Bug 1831122 [wpt PR 39823] - Inherit COOP: restrict-properties and un-suppress opener, a=testonly

Automatic update from web-platform-tests Inherit COOP: restrict-properties and un-suppress opener To make the `Cross-Origin-Opener-Policy: restrict-properties` (COOP:RP) more useful, we'd like to let cross-origin iframes inherit this policy from their parent and keep the opener connection between windows that the iframes open. See https://github.com/hemeryar/coi-with-popups/blob/main/docs/cross_origin_iframe_popup.MD for more explanations. In https://crrev.com/c/4404116, we've bundled the origin that sets the COOP with the policy. This CL is to use the stored origin in COOP algorithms: 1. In `RenderFrameHostImpl::DidCommitNewDocument`, we let embedded documents inherit the COOP:RP bundle when the policy is COOP:RP. 2. To keep the opener connection, we return false in `COOPSuppressOpener` when COOP value is RP. 3. Since we allow the popup's initial empty document and its subframes to stay in the process, we had to restrict its crossOriginIsolated capability. Otherwise, a cross-origin iframe can get around permission policy that restricts it from using crossOriginIsolated APIs. - For the initial empty document, we pass a boolean to the renderer via CreateNewWindow. - For the subframes of the initial empty document, we pass a boolean via CommitNavigation. This CL also adds new test cases for 1. Cross-origin iframe opener v.s. same-origin iframe opener. 2. Checking the popup's subframe's `crossOriginIsolated`. 3. Checking popup's `crossOriginIsolated` after it navigates away from the initial empty document. (This is to make sure that we don't restrict the `crossOriginIsolated` when we shouldn't) Bug: 1385827 Change-Id: I39cd140f70b628114205640af2220ec2de45ac06 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4479858 Auto-Submit: Jonathan Hao <phao@chromium.org> Reviewed-by: Mike West <mkwst@chromium.org> Reviewed-by: Camille Lamy <clamy@chromium.org> Commit-Queue: Jonathan Hao <phao@chromium.org> Cr-Commit-Position: refs/heads/main@{#1159514} -- wpt-commits: f54e23527ff683dc481c72fb6e9965da6c46ad6e wpt-pr: 39823
2023-06-19 20:26:43 +00:00 · 2023-06-19 20:26:43 +00:00 · 75277ab684
--- a/testing/web-platform/tests/html/cross-origin-opener-policy/tentative/restrict-properties/iframe-popup-about-blank.https.window.js
+++ b/testing/web-platform/tests/html/cross-origin-opener-policy/tentative/restrict-properties/iframe-popup-about-blank.https.window.js
@ -4,11 +4,16 @@

 const executor_path = '/common/dispatcher/executor.html?pipe=';
 const cross_origin = get_host_info().OTHER_ORIGIN;
+const same_origin = get_host_info().ORIGIN;
 const coep_require_corp_header =
    '|header(Cross-Origin-Embedder-Policy,require-corp)';
 const corp_cross_origin_header =
    '|header(Cross-Origin-Resource-Policy,cross-origin)';
+const coop_restrict_properties_header =
+    '|header(Cross-Origin-Opener-Policy,restrict-properties)';

+function iframePopupAboutBlankTest(
+    origin, {expectedCrossOriginIsolated}, description) {
  promise_test(async t => {
    assert_true(crossOriginIsolated, 'Is main frame crossOriginIsolated?');

@ -16,7 +21,7 @@ promise_test(async t => {
    const iframe_token = token();

    const iframe = document.createElement('iframe');
-  iframe.src = cross_origin + executor_path + coep_require_corp_header +
+    iframe.src = origin + executor_path + coep_require_corp_header +
        corp_cross_origin_header + `&uuid=${iframe_token}`;
    document.body.appendChild(iframe);

@ -33,5 +38,48 @@ promise_test(async t => {
        iframe_token,
        `send('${reply_token}', popup.window.crossOriginIsolated);`);
    assert_equals(
-      await receive(reply_token), 'false', 'Is popup crossOriginIsolated?');
-});
+        await receive(reply_token), `${expectedCrossOriginIsolated}`,
+        'Is popup crossOriginIsolated?');
+
+    // Test whether the popup's subframe is crossOriginIsolated
+    const popup_iframe_token = token();
+    const popup_iframe_src = origin + executor_path + coep_require_corp_header +
+        corp_cross_origin_header + `&uuid=${popup_iframe_token}`;
+    send(iframe_token, `
+        const iframe = window.popup.document.createElement('iframe');
+        iframe.src = '${popup_iframe_src}';
+        popup.document.body.appendChild(iframe);
+    `);
+
+    send(
+        popup_iframe_token,
+        `send('${reply_token}', 'Iframe in popup loaded');`);
+    assert_equals(await receive(reply_token), 'Iframe in popup loaded');
+
+    send(
+        popup_iframe_token,
+        `send('${reply_token}', crossOriginIsolated);`);
+    assert_equals(
+        await receive(reply_token), `${expectedCrossOriginIsolated}`,
+        'Is iframe in popup crossOriginIsolated?');
+
+    // Navigate the popup out of the initial empty document, with COOP:RP and
+    // COEP: require-corp. Expect to be crossOriginIsolated.
+    const popup_token = token();
+    const popup_src = origin + executor_path + coop_restrict_properties_header +
+        coep_require_corp_header + `&uuid=${popup_token}`;
+    send(iframe_token, `popup.window.location = '${popup_src}';`);
+
+    send(popup_token, `send('${reply_token}', 'Popup loaded');`);
+    assert_equals(await receive(reply_token), 'Popup loaded');
+
+    send(popup_token, `send('${reply_token}', crossOriginIsolated);`);
+    assert_equals(
+        await receive(reply_token), 'true', 'Is popup crossOriginIsolated?');
+  }, description);
+}
+
+iframePopupAboutBlankTest(
+    cross_origin, {expectedCrossOriginIsolated: false}, 'Cross-origin iframe');
+iframePopupAboutBlankTest(
+    same_origin, {expectedCrossOriginIsolated: true}, 'Same-origin iframe');