From 35013f107631ece9352f3df037badebba4b633c2 Mon Sep 17 00:00:00 2001 From: Ben Kelly Date: Fri, 19 Nov 2021 13:59:50 -0800 Subject: [PATCH] Add WPT tests for SameSite cookies in ServiceWorkers with nested frames. This CL adds a number of new cases to the service worker SameSite cookies test. The cases break down into two general types: 1. Cases where A1 frames B frames A2, and then A2 calls window.open() to an A origin URL. 2. Cases where A1 frames B frames A2, and then A2 sets the location to an A origin URL. For (1) we expect SameSite strict cookies to be sent because window.open() creates a top-level context that will have a populated site-for-cookies and the initiator is same-origin (regardless of the cross-site ancestor chain). For (2) we expect only SameSite=None cookies to be sent. This is because setting the location results in a navigation to an A1->B->A3 nested frame with an empty site-for-cookies. We currently fail the passthrough and change-request cases for (2). We plan to fix this as part of storage partitioning with an ancestor chain bit in the StorageKey. See: https://github.com/privacycg/storage-partitioning/issues/25 This CL also includes some minor cleanup of the WPT test and associated resources. Bug: 1115847 Change-Id: I9002e60a271ae95d1d702068d44b30bd0e33b5dc --- .../service-worker/resources/form-poster.html | 1 + .../resources/location-setter.html | 1 + .../resources/nested-parent.html | 18 +++ .../resources/same-site-cookies-register.html | 29 ++-- .../same-site-cookies-unregister.html | 10 +- .../resources/window-opener.html | 17 +++ .../same-site-cookies.https.html | 131 ++++++++++++++++-- 7 files changed, 180 insertions(+), 27 deletions(-) create mode 100644 service-workers/service-worker/resources/nested-parent.html create mode 100644 service-workers/service-worker/resources/window-opener.html diff --git a/service-workers/service-worker/resources/form-poster.html b/service-workers/service-worker/resources/form-poster.html index 6c5e85fef2fcad3..cd11a30a5e85fed 100644 --- a/service-workers/service-worker/resources/form-poster.html +++ b/service-workers/service-worker/resources/form-poster.html @@ -1,4 +1,5 @@ +
diff --git a/service-workers/service-worker/resources/same-site-cookies-register.html b/service-workers/service-worker/resources/same-site-cookies-register.html index 084f0a08a8e64c4..3060fc16a28ad9c 100644 --- a/service-workers/service-worker/resources/same-site-cookies-register.html +++ b/service-workers/service-worker/resources/same-site-cookies-register.html @@ -5,18 +5,27 @@ const scope = self.origin + '/cookies/resources/postToParent.py?with-sw'; const script = './fetch-rewrite-worker.js'; const reg = await navigator.serviceWorker.register(script, { scope: scope }); - await new Promise(resolve => { - const worker = reg.installing; - worker.addEventListener('statechange', evt => { - if (worker.state === 'activated') { - resolve(); - } + // In nested cases we may be impacted by partitioning or not depending on + // the browser. With partitioning we will be installing a new worker here, + // but without partitioning the worker will already exist. Handle both cases. + if (reg.installing) { + await new Promise(resolve => { + const worker = reg.installing; + worker.addEventListener('statechange', evt => { + if (worker.state === 'activated') { + resolve(); + } + }); }); - }); - if (reg.navigationPreload) { - await reg.navigationPreload.enable(); + if (reg.navigationPreload) { + await reg.navigationPreload.enable(); + } + } + if (window.opener) { + window.opener.postMessage({ type: 'SW-REGISTERED' }, '*'); + } else { + window.top.postMessage({ type: 'SW-REGISTERED' }, '*'); } - window.opener.postMessage({ type: 'SW-REGISTERED' }, '*'); } self.addEventListener('load', onLoad); diff --git a/service-workers/service-worker/resources/same-site-cookies-unregister.html b/service-workers/service-worker/resources/same-site-cookies-unregister.html index cca3620b61e73c1..3a8c04d8d345a5a 100644 --- a/service-workers/service-worker/resources/same-site-cookies-unregister.html +++ b/service-workers/service-worker/resources/same-site-cookies-unregister.html @@ -4,8 +4,14 @@ async function onLoad() { const scope = self.origin + '/cookies/resources/postToParent.py?with-sw'; const reg = await navigator.serviceWorker.getRegistration(scope); - await reg.unregister(); - window.opener.postMessage({ type: 'SW-UNREGISTERED' }, '*'); + if (reg) { + await reg.unregister(); + } + if (window.opener) { + window.opener.postMessage({ type: 'SW-UNREGISTERED' }, '*'); + } else { + window.top.postMessage({ type: 'SW-UNREGISTERED' }, '*'); + } } self.addEventListener('load', onLoad); diff --git a/service-workers/service-worker/resources/window-opener.html b/service-workers/service-worker/resources/window-opener.html new file mode 100644 index 000000000000000..32d074464679864 --- /dev/null +++ b/service-workers/service-worker/resources/window-opener.html @@ -0,0 +1,17 @@ + + + + diff --git a/service-workers/service-worker/same-site-cookies.https.html b/service-workers/service-worker/same-site-cookies.https.html index caeadcfcae9d984..6075dc83ec70279 100644 --- a/service-workers/service-worker/same-site-cookies.https.html +++ b/service-workers/service-worker/same-site-cookies.https.html @@ -10,9 +10,21 @@