruct the A->B->A child iframe to send a message on the BC
    114    // channel we are listening on. This message should not be received since
    115    // the iframe should be in a different partition.
    116    send(same_site_iframe_uuid,
    117      bc_postmessage_js(channel_name, "iframe1 msg", response_queue_uuid));
    118    if (await receive(response_queue_uuid) != "done") {
    119      reject("Unable to trigger A->B->A BroadcastChannel message creation");
    120    }
    121 
    122    // Now instruct the A->A->A child iframe to send a BC message. By
    123    // the time we send the script to execute, send the BC message,
    124    // and receive the BC message in our BC instance, it should be
    125    // reasonable to assume that the message from the first iframe would have
    126    // been delivered if it was going to be.
    127    send(all_same_child_iframe_uuid,
    128      bc_postmessage_js(channel_name, "iframe2 msg", response_queue_uuid));
    129    if (await receive(response_queue_uuid) != "done") {
    130      reject("Unable to trigger A->A->A BroadcastChannel message creation");
    131    }
    132 
    133  }).then(event => {
    134    assert_equals(event.data, "iframe2 msg");
    135  });
    136 
    137 }, "BroadcastChannel messages aren't received from a nested iframe with a cross-site ancestor");
    138 
    139 const newWorker = (origin) => {
    140  const worker_token = token();
    141  const worker_url = origin + executor_worker_path + `&uuid=${worker_token}`;
    142  const worker = new Worker(worker_url);
    143  return worker_token;
    144 }
    145 
    146 promise_test(t => {
    147  return new Promise(async (resolve, reject) => {
    148    const response_queue_uuid = token();
    149 
    150    const create_worker_js = (origin) => `
    151      const importScript = ${importScript};
    152      await importScript("/html/cross-origin-embedder-policy/credentialless" +
    153                       "/resources/common.js");
    154      await importScript("/html/anonymous-iframe/resources/common.js");
    155      await importScript("/common/utils.js");
    156      const newWorker = ${newWorker};
    157      send("${response_queue_uuid}", newWorker("${origin}"));
    158    `;
    159 
    160    const [iframe_1_uuid, iframe_2_uuid] =
    161      await create_test_iframes(t, response_queue_uuid);
    162 
    163    // Create a dedicated worker in the cross-top-level-site iframe.
    164    send(iframe_1_uuid, create_worker_js(same_site_origin));
    165    const worker_1_uuid = await receive(response_queue_uuid);
    166 
    167    // Create a dedicated worker in the same-top-level-site iframe.
    168    send(iframe_2_uuid, create_worker_js(same_site_origin));
    169    const worker_2_uuid = await receive(response_queue_uuid);
    170 
    171    const channel_name = token();
    172    const bc = new BroadcastChannel(channel_name);
    173    bc.onmessage = async (e) => {
    174      await send(worker_1_uuid, "self.close();");
    175      await send(worker_2_uuid, "self.close();");
    176      resolve(e);
    177    };
    178 
    179    // Instruct the not-same-top-level-site worker to send a message on the BC
    180    // channel we are listening on. This message should not be received since
    181    // the worker should be in a different partition.
    182    send(worker_1_uuid,
    183         bc_postmessage_js(channel_name, "worker1 msg", response_queue_uuid));
    184    if (await receive(response_queue_uuid) != "done") {
    185      reject("Unable to trigger worker1 BroadcastChannel message creation");
    186    }
    187 
    188    // Now instruct the same-top-level-site worker to send a BC message. By
    189    // the time we send the script to execute, have it send the BC message,
    190    // and then receive the BC message in our BC instance, it should be
    191    // reasonable to assume that the message from the first worker would have
    192    // been delivered if it was going to be.
    193    send(worker_2_uuid,
    194         bc_postmessage_js(channel_name, "worker2 msg", response_queue_uuid));
    195    if (await receive(response_queue_uuid) != "done") {
    196      reject("Unable to trigger worker2 BroadcastChannel message creation");
    197    }
    198 
    199  }).then(event => {
    200    assert_equals(event.data, "worker2 msg");
    201  });
    202 
    203 }, "BroadcastChannel messages aren't received from a cross-partition dedicated worker");
    204 
    205 const newSharedWorker = (origin) => {
    206  const worker_token = token();
    207  const worker_url = origin + executor_worker_path + `&uuid=${worker_token}`;
    208  const worker = new SharedWorker(worker_url, worker_token);
    209  return worker_token;
    210 }
    211 
    212 promise_test(t => {
    213  return new Promise(async (resolve, reject) => {
    214    const response_queue_uuid = token();
    215 
    216    const create_worker_js = (origin) => `
    217      const importScript = ${importScript};
    218      await importScript("/html/cross-origin-embedder-policy/credentialless" +
    219                       "/resources/common.js");
    220      await importScript("/html/anonymous-iframe/resources/common.js");
    221      await importScript("/common/utils.js");
    222      const newSharedWorker = ${newSharedWorker};
    223      send("${response_queue_uuid}", newSharedWorker("${origin}"));
    224    `;
    225 
    226    const [iframe_1_uuid, iframe_2_uuid] =
    227      await create_test_iframes(t, response_queue_uuid);
    228 
    229    // Create a shared worker in the cross-top-level-site iframe.
    230    send(iframe_1_uuid, create_worker_js(same_site_origin));
    231    const worker_1_uuid = await receive(response_queue_uuid);
    232 
    233    // Create a shared worker in the same-top-level-site iframe.
    234    send(iframe_2_uuid, create_worker_js(same_site_origin));
    235    const worker_2_uuid = await receive(response_queue_uuid);
    236 
    237    const channel_name = token();
    238    const bc = new BroadcastChannel(channel_name);
    239    bc.onmessage = async (e) => {
    240      await send(worker_1_uuid, "self.close();");
    241      await send(worker_2_uuid, "self.close();");
    242      resolve(e);
    243    };
    244 
    245    // Instruct the not-same-top-level-site worker to send a message on the BC
    246    // channel we are listening on. This message should not be received since
    247    // the worker should be in a different partition.
    248    send(worker_1_uuid,
    249         bc_postmessage_js(channel_name, "worker1 msg", response_queue_uuid));
    250    if (await receive(response_queue_uuid) != "done") {
    251      reject("Unable to trigger worker1 BroadcastChannel message creation");
    252    }
    253 
    254    // Now instruct the same-top-level-site worker to send a BC message. By
    255    // the time we send the script to execute, have it send the BC message,
    256    // and then receive the BC message in our BC instance, it should be
    257    // reasonable to assume that the message from the first worker would have
    258    // been delivered if it was going to be.
    259    send(worker_2_uuid,
    260         bc_postmessage_js(channel_name, "worker2 msg", response_queue_uuid));
    261    if (await receive(response_queue_uuid) != "done") {
    262      reject("Unable to trigger worker2 BroadcastChannel message creation");
    263    }
    264 
    265  }).then(event => {
    266    assert_equals(event.data, "worker2 msg");
    267  });
    268 
    269 }, "BroadcastChannel messages aren't received from a cross-partition shared worker");
    270 
    271 const newServiceWorker = async (origin) => {
    272  const worker_token = token();
    273  const worker_url = origin + executor_service_worker_path +
    274                     `&uuid=${worker_token}`;
    275  const worker_url_path = executor_service_worker_path.substring(0,
    276                              executor_service_worker_path.lastIndexOf('/'));
    277  const scope = worker_url_path + "/not-used/";
    278  const reg = await navigator.serviceWorker.register(worker_url,
    279                                                     {'scope': scope});
    280  return worker_token;
    281 }
    282 
    283 promise_test(t => {
    284  return new Promise(async (resolve, reject) => {
    285    const response_queue_uuid = token();
    286 
    287    const create_worker_js = (origin) => `
    288      const importScript = ${importScript};
    289      await importScript("/html/cross-origin-embedder-policy/credentialless" +
    290                       "/resources/common.js");
    291      await importScript("/html/anonymous-iframe/resources/common.js");
    292      await importScript("/common/utils.js");
    293      const newServiceWorker = ${newServiceWorker};
    294      send("${response_queue_uuid}", await newServiceWorker("${origin}"));
    295    `;
    296 
    297    const [iframe_1_uuid, iframe_2_uuid] =
    298      await create_test_iframes(t, response_queue_uuid);
    299 
    300    // Create a service worker in the cross-top-level-site iframe.
    301    send(iframe_1_uuid, create_worker_js(same_site_origin));
    302    var worker_1_uuid = await receive(response_queue_uuid);
    303 
    304    const channel_name = token();
    305    const bc = new BroadcastChannel(channel_name);
    306    bc.onmessage = async (e) => {
    307      if (worker_1_uuid) {
    308        await send(worker_1_uuid, "self.registration.unregister();");
    309      }
    310      if (worker_2_uuid) {
    311        await send(worker_2_uuid, "self.registration.unregister();");
    312      }
    313      resolve(e);
    314    };
    315 
    316    // Instruct the not-same-top-level-site worker to send a message on the BC
    317    // channel we are listening on. This message should not be received since
    318    // the worker should be in a different partition.
    319    send(worker_1_uuid,
    320         bc_postmessage_js(channel_name, "worker1 msg", response_queue_uuid));
    321    if (await receive(response_queue_uuid) != "done") {
    322      reject("Unable to trigger worker1 BroadcastChannel message creation");
    323    }
    324 
    325    await send(worker_1_uuid, "await self.registration.unregister();");
    326    worker_1_uuid = undefined;
    327 
    328    // Create a service worker in the same-top-level-site iframe. Note that
    329    // if service workers are unpartitioned then this new service worker would
    330    // replace the one created above. This is why we wait to create the second
    331    // service worker until after we are done with the first one.
    332    send(iframe_2_uuid, create_worker_js(same_site_origin));
    333    var worker_2_uuid = await receive(response_queue_uuid);
    334 
    335    // Now instruct the same-top-level-site worker to send a BC message. By
    336    // the time we send the script to execute, have it send the BC message,
    337    // and then receive the BC message in our BC instance, it should be
    338    // reasonable to assume that the message from the first worker would have
    339    // been delivered if it was going to be.
    340    send(worker_2_uuid,
    341         bc_postmessage_js(channel_name, "worker2 msg", response_queue_uuid));
    342    if (await receive(response_queue_uuid) != "done") {
    343      reject("Unable to trigger worker2 BroadcastChannel message creation");
    344    }
    345 
    346    await send(worker_2_uuid, "await self.registration.unregister();");
    347    worker_2_uuid = undefined;
    348 
    349  }).then(event => {
    350    assert_equals(event.data, "worker2 msg");
    351  });
    352 
    353 }, "BroadcastChannel messages aren't received from a cross-partition service worker");
    354 
    355 </script>
    356 </body>