-
Notifications
You must be signed in to change notification settings - Fork 3.2k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add WPT tests for SameSite cookies in ServiceWorkers with nested frames.
This CL adds a number of new cases to the service worker SameSite cookies test. The cases break down into two general types: 1. Cases where A1 frames B frames A2, and then A2 calls window.open() to an A origin URL. 2. Cases where A1 frames B frames A2, and then A2 sets the location to an A origin URL. For (1) we expect SameSite strict cookies to be sent because window.open() creates a top-level context that will have a populated site-for-cookies and the initiator is same-origin (regardless of the cross-site ancestor chain). For (2) we expect only SameSite=None cookies to be sent. This is because setting the location results in a navigation to an A1->B->A3 nested frame with an empty site-for-cookies. We currently fail the passthrough and change-request cases for (2). We plan to fix this as part of storage partitioning with an ancestor chain bit in the StorageKey. See: privacycg/storage-partitioning#25 This CL also includes some minor cleanup of the WPT test and associated resources. Bug: 1115847 Change-Id: I9002e60a271ae95d1d702068d44b30bd0e33b5dc Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3277058 Reviewed-by: Steven Bingler <[email protected]> Commit-Queue: Ben Kelly <[email protected]> Cr-Commit-Position: refs/heads/main@{#944293}
- Loading branch information
1 parent
53d10f6
commit bfe98d4
Showing
7 changed files
with
180 additions
and
27 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,4 +1,5 @@ | ||
<!DOCTYPE html> | ||
<meta charset="utf-8"/> | ||
<meta name="referrer" content="origin"> | ||
<script> | ||
function onLoad() { | ||
|
18 changes: 18 additions & 0 deletions
18
service-workers/service-worker/resources/nested-parent.html
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,18 @@ | ||
<!DOCTYPE html> | ||
<meta charset="utf-8"/> | ||
<meta name="referrer" content="origin"> | ||
<script> | ||
async function onLoad() { | ||
self.addEventListener('message', evt => { | ||
if (self.opener) | ||
self.opener.postMessage(evt.data, '*'); | ||
else | ||
self.top.postMessage(evt.data, '*'); | ||
}, { once: true }); | ||
const params = new URLSearchParams(self.location.search); | ||
const frame = document.createElement('iframe'); | ||
frame.src = params.get('target'); | ||
document.body.appendChild(frame); | ||
} | ||
self.addEventListener('load', onLoad); | ||
</script> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
17 changes: 17 additions & 0 deletions
17
service-workers/service-worker/resources/window-opener.html
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
<!DOCTYPE html> | ||
<meta charset="utf-8"/> | ||
<meta name="referrer" content="origin"> | ||
<script> | ||
function onLoad() { | ||
self.onmessage = evt => { | ||
if (self.opener) | ||
self.opener.postMessage(evt.data, '*'); | ||
else | ||
self.top.postMessage(evt.data, '*'); | ||
} | ||
const params = new URLSearchParams(self.location.search); | ||
const w = window.open(params.get('target')); | ||
self.addEventListener('unload', evt => w.close()); | ||
} | ||
self.addEventListener('load', onLoad); | ||
</script> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters