chromium/src/third_party/blink/web_tests/external/wpt/html/cross-origin-opener-policy/reporting/access-reporting/reporting-observer.html - manifest_repos/chromium_src - Git at Google

 <!doctype html>
 <meta charset="utf-8">
 <meta name="timeout" content="long">
 <title>
   Check the ReportingObserver(s) are notified about the coop-access-violation
   events.
 </title>
 <script src=/resources/testharness.js></script>
 <script src=/resources/testharnessreport.js></script>
 <script src=/common/get-host-info.sub.js></script>
 <script src="/common/utils.js"></script>
 <script src="../resources/dispatcher.js"></script>
 <script src="../resources/try-access.js"></script>
 <script>

 const directory = "/html/cross-origin-opener-policy/reporting";
 const executor_path = directory + "/resources/executor.html?pipe=";
 const same_origin = get_host_info().HTTPS_ORIGIN;
 const cross_site = get_host_info().HTTPS_NOTSAMESITE_ORIGIN;
 const coep_header = '|header(Cross-Origin-Embedder-Policy,require-corp)';
 const corp_header = '|header(Cross-Origin-Resource-Policy,cross-origin)';

 promise_test(async t => {
   // This test window.
   const this_window_token = token();

   // The "opener" window, using COOP-Report-Only and a reporter.
   const opener_token = token();
   const opener_reportTo = reportToHeaders(token());
   const opener_url = same_origin + executor_path + opener_reportTo.header +
     opener_reportTo.coopReportOnlySameOriginHeader + coep_header +
     `&uuid=${opener_token}`;

   // The "openee" window, NOT using COOP.
   const openee_token = token();
   const openee_url = same_origin + executor_path + `&uuid=${openee_token}`;

   // 1. Create the opener window.
   window.open(opener_url);
   t.add_cleanup(() => send(opener_token, "window.close();"));

   // 2. The opener opens its openee.
   send(opener_token, `openee = window.open('${openee_url}');`);
   t.add_cleanup(() => send(openee_token, `window.close();`));

   // 3. Wait for the openee to load its document.
   send(openee_token, `send("${this_window_token}", "Ready");`);
   assert_equals(await receive(this_window_token), "Ready");

   // 4. The opener tries to access its openee. All reports for blocked access
   //    from the COOP page should notify the ReportingObservers.
   send(opener_token, `
     let observer = new ReportingObserver(()=>{});
     observer.observe();
     tryAccess(openee);
     let reports = observer.takeRecords();
     send("${this_window_token}", JSON.stringify(reports));
     observer.disconnect();
   `);

   let report_access_from = JSON.parse(await receive(this_window_token));
   assert_equals(report_access_from.length, 1, "No report received.");
   assert_equals(report_access_from[0].type, "coop-access-violation");
   assert_equals(report_access_from[0].url, opener_url.replace(/"/g, '%22'));
   assert_source_location_found(report_access_from[0])
   assert_equals(report_access_from[0].body.type,
                 "access-from-coop-page-to-openee");
   assert_equals(report_access_from[0].body.openeeURL, openee_url);
   assert_equals(report_access_from[0].body.openerURL, undefined);
   assert_equals(report_access_from[0].body.otherDocumentURL, undefined);

   // 5. The openee tries to access its opener. No reports for blocked access
   //    to the COOP page should be dispatched.
   send(openee_token, `
     let observer = new ReportingObserver(()=>{});
     observer.observe();
     tryAccess(opener);
     let reports = observer.takeRecords();
     send("${this_window_token}", JSON.stringify(reports));
     observer.disconnect();
   `);
   let report_access_to = JSON.parse(await receive(this_window_token));
   assert_equals(report_access_to.length, 0, "Unexpected report received.");
 }, "Opener COOP");

 promise_test(async t => {
   // This test window.
   const this_window_token = token();

   // The "opener" window, NOT using COOP.
   const opener_token = token();
   const opener_url = same_origin + executor_path + `&uuid=${opener_token}`;

   // The "openee" window, using COOP-Report-Only and a reporter.
   const openee_token = token();
   const openee_reportTo = reportToHeaders(token());
   const openee_url = same_origin + executor_path + openee_reportTo.header +
     openee_reportTo.coopReportOnlySameOriginHeader + coep_header +
     `&uuid=${openee_token}`;

   // 1. Create the opener window.
   window.open(opener_url);
   t.add_cleanup(() => send(opener_token, "window.close();"));

   // 2. The opener opens its openee.
   send(opener_token,
     `openee = window.open('${openee_url.replace(/,/g, '\\,')}');`);
   t.add_cleanup(() => send(openee_token, `window.close();`));

   // 3. The openee tries to access its opener. All reports for blocked access
   //    from the COOP page should notify the ReportingObservers.
   send(openee_token, `
     let observer = new ReportingObserver(()=>{});
     observer.observe();
     tryAccess(opener);
     let reports = observer.takeRecords();
     send("${this_window_token}", JSON.stringify(reports));
     observer.disconnect();
   `);
   let report_access_from = JSON.parse(await receive(this_window_token));
   assert_equals(report_access_from.length, 1, "No report received.");
   assert_equals(report_access_from[0].type, "coop-access-violation");
   assert_equals(report_access_from[0].url, openee_url.replace(/"/g, '%22'));
   assert_true(report_access_from[0].body.sourceFile.includes("try-access.js"));
   assert_source_location_found(report_access_from[0])
   assert_equals(report_access_from[0].body.type,
                 "access-from-coop-page-to-opener");
   assert_equals(report_access_from[0].body.openeeURL, undefined);
   assert_equals(report_access_from[0].body.openerURL, opener_url);
   assert_equals(report_access_from[0].body.otherDocumentURL, undefined);

   // 4. The opener tries to access its openee. No reports for blocked access
   //    to the COOP page should be dispatched.
   send(opener_token, `
     let observer = new ReportingObserver(()=>{});
     observer.observe();
     tryAccess(openee);
     let reports = observer.takeRecords();
     send("${this_window_token}", JSON.stringify(reports));
     observer.disconnect();
   `);
   let report_access_to = JSON.parse(await receive(this_window_token));
   assert_equals(report_access_to.length, 0, "Unexpected report received.");
 }, "Openee COOP");

 promise_test(async t => {
   // This test window.
   const this_window_token = token();

   // The "opener" window, using COOP-Report-Only and a reporter.
   const opener_token = token();
   const opener_reportTo = reportToHeaders(token());
   const opener_url = same_origin + executor_path + opener_reportTo.header +
     opener_reportTo.coopReportOnlySameOriginHeader + coep_header +
     `&uuid=${opener_token}`;

   // The "opener's iframe", same-origin with its parent.
   const opener_iframe_token = token();
   const opener_iframe_url = same_origin + executor_path + coep_header +
     `&uuid=${opener_iframe_token}`;

   // The "openee" window, NOT using COOP.
   const openee_token = token();
   const openee_url = same_origin + executor_path + coep_header +
     `&uuid=${openee_token}`;

   // 1. Create the opener window.
   window.open(opener_url);
   t.add_cleanup(() => send(opener_token, "window.close();"));

   // 2. The opener opens an iframe, and install a ReportingObserver to catch
   //    future accesses.
   send(opener_token, `
     iframe = document.createElement("iframe");
     iframe.src = "${opener_iframe_url}";
     document.body.appendChild(iframe);

     let observer = new ReportingObserver(reports => {
       send("${this_window_token}", JSON.stringify(reports));
       observer.disconnect();
     });
     observer.observe();
   `);

   // 3. The iframe opens the openee.
   send(opener_iframe_token, `openee = window.open('${openee_url}');`);
   t.add_cleanup(() => send(openee_token, `window.close();`));

   // 4. Wait for the openee to load its document.
   send(openee_token, `send("${this_window_token}", "Ready");`);
   assert_equals(await receive(this_window_token), "Ready");

   // 4. The opener's iframe tries to access the openee. This is an
   //    "access-from-coop-page" from a same-origin iframe, so the
   //    ReportingObserver(s) are notified.
   send(opener_iframe_token, `tryAccess(openee);`);

   let reports = await receive(this_window_token);
   reports = JSON.parse(reports);
   assert_equals(reports.length, 1, "No report received.");
   assert_equals(reports[0].type, "coop-access-violation");
   assert_equals(reports[0].url, opener_url.replace(/"/g, '%22'));
   assert_true(reports[0].body.sourceFile.includes("try-access.js"));
   assert_source_location_found(reports[0]);
   assert_equals(reports[0].body.type,
                 "access-from-coop-page-to-openee");
   assert_equals(reports[0].body.openeeURL, openee_url);
   assert_equals(reports[0].body.openerURL, undefined);
   assert_equals(reports[0].body.otherDocumentURL, undefined);
 }, "Access from same-origin iframe")

 promise_test(async t => {
   // This test window.
   const this_window_token = token();

   // The "opener" window, using COOP-Report-Only and a reporter.
   const opener_token = token();
   const opener_reportTo = reportToHeaders(token());
   const opener_url = same_origin + executor_path + opener_reportTo.header +
     opener_reportTo.coopReportOnlySameOriginHeader + coep_header +
     `&uuid=${opener_token}`;

   // The "opener's iframe", same-origin with its parent.
   const opener_iframe_token = token();
   const opener_iframe_url = cross_site + executor_path + coep_header +
     corp_header +
     `&uuid=${opener_iframe_token}`;

   // The "openee" window, NOT using COOP.
   const openee_token = token();
   const openee_url = same_origin + executor_path + coep_header +
     `&uuid=${openee_token}`;

   // 1. Create the opener window.
   window.open(opener_url);
   t.add_cleanup(() => send(opener_token, "window.close();"));

   // 2. The opener opens an iframe, and install a ReportingObserver to catch
   //    future accesses.
   send(opener_token, `
     iframe = document.createElement("iframe");
     iframe.src = "${opener_iframe_url}";
     document.body.appendChild(iframe);

     let observer = new ReportingObserver(reports => {
       send("${this_window_token}", JSON.stringify(reports));
       observer.disconnect();
     });
     observer.observe();
   `);

   // 3. The iframe opens the openee.
   send(opener_iframe_token, `openee = window.open('${openee_url}');`);
   t.add_cleanup(() => send(openee_token, `window.close();`));

   // 4. Wait for the openee to load its document.
   send(openee_token, `send("${this_window_token}", "Ready");`);
   assert_equals(await receive(this_window_token), "Ready");

   // 5. The opener's iframe tries to access the openee. This is an
   //    "access-from-coop-page" from a cross-site iframe. The ReportingObservers
   //    from the main document aren't notified.
   send(opener_iframe_token, `tryAccess(openee);`);

   let reports = await receive(this_window_token, 2000);
   assert_equals(reports, "timeout", "Unexpected report received.");
 }, "Access from cross-site iframe")

 </script>
	<!doctype html>
	<meta charset="utf-8">
	<meta name="timeout" content="long">
	<title>
	Check the ReportingObserver(s) are notified about the coop-access-violation
	events.
	</title>
	<script src=/resources/testharness.js></script>
	<script src=/resources/testharnessreport.js></script>
	<script src=/common/get-host-info.sub.js></script>
	<script src="/common/utils.js"></script>
	<script src="../resources/dispatcher.js"></script>
	<script src="../resources/try-access.js"></script>
	<script>

	const directory = "/html/cross-origin-opener-policy/reporting";
	const executor_path = directory + "/resources/executor.html?pipe=";
	const same_origin = get_host_info().HTTPS_ORIGIN;
	const cross_site = get_host_info().HTTPS_NOTSAMESITE_ORIGIN;
	const coep_header = '\|header(Cross-Origin-Embedder-Policy,require-corp)';
	const corp_header = '\|header(Cross-Origin-Resource-Policy,cross-origin)';

	promise_test(async t => {
	// This test window.
	const this_window_token = token();

	// The "opener" window, using COOP-Report-Only and a reporter.
	const opener_token = token();
	const opener_reportTo = reportToHeaders(token());
	const opener_url = same_origin + executor_path + opener_reportTo.header +
	opener_reportTo.coopReportOnlySameOriginHeader + coep_header +
	`&uuid=${opener_token}`;

	// The "openee" window, NOT using COOP.
	const openee_token = token();
	const openee_url = same_origin + executor_path + `&uuid=${openee_token}`;

	// 1. Create the opener window.
	window.open(opener_url);
	t.add_cleanup(() => send(opener_token, "window.close();"));

	// 2. The opener opens its openee.
	send(opener_token, `openee = window.open('${openee_url}');`);
	t.add_cleanup(() => send(openee_token, `window.close();`));

	// 3. Wait for the openee to load its document.
	send(openee_token, `send("${this_window_token}", "Ready");`);
	assert_equals(await receive(this_window_token), "Ready");

	// 4. The opener tries to access its openee. All reports for blocked access
	// from the COOP page should notify the ReportingObservers.
	send(opener_token, `
	let observer = new ReportingObserver(()=>{});
	observer.observe();
	tryAccess(openee);
	let reports = observer.takeRecords();
	send("${this_window_token}", JSON.stringify(reports));
	observer.disconnect();
	`);

	let report_access_from = JSON.parse(await receive(this_window_token));
	assert_equals(report_access_from.length, 1, "No report received.");
	assert_equals(report_access_from[0].type, "coop-access-violation");
	assert_equals(report_access_from[0].url, opener_url.replace(/"/g, '%22'));
	assert_source_location_found(report_access_from[0])
	assert_equals(report_access_from[0].body.type,
	"access-from-coop-page-to-openee");
	assert_equals(report_access_from[0].body.openeeURL, openee_url);
	assert_equals(report_access_from[0].body.openerURL, undefined);
	assert_equals(report_access_from[0].body.otherDocumentURL, undefined);

	// 5. The openee tries to access its opener. No reports for blocked access
	// to the COOP page should be dispatched.
	send(openee_token, `
	let observer = new ReportingObserver(()=>{});
	observer.observe();
	tryAccess(opener);
	let reports = observer.takeRecords();
	send("${this_window_token}", JSON.stringify(reports));
	observer.disconnect();
	`);
	let report_access_to = JSON.parse(await receive(this_window_token));
	assert_equals(report_access_to.length, 0, "Unexpected report received.");
	}, "Opener COOP");

	promise_test(async t => {
	// This test window.
	const this_window_token = token();

	// The "opener" window, NOT using COOP.
	const opener_token = token();
	const opener_url = same_origin + executor_path + `&uuid=${opener_token}`;

	// The "openee" window, using COOP-Report-Only and a reporter.
	const openee_token = token();
	const openee_reportTo = reportToHeaders(token());
	const openee_url = same_origin + executor_path + openee_reportTo.header +
	openee_reportTo.coopReportOnlySameOriginHeader + coep_header +
	`&uuid=${openee_token}`;

	// 1. Create the opener window.
	window.open(opener_url);
	t.add_cleanup(() => send(opener_token, "window.close();"));

	// 2. The opener opens its openee.
	send(opener_token,
	`openee = window.open('${openee_url.replace(/,/g, '\\,')}');`);
	t.add_cleanup(() => send(openee_token, `window.close();`));

	// 3. The openee tries to access its opener. All reports for blocked access
	// from the COOP page should notify the ReportingObservers.
	send(openee_token, `
	let observer = new ReportingObserver(()=>{});
	observer.observe();
	tryAccess(opener);
	let reports = observer.takeRecords();
	send("${this_window_token}", JSON.stringify(reports));
	observer.disconnect();
	`);
	let report_access_from = JSON.parse(await receive(this_window_token));
	assert_equals(report_access_from.length, 1, "No report received.");
	assert_equals(report_access_from[0].type, "coop-access-violation");
	assert_equals(report_access_from[0].url, openee_url.replace(/"/g, '%22'));
	assert_true(report_access_from[0].body.sourceFile.includes("try-access.js"));
	assert_source_location_found(report_access_from[0])
	assert_equals(report_access_from[0].body.type,
	"access-from-coop-page-to-opener");
	assert_equals(report_access_from[0].body.openeeURL, undefined);
	assert_equals(report_access_from[0].body.openerURL, opener_url);
	assert_equals(report_access_from[0].body.otherDocumentURL, undefined);

	// 4. The opener tries to access its openee. No reports for blocked access
	// to the COOP page should be dispatched.
	send(opener_token, `
	let observer = new ReportingObserver(()=>{});
	observer.observe();
	tryAccess(openee);
	let reports = observer.takeRecords();
	send("${this_window_token}", JSON.stringify(reports));
	observer.disconnect();
	`);
	let report_access_to = JSON.parse(await receive(this_window_token));
	assert_equals(report_access_to.length, 0, "Unexpected report received.");
	}, "Openee COOP");

	promise_test(async t => {
	// This test window.
	const this_window_token = token();

	// The "opener" window, using COOP-Report-Only and a reporter.
	const opener_token = token();
	const opener_reportTo = reportToHeaders(token());
	const opener_url = same_origin + executor_path + opener_reportTo.header +
	opener_reportTo.coopReportOnlySameOriginHeader + coep_header +
	`&uuid=${opener_token}`;

	// The "opener's iframe", same-origin with its parent.
	const opener_iframe_token = token();
	const opener_iframe_url = same_origin + executor_path + coep_header +
	`&uuid=${opener_iframe_token}`;

	// The "openee" window, NOT using COOP.
	const openee_token = token();
	const openee_url = same_origin + executor_path + coep_header +
	`&uuid=${openee_token}`;

	// 1. Create the opener window.
	window.open(opener_url);
	t.add_cleanup(() => send(opener_token, "window.close();"));

	// 2. The opener opens an iframe, and install a ReportingObserver to catch
	// future accesses.
	send(opener_token, `
	iframe = document.createElement("iframe");
	iframe.src = "${opener_iframe_url}";
	document.body.appendChild(iframe);

	let observer = new ReportingObserver(reports => {
	send("${this_window_token}", JSON.stringify(reports));
	observer.disconnect();
	});
	observer.observe();
	`);

	// 3. The iframe opens the openee.
	send(opener_iframe_token, `openee = window.open('${openee_url}');`);
	t.add_cleanup(() => send(openee_token, `window.close();`));

	// 4. Wait for the openee to load its document.
	send(openee_token, `send("${this_window_token}", "Ready");`);
	assert_equals(await receive(this_window_token), "Ready");

	// 4. The opener's iframe tries to access the openee. This is an
	// "access-from-coop-page" from a same-origin iframe, so the
	// ReportingObserver(s) are notified.
	send(opener_iframe_token, `tryAccess(openee);`);

	let reports = await receive(this_window_token);
	reports = JSON.parse(reports);
	assert_equals(reports.length, 1, "No report received.");
	assert_equals(reports[0].type, "coop-access-violation");
	assert_equals(reports[0].url, opener_url.replace(/"/g, '%22'));
	assert_true(reports[0].body.sourceFile.includes("try-access.js"));
	assert_source_location_found(reports[0]);
	assert_equals(reports[0].body.type,
	"access-from-coop-page-to-openee");
	assert_equals(reports[0].body.openeeURL, openee_url);
	assert_equals(reports[0].body.openerURL, undefined);
	assert_equals(reports[0].body.otherDocumentURL, undefined);
	}, "Access from same-origin iframe")

	promise_test(async t => {
	// This test window.
	const this_window_token = token();

	// The "opener" window, using COOP-Report-Only and a reporter.
	const opener_token = token();
	const opener_reportTo = reportToHeaders(token());
	const opener_url = same_origin + executor_path + opener_reportTo.header +
	opener_reportTo.coopReportOnlySameOriginHeader + coep_header +
	`&uuid=${opener_token}`;

	// The "opener's iframe", same-origin with its parent.
	const opener_iframe_token = token();
	const opener_iframe_url = cross_site + executor_path + coep_header +
	corp_header +
	`&uuid=${opener_iframe_token}`;

	// The "openee" window, NOT using COOP.
	const openee_token = token();
	const openee_url = same_origin + executor_path + coep_header +
	`&uuid=${openee_token}`;

	// 1. Create the opener window.
	window.open(opener_url);
	t.add_cleanup(() => send(opener_token, "window.close();"));

	// 2. The opener opens an iframe, and install a ReportingObserver to catch
	// future accesses.
	send(opener_token, `
	iframe = document.createElement("iframe");
	iframe.src = "${opener_iframe_url}";
	document.body.appendChild(iframe);

	let observer = new ReportingObserver(reports => {
	send("${this_window_token}", JSON.stringify(reports));
	observer.disconnect();
	});
	observer.observe();
	`);

	// 3. The iframe opens the openee.
	send(opener_iframe_token, `openee = window.open('${openee_url}');`);
	t.add_cleanup(() => send(openee_token, `window.close();`));

	// 4. Wait for the openee to load its document.
	send(openee_token, `send("${this_window_token}", "Ready");`);
	assert_equals(await receive(this_window_token), "Ready");

	// 5. The opener's iframe tries to access the openee. This is an
	// "access-from-coop-page" from a cross-site iframe. The ReportingObservers
	// from the main document aren't notified.
	send(opener_iframe_token, `tryAccess(openee);`);

	let reports = await receive(this_window_token, 2000);
	assert_equals(reports, "timeout", "Unexpected report received.");
	}, "Access from cross-site iframe")

	</script>