diff --git a/testing/web-platform/tests/html/cross-origin-opener-policy/reporting/navigation-reporting/report-only-four-reports.https.html b/testing/web-platform/tests/html/cross-origin-opener-policy/reporting/navigation-reporting/report-only-four-reports.https.html
new file mode 100644
index 000000000000..1367a9ec979e
--- /dev/null
+++ b/testing/web-platform/tests/html/cross-origin-opener-policy/reporting/navigation-reporting/report-only-four-reports.https.html
@@ -0,0 +1,88 @@
+
+
+
A test with both COOP and COOP report only setup
+
+
+
+
+
+
+
+
+
diff --git a/testing/web-platform/tests/html/cross-origin-opener-policy/reporting/navigation-reporting/report-only-four-reports.https.html.sub.headers b/testing/web-platform/tests/html/cross-origin-opener-policy/reporting/navigation-reporting/report-only-four-reports.https.html.sub.headers
new file mode 100644
index 000000000000..5c886ad05386
--- /dev/null
+++ b/testing/web-platform/tests/html/cross-origin-opener-policy/reporting/navigation-reporting/report-only-four-reports.https.html.sub.headers
@@ -0,0 +1,6 @@
+Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="coop-report-endpoint"
+Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="coop-report-only-endpoint"
+Cross-Origin-Embedder-Policy: require-corp
+Cross-Origin-Embedder-Policy-Report-Only: require-corp
+Referrer-Policy: origin
+report-to: { "group": "coop-report-endpoint", "max_age": 10886400, "endpoints": [{ "url": "https://{{hosts[][www]}}:{{ports[https][0]}}/html/cross-origin-opener-policy/reporting/resources/report.py?endpoint=coop-report-endpoint" }] }, { "group": "coop-report-only-endpoint", "max_age": 10886400, "endpoints": [{ "url": "https://{{hosts[][www]}}:{{ports[https][0]}}/html/cross-origin-opener-policy/reporting/resources/report.py?endpoint=coop-report-only-endpoint" }]}
diff --git a/testing/web-platform/tests/html/cross-origin-opener-policy/reporting/navigation-reporting/report-only-from-unsafe-none.https.html b/testing/web-platform/tests/html/cross-origin-opener-policy/reporting/navigation-reporting/report-only-from-unsafe-none.https.html
new file mode 100644
index 000000000000..2664b68a154f
--- /dev/null
+++ b/testing/web-platform/tests/html/cross-origin-opener-policy/reporting/navigation-reporting/report-only-from-unsafe-none.https.html
@@ -0,0 +1,71 @@
+
+
+Report only tests for an opener without any COOP/COOP report only set
+
+
+
+
+
+
+
+
+
diff --git a/testing/web-platform/tests/html/cross-origin-opener-policy/reporting/navigation-reporting/report-only-from-unsafe-none.https.html.headers b/testing/web-platform/tests/html/cross-origin-opener-policy/reporting/navigation-reporting/report-only-from-unsafe-none.https.html.headers
new file mode 100644
index 000000000000..5b29739bbdde
--- /dev/null
+++ b/testing/web-platform/tests/html/cross-origin-opener-policy/reporting/navigation-reporting/report-only-from-unsafe-none.https.html.headers
@@ -0,0 +1 @@
+Referrer-Policy: origin
diff --git a/testing/web-platform/tests/html/cross-origin-opener-policy/reporting/navigation-reporting/report-only-same-origin-report-to.https.html b/testing/web-platform/tests/html/cross-origin-opener-policy/reporting/navigation-reporting/report-only-same-origin-report-to.https.html
new file mode 100644
index 000000000000..a312232d07a9
--- /dev/null
+++ b/testing/web-platform/tests/html/cross-origin-opener-policy/reporting/navigation-reporting/report-only-same-origin-report-to.https.html
@@ -0,0 +1,98 @@
+
+
+reporting same origin with report-to
+
+
+
+
+
+
+
+
+
diff --git a/testing/web-platform/tests/html/cross-origin-opener-policy/reporting/navigation-reporting/report-only-same-origin-report-to.https.html.sub.headers b/testing/web-platform/tests/html/cross-origin-opener-policy/reporting/navigation-reporting/report-only-same-origin-report-to.https.html.sub.headers
new file mode 100644
index 000000000000..74690a7186fb
--- /dev/null
+++ b/testing/web-platform/tests/html/cross-origin-opener-policy/reporting/navigation-reporting/report-only-same-origin-report-to.https.html.sub.headers
@@ -0,0 +1,3 @@
+Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="coop-report-only-endpoint"
+Referrer-Policy: origin
+report-to: { "group": "coop-report-endpoint", "max_age": 10886400, "endpoints": [{ "url": "https://{{hosts[][www]}}:{{ports[https][0]}}/html/cross-origin-opener-policy/reporting/resources/report.py?endpoint=coop-report-endpoint" }] }, { "group": "coop-report-only-endpoint", "max_age": 10886400, "endpoints": [{ "url": "https://{{hosts[][www]}}:{{ports[https][0]}}/html/cross-origin-opener-policy/reporting/resources/report.py?endpoint=coop-report-only-endpoint" }]}
diff --git a/testing/web-platform/tests/html/cross-origin-opener-policy/reporting/navigation-reporting/report-only-same-origin-with-coep-report-only.https.html b/testing/web-platform/tests/html/cross-origin-opener-policy/reporting/navigation-reporting/report-only-same-origin-with-coep-report-only.https.html
new file mode 100644
index 000000000000..a03ddf54cdb7
--- /dev/null
+++ b/testing/web-platform/tests/html/cross-origin-opener-policy/reporting/navigation-reporting/report-only-same-origin-with-coep-report-only.https.html
@@ -0,0 +1,32 @@
+
+
+reporting same origin with report-to
+
+
+
+
+
+
+
+
+
diff --git a/testing/web-platform/tests/html/cross-origin-opener-policy/reporting/navigation-reporting/report-only-same-origin-with-coep-report-only.https.html.headers b/testing/web-platform/tests/html/cross-origin-opener-policy/reporting/navigation-reporting/report-only-same-origin-with-coep-report-only.https.html.headers
new file mode 100644
index 000000000000..58ab03394a05
--- /dev/null
+++ b/testing/web-platform/tests/html/cross-origin-opener-policy/reporting/navigation-reporting/report-only-same-origin-with-coep-report-only.https.html.headers
@@ -0,0 +1,3 @@
+Cross-Origin-Opener-Policy-Report-Only: same-origin
+Cross-Origin-Embedder-Policy-Report-Only: require-corp
+Referrer-Policy: origin
diff --git a/testing/web-platform/tests/html/cross-origin-opener-policy/reporting/navigation-reporting/report-only-same-origin-with-coep.https.html b/testing/web-platform/tests/html/cross-origin-opener-policy/reporting/navigation-reporting/report-only-same-origin-with-coep.https.html
new file mode 100644
index 000000000000..a03ddf54cdb7
--- /dev/null
+++ b/testing/web-platform/tests/html/cross-origin-opener-policy/reporting/navigation-reporting/report-only-same-origin-with-coep.https.html
@@ -0,0 +1,32 @@
+
+
+reporting same origin with report-to
+
+
+
+
+
+
+
+
+
diff --git a/testing/web-platform/tests/html/cross-origin-opener-policy/reporting/navigation-reporting/report-only-same-origin-with-coep.https.html.headers b/testing/web-platform/tests/html/cross-origin-opener-policy/reporting/navigation-reporting/report-only-same-origin-with-coep.https.html.headers
new file mode 100644
index 000000000000..2ba7ffb592d8
--- /dev/null
+++ b/testing/web-platform/tests/html/cross-origin-opener-policy/reporting/navigation-reporting/report-only-same-origin-with-coep.https.html.headers
@@ -0,0 +1,3 @@
+Cross-Origin-Opener-Policy-Report-Only: same-origin
+Cross-Origin-Embedder-Policy: require-corp
+Referrer-Policy: origin
diff --git a/testing/web-platform/tests/html/cross-origin-opener-policy/reporting/navigation-reporting/report-only-same-origin.https.html b/testing/web-platform/tests/html/cross-origin-opener-policy/reporting/navigation-reporting/report-only-same-origin.https.html
new file mode 100644
index 000000000000..c02407db9bab
--- /dev/null
+++ b/testing/web-platform/tests/html/cross-origin-opener-policy/reporting/navigation-reporting/report-only-same-origin.https.html
@@ -0,0 +1,73 @@
+
+
+reporting same origin with report-to
+
+
+
+
+
+
+
+
+
diff --git a/testing/web-platform/tests/html/cross-origin-opener-policy/reporting/navigation-reporting/report-only-same-origin.https.html.headers b/testing/web-platform/tests/html/cross-origin-opener-policy/reporting/navigation-reporting/report-only-same-origin.https.html.headers
new file mode 100644
index 000000000000..9a8445a43e4b
--- /dev/null
+++ b/testing/web-platform/tests/html/cross-origin-opener-policy/reporting/navigation-reporting/report-only-same-origin.https.html.headers
@@ -0,0 +1,2 @@
+Cross-Origin-Opener-Policy-Report-Only: same-origin
+Referrer-Policy: origin
diff --git a/testing/web-platform/tests/html/cross-origin-opener-policy/reporting/navigation-reporting/reporting-popup-same-origin-coep-report-to.https.html b/testing/web-platform/tests/html/cross-origin-opener-policy/reporting/navigation-reporting/reporting-popup-same-origin-coep-report-to.https.html
index 0f836746f1ce..494c9df67b9d 100644
--- a/testing/web-platform/tests/html/cross-origin-opener-policy/reporting/navigation-reporting/reporting-popup-same-origin-coep-report-to.https.html
+++ b/testing/web-platform/tests/html/cross-origin-opener-policy/reporting/navigation-reporting/reporting-popup-same-origin-coep-report-to.https.html
@@ -105,6 +105,69 @@ let tests = [
}
]
],
+ // Open a same-origin popup with a same-origin COOP report only. One report
+ // is sent to this page's endpoint, but none to the report-only endpoint.
+ [
+ SAME_ORIGIN,
+ "",
+ "",
+ `same-origin; report-to="${popupReportEndpoint.name}"`,
+ "require-corp",
+ [
+ {
+ "endpoint": reportEndpoint,
+ "report": {
+ "body": {
+ "disposition": "enforce",
+ "document-uri": `${location.href}`,
+ "effective-policy": "same-origin-plus-coep",
+ "navigation-uri": /uuid=EXECUTOR_UUID$/, // next destination url
+ "violation-type": "navigation-from-document"
+ },
+ "url": `${location.href}`,
+ "type": "coop"
+ }
+ },]
+ ],
+ // Open a cross-origin popup with a same-origin COOP report only. A report is
+ // sent to both this page's endpoint and the popup's.
+ [
+ CROSS_ORIGIN,
+ "",
+ "",
+ `same-origin; report-to="${popupReportOnlyEndpoint.name}"`,
+ "require-corp",
+ [
+ {
+ "endpoint": reportEndpoint,
+ "report": {
+ "body": {
+ "disposition": "enforce",
+ "document-uri": `${location.href}`,
+ "effective-policy": "same-origin-plus-coep",
+ "navigation-uri": /uuid=EXECUTOR_UUID$/, // next destination url
+ "violation-type": "navigation-from-document"
+ },
+ "url": `${location.href}`,
+ "type": "coop"
+ }
+ },
+ {
+ "endpoint": popupReportOnlyEndpoint,
+ "report": {
+ "body": {
+ "disposition": "reporting",
+ "document-uri": /uuid=EXECUTOR_UUID$/,
+ "effective-policy": "same-origin-plus-coep",
+ "navigation-uri": `${location.origin}/`, // referrer (origin, as dictated by the referrer policy)
+ "violation-type": "navigation-to-document"
+ },
+ "url": /uuid=EXECUTOR_UUID$/,
+ "type": "coop"
+ }
+ }
+ ]
+ ],
];
runNavigationReportingTests(document.title, tests);
diff --git a/testing/web-platform/tests/html/cross-origin-opener-policy/reporting/navigation-reporting/reporting-popup-same-origin.https.html b/testing/web-platform/tests/html/cross-origin-opener-policy/reporting/navigation-reporting/reporting-popup-same-origin.https.html
index bcc9c1c80245..24dace7d8d8f 100644
--- a/testing/web-platform/tests/html/cross-origin-opener-policy/reporting/navigation-reporting/reporting-popup-same-origin.https.html
+++ b/testing/web-platform/tests/html/cross-origin-opener-policy/reporting/navigation-reporting/reporting-popup-same-origin.https.html
@@ -93,7 +93,17 @@ let tests = [
}
}
]
- ]
+ ],
+ // Open a same-origin popup with a same-origin COOP Report only value, the
+ // report only matches the previous document COOP value, no report is sent.
+ [
+ SAME_ORIGIN,
+ "",
+ "",
+ `same-origin; report-to="${popupReportOnlyEndpoint.name}"`,
+ "",
+ []
+ ],
];
runNavigationReportingTests(document.title, tests);
diff --git a/testing/web-platform/tests/html/cross-origin-opener-policy/reporting/resources/report.py b/testing/web-platform/tests/html/cross-origin-opener-policy/reporting/resources/report.py
index c9ea353a12fb..f51d27f29910 100644
--- a/testing/web-platform/tests/html/cross-origin-opener-policy/reporting/resources/report.py
+++ b/testing/web-platform/tests/html/cross-origin-opener-policy/reporting/resources/report.py
@@ -1,7 +1,12 @@
import json, uuid
def main(request, response):
+ response.headers.set('Access-Control-Allow-Origin', '*')
+ response.headers.set('Access-Control-Allow-Methods', 'OPTIONS, GET, POST')
+ response.headers.set('Access-Control-Allow-Headers', 'Content-Type')
response.headers.set('Cache-Control', 'no-cache, no-store, must-revalidate');
+ if request.method == 'OPTIONS': # CORS preflight
+ return ''
key = 0;
if 'endpoint' in request.GET:
diff --git a/testing/web-platform/tests/html/cross-origin-opener-policy/resources/coop-coep.py b/testing/web-platform/tests/html/cross-origin-opener-policy/resources/coop-coep.py
index de7de141fa51..483f313faca6 100644
--- a/testing/web-platform/tests/html/cross-origin-opener-policy/resources/coop-coep.py
+++ b/testing/web-platform/tests/html/cross-origin-opener-policy/resources/coop-coep.py
@@ -1,4 +1,3 @@
-
def main(request, response):
coop = request.GET.first("coop")
coopReportOnly = request.GET.first("coop-report-only") if "coop-report-only" in request.GET else ""