Add WPTs for 'allow-storage-access-by-user-activation' iframe sandbox (…

…#47067) Also moves existing test of whether the attribute value is supported into the newly created test file. [email protected] Bug: 40278734 Change-Id: I232df8dc1faa0dad0c5dddf342e64e4ba0dfbd2b Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5685772 Reviewed-by: Chris Fredrickson <[email protected]> Reviewed-by: Chris Harrelson <[email protected]> Commit-Queue: Erica Kovac <[email protected]> Cr-Commit-Position: refs/heads/main@{#1325508} Co-authored-by: Erica Kovac <[email protected]>
web-platform-tests · Dec 9, 2024 · 1425650 · 1425650
1 parent 09cafb8
commit 1425650
Show file tree

Hide file tree

Showing 4 changed files with 119 additions and 10 deletions.
diff --git a/storage-access-api/helpers.js b/storage-access-api/helpers.js
@@ -29,17 +29,22 @@ async function CreateFrameHelper(setUpFrame, fetchTests) {
 // Create an iframe element with content loaded from `sourceURL`, append it to
 // the document, and optionally fetch tests. Returns the loaded frame, once
 // ready.
-function CreateFrame(sourceURL, fetchTests = false) {
+function CreateFrame(
+  sourceURL, fetchTests = false, frameSandboxAttribute = undefined) {
   return CreateFrameHelper((frame) => {
+    if (frameSandboxAttribute !== undefined) {
+      frame.sandbox = frameSandboxAttribute;
+    }
+
     frame.src = sourceURL;
     document.body.appendChild(frame);
   }, fetchTests);
 }
 
 // Create a new iframe with content loaded from `sourceURL`, and fetches tests.
 // Returns the loaded frame, once ready.
-function RunTestsInIFrame(sourceURL) {
-  return CreateFrame(sourceURL, true);
+function RunTestsInIFrame(sourceURL, frameSandboxAttribute = undefined) {
+  return CreateFrame(sourceURL, true, frameSandboxAttribute);
 }
 
 function RunTestsInNestedIFrame(sourceURL) {

diff --git a/...access-api/requestStorageAccess-sandboxed-iframe-allow-storage-access.sub.https.window.js b/...access-api/requestStorageAccess-sandboxed-iframe-allow-storage-access.sub.https.window.js
@@ -0,0 +1,29 @@
+// META: script=helpers.js
+// META: script=/resources/testdriver.js
+// META: script=/resources/testdriver-vendor.js
+'use strict';
+
+test(() => {
+  let iframe = document.createElement('iframe');
+  assert_true(iframe.sandbox.supports('allow-storage-access-by-user-activation'), '`allow-storage-access-by-user-activation`' +
+    'sandbox attribute should be supported');
+}, "`allow-storage-access-by-user-activation` sandbox attribute is supported");
+
+(async function () {
+  const frameSourceUrl = 'https://{{hosts[alt][www]}}:{{ports[https][0]}}/storage-access-api/requestStorageAccess-sandboxed-iframe.sub.https.window.html';
+
+  let sandboxAttribute =
+    'allow-scripts allow-same-origin';
+  let testCase = 'sandboxed-iframe';
+
+  RunTestsInIFrame(
+    frameSourceUrl + `?testCase=${testCase}`,
+    sandboxAttribute);
+
+  sandboxAttribute += ' allow-storage-access-by-user-activation';
+  testCase = 'sandboxed-iframe-allow-storage-access-by-user-activation';
+
+  RunTestsInIFrame(
+    frameSourceUrl + `?testCase=${testCase}`,
+    sandboxAttribute);
+})();
diff --git a/storage-access-api/requestStorageAccess-sandboxed-iframe.sub.https.window.js b/storage-access-api/requestStorageAccess-sandboxed-iframe.sub.https.window.js
@@ -0,0 +1,82 @@
+// META: script=helpers.js
+// META: script=/cookies/resources/cookie-helper.sub.js
+// META: script=/resources/testdriver.js
+// META: script=/resources/testdriver-vendor.js
+'use strict';
+
+// Document-level test config flags:
+//
+// testPrefix: Prefix each test case with an indicator so we know what context
+// they are run in if they are used in multiple iframes.
+//
+// topLevelDocument: Keep track of if we run these tests in a nested context, we
+// don't want to recurse forever.
+const {testPrefix, topLevelDocument} = processQueryParams();
+
+promise_test(async () => {
+  assert_not_equals(document.requestStorageAccess, undefined);
+}, `[${testPrefix}] document.requestStorageAccess() should exist on the document interface`);
+
+// Skip these tests when we're in a top-level document; these should only
+// execute inside the iframe test defined by
+// requestStorageAccess-sandboxed-iframe-*.sub.https.window.js
+if (!topLevelDocument) {
+  if (testPrefix.includes('allow-storage-access-by-user-activation')) {
+    // Ideally this would check whether the user-activation condition changes
+    // the behavior; however, due to limitations in the test driver, the
+    // 'prompt' permission state is effectively the same as 'denied' from the
+    // perspective of platform tests.
+    promise_test(async t => {
+      await test_driver.set_permission({name: 'storage-access'}, 'granted');
+      await MaybeSetStorageAccess('*', '*', 'blocked');
+      await document.requestStorageAccess();
+
+      assert_true(
+          await CanAccessCookiesViaHTTP(),
+          'After obtaining storage access, subresource requests from the frame should send and set cookies.');
+      assert_true(
+          CanAccessCookiesViaJS(),
+          'After obtaining storage access, scripts in the frame should be able to access cookies.');
+    }, `[${testPrefix}] document.requestStorageAccess() should resolve even without a user gesture when already granted.`);
+
+    promise_test(async () => {
+      await test_driver.set_permission({ name: 'storage-access' }, 'granted');
+      await MaybeSetStorageAccess('*', '*', 'blocked');
+
+      await RunCallbackWithGesture(async () => {
+        await document.requestStorageAccess();
+      });
+
+      assert_true(
+        await CanAccessCookiesViaHTTP(),
+        'After obtaining storage access, subresource requests from the frame should send and set cookies.');
+      assert_true(
+        CanAccessCookiesViaJS(),
+        'After obtaining storage access, scripts in the frame should be able to access cookies.');
+    }, `[${testPrefix}] document.requestStorageAccess() should resolve with a user gesture`);
+  } else {
+    // For cases where allow-storage-access-by-user-activation is not set for
+    // this iframe
+    promise_test(
+        async t => {
+          await test_driver.set_permission({name: 'storage-access'}, 'granted');
+          await MaybeSetStorageAccess('*', '*', 'blocked');
+          return promise_rejects_dom(
+              t, 'NotAllowedError', document.requestStorageAccess(),
+              'document.requestStorageAccess() call without user gesture.');
+        },
+        '[' + testPrefix +
+            '] document.requestStorageAccess() should reject with a NotAllowedError with no user gesture.');
+
+    promise_test(async t => {
+      await test_driver.set_permission({name: 'storage-access'}, 'granted');
+      await MaybeSetStorageAccess('*', '*', 'blocked');
+
+      await RunCallbackWithGesture(async () => {
+        await promise_rejects_dom(
+            t, 'NotAllowedError', document.requestStorageAccess(),
+            'document.requestStorageAccess() call with user gesture.');
+      });
+    }, `[${testPrefix}] document.requestStorageAccess() should reject with a NotAllowedError, even with a user gesture`);
+  }
+}
diff --git a/storage-access-api/sandboxAttribute.window.js b/storage-access-api/sandboxAttribute.window.js