WebKit Bugzilla
Attachment 348664 Details for
Bug 188564
: Storage Access API: Maintain access through same-site navigations
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
Patch
bug-188564-20180831125044.patch (text/plain), 35.70 KB, created by
John Wilander
on 2018-08-31 12:50:45 PDT
(
hide
)
Description:
Patch
Filename:
MIME Type:
Creator:
John Wilander
Created:
2018-08-31 12:50:45 PDT
Size:
35.70 KB
patch
obsolete
>Subversion Revision: 235517 >diff --git a/Source/WebCore/ChangeLog b/Source/WebCore/ChangeLog >index 05033cb290180f2a412c1ed8ffe73dfadd1a7454..7cfde213d7170383d60fd8367a893bb7ea1062b1 100644 >--- a/Source/WebCore/ChangeLog >+++ b/Source/WebCore/ChangeLog >@@ -1,3 +1,20 @@ >+2018-08-31 John Wilander <wilander@apple.com> >+ >+ Storage Access API: Maintain access through same-site navigations >+ https://bugs.webkit.org/show_bug.cgi?id=188564 >+ <rdar://problem/43445160> >+ >+ Reviewed by NOBODY (OOPS!). >+ >+ Tests: http/tests/storageAccess/request-and-grant-access-then-navigate-cross-site-should-not-have-access.html >+ http/tests/storageAccess/request-and-grant-access-then-navigate-same-site-should-have-access.html >+ >+ * dom/Document.h: >+ Removed unused member variable m_hasFrameSpecificStorageAccess. >+ * loader/DocumentLoader.cpp: >+ (WebCore::DocumentLoader::willSendRequest): >+ * loader/FrameLoaderClient.h: >+ > 2018-08-30 Brent Fulgham <bfulgham@apple.com> > > The width of a nullptr TextRun should be zero >diff --git a/Source/WebKit/ChangeLog b/Source/WebKit/ChangeLog >index 9688a9a162ecff3a44cf3f9c04f504f350383387..cacc1d2900e70d933aee881b9ffd5bee0f4b9203 100644 >--- a/Source/WebKit/ChangeLog >+++ b/Source/WebKit/ChangeLog >@@ -1,3 +1,18 @@ >+2018-08-31 John Wilander <wilander@apple.com> >+ >+ Storage Access API: Maintain access through same-site navigations >+ https://bugs.webkit.org/show_bug.cgi?id=188564 >+ <rdar://problem/43445160> >+ >+ Reviewed by NOBODY (OOPS!). >+ >+ * WebProcess/WebCoreSupport/WebFrameLoaderClient.cpp: >+ (WebKit::WebFrameLoaderClient::dispatchWillChangeDocument): >+ Now takes the current URL and the new URL as parameters >+ and only clears out storage access if the navigation is >+ cross-site, i.e. with differing eTLD+1s. >+ * WebProcess/WebCoreSupport/WebFrameLoaderClient.h: >+ > 2018-08-30 Eric Carlson <eric.carlson@apple.com> > > Mock video devices should only support discrete sizes >diff --git a/Source/WebCore/dom/Document.h b/Source/WebCore/dom/Document.h >index 9e3c31853f123ec9bea3f690b85e17bad07675d5..0c26565185fc8ad40b7ba62ab995f7a17471a87e 100644 >--- a/Source/WebCore/dom/Document.h >+++ b/Source/WebCore/dom/Document.h >@@ -1988,7 +1988,6 @@ private: > > static bool hasEverCreatedAnAXObjectCache; > >- bool m_hasFrameSpecificStorageAccess { false }; > bool m_grantStorageAccessOverride { false }; > > #if USE(REQUEST_ANIMATION_FRAME_DISPLAY_MONITOR) >diff --git a/Source/WebCore/loader/DocumentLoader.cpp b/Source/WebCore/loader/DocumentLoader.cpp >index 234749f1f6749fa4e9bfb442c22f018b4d126c6c..43060692cdb60e72e88c941ad488b278f59431fc 100644 >--- a/Source/WebCore/loader/DocumentLoader.cpp >+++ b/Source/WebCore/loader/DocumentLoader.cpp >@@ -600,7 +600,7 @@ void DocumentLoader::willSendRequest(ResourceRequest&& newRequest, const Resourc > FrameLoader::addSameSiteInfoToRequestIfNeeded(newRequest, m_frame->document()); > > if (!didReceiveRedirectResponse) >- frameLoader()->client().dispatchWillChangeDocument(); >+ frameLoader()->client().dispatchWillChangeDocument(m_frame->document()->url(), newRequest.url()); > > // If we're fielding a redirect in response to a POST, force a load from origin, since > // this is a common site technique to return to a page viewing some data that the POST >diff --git a/Source/WebCore/loader/FrameLoaderClient.h b/Source/WebCore/loader/FrameLoaderClient.h >index 074e541f3bca5a1adffb51665154edaffe53c2be..1ba916247b61dbee82262946f0974f191fdc18c3 100644 >--- a/Source/WebCore/loader/FrameLoaderClient.h >+++ b/Source/WebCore/loader/FrameLoaderClient.h >@@ -166,7 +166,7 @@ public: > virtual void dispatchDidCancelClientRedirect() = 0; > virtual void dispatchWillPerformClientRedirect(const URL&, double interval, WallTime fireDate) = 0; > virtual void dispatchDidChangeMainDocument() { } >- virtual void dispatchWillChangeDocument() { } >+ virtual void dispatchWillChangeDocument(const URL&, const URL&) { } > virtual void dispatchDidNavigateWithinPage() { } > virtual void dispatchDidChangeLocationWithinPage() = 0; > virtual void dispatchDidPushStateWithinPage() = 0; >diff --git a/Source/WebKit/WebProcess/WebCoreSupport/WebFrameLoaderClient.cpp b/Source/WebKit/WebProcess/WebCoreSupport/WebFrameLoaderClient.cpp >index 1b94bbc70ad7a814349bc87f4815bc3b4f63c0c9..2587a3cc7b4dac4b6171b677581f6c439e0b4129 100644 >--- a/Source/WebKit/WebProcess/WebCoreSupport/WebFrameLoaderClient.cpp >+++ b/Source/WebKit/WebProcess/WebCoreSupport/WebFrameLoaderClient.cpp >@@ -83,6 +83,7 @@ > #include <WebCore/PolicyChecker.h> > #include <WebCore/ProgressTracker.h> > #include <WebCore/ResourceError.h> >+#include <WebCore/ResourceRequest.h> > #include <WebCore/ScriptController.h> > #include <WebCore/SecurityOriginData.h> > #include <WebCore/Settings.h> >@@ -383,7 +384,7 @@ void WebFrameLoaderClient::dispatchDidChangeMainDocument() > webPage->send(Messages::WebPageProxy::DidChangeMainDocument(m_frame->frameID())); > } > >-void WebFrameLoaderClient::dispatchWillChangeDocument() >+void WebFrameLoaderClient::dispatchWillChangeDocument(const URL& currentUrl, const URL& newUrl) > { > #if HAVE(CFNETWORK_STORAGE_PARTITIONING) > if (m_frame->isMainFrame()) >@@ -393,7 +394,7 @@ void WebFrameLoaderClient::dispatchWillChangeDocument() > if (!webPage) > return; > >- if (m_hasFrameSpecificStorageAccess) { >+ if (m_hasFrameSpecificStorageAccess && !WebCore::registrableDomainsAreEqual(currentUrl, newUrl)) { > WebProcess::singleton().ensureNetworkProcessConnection().connection().send(Messages::NetworkConnectionToWebProcess::RemoveStorageAccessForFrame(sessionID(), frameID().value(), pageID().value()), 0); > m_hasFrameSpecificStorageAccess = false; > } >diff --git a/Source/WebKit/WebProcess/WebCoreSupport/WebFrameLoaderClient.h b/Source/WebKit/WebProcess/WebCoreSupport/WebFrameLoaderClient.h >index 254568e427d14274de2405235f3a9da4d5062ea1..0dde7bd7d9c57cca61b4bf84b65a9ff09876ec4d 100644 >--- a/Source/WebKit/WebProcess/WebCoreSupport/WebFrameLoaderClient.h >+++ b/Source/WebKit/WebProcess/WebCoreSupport/WebFrameLoaderClient.h >@@ -97,7 +97,7 @@ private: > void dispatchDidFinishDataDetection(NSArray *detectionResults) final; > #endif > void dispatchDidChangeMainDocument() final; >- void dispatchWillChangeDocument() final; >+ void dispatchWillChangeDocument(const WebCore::URL& currentUrl, const WebCore::URL& newUrl) final; > > void dispatchDidDispatchOnloadEvents() final; > void dispatchDidReceiveServerRedirectForProvisionalLoad() final; >diff --git a/LayoutTests/ChangeLog b/LayoutTests/ChangeLog >index f0eb45e779eff394cd8f4a16ad6e559cfc581e9d..31c9fe76023d256baa304f56ccdb0c421f92a5f0 100644 >--- a/LayoutTests/ChangeLog >+++ b/LayoutTests/ChangeLog >@@ -1,3 +1,25 @@ >+2018-08-31 John Wilander <wilander@apple.com> >+ >+ Storage Access API: Maintain access through same-site navigations >+ https://bugs.webkit.org/show_bug.cgi?id=188564 >+ <rdar://problem/43445160> >+ >+ Reviewed by NOBODY (OOPS!). >+ >+ * http/tests/storageAccess/request-and-grant-access-cross-origin-sandboxed-iframe-from-prevalent-domain-with-user-interaction-and-access-from-right-frame-expected.txt: >+ * http/tests/storageAccess/request-and-grant-access-cross-origin-sandboxed-iframe-from-prevalent-domain-with-user-interaction-and-access-from-right-frame.html: >+ Added both a same-site and a cross-site navigation to the sub frame to test maintained and cleared access. >+ * http/tests/storageAccess/request-and-grant-access-then-navigate-cross-site-should-not-have-access-expected.txt: Copied from LayoutTests/http/tests/storageAccess/request-and-grant-access-then-navigate-should-not-have-access-expected.txt. >+ * http/tests/storageAccess/request-and-grant-access-then-navigate-cross-site-should-not-have-access.html: Copied from LayoutTests/http/tests/storageAccess/request-and-grant-access-then-navigate-should-not-have-access.html. >+ * http/tests/storageAccess/request-and-grant-access-then-navigate-same-site-should-have-access-expected.txt: Renamed from LayoutTests/http/tests/storageAccess/request-and-grant-access-then-navigate-should-not-have-access-expected.txt. >+ * http/tests/storageAccess/request-and-grant-access-then-navigate-same-site-should-have-access.html: Renamed from LayoutTests/http/tests/storageAccess/request-and-grant-access-then-navigate-should-not-have-access.html. >+ * http/tests/storageAccess/resources/get-cookies.php: >+ Support for the new test scenarios. >+ * http/tests/storageAccess/resources/self-navigating-frame-after-granted-access.html: >+ Support for the new test scenarios. >+ * platform/mac-wk2/TestExpectations: >+ Marked the new and the renamed tests as [ Pass ]. >+ > 2018-08-30 Brent Fulgham <bfulgham@apple.com> > > The width of a nullptr TextRun should be zero >diff --git a/LayoutTests/http/tests/storageAccess/request-and-grant-access-cross-origin-sandboxed-iframe-from-prevalent-domain-with-user-interaction-and-access-from-right-frame-expected.txt b/LayoutTests/http/tests/storageAccess/request-and-grant-access-cross-origin-sandboxed-iframe-from-prevalent-domain-with-user-interaction-and-access-from-right-frame-expected.txt >index d6bc7775375013db38f604e62b2551e9c68f873f..0a84e7f07dabf3e35791290f3ede9700735543f3 100644 >--- a/LayoutTests/http/tests/storageAccess/request-and-grant-access-cross-origin-sandboxed-iframe-from-prevalent-domain-with-user-interaction-and-access-from-right-frame-expected.txt >+++ b/LayoutTests/http/tests/storageAccess/request-and-grant-access-cross-origin-sandboxed-iframe-from-prevalent-domain-with-user-interaction-and-access-from-right-frame-expected.txt >@@ -4,6 +4,8 @@ On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE > > > PASS Storage access was granted. document.cookie == firstPartyCookie=value, cookies seen server-side == {"firstPartyCookie":"value"} >+Did navigate iframe same-site and will now check that it still has storage access. >+PASS document.cookie == firstPartyCookie=value, cookies seen server-side == {"firstPartyCookie":"value"} > PASS successfullyParsed is true > > TEST COMPLETE >@@ -42,7 +44,7 @@ Client-side document.cookie: > -------- > Frame: '<!--frame5-->' > -------- >-After the top frame navigates the sub frame, the sub frame should no longer have access to cookies. >+After the top frame navigates the sub frame cross-site and back, the sub frame should no longer have access to cookies. > Did not receive cookie named 'firstPartyCookie'. > Did not receive cookie named 'partitionedCookie'. > Client-side document.cookie: >diff --git a/LayoutTests/http/tests/storageAccess/request-and-grant-access-cross-origin-sandboxed-iframe-from-prevalent-domain-with-user-interaction-and-access-from-right-frame.html b/LayoutTests/http/tests/storageAccess/request-and-grant-access-cross-origin-sandboxed-iframe-from-prevalent-domain-with-user-interaction-and-access-from-right-frame.html >index f16010390a94437697a04f4c0fefc04f6968e0d4..2b8e1e955e23d40b29fd92a7c6c11c6643e460ad 100644 >--- a/LayoutTests/http/tests/storageAccess/request-and-grant-access-cross-origin-sandboxed-iframe-from-prevalent-domain-with-user-interaction-and-access-from-right-frame.html >+++ b/LayoutTests/http/tests/storageAccess/request-and-grant-access-cross-origin-sandboxed-iframe-from-prevalent-domain-with-user-interaction-and-access-from-right-frame.html >@@ -119,12 +119,30 @@ > break; > case "#step7": > document.location.hash = "step8"; >- // Check that no cookie gets sent for localhost under 127.0.0.1 since we're opening in the frame that was granted access. >- let existingIframe = document.getElementById("TheIframeThatRequestsStorageAccess"); >- existingIframe.onload = runTest; >- existingIframe.src = thirdPartyBaseUrl + subPathToGetCookies + "&message=After the top frame navigates the sub frame, the sub frame should no longer have access to cookies."; >+ // Navigate the frame same-site. >+ let existingIframe1 = document.getElementById("TheIframeThatRequestsStorageAccess"); >+ existingIframe1.onload = function () { >+ debug("Did navigate iframe same-site and will now check that it still has storage access."); >+ let iframe = document.getElementById("TheIframeThatRequestsStorageAccess"); >+ iframe.contentWindow.postMessage("reportBackCookies", "http://localhost:8000"); >+ }; >+ existingIframe1.src = thirdPartyBaseUrl + subPathToGetCookies; > break; > case "#step8": >+ document.location.hash = "step9"; >+ // Navigate the frame cross-site. This should clear out storage access. >+ let existingIframe2 = document.getElementById("TheIframeThatRequestsStorageAccess"); >+ existingIframe2.onload = runTest; >+ existingIframe2.src = "http://" + partitionHost; >+ break; >+ case "#step9": >+ document.location.hash = "step10"; >+ // Again open localhost in the existing frame and check that no cookie gets sent for localhost under 127.0.0.1 since it has been navigated cross-site. >+ let existingIframe3 = document.getElementById("TheIframeThatRequestsStorageAccess"); >+ existingIframe3.onload = runTest; >+ existingIframe3.src = thirdPartyBaseUrl + subPathToGetCookies + "&message=After the top frame navigates the sub frame cross-site and back, the sub frame should no longer have access to cookies."; >+ break; >+ case "#step10": > setEnableFeature(false, finishJSTest); > break; > } >diff --git a/LayoutTests/http/tests/storageAccess/request-and-grant-access-then-navigate-cross-site-should-not-have-access-expected.txt b/LayoutTests/http/tests/storageAccess/request-and-grant-access-then-navigate-cross-site-should-not-have-access-expected.txt >new file mode 100644 >index 0000000000000000000000000000000000000000..890f4d906015b4a34fac678ce76382fcb6935003 >--- /dev/null >+++ b/LayoutTests/http/tests/storageAccess/request-and-grant-access-then-navigate-cross-site-should-not-have-access-expected.txt >@@ -0,0 +1,13 @@ >+Tests that a cross-origin iframe from a prevalent domain that is granted storage access and then navigates itself cross-site does not have storage access. >+ >+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE". >+ >+ >+PASS document.cookie == >+PASS Storage access was granted. >+PASS document.cookie == cookieSetClientSideAfterGrantedStorageAccess=value; firstPartyCookie=value >+PASS No storage access. document.cookie == , cookies seen server-side == "No cookies" >+PASS successfullyParsed is true >+ >+TEST COMPLETE >+ >diff --git a/LayoutTests/http/tests/storageAccess/request-and-grant-access-then-navigate-cross-site-should-not-have-access.html b/LayoutTests/http/tests/storageAccess/request-and-grant-access-then-navigate-cross-site-should-not-have-access.html >new file mode 100644 >index 0000000000000000000000000000000000000000..25f1bf75bfe0b9689323095c5764b17d8f7927b4 >--- /dev/null >+++ b/LayoutTests/http/tests/storageAccess/request-and-grant-access-then-navigate-cross-site-should-not-have-access.html >@@ -0,0 +1,90 @@ >+<!DOCTYPE html> >+<html> >+<head> >+ <script src="/js-test-resources/js-test.js"></script> >+ <script src="/js-test-resources/ui-helper.js"></script> >+ <script src="/resourceLoadStatistics/resources/util.js"></script> >+ <script> >+ description("Tests that a cross-origin iframe from a prevalent domain that is granted storage access and then navigates itself cross-site does not have storage access."); >+ jsTestIsAsync = true; >+ >+ window.addEventListener("message", receiveMessage, false); >+ >+ function finishTest() { >+ setEnableFeature(false, finishJSTest); >+ } >+ >+ const expectedPassMessages = 2; >+ var passMessagesReceived = 0; >+ function receiveMessage(event) { >+ if (event.origin === "http://localhost:8000") { >+ if (event.data.indexOf("document.cookie") === 0) { >+ testPassed(event.data); >+ } else if (event.data.indexOf("PASS") !== -1) { >+ testPassed(event.data.replace("PASS ", "")); >+ passMessagesReceived++; >+ if (passMessagesReceived >= expectedPassMessages) >+ finishTest(); >+ } else { >+ testFailed(event.data); >+ finishTest(); >+ } >+ } else { >+ testFailed("Received a message from an unexpected origin: " + event.origin); >+ finishTest(); >+ } >+ } >+ >+ function activateElement(elementId) { >+ var element = document.getElementById(elementId); >+ var centerX = element.offsetLeft + element.offsetWidth / 2; >+ var centerY = element.offsetTop + element.offsetHeight / 2; >+ UIHelper.activateAt(centerX, centerY).then( >+ function () { >+ if (window.eventSender) >+ eventSender.keyDown("escape"); >+ else { >+ testFailed("No eventSender."); >+ finishTest(); >+ } >+ }, >+ function () { >+ testFailed("Promise rejected."); >+ finishTest(); >+ } >+ ); >+ } >+ >+ function runTest() { >+ activateElement("TheIframeThatRequestsStorageAccess"); >+ } >+ >+ const hostUnderTest = "localhost:8000"; >+ const statisticsUrl = "http://" + hostUnderTest; >+ if (document.location.hash !== "#firstPartyCookieSet") { >+ setEnableFeature(true, function() { >+ document.location.href = statisticsUrl + "/storageAccess/resources/set-cookie.php?name=firstPartyCookie&value=value#http://127.0.0.1:8000/storageAccess/request-and-grant-access-then-navigate-cross-site-should-not-have-access.html#firstPartyCookieSet"; >+ }); >+ } else { >+ testRunner.setStatisticsPrevalentResource(statisticsUrl, true, function() { >+ if (!testRunner.isStatisticsPrevalentResource(statisticsUrl)) >+ testFailed("Host did not get set as prevalent resource."); >+ testRunner.setStatisticsHasHadUserInteraction(statisticsUrl, true, function() { >+ if (!testRunner.isStatisticsHasHadUserInteraction(statisticsUrl)) >+ testFailed("Host did not get logged for user interaction."); >+ testRunner.statisticsUpdateCookieBlocking(function() { >+ let iframeElement = document.createElement("iframe"); >+ iframeElement.setAttribute("sandbox", "allow-storage-access-by-user-activation allow-scripts allow-same-origin allow-modals"); >+ iframeElement.onload = runTest; >+ iframeElement.id = "TheIframeThatRequestsStorageAccess"; >+ iframeElement.src = "http://localhost:8000/storageAccess/resources/self-navigating-frame-after-granted-access.html#userShouldGrantAccess,userShouldBeConsulted,policyShouldGrantAccess,crossSiteNavigation"; >+ document.body.appendChild(iframeElement); >+ }); >+ }); >+ }); >+ } >+ </script> >+</head> >+<body> >+</body> >+</html> >\ No newline at end of file >diff --git a/LayoutTests/http/tests/storageAccess/request-and-grant-access-then-navigate-same-site-should-have-access-expected.txt b/LayoutTests/http/tests/storageAccess/request-and-grant-access-then-navigate-same-site-should-have-access-expected.txt >new file mode 100644 >index 0000000000000000000000000000000000000000..2745db594e9cf830a28c461210f78e49158e9044 >--- /dev/null >+++ b/LayoutTests/http/tests/storageAccess/request-and-grant-access-then-navigate-same-site-should-have-access-expected.txt >@@ -0,0 +1,13 @@ >+Tests that a cross-origin iframe from a prevalent domain that is granted storage access and then navigates itself same-site still has storage access. >+ >+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE". >+ >+ >+PASS document.cookie == >+PASS Storage access was granted. >+PASS document.cookie == cookieSetClientSideAfterGrantedStorageAccess=value; firstPartyCookie=value >+PASS Has storage access. document.cookie == cookieSetClientSideAfterGrantedStorageAccess=value; firstPartyCookie=value, cookies seen server-side == {"cookieSetClientSideAfterGrantedStorageAccess":"value","firstPartyCookie":"value"} >+PASS successfullyParsed is true >+ >+TEST COMPLETE >+ >diff --git a/LayoutTests/http/tests/storageAccess/request-and-grant-access-then-navigate-same-site-should-have-access.html b/LayoutTests/http/tests/storageAccess/request-and-grant-access-then-navigate-same-site-should-have-access.html >new file mode 100644 >index 0000000000000000000000000000000000000000..1fa4fed5231fa1aca3640c1bd8fa951bc2ff005b >--- /dev/null >+++ b/LayoutTests/http/tests/storageAccess/request-and-grant-access-then-navigate-same-site-should-have-access.html >@@ -0,0 +1,90 @@ >+<!DOCTYPE html> >+<html> >+<head> >+ <script src="/js-test-resources/js-test.js"></script> >+ <script src="/js-test-resources/ui-helper.js"></script> >+ <script src="/resourceLoadStatistics/resources/util.js"></script> >+ <script> >+ description("Tests that a cross-origin iframe from a prevalent domain that is granted storage access and then navigates itself same-site still has storage access."); >+ jsTestIsAsync = true; >+ >+ window.addEventListener("message", receiveMessage, false); >+ >+ function finishTest() { >+ setEnableFeature(false, finishJSTest); >+ } >+ >+ const expectedPassMessages = 2; >+ var passMessagesReceived = 0; >+ function receiveMessage(event) { >+ if (event.origin === "http://localhost:8000") { >+ if (event.data.indexOf("document.cookie") === 0) { >+ testPassed(event.data); >+ } else if (event.data.indexOf("PASS") !== -1) { >+ testPassed(event.data.replace("PASS ", "")); >+ passMessagesReceived++; >+ if (passMessagesReceived >= expectedPassMessages) >+ finishTest(); >+ } else { >+ testFailed(event.data); >+ finishTest(); >+ } >+ } else { >+ testFailed("Received a message from an unexpected origin: " + event.origin); >+ finishTest(); >+ } >+ } >+ >+ function activateElement(elementId) { >+ var element = document.getElementById(elementId); >+ var centerX = element.offsetLeft + element.offsetWidth / 2; >+ var centerY = element.offsetTop + element.offsetHeight / 2; >+ UIHelper.activateAt(centerX, centerY).then( >+ function () { >+ if (window.eventSender) >+ eventSender.keyDown("escape"); >+ else { >+ testFailed("No eventSender."); >+ finishTest(); >+ } >+ }, >+ function () { >+ testFailed("Promise rejected."); >+ finishTest(); >+ } >+ ); >+ } >+ >+ function runTest() { >+ activateElement("TheIframeThatRequestsStorageAccess"); >+ } >+ >+ const hostUnderTest = "localhost:8000"; >+ const statisticsUrl = "http://" + hostUnderTest; >+ if (document.location.hash !== "#firstPartyCookieSet") { >+ setEnableFeature(true, function() { >+ document.location.href = statisticsUrl + "/storageAccess/resources/set-cookie.php?name=firstPartyCookie&value=value#http://127.0.0.1:8000/storageAccess/request-and-grant-access-then-navigate-same-site-should-have-access.html#firstPartyCookieSet"; >+ }); >+ } else { >+ testRunner.setStatisticsPrevalentResource(statisticsUrl, true, function() { >+ if (!testRunner.isStatisticsPrevalentResource(statisticsUrl)) >+ testFailed("Host did not get set as prevalent resource."); >+ testRunner.setStatisticsHasHadUserInteraction(statisticsUrl, true, function() { >+ if (!testRunner.isStatisticsHasHadUserInteraction(statisticsUrl)) >+ testFailed("Host did not get logged for user interaction."); >+ testRunner.statisticsUpdateCookieBlocking(function() { >+ let iframeElement = document.createElement("iframe"); >+ iframeElement.setAttribute("sandbox", "allow-storage-access-by-user-activation allow-scripts allow-same-origin allow-modals"); >+ iframeElement.onload = runTest; >+ iframeElement.id = "TheIframeThatRequestsStorageAccess"; >+ iframeElement.src = "http://localhost:8000/storageAccess/resources/self-navigating-frame-after-granted-access.html#userShouldGrantAccess,userShouldBeConsulted,policyShouldGrantAccess,sameSiteNavigation"; >+ document.body.appendChild(iframeElement); >+ }); >+ }); >+ }); >+ } >+ </script> >+</head> >+<body> >+</body> >+</html> >\ No newline at end of file >diff --git a/LayoutTests/http/tests/storageAccess/request-and-grant-access-then-navigate-should-not-have-access-expected.txt b/LayoutTests/http/tests/storageAccess/request-and-grant-access-then-navigate-should-not-have-access-expected.txt >deleted file mode 100644 >index 409a2520c60dfbabea9008c18ae38c9bde5a1e64..0000000000000000000000000000000000000000 >--- a/LayoutTests/http/tests/storageAccess/request-and-grant-access-then-navigate-should-not-have-access-expected.txt >+++ /dev/null >@@ -1,13 +0,0 @@ >-Tests that a cross-origin iframe from a prevalent domain that is granted storage access and then navigates itself does not have storage access. >- >-On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE". >- >- >-PASS document.cookie == >-PASS Storage access was granted. >-PASS document.cookie == cookieSetClientSideAfterGrantedStorageAccess=value; firstPartyCookie=value >-PASS No storage access. document.cookie == , cookies seen server-side == "No cookies" >-PASS successfullyParsed is true >- >-TEST COMPLETE >- >diff --git a/LayoutTests/http/tests/storageAccess/request-and-grant-access-then-navigate-should-not-have-access.html b/LayoutTests/http/tests/storageAccess/request-and-grant-access-then-navigate-should-not-have-access.html >deleted file mode 100644 >index b9310a6a1e608602a70b91b8efa7da823a316e4c..0000000000000000000000000000000000000000 >--- a/LayoutTests/http/tests/storageAccess/request-and-grant-access-then-navigate-should-not-have-access.html >+++ /dev/null >@@ -1,90 +0,0 @@ >-<!DOCTYPE html> >-<html> >-<head> >- <script src="/js-test-resources/js-test.js"></script> >- <script src="/js-test-resources/ui-helper.js"></script> >- <script src="/resourceLoadStatistics/resources/util.js"></script> >- <script> >- description("Tests that a cross-origin iframe from a prevalent domain that is granted storage access and then navigates itself does not have storage access."); >- jsTestIsAsync = true; >- >- window.addEventListener("message", receiveMessage, false); >- >- function finishTest() { >- setEnableFeature(false, finishJSTest); >- } >- >- const expectedPassMessages = 2; >- var passMessagesReceived = 0; >- function receiveMessage(event) { >- if (event.origin === "http://localhost:8000") { >- if (event.data.indexOf("document.cookie") === 0) { >- testPassed(event.data); >- } else if (event.data.indexOf("PASS") !== -1) { >- testPassed(event.data.replace("PASS ", "")); >- passMessagesReceived++; >- if (passMessagesReceived >= expectedPassMessages) >- finishTest(); >- } else { >- testFailed(event.data); >- finishTest(); >- } >- } else { >- testFailed("Received a message from an unexpected origin: " + event.origin); >- finishTest(); >- } >- } >- >- function activateElement(elementId) { >- var element = document.getElementById(elementId); >- var centerX = element.offsetLeft + element.offsetWidth / 2; >- var centerY = element.offsetTop + element.offsetHeight / 2; >- UIHelper.activateAt(centerX, centerY).then( >- function () { >- if (window.eventSender) >- eventSender.keyDown("escape"); >- else { >- testFailed("No eventSender."); >- finishTest(); >- } >- }, >- function () { >- testFailed("Promise rejected."); >- finishTest(); >- } >- ); >- } >- >- function runTest() { >- activateElement("TheIframeThatRequestsStorageAccess"); >- } >- >- const hostUnderTest = "localhost:8000"; >- const statisticsUrl = "http://" + hostUnderTest; >- if (document.location.hash !== "#firstPartyCookieSet") { >- setEnableFeature(true, function() { >- document.location.href = statisticsUrl + "/storageAccess/resources/set-cookie.php?name=firstPartyCookie&value=value#http://127.0.0.1:8000/storageAccess/request-and-grant-access-then-navigate-should-not-have-access.html#firstPartyCookieSet"; >- }); >- } else { >- testRunner.setStatisticsPrevalentResource(statisticsUrl, true, function() { >- if (!testRunner.isStatisticsPrevalentResource(statisticsUrl)) >- testFailed("Host did not get set as prevalent resource."); >- testRunner.setStatisticsHasHadUserInteraction(statisticsUrl, true, function() { >- if (!testRunner.isStatisticsHasHadUserInteraction(statisticsUrl)) >- testFailed("Host did not get logged for user interaction."); >- testRunner.statisticsUpdateCookieBlocking(function() { >- let iframeElement = document.createElement("iframe"); >- iframeElement.setAttribute("sandbox", "allow-storage-access-by-user-activation allow-scripts allow-same-origin allow-modals"); >- iframeElement.onload = runTest; >- iframeElement.id = "TheIframeThatRequestsStorageAccess"; >- iframeElement.src = "http://localhost:8000/storageAccess/resources/self-navigating-frame-after-granted-access.html#userShouldGrantAccess,userShouldBeConsulted,policyShouldGrantAccess"; >- document.body.appendChild(iframeElement); >- }); >- }); >- }); >- } >- </script> >-</head> >-<body> >-</body> >-</html> >\ No newline at end of file >diff --git a/LayoutTests/http/tests/storageAccess/resources/get-cookies.php b/LayoutTests/http/tests/storageAccess/resources/get-cookies.php >index dad8b5a427e036acf11aebe61286547d06bea673..a4fb6a86ea3986e3160aebd59d6c2ccfdf7a46a1 100644 >--- a/LayoutTests/http/tests/storageAccess/resources/get-cookies.php >+++ b/LayoutTests/http/tests/storageAccess/resources/get-cookies.php >@@ -21,4 +21,29 @@ if(!empty($_GET["name3"])) { > <p id="output"></p> > <script> > document.getElementById("output").textContent = "Client-side document.cookie: " + document.cookie; >+ >+ function messageToTop(messagePrefix, fetchData) { >+ top.postMessage(messagePrefix + " document.cookie == " + document.cookie + >+ (fetchData ? ", cookies seen server-side == " + JSON.stringify(fetchData) : ""), "http://127.0.0.1:8000"); >+ } >+ >+ function receiveMessage(event) { >+ if (event.origin === "http://127.0.0.1:8000") { >+ if (event.data.indexOf("reportBackCookies") !== -1) { >+ fetch("echo-incoming-cookies-as-json.php", { credentials: "same-origin" }).then(function(response) { >+ return response.json(); >+ }).then(function(data) { >+ messageToTop("PASS", data); >+ }).catch(function(error) { >+ console.log(error.message); >+ }); >+ } else { >+ messageToTop("FAIL Unknown request."); >+ } >+ } else { >+ messageToTop("Fail Received a message from an unexpected origin: " + event.origin); >+ } >+ } >+ >+ window.addEventListener("message", receiveMessage, false); > </script> >\ No newline at end of file >diff --git a/LayoutTests/http/tests/storageAccess/resources/self-navigating-frame-after-granted-access.html b/LayoutTests/http/tests/storageAccess/resources/self-navigating-frame-after-granted-access.html >index 6481d59aeafb983153ebe600117ceaf2e81ff46d..dbda7ea2430b687acfd57fe353bc0448b85a37d3 100644 >--- a/LayoutTests/http/tests/storageAccess/resources/self-navigating-frame-after-granted-access.html >+++ b/LayoutTests/http/tests/storageAccess/resources/self-navigating-frame-after-granted-access.html >@@ -5,6 +5,7 @@ > const userShouldGrantAccess = hashArguments[0] === "userShouldGrantAccess"; > const userShouldBeConsulted = hashArguments[1] === "userShouldBeConsulted"; > const policyShouldGrantAccess = hashArguments[2] === "policyShouldGrantAccess"; >+ const sameSiteNavigation = hashArguments[3] === "sameSiteNavigation"; > > if (internals && userShouldGrantAccess) > internals.setUserGrantsStorageAccess(true); >@@ -26,7 +27,11 @@ > } > > function navigate() { >- document.location.href = "http://localhost:8000/storageAccess/resources/has-storage-access-iframe.html#policyShouldNotGrantAccess" >+ if (sameSiteNavigation) { >+ document.location.href = "http://localhost:8000/storageAccess/resources/has-storage-access-iframe.html#policyShouldGrantAccess"; >+ } else { >+ document.location.href = "http://127.0.0.1:8000/resourceLoadStatistics/resources/redirect.php?redirectTo=http://localhost:8000/storageAccess/resources/has-storage-access-iframe.html"; >+ } > } > > function setCookieAndNavigate() { >diff --git a/LayoutTests/platform/mac-wk2/TestExpectations b/LayoutTests/platform/mac-wk2/TestExpectations >index 8eebfdfff757c8c226aa1fc2b8f8c20c164395f2..0b24e8fe46cfd6c251464ff65c568b2614979180 100644 >--- a/LayoutTests/platform/mac-wk2/TestExpectations >+++ b/LayoutTests/platform/mac-wk2/TestExpectations >@@ -695,7 +695,8 @@ http/tests/resourceLoadStatistics/user-interaction-reported-after-website-data-r > [ HighSierra+ ] http/tests/storageAccess/request-storage-access-cross-origin-sandboxed-iframe-without-user-gesture.html [ Pass ] > [ HighSierra+ ] http/tests/storageAccess/has-storage-access-from-prevalent-domain-with-user-interaction.html [ Pass ] > [ HighSierra+ ] http/tests/storageAccess/request-and-grant-access-then-detach-should-not-have-access.html [ Pass ] >-[ HighSierra+ ] http/tests/storageAccess/request-and-grant-access-then-navigate-should-not-have-access.html [ Pass ] >+[ HighSierra+ ] http/tests/storageAccess/request-and-grant-access-then-navigate-cross-site-should-not-have-access.html [ Pass ] >+[ HighSierra+ ] http/tests/storageAccess/request-and-grant-access-then-navigate-same-site-should-have-access.html [ Pass ] > [ HighSierra+ ] http/tests/storageAccess/deny-storage-access-under-opener.html [ Pass ] > [ HighSierra+ ] http/tests/storageAccess/grant-storage-access-under-opener.html [ Pass ] >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=348664">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Formatted Diff
|
Diff
Attachments on
bug 188564
:
348574
| 348664