blob: 543c8e0e8dad8b9a94bb1d9fe902c1be6675622c [file] [log] [blame]
<!DOCTYPE html>
<html>
<head>
<script src="/js-test-resources/js-test.js"></script>
<script src="/js-test-resources/ui-helper.js"></script>
<script src="/resourceLoadStatistics/resources/util.js"></script>
</head>
<body>
<script>
description("Tests that cross-origin iframe storage access is denied if the iframe is sandboxed, has the allow token, the iframe origin is a prevalent resource, the iframe origin has had user interaction, the user opts in, but the frame is not the one with access.");
jsTestIsAsync = true;
const hostUnderTest = "localhost:8000";
const statisticsUrl = "http://" + hostUnderTest + "/temp";
const partitionHost = "127.0.0.1:8000";
const thirdPartyOrigin = "http://localhost:8000";
const resourcePath = "/storageAccess/resources";
const thirdPartyBaseUrl = thirdPartyOrigin + resourcePath;
const firstPartyCookieName = "firstPartyCookie";
const subPathToSetFirstPartyCookie = "/set-cookie.py?name=" + firstPartyCookieName + "&value=value";
const partitionedCookieName = "partitionedCookie";
const subPathToSetPartitionedCookie = "/set-cookie.py?name=" + partitionedCookieName + "&value=value";
const returnUrl = "http://" + partitionHost + "/storageAccess/request-and-grant-access-cross-origin-sandboxed-iframe-from-prevalent-domain-with-user-interaction-but-access-from-wrong-frame.html";
const subPathToGetCookies = "/get-cookies.py?name1=" + firstPartyCookieName + "&name2=" + partitionedCookieName;
function openIframe(url, onLoadHandler) {
const element = document.createElement("iframe");
element.src = url;
if (onLoadHandler) {
element.onload = onLoadHandler;
}
document.body.appendChild(element);
}
function receiveMessage(event) {
if (event.origin === "http://localhost:8000") {
if (event.data.indexOf("PASS") !== -1)
testPassed(event.data.replace("PASS ", ""));
else
testFailed(event.data);
} else
testFailed("Received a message from an unexpected origin: " + event.origin);
runTest();
}
function activateElement(elementId) {
var element = document.getElementById(elementId);
var centerX = element.offsetLeft + element.offsetWidth / 2;
var centerY = element.offsetTop + element.offsetHeight / 2;
UIHelper.activateAt(centerX, centerY).then(
function () {
if (window.eventSender)
eventSender.keyDown("escape");
else {
testFailed("No eventSender.");
setEnableFeature(false, finishJSTest);
}
},
function () {
testFailed("Promise rejected.");
setEnableFeature(false, finishJSTest);
}
);
}
function runTest() {
switch (document.location.hash) {
case "#step1":
if (testRunner.isStatisticsPrevalentResource(statisticsUrl))
testFailed("Host prematurely set as prevalent resource.");
// Set first-party cookie for localhost.
document.location.href = thirdPartyBaseUrl + subPathToSetFirstPartyCookie + "#" + returnUrl + "#step2";
break;
case "#step2":
document.location.hash = "step3";
// Check that the first-party cookie does get sent for localhost under 127.0.0.1.
openIframe(thirdPartyBaseUrl + subPathToGetCookies + "&message=Should receive first-party cookie.", runTest);
break;
case "#step3":
document.location.hash = "step4";
// Set localhost as prevalent.
testRunner.setStatisticsPrevalentResource(statisticsUrl, true, function() {
if (!testRunner.isStatisticsPrevalentResource(statisticsUrl))
testFailed("Host did not get set as prevalent resource.");
testRunner.setStatisticsHasHadUserInteraction(statisticsUrl, true, function() {
if (!testRunner.isStatisticsHasHadUserInteraction(statisticsUrl))
testFailed("Host did not get logged for user interaction.");
testRunner.statisticsUpdateCookieBlocking(function() {
// Check that the first-party cookie does not get sent for localhost under 127.0.0.1.
openIframe(thirdPartyBaseUrl + subPathToGetCookies + "&message=Should not receive cookies.", runTest);
});
});
});
break;
case "#step4":
document.location.hash = "step5";
// Try to set cookie for localhost.
openIframe(thirdPartyBaseUrl + subPathToSetPartitionedCookie, runTest);
break;
case "#step5":
document.location.hash = "step6";
// Check that no cookie gets sent for localhost under 127.0.0.1.
openIframe(thirdPartyBaseUrl + subPathToGetCookies + "&message=Should not receive cookies.", runTest);
break;
case "#step6":
document.location.hash = "step7";
// Set per-frame access since otherwise the sibling iframe will get access.
internals.settings.setStorageAccessAPIPerPageScopeEnabled(false);
let iframeElement = document.createElement("iframe");
iframeElement.setAttribute("sandbox", "allow-storage-access-by-user-activation allow-scripts allow-same-origin allow-modals");
iframeElement.onload = function() {
testRunner.statisticsUpdateCookieBlocking(function() {
activateElement("TheIframeThatRequestsStorageAccess");
});
};
iframeElement.id = "TheIframeThatRequestsStorageAccess";
iframeElement.src = "http://localhost:8000/storageAccess/resources/request-storage-access-iframe.html#userShouldGrantAccess,userShouldBeConsulted,policyShouldGrantAccess,isNotSameOriginIframe";
document.body.appendChild(iframeElement);
break;
case "#step7":
document.location.hash = "step8";
// Check that no cookie gets sent for localhost under 127.0.0.1 since we're opening a new frame.
openIframe(thirdPartyBaseUrl + subPathToGetCookies + "&message=Should not receive cookies.", runTest);
break;
case "#step8":
// Reset access scope.
internals.settings.setStorageAccessAPIPerPageScopeEnabled(true);
setEnableFeature(false, finishJSTest);
break;
}
}
if (document.location.hash === "") {
setEnableFeature(true, function() {
if (testRunner.isStatisticsPrevalentResource(thirdPartyBaseUrl))
testFailed("Localhost was classified as prevalent resource before the test starts.");
testRunner.dumpChildFramesAsText();
document.location.hash = "step1";
});
}
window.addEventListener("message", receiveMessage, false);
runTest();
</script>
</body>
</html>