Bug 1870807 - Test access to storage APIs from iframes. r=dom-storage-reviewers,asuth

Differential Revision: https://phabricator.services.mozilla.com/D198838

Author: jjjalkanen

testing/web-platform/mozilla/meta/dom/quota/__dir__.ini

@@ -0,0 +1,2 @@
+leak-threshold: [default:51200]
+prefs: [privacy.partition.always_partition_third_party_non_cookie_storage:true]

testing/web-platform/mozilla/tests/dom/quota/support/test-partitioned-access-in-different-origin-iframes.https.sub.html

@@ -0,0 +1,75 @@
+<!--
+  Any copyright is dedicated to the Public Domain.
+  http://creativecommons.org/publicdomain/zero/1.0/
+-->
+<html>
+  <head>
+    <meta charset="utf-8" />
+    <meta name="timeout" content="long" />
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src="testHelpers.js"></script>
+    <iframe id="write-frame-window"></iframe>
+    <iframe id="write-frame-worker"></iframe>
+    <iframe id="read-frame-window"></iframe>
+    <iframe id="read-frame-worker"></iframe>
+    <script>
+      const messageHub = createMotherListener();
+
+      async function runTests() {
+        const params = new URL(window.location.href).searchParams;
+        const api = params.get("api");
+        assert_true(!!api);
+        console.log("Tested API " + api);
+
+        const testIdWindow = "DifferentOriginIFramesWith" + api;
+        const testIdWorker = "Worker" + testIdWindow;
+
+        const writeWindows = new Map();
+
+        const writeFrameWindow = document.getElementById("write-frame-window");
+        writeWindows.set(testIdWindow, writeFrameWindow.contentWindow);
+
+        const writeFrameWorker = document.getElementById("write-frame-worker");
+        writeWindows.set(testIdWorker, writeFrameWorker.contentWindow);
+
+        const readWindows = new Map();
+
+        messageHub.registerReadWindow(testIdWindow);
+        const readFrameWindow = document.getElementById("read-frame-window");
+        readFrameWindow.src =
+          "https://{{hosts[][www2]}}:{{ports[https][0]}}/_mozilla/dom/quota/support/test-read-and-notify.https.html?id=" +
+          testIdWindow;
+        readWindows.set(testIdWindow, readFrameWindow.contentWindow);
+
+        messageHub.registerReadWindow(testIdWorker);
+        const readFrameWorker = document.getElementById("read-frame-worker");
+        readFrameWorker.src =
+          "https://{{hosts[][www2]}}:{{ports[https][0]}}/_mozilla/dom/quota/support/test-read-and-notify-worker.https.html?id=" +
+          testIdWorker;
+        readWindows.set(testIdWorker, readFrameWorker.contentWindow);
+
+        const setup = { readWindows, writeWindows };
+
+        await messageHub.getReadWindow(testIdWindow);
+        async_test(t => {
+          messageHub.registerWindow(t, testIdWindow, api, "deny", setup);
+
+          writeFrameWindow.src =
+            "https://{{hosts[alt][www2]}}:{{ports[https][0]}}/_mozilla/dom/quota/support/test-write-and-notify.https.html?id=" +
+            testIdWindow;
+        }, "Access not allowed for two iframes of different origin " + api);
+
+        await messageHub.getReadWindow(testIdWorker);
+        async_test(t => {
+          messageHub.registerWorker(t, testIdWorker, api, "deny", setup);
+
+          writeFrameWorker.src =
+            "https://{{hosts[alt][www2]}}:{{ports[https][0]}}/_mozilla/dom/quota/support/test-write-and-notify-worker.https.html?id=" +
+            testIdWorker;
+        }, "Worker access not allowed for two iframes of different origin " + api);
+      }
+    </script>
+  </head>
+  <body onload="runTests();"></body>
+</html>

testing/web-platform/mozilla/tests/dom/quota/support/test-partitioned-access-in-same-origin-iframes.https.sub.html

@@ -0,0 +1,75 @@
+<!--
+  Any copyright is dedicated to the Public Domain.
+  http://creativecommons.org/publicdomain/zero/1.0/
+-->
+<html>
+  <head>
+    <meta charset="utf-8" />
+    <meta name="timeout" content="long" />
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src="testHelpers.js"></script>
+    <iframe id="write-frame-window"></iframe>
+    <iframe id="write-frame-worker"></iframe>
+    <iframe id="read-frame-window"></iframe>
+    <iframe id="read-frame-worker"></iframe>
+    <script>
+      const messageHub = createMotherListener();
+
+      async function runTests() {
+        const params = new URL(window.location.href).searchParams;
+        const api = params.get("api");
+        assert_true(!!api);
+        console.log("Tested API " + api);
+
+        const testIdWindow = "SameOriginIFramesWith" + api;
+        const testIdWorker = "Worker" + testIdWindow;
+
+        const writeWindows = new Map();
+
+        const writeFrameWindow = document.getElementById("write-frame-window");
+        writeWindows.set(testIdWindow, writeFrameWindow.contentWindow);
+
+        const writeFrameWorker = document.getElementById("write-frame-worker");
+        writeWindows.set(testIdWorker, writeFrameWorker.contentWindow);
+
+        const readWindows = new Map();
+
+        messageHub.registerReadWindow(testIdWindow);
+        const readFrameWindow = document.getElementById("read-frame-window");
+        readFrameWindow.src =
+          "https://{{hosts[alt][www2]}}:{{ports[https][0]}}/_mozilla/dom/quota/support/test-read-and-notify.https.html?id=" +
+          testIdWindow;
+        readWindows.set(testIdWindow, readFrameWindow.contentWindow);
+
+        messageHub.registerReadWindow(testIdWorker);
+        const readFrameWorker = document.getElementById("read-frame-worker");
+        readFrameWorker.src =
+          "https://{{hosts[alt][www2]}}:{{ports[https][0]}}/_mozilla/dom/quota/support/test-read-and-notify-worker.https.html?id=" +
+          testIdWorker;
+        readWindows.set(testIdWorker, readFrameWorker.contentWindow);
+
+        const setup = { readWindows, writeWindows };
+
+        await messageHub.getReadWindow(testIdWindow);
+        async_test(t => {
+          messageHub.registerWindow(t, testIdWindow, api, "allow", setup);
+
+          writeFrameWindow.src =
+            "https://{{hosts[alt][www2]}}:{{ports[https][0]}}/_mozilla/dom/quota/support/test-write-and-notify.https.html?id=" +
+            testIdWindow;
+        }, "Access allowed for two iframes with the same origin " + api);
+
+        await messageHub.getReadWindow(testIdWorker);
+        async_test(t => {
+          messageHub.registerWorker(t, testIdWorker, api, "allow", setup);
+
+          writeFrameWorker.src =
+            "https://{{hosts[alt][www2]}}:{{ports[https][0]}}/_mozilla/dom/quota/support/test-write-and-notify.https.html?id=" +
+            testIdWorker;
+        }, "Worker access allowed from two iframes with the same origin " + api);
+      }
+    </script>
+  </head>
+  <body onload="runTests();"></body>
+</html>

testing/web-platform/mozilla/tests/dom/quota/support/test-partitioned-iframes-in-different-origin-windows.https.sub.html

@@ -0,0 +1,74 @@
+<!--
+  Any copyright is dedicated to the Public Domain.
+  http://creativecommons.org/publicdomain/zero/1.0/
+-->
+<html>
+  <head>
+    <meta charset="utf-8" />
+    <meta name="timeout" content="long" />
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src="testHelpers.js"></script>
+    <script>
+      const messageHub = createMotherListener();
+
+      async function runTests() {
+        const params = new URL(window.location.href).searchParams;
+        const api = params.get("api");
+        assert_true(!!api);
+        console.log("Tested API " + api);
+
+        const testIdWindow = "DifferentOriginWindowsWith" + api;
+        const testIdWorker = "Worker" + testIdWindow;
+
+        const writeWindows = new Map();
+
+        const readWindowURL =
+          "https://{{hosts[alt][www1]}}:{{ports[https][0]}}/_mozilla/dom/quota/support/test-read-and-notify-wrapper.https.sub.html";
+
+        const readWindows = new Map();
+
+        messageHub.registerReadWindow(testIdWindow);
+        readWindows.set(
+          testIdWindow,
+          window.open(readWindowURL + "?id=" + testIdWindow)
+        );
+
+        messageHub.registerReadWindow(testIdWorker);
+        readWindows.set(
+          testIdWorker,
+          window.open(readWindowURL + "?id=" + testIdWorker)
+        );
+
+        const setup = { readWindows, writeWindows };
+
+        await messageHub.getReadWindow(testIdWindow);
+        async_test(t => {
+          messageHub.registerWindow(t, testIdWindow, api, "deny", setup);
+
+          writeWindows.set(
+            testIdWindow,
+            window.open(
+              "https://{{hosts[][www1]}}:{{ports[https][0]}}/_mozilla/dom/quota/support/test-write-and-notify-wrapper.https.sub.html?id=" +
+                testIdWindow
+            )
+          );
+        }, "Access not allowed for two iframes with the same origin on windows with different origins " + api);
+
+        await messageHub.getReadWindow(testIdWorker);
+        async_test(t => {
+          messageHub.registerWorker(t, testIdWorker, api, "deny", setup);
+
+          writeWindows.set(
+            testIdWorker,
+            window.open(
+              "https://{{hosts[][www1]}}:{{ports[https][0]}}/_mozilla/dom/quota/support/test-write-and-notify-wrapper.https.sub.html?id=" +
+                testIdWorker
+            )
+          );
+        }, "Reading from worker not allowed for two iframes with the same origin on windows with different origins " + api);
+      }
+    </script>
+  </head>
+  <body onload="runTests();"></body>
+</html>

testing/web-platform/mozilla/tests/dom/quota/support/test-partitioned-iframes-in-same-origin-windows.https.sub.html

@@ -0,0 +1,74 @@
+<!--
+  Any copyright is dedicated to the Public Domain.
+  http://creativecommons.org/publicdomain/zero/1.0/
+-->
+<html>
+  <head>
+    <meta charset="utf-8" />
+    <meta name="timeout" content="long" />
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src="testHelpers.js"></script>
+    <script>
+      const messageHub = createMotherListener();
+
+      async function runTests() {
+        const params = new URL(window.location.href).searchParams;
+        const api = params.get("api");
+        assert_true(!!api);
+        console.log("Tested API " + api);
+
+        const testIdWindow = "SameOriginWindowsWith" + api;
+        const testIdWorker = "WorkerSameOriginWindowsWith" + api;
+
+        const writeWindows = new Map();
+
+        const readWindowURL =
+          "https://{{hosts[][www1]}}:{{ports[https][0]}}/_mozilla/dom/quota/support/test-read-and-notify-wrapper.https.sub.html";
+
+        const readWindows = new Map();
+
+        messageHub.registerReadWindow(testIdWindow);
+        readWindows.set(
+          testIdWindow,
+          window.open(readWindowURL + "?id=" + testIdWindow)
+        );
+
+        messageHub.registerReadWindow(testIdWorker);
+        readWindows.set(
+          testIdWorker,
+          window.open(readWindowURL + "?id=" + testIdWorker)
+        );
+
+        const setup = { readWindows, writeWindows };
+
+        await messageHub.getReadWindow(testIdWindow);
+        async_test(t => {
+          messageHub.registerWindow(t, testIdWindow, api, "allow", setup);
+
+          writeWindows.set(
+            testIdWindow,
+            window.open(
+              "https://{{hosts[][www1]}}:{{ports[https][0]}}/_mozilla/dom/quota/support/test-write-and-notify-wrapper.https.sub.html?id=" +
+                testIdWindow
+            )
+          );
+        }, "Access allowed for two iframes with the same origin " + api);
+
+        await messageHub.getReadWindow(testIdWorker);
+        async_test(t => {
+          messageHub.registerWorker(t, testIdWorker, api, "allow", setup);
+
+          writeWindows.set(
+            testIdWorker,
+            window.open(
+              "https://{{hosts[][www1]}}:{{ports[https][0]}}/_mozilla/dom/quota/support/test-write-and-notify-wrapper.https.sub.html?id=" +
+                testIdWorker
+            )
+          );
+        }, "Worker access allowed for two iframes with the same origin " + api);
+      }
+    </script>
+  </head>
+  <body onload="runTests();"></body>
+</html>

testing/web-platform/mozilla/tests/dom/quota/support/test-partitioned-parent-reader-and-different-origin-window-writer-iframe.https.sub.html

@@ -0,0 +1,75 @@
+<!--
+  Any copyright is dedicated to the Public Domain.
+  http://creativecommons.org/publicdomain/zero/1.0/
+-->
+<html>
+  <head>
+    <meta charset="utf-8" />
+    <meta name="timeout" content="long" />
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src="testHelpers.js"></script>
+    <iframe id="read-frame-window"></iframe>
+    <iframe id="read-frame-worker"></iframe>
+    <script>
+      const messageHub = createMotherListener();
+
+      async function runTests() {
+        const params = new URL(window.location.href).searchParams;
+        const api = params.get("api");
+        assert_true(!!api);
+        console.log("Tested API " + api);
+
+        const testIdWindow = "ReadIFrameWriteDifferentOriginWindowWith" + api;
+        const testIdWorker = "Worker" + testIdWindow;
+
+        const writeWindows = new Map();
+
+        const readWindows = new Map();
+
+        messageHub.registerReadWindow(testIdWindow);
+        const readFrameWindow = document.getElementById("read-frame-window");
+        readFrameWindow.src =
+          "https://{{hosts[][www2]}}:{{ports[https][0]}}/_mozilla/dom/quota/support/test-read-and-notify.https.html?id=" +
+          testIdWindow;
+        readWindows.set(testIdWindow, readFrameWindow.contentWindow);
+
+        messageHub.registerReadWindow(testIdWorker);
+        const readFrameWorker = document.getElementById("read-frame-worker");
+        readFrameWorker.src =
+          "https://{{hosts[][www2]}}:{{ports[https][0]}}/_mozilla/dom/quota/support/test-read-and-notify.https.html?id=" +
+          testIdWorker;
+        readWindows.set(testIdWorker, readFrameWorker.contentWindow);
+
+        const setup = { readWindows, writeWindows };
+
+        await messageHub.getReadWindow(testIdWindow);
+        async_test(t => {
+          messageHub.registerWindow(t, testIdWindow, api, "deny", setup);
+
+          writeWindows.set(
+            testIdWindow,
+            window.open(
+              "https://{{hosts[alt][www1]}}:{{ports[https][0]}}/_mozilla/dom/quota/support/test-write-and-notify-wrapper.https.sub.html?id=" +
+                testIdWindow
+            )
+          );
+        }, "Read for iframe not allowed when write was done by an iframe in a window of different origin " + api);
+
+        await messageHub.getReadWindow(testIdWorker);
+        async_test(t => {
+          messageHub.registerWorker(t, testIdWorker, api, "deny", setup);
+
+          writeWindows.set(
+            testIdWorker,
+            window.open(
+              "https://{{hosts[alt][www1]}}:{{ports[https][0]}}/_mozilla/dom/quota/support/test-write-and-notify-wrapper.https.sub.html?id=" +
+                testIdWorker
+            )
+          );
+        }, "Read by worker in iframe not allowed when write was done by an iframe in a window of different origin " + api);
+      }
+    </script>
+  </head>
+  <body onload="runTests();"></body>
+</html>