1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
|
<!doctype html>
<html>
<meta name="timeout" content="long">
<body>
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
<script src="/common/dispatcher/dispatcher.js"></script>
<script src="/common/utils.js"></script>
<script src="/common/get-host-info.sub.js"></script>
<script src="/service-workers/service-worker/resources/test-helpers.sub.js"></script>
<script src="./resources/common.js"></script>
<script>
const {ORIGIN, REMOTE_ORIGIN} = get_host_info();
const header = (name, value) => `|header(${name},${value})`;
const dip_reporting_header = header("document-isolation-policy", "isolate-and-require-corp") +
header("document-isolation-policy-report-only", "isolate-and-require-corp");
function checkReport(report, contextUrl, blockedUrl, disposition, destination) {
assert_equals(report.type, 'dip');
assert_equals(report.url, contextUrl);
assert_equals(report.body.type, 'corp');
assert_equals(report.body.blockedURL, blockedUrl);
assert_equals(report.body.disposition, disposition);
assert_equals(report.body.destination, destination);
}
function validateReports(reports, expected_count, check, context_url, resource_url) {
assert_equals(reports.length, expected_count);
check(reports, context_url, resource_url);
}
async function runRemoteContextTest(uuid, expected_count, check, context_url, resource_url) {
// Have the remote context load the resource and wait for the expected number
// of reports.
const ctx = new RemoteContext(uuid);
const reports = await ctx.execute_script(
async (url, count) => {
const reports_received = [];
// Register an observer that will wait for reports.
const receivedEveryReports = new Promise(resolve => {
if (count == 0)
resolve();
const observer = new ReportingObserver((rs) => {
for (const r of rs) {
reports_received.push(r.toJSON());
}
if (count <= reports_received.length)
resolve();
});
observer.observe();
});
// Try to fetch the resource. This might be blocked by DocumentIsolationPolicy.
try {
const response = await fetch(url, {mode: 'no-cors', cache: 'no-store'});
} catch(error) {}
await receivedEveryReports;
return reports_received;
}, [resource_url, expected_count]);
validateReports(reports, expected_count, check, context_url, resource_url);
}
async function runIFrameTest(t, check, resource_url, expected_count) {
// Load an iframe with DocumentIsolationPolicy reporting.
const context = await createIframeContext(t, `${ORIGIN}`, dip_reporting_header);
await runRemoteContextTest(context[0], expected_count, check, context[1], resource_url);
}
async function runDedicatedWorkerTest(t, check, resource_url, expected_count) {
// Create a worker which will inherit DocumentIsolationPolicy reporting from its creator.
const context = await createDedicatedWorkerContext(t, `${ORIGIN}`, dip_reporting_header);
await runRemoteContextTest(context[0], expected_count, check, context[1], resource_url);
}
async function runSharedWorkerTest(t, check, resource_url, expected_count) {
// Create a shared worker with DocumentIsolationPolicy reporting.
const context = await createSharedWorkerContext(t, `${ORIGIN}`, dip_reporting_header);
await runRemoteContextTest(context[0], expected_count, check, context[1], resource_url);
}
async function runIFrameWithServiceWorkerTest(t, check, resource_url, expected_count) {
// Create an iframe with DocumentIsolationPolicy reporting and a ServiceWorker.
const context = await createIframeWithSWContext(t, `${ORIGIN}`, dip_reporting_header);
await runRemoteContextTest(context[0], expected_count, check, context[1], resource_url);
}
// We want to test several URLs in various environments (document,
// dedicated worker, shared worser, service worker). As expectations
// are independent of environment except for the context URLs in reports,
// we define ENVIRONMENTS and CASES to reduce the code duplication.
//
// ENVIRONMENTS is a list of dictionaries. Each dictionary consists of:
// - tag: the name of the environment
// - run: an async function which generates reports
// - test: a testharness Test object
// - url: the URL for a test case (see below)
//
// CASES is a list of test cases. Each test case consists of:
// - name: the name of the test case
// - url: the URL of the test case
// - check: a function to check the results
// - reports: the generated reports
// - url: the URL of the test case
// - contextUrl: the URL of the environment settings object (see
// ENVORONMENTS)
const ENVIRONMENTS = {
"document": runIFrameTest,
"dedicated worker": runDedicatedWorkerTest,
"shared worker": runSharedWorkerTest,
"document with service worker": runIFrameWithServiceWorkerTest,
};
const CASES = [
{
name: 'same-origin',
url: '/common/square.png',
expected_count: 0,
check: (reports, url, contextUrl) => {}
},
{
name: 'blocked due to DIP',
url: `${REMOTE_ORIGIN}/common/square.png`,
expected_count: 2,
check: (reports, contextUrl, url) => {
checkReport(reports[0], contextUrl, url, 'reporting', '');
checkReport(reports[1], contextUrl, url, 'enforce', '');
}
},
{
name: 'blocked during redirect',
url: `${ORIGIN}/common/redirect.py?location=` +
encodeURIComponent(`${REMOTE_ORIGIN}/common/square.png`),
expected_count: 2,
check: (reports, contextUrl, url) => {
checkReport(reports[0], contextUrl, url, 'reporting', '');
checkReport(reports[1], contextUrl, url, 'enforce', '');
},
}
];
for (const [tag, run] of Object.entries(ENVIRONMENTS)) {
for (const testcase of CASES) {
promise_test(async (t) => {
const reports =
await run(t, testcase.check, testcase.url, testcase.expected_count);
}, `[${tag}] ${testcase.name}`);
}
}
</script>
|
