From 75277ab684859c30919593f3dadf54757f022b15 Mon Sep 17 00:00:00 2001
From: Jonathan Hao <phao@chromium.org>
Date: Mon, 19 Jun 2023 20:26:43 +0000
Subject: [PATCH] Bug 1831122 [wpt PR 39823] - Inherit COOP:
 restrict-properties and un-suppress opener, a=testonly

Automatic update from web-platform-tests
Inherit COOP: restrict-properties and un-suppress opener

To make the `Cross-Origin-Opener-Policy: restrict-properties` (COOP:RP)
more useful, we'd like to let cross-origin iframes inherit this policy
from their parent and keep the opener connection between windows that
the iframes open. See
https://github.com/hemeryar/coi-with-popups/blob/main/docs/cross_origin_iframe_popup.MD
for more explanations.

In https://crrev.com/c/4404116, we've bundled the origin that sets the
COOP with the policy.  This CL is to use the stored origin in COOP
algorithms:
1. In `RenderFrameHostImpl::DidCommitNewDocument`, we let embedded
documents inherit the COOP:RP bundle when the policy is COOP:RP.
2. To keep the opener connection, we return false in
`COOPSuppressOpener` when COOP value is RP.
3. Since we allow the popup's initial empty document and its subframes
to stay in the process, we had to restrict its crossOriginIsolated
capability. Otherwise, a cross-origin iframe can get around permission
policy that restricts it from using crossOriginIsolated APIs.
  - For the initial empty document, we pass a boolean to the renderer
  via CreateNewWindow.
  - For the subframes of the initial empty document, we pass a boolean
  via CommitNavigation.

This CL also adds new test cases for
1. Cross-origin iframe opener v.s. same-origin iframe opener.
2. Checking the popup's subframe's `crossOriginIsolated`.
3. Checking popup's `crossOriginIsolated` after it navigates away from
the initial empty document. (This is to make sure that we don't
restrict the `crossOriginIsolated` when we shouldn't)

Bug: 1385827
Change-Id: I39cd140f70b628114205640af2220ec2de45ac06
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4479858
Auto-Submit: Jonathan Hao <phao@chromium.org>
Reviewed-by: Mike West <mkwst@chromium.org>
Reviewed-by: Camille Lamy <clamy@chromium.org>
Commit-Queue: Jonathan Hao <phao@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1159514}

--

wpt-commits: f54e23527ff683dc481c72fb6e9965da6c46ad6e
wpt-pr: 39823
---
 .../iframe-popup-about-blank.https.window.js  | 90 ++++++++++++++-----
 1 file changed, 69 insertions(+), 21 deletions(-)

diff --git a/testing/web-platform/tests/html/cross-origin-opener-policy/tentative/restrict-properties/iframe-popup-about-blank.https.window.js b/testing/web-platform/tests/html/cross-origin-opener-policy/tentative/restrict-properties/iframe-popup-about-blank.https.window.js
index d63b69e83f33..cafb4c4f8c51 100644
--- a/testing/web-platform/tests/html/cross-origin-opener-policy/tentative/restrict-properties/iframe-popup-about-blank.https.window.js
+++ b/testing/web-platform/tests/html/cross-origin-opener-policy/tentative/restrict-properties/iframe-popup-about-blank.https.window.js
@@ -4,34 +4,82 @@
 
 const executor_path = '/common/dispatcher/executor.html?pipe=';
 const cross_origin = get_host_info().OTHER_ORIGIN;
+const same_origin = get_host_info().ORIGIN;
 const coep_require_corp_header =
     '|header(Cross-Origin-Embedder-Policy,require-corp)';
 const corp_cross_origin_header =
     '|header(Cross-Origin-Resource-Policy,cross-origin)';
+const coop_restrict_properties_header =
+    '|header(Cross-Origin-Opener-Policy,restrict-properties)';
 
-promise_test(async t => {
-  assert_true(crossOriginIsolated, 'Is main frame crossOriginIsolated?');
+function iframePopupAboutBlankTest(
+    origin, {expectedCrossOriginIsolated}, description) {
+  promise_test(async t => {
+    assert_true(crossOriginIsolated, 'Is main frame crossOriginIsolated?');
 
-  const reply_token = token();
-  const iframe_token = token();
+    const reply_token = token();
+    const iframe_token = token();
 
-  const iframe = document.createElement('iframe');
-  iframe.src = cross_origin + executor_path + coep_require_corp_header +
-      corp_cross_origin_header + `&uuid=${iframe_token}`;
-  document.body.appendChild(iframe);
+    const iframe = document.createElement('iframe');
+    iframe.src = origin + executor_path + coep_require_corp_header +
+        corp_cross_origin_header + `&uuid=${iframe_token}`;
+    document.body.appendChild(iframe);
 
-  send(iframe_token, `send('${reply_token}', 'Iframe loaded');`);
-  assert_equals(await receive(reply_token), 'Iframe loaded');
+    send(iframe_token, `send('${reply_token}', 'Iframe loaded');`);
+    assert_equals(await receive(reply_token), 'Iframe loaded');
 
-  send(iframe_token, `
-    window.popup = window.open();
-    send('${reply_token}', popup === null);
-  `);
-  assert_equals(await receive(reply_token), 'false', 'Is popup handle null?');
+    send(iframe_token, `
+        window.popup = window.open();
+        send('${reply_token}', popup === null);
+      `);
+    assert_equals(await receive(reply_token), 'false', 'Is popup handle null?');
 
-  send(
-      iframe_token,
-      `send('${reply_token}', popup.window.crossOriginIsolated);`);
-  assert_equals(
-      await receive(reply_token), 'false', 'Is popup crossOriginIsolated?');
-});
+    send(
+        iframe_token,
+        `send('${reply_token}', popup.window.crossOriginIsolated);`);
+    assert_equals(
+        await receive(reply_token), `${expectedCrossOriginIsolated}`,
+        'Is popup crossOriginIsolated?');
+
+    // Test whether the popup's subframe is crossOriginIsolated
+    const popup_iframe_token = token();
+    const popup_iframe_src = origin + executor_path + coep_require_corp_header +
+        corp_cross_origin_header + `&uuid=${popup_iframe_token}`;
+    send(iframe_token, `
+        const iframe = window.popup.document.createElement('iframe');
+        iframe.src = '${popup_iframe_src}';
+        popup.document.body.appendChild(iframe);
+    `);
+
+    send(
+        popup_iframe_token,
+        `send('${reply_token}', 'Iframe in popup loaded');`);
+    assert_equals(await receive(reply_token), 'Iframe in popup loaded');
+
+    send(
+        popup_iframe_token,
+        `send('${reply_token}', crossOriginIsolated);`);
+    assert_equals(
+        await receive(reply_token), `${expectedCrossOriginIsolated}`,
+        'Is iframe in popup crossOriginIsolated?');
+
+    // Navigate the popup out of the initial empty document, with COOP:RP and
+    // COEP: require-corp. Expect to be crossOriginIsolated.
+    const popup_token = token();
+    const popup_src = origin + executor_path + coop_restrict_properties_header +
+        coep_require_corp_header + `&uuid=${popup_token}`;
+    send(iframe_token, `popup.window.location = '${popup_src}';`);
+
+    send(popup_token, `send('${reply_token}', 'Popup loaded');`);
+    assert_equals(await receive(reply_token), 'Popup loaded');
+
+    send(popup_token, `send('${reply_token}', crossOriginIsolated);`);
+    assert_equals(
+        await receive(reply_token), 'true', 'Is popup crossOriginIsolated?');
+  }, description);
+}
+
+iframePopupAboutBlankTest(
+    cross_origin, {expectedCrossOriginIsolated: false}, 'Cross-origin iframe');
+iframePopupAboutBlankTest(
+    same_origin, {expectedCrossOriginIsolated: true}, 'Same-origin iframe');