Bug 1638112 [wpt PR 23610] - Origin isolation: add WPTs for history scenarios, a=testonly

Automatic update from web-platform-tests Origin isolation: add WPTs for history scenarios These are based on https://github.com/WICG/origin-isolation/blob/master/scenarios.md#session-history-scenarios. Bug: 1042415 Change-Id: If58a573764cb31ac34e17627555403134edac30a Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2202657 Commit-Queue: Domenic Denicola <domenic@chromium.org> Reviewed-by: James MacLean <wjmaclean@chromium.org> Cr-Commit-Position: refs/heads/master@{#768989} -- wpt-commits: 1f1d9408d23bbdbb9e0fc2c050b55577814a35c0 wpt-pr: 23610
2020-05-21 10:21:36 +00:00 · 2020-05-21 10:21:36 +00:00 · 812687e798
--- a/testing/web-platform/tests/origin-isolation/going-back.sub.https.html
+++ b/testing/web-platform/tests/origin-isolation/going-back.sub.https.html
@ -0,0 +1,130 @@
+<!DOCTYPE html>
+<meta charset="utf-8">
+<title>Parent is isolated, child1 is not isolated, child1 navigates to a different site, child2 gets inserted and is isolated, child1 navigates back</title>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+
+<div id="log"></div>
+
+<script type="module">
+import { insertIframe, navigateIframe, waitForIframe, sendWasmModule,
+         setBothDocumentDomains, sendWasmModuleBetween, accessDocumentBetween }
+       from "./resources/helpers.mjs";
+
+let frameWindow1, frame1, frameWindow2;
+promise_setup(async () => {
+  frameWindow1 = await insertIframe("{{hosts[][www]}}");
+  frame1 = document.querySelector("iframe");
+});
+
+// Since they're different-origin, the parent's isolation request is respected,
+// as is the child's non-request. So the parent ends up in the origin-keyed
+// agent cluster and the child ends up in the site-keyed one.
+
+promise_test(async () => {
+  const whatHappened = await sendWasmModule(frameWindow1);
+
+  assert_equals(whatHappened, "messageerror");
+}, "Before navigation: parent to child1: messageerror event must occur");
+
+promise_test(async () => {
+  await setBothDocumentDomains(frameWindow1);
+
+  assert_throws_dom("SecurityError", DOMException, () => {
+    frameWindow1.document;
+  });
+}, "Before navigation: parent to child1: setting document.domain must not give sync access");
+
+// Navigate the iframe to a different site. These, of course, must not be in the
+// same agent cluster.
+
+promise_test(async () => {
+  await navigateIframe(frame1, "{{hosts[alt][]}}");
+}, "Navigation");
+
+// Now insert a second iframe, pointing to the same place as the first one
+// originally did, but this time with origin isolation enabled. Because of the
+// historical map of agent cluster keys for the browsing context group, the new
+// iframe should still end up in the site-keyed agent cluster.
+
+promise_test(async () => {
+  frameWindow2 = await insertIframe("{{hosts[][www]}}", "?1");
+}, "Inserting a second iframe");
+
+promise_test(async () => {
+  const whatHappened = await sendWasmModule(frameWindow2);
+
+  assert_equals(whatHappened, "messageerror");
+}, "After navigation: parent to child2: messageerror event must occur");
+
+promise_test(async () => {
+  await setBothDocumentDomains(frameWindow2);
+
+  assert_throws_dom("SecurityError", DOMException, () => {
+    frameWindow2.document;
+  });
+}, "After navigation: parent to child2: setting document.domain must not give sync access");
+
+// Now navigate the first iframe back. The resulting Document should be put in
+// the site agent cluster, together with the second iframe's Document.
+
+promise_test(async () => {
+  const waitPromise = waitForIframe(frame1);
+  history.back();
+  await waitPromise;
+
+  await setBothDocumentDomains(frameWindow1);
+}, "Going back in history (navigating back the first iframe)");
+
+promise_test(async () => {
+  const whatHappened = await sendWasmModule(frameWindow1);
+
+  assert_equals(whatHappened, "messageerror");
+}, "After back: parent to child1: messageerror event must occur");
+
+promise_test(async () => {
+  await setBothDocumentDomains(frameWindow2);
+
+  assert_throws_dom("SecurityError", DOMException, () => {
+    frameWindow1.document;
+  });
+}, "After back: parent to child1: setting document.domain must not give sync access");
+
+promise_test(async () => {
+  const whatHappened = await sendWasmModule(frameWindow2);
+
+  assert_equals(whatHappened, "messageerror");
+}, "After back: parent to child2: messageerror event must occur");
+
+promise_test(async () => {
+  await setBothDocumentDomains(frameWindow1);
+
+  assert_throws_dom("SecurityError", DOMException, () => {
+    frameWindow1.document;
+  });
+}, "After back: parent to child2: setting document.domain must not give sync access");
+
+promise_test(async () => {
+  const whatHappened = await sendWasmModuleBetween(frameWindow1, 1);
+
+  assert_equals(whatHappened, "WebAssembly.Module message received");
+}, "child1 to child2: message event must occur");
+
+promise_test(async () => {
+  const whatHappened = await accessDocumentBetween(frameWindow1, 1);
+
+  assert_equals(whatHappened, "accessed document successfully");
+}, "child1 to child2: setting document.domain must give sync access");
+
+promise_test(async () => {
+  const whatHappened = await sendWasmModuleBetween(frameWindow2, 0);
+
+  assert_equals(whatHappened, "WebAssembly.Module message received");
+}, "child2 to child1: message event must occur");
+
+promise_test(async () => {
+  const whatHappened = await accessDocumentBetween(frameWindow2, 0);
+
+  assert_equals(whatHappened, "accessed document successfully");
+}, "child2 to child1: setting document.domain must give sync access");
+</script>
--- a/testing/web-platform/tests/origin-isolation/going-back.sub.https.html.headers
+++ b/testing/web-platform/tests/origin-isolation/going-back.sub.https.html.headers
@ -0,0 +1 @@
+Origin-Isolation: ?1
--- a/testing/web-platform/tests/origin-isolation/removing-iframes.sub.https.html
+++ b/testing/web-platform/tests/origin-isolation/removing-iframes.sub.https.html
@ -0,0 +1,99 @@
+<!DOCTYPE html>
+<meta charset="utf-8">
+<title>Parent is isolated, child1 is not isolated, child1 navigates to a different site, child2 gets inserted and is isolated, child1 navigates back</title>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+
+<div id="log"></div>
+
+<script type="module">
+import { insertIframe, navigateIframe, waitForIframe, sendWasmModule,
+         setBothDocumentDomains, sendWasmModuleBetween, accessDocumentBetween }
+       from "./resources/helpers.mjs";
+
+let frame1, frameWindow1, frameWindow2, frameWindow3;
+promise_setup(async () => {
+  frameWindow1 = await insertIframe("{{hosts[][www]}}");
+  frame1 = document.querySelector("iframe");
+});
+
+// Since they're different-origin, the parent's isolation request is respected,
+// as is the child's non-request. So the parent ends up in the origin-keyed
+// agent cluster and the child ends up in the site-keyed one.
+
+promise_test(async () => {
+  const whatHappened = await sendWasmModule(frameWindow1);
+
+  assert_equals(whatHappened, "messageerror");
+}, "Before: messageerror event must occur");
+
+promise_test(async () => {
+  await setBothDocumentDomains(frameWindow1);
+
+  assert_throws_dom("SecurityError", DOMException, () => {
+    frameWindow1.document;
+  });
+}, "Before: setting document.domain must not give sync access");
+
+promise_test(async () => {
+  frame1.remove();
+
+  frameWindow2 = await insertIframe("{{hosts[][www]}}", "?1");
+  frameWindow3 = await insertIframe("{{hosts[][www1]}}");
+
+  await setBothDocumentDomains(frameWindow2);
+  await setBothDocumentDomains(frameWindow3);
+}, "Remove the iframe and insert new ones");
+
+// Because of the historical presence of a non-isolated {{hosts[][www]}} iframe,
+// the origin isolation request for frameWindow2 will be ignored. So,
+// frameWindow2 and frameWindow3 both end up in the site-keyed agent cluster.
+
+promise_test(async () => {
+  const whatHappened = await sendWasmModule(frameWindow2);
+
+  assert_equals(whatHappened, "messageerror");
+}, "Parent to child2: messageerror event must occur");
+
+promise_test(async () => {
+  assert_throws_dom("SecurityError", DOMException, () => {
+    frameWindow2.document;
+  });
+}, "Parent to child2: setting document.domain must not give sync access");
+
+promise_test(async () => {
+  const whatHappened = await sendWasmModule(frameWindow3);
+
+  assert_equals(whatHappened, "messageerror");
+}, "Parent to child3: messageerror event must occur");
+
+promise_test(async () => {
+  assert_throws_dom("SecurityError", DOMException, () => {
+    frameWindow3.document;
+  });
+}, "Parent to child3: setting document.domain must not give sync access");
+
+promise_test(async () => {
+  const whatHappened = await sendWasmModuleBetween(frameWindow2, 1);
+
+  assert_equals(whatHappened, "WebAssembly.Module message received");
+}, "child2 to child3: message event must occur");
+
+promise_test(async () => {
+  const whatHappened = await accessDocumentBetween(frameWindow2, 1);
+
+  assert_equals(whatHappened, "accessed document successfully");
+}, "child2 to child3: setting document.domain must give sync access");
+
+promise_test(async () => {
+  const whatHappened = await sendWasmModuleBetween(frameWindow3, 0);
+
+  assert_equals(whatHappened, "WebAssembly.Module message received");
+}, "child3 to child2: message event must occur");
+
+promise_test(async () => {
+  const whatHappened = await accessDocumentBetween(frameWindow3, 0);
+
+  assert_equals(whatHappened, "accessed document successfully");
+}, "child3 to child2: setting document.domain must give sync access");
+</script>
--- a/testing/web-platform/tests/origin-isolation/removing-iframes.sub.https.html.headers
+++ b/testing/web-platform/tests/origin-isolation/removing-iframes.sub.https.html.headers
@ -0,0 +1 @@
+Origin-Isolation: ?1
--- a/testing/web-platform/tests/origin-isolation/resources/helpers.mjs
+++ b/testing/web-platform/tests/origin-isolation/resources/helpers.mjs
@ -1,19 +1,36 @@
 export function insertIframe(hostname, header) {
+  const iframe = document.createElement("iframe");
+  const navigatePromise = navigateIframe(iframe, hostname, header);
+  document.body.append(iframe);
+  return navigatePromise;
+}
+
+export function navigateIframe(iframeEl, hostname, header) {
+  const url = getURL(hostname, header);
+
+  const waitPromise = waitForIframe(iframeEl, url);
+  iframeEl.src = url;
+  return waitPromise;
+}
+
+export function waitForIframe(iframeEl, destinationForErrorMessage) {
+  return new Promise((resolve, reject) => {
+    iframeEl.addEventListener("load", () => resolve(iframeEl.contentWindow));
+    iframeEl.addEventListener(
+      "error",
+      () => reject(new Error(`Could not navigate to ${destinationForErrorMessage}`))
+    );
+  });
+}
+
+function getURL(hostname, header) {
  const url = new URL("send-origin-isolation-header.py", import.meta.url);
  url.hostname = hostname;
-
  if (header !== undefined) {
    url.searchParams.set("header", header);
  }

-  const iframe = document.createElement("iframe");
-  iframe.src = url.href;
-
-  return new Promise((resolve, reject) => {
-    iframe.onload = () => resolve(iframe.contentWindow);
-    iframe.onerror = () => reject(new Error(`Could not load ${iframe.src}`));
-    document.body.append(iframe);
-  });
+  return url.href;
 }

 // This function is coupled to ./send-origin-isolation-header.py, which ensures
--- a/testing/web-platform/tests/origin-isolation/resources/send-origin-isolation-header.py
+++ b/testing/web-platform/tests/origin-isolation/resources/send-origin-isolation-header.py
@ -16,6 +16,8 @@ def main(request, response):
    <meta charset="utf-8">
    <title>Helper page for origin isolation tests</title>

+    <body>
+
    <script type="module">
    import { sendWasmModule } from "./helpers.mjs";

@ -50,5 +52,7 @@ def main(request, response):
    window.onmessageerror = e => {
      e.source.postMessage("messageerror", "*");
    };
+
+    document.body.textContent = location.href;
    </script>
    """