Bug 1765815 [wpt PR 33733] - Add WPT tests for using cookies in cross origin SR prefetch, a=testonly

Automatic update from web-platform-tests Add WPT tests for using cookies in cross origin SR prefetch - speculation-rules base prefetch logic should not send/set cookies when prefetching cross origin urls. Bug: 1302365 Change-Id: I7c54dccedf1dbe54671e7aa89c0ae9b63af5b80b Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3599108 Commit-Queue: Iman Saboori <isaboori@google.com> Reviewed-by: Jeremy Roman <jbroman@chromium.org> Cr-Commit-Position: refs/heads/main@{#1000545} -- wpt-commits: 41096e0790d6427a354f1b447b36eb1f45128d69 wpt-pr: 33733
2022-05-08 17:52:15 +00:00 · 2022-05-08 17:52:15 +00:00 · 687e38fb25
--- a/testing/web-platform/tests/speculation-rules/prefetch/cross-origin-cookies.https.html
+++ b/testing/web-platform/tests/speculation-rules/prefetch/cross-origin-cookies.https.html
@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<meta name="timeout" content="long">
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+<script src="/resources/testdriver.js"></script>
+<script src='/resources/testdriver-vendor.js'></script>
+<script src="/common/dispatcher/dispatcher.js"></script>
+<script src="/common/utils.js"></script>
+<script src="resources/utils.sub.js"></script>
+<script>
+  promise_test(async t => {
+    assert_implements(HTMLScriptElement.supports('speculationrules'), "Speculation Rules not supported");
+
+    await test_driver.delete_all_cookies();
+
+    let executor = 'cookies.py';
+    let agent = await spawnWindow(t, { executor });
+    let response_cookies = await agent.getResponseCookies();
+    let request_cookies = await agent.getRequestCookies();
+    assert_equals(request_cookies["count"], undefined);
+    assert_equals(request_cookies["type"], undefined);
+    assert_equals(response_cookies["count"], "1");
+    assert_equals(response_cookies["type"], "navigate");
+
+    let nextUrl = agent.getExecutorURL({ executor, hostname: PREFETCH_PROXY_BYPASS_HOST, page: 2 });
+    await agent.forceSinglePrefetch(nextUrl, { requires: ["anonymous-client-ip-when-cross-origin"] });
+    await agent.forceSinglePrefetch(nextUrl);
+    await agent.navigate(nextUrl);
+
+    response_cookies = await agent.getResponseCookies();
+    request_cookies = await agent.getRequestCookies();
+    assert_equals(request_cookies["count"], undefined);
+    assert_equals(request_cookies["type"], undefined);
+    assert_equals(response_cookies["count"], "1");
+    assert_equals(response_cookies["type"], "prefetch");
+
+    let requestHeaders = await agent.getRequestHeaders();
+    assert_equals(requestHeaders.sec_purpose, "prefetch;anonymous-client-ip");
+
+  }, "speculation rules based prefetch should not use cookies for cross origin urls.");
+</script>
--- a/testing/web-platform/tests/speculation-rules/prefetch/resources/cookies.py
+++ b/testing/web-platform/tests/speculation-rules/prefetch/resources/cookies.py
@ -0,0 +1,41 @@
+
+def main(request, response):
+  def get_cookie(key):
+    key = key.encode("utf-8")
+    if key in request.cookies:
+      return f'"{request.cookies[key].value.decode("utf-8")}"'
+    else:
+      return "undefined"
+
+  purpose = request.headers.get("Purpose", b"").decode("utf-8")
+  sec_purpose = request.headers.get("Sec-Purpose", b"").decode("utf-8")
+
+  cookie_count = int(
+      request.cookies[b"count"].value) if b"count" in request.cookies else 0
+  response.set_cookie("count", f"{cookie_count+1}",
+                      secure=True, samesite="None")
+  response.set_cookie(
+      "type", "prefetch" if sec_purpose.startswith("prefetch") else "navigate")
+
+  headers = [(b"Content-Type", b"text/html")]
+
+  content = f'''
+  <!DOCTYPE html>
+  <script src="/common/dispatcher/dispatcher.js"></script>
+  <script src="utils.sub.js"></script>
+  <script>
+  window.requestHeaders = {{
+    purpose: "{purpose}",
+    sec_purpose: "{sec_purpose}"
+  }};
+
+  window.requestCookies = {{
+    count: {get_cookie("count")},
+    type:  {get_cookie("type")}
+  }};
+
+  const uuid = new URLSearchParams(location.search).get('uuid');
+  window.executor = new Executor(uuid);
+  </script>
+  '''
+  return headers, content
--- a/testing/web-platform/tests/speculation-rules/prefetch/resources/utils.sub.js
+++ b/testing/web-platform/tests/speculation-rules/prefetch/resources/utils.sub.js
@ -14,9 +14,12 @@ class PrefetchAgent extends RemoteContext {
  }

  getExecutorURL(options = {}) {
-    let {hostname, protocol, ...extra} = options;
+    let {hostname, protocol, executor, ...extra} = options;
    let params = new URLSearchParams({uuid: this.context_id, ...extra});
-    let url = new URL(`executor.sub.html?${params}`, SR_PREFETCH_UTILS_URL);
+    if(executor === undefined) {
+      executor = "executor.sub.html";
+    }
+    let url = new URL(`${executor}?${params}`, SR_PREFETCH_UTILS_URL);
    if(hostname !== undefined) {
      url.hostname = hostname;
    }
@ -55,6 +58,21 @@ class PrefetchAgent extends RemoteContext {
  async getRequestHeaders() {
    return this.execute_script(() => requestHeaders);
  }
+
+  async getResponseCookies() {
+    return this.execute_script(() => {
+      let cookie = {};
+      document.cookie.split(/\s*;\s*/).forEach((kv)=>{
+        let [key, value] = kv.split(/\s*=\s*/);
+        cookie[key] = value;
+      });
+      return cookie;
+    });
+  }
+
+  async getRequestCookies() {
+    return this.execute_script(() => window.requestCookies);
+  }
 }

 // Produces n URLs with unique UUIDs which will record when they are prefetched.
@ -79,9 +97,10 @@ async function isUrlPrefetched(url) {
 }

 // Must also include /common/utils.js and /common/dispatcher/dispatcher.js to use this.
-async function spawnWindow(t, extra = {}) {
+async function spawnWindow(t, options = {}) {
+  let {executor, ...extra} = options;
  let agent = new PrefetchAgent(token(), t);
-  let w = window.open(agent.getExecutorURL(), extra);
+  let w = window.open(agent.getExecutorURL({executor}), extra);
  t.add_cleanup(() => w.close());
  return agent;
 }
--- a/testing/web-platform/tests/speculation-rules/prefetch/same-origin-cookies.https.html
+++ b/testing/web-platform/tests/speculation-rules/prefetch/same-origin-cookies.https.html
@ -0,0 +1,39 @@
+<!DOCTYPE html>
+<meta name="timeout" content="long">
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+<script src="/resources/testdriver.js"></script>
+<script src='/resources/testdriver-vendor.js'></script>
+<script src="/common/dispatcher/dispatcher.js"></script>
+<script src="/common/utils.js"></script>
+<script src="resources/utils.sub.js"></script>
+<script>
+  promise_test(async t => {
+    assert_implements(HTMLScriptElement.supports('speculationrules'), "Speculation Rules not supported");
+
+    await test_driver.delete_all_cookies();
+
+    let executor = 'cookies.py';
+    let agent = await spawnWindow(t, { executor });
+    let response_cookies = await agent.getResponseCookies();
+    let request_cookies = await agent.getRequestCookies();
+    assert_equals(request_cookies["count"], undefined);
+    assert_equals(request_cookies["type"], undefined);
+    assert_equals(response_cookies["count"], "1");
+    assert_equals(response_cookies["type"], "navigate");
+
+    let nextUrl = agent.getExecutorURL({ executor, page: 2 });
+    await agent.forceSinglePrefetch(nextUrl);
+    await agent.navigate(nextUrl);
+
+    response_cookies = await agent.getResponseCookies();
+    request_cookies = await agent.getRequestCookies();
+    assert_equals(request_cookies["count"], "1");
+    assert_equals(request_cookies["type"], "navigate");
+    assert_equals(response_cookies["count"], "2");
+    assert_equals(response_cookies["type"], "prefetch");
+
+    assert_prefetched(await agent.getRequestHeaders());
+
+  }, "speculation rules based prefetch should use cookies for same origin urls.");
+</script>