[Protected Audiences] Make WPT tests reject unexpected CORS preflights.

Matt Menke · chromium-wpt-export-bot · commit 36944df8decf · 2025-03-28T13:47:00.000-07:00
Bug: None Change-Id: I0d529fc16856476b4a40c1745f521ab05cf81330 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/6404777 Reviewed-by: Maks Orlovich <morlovich@chromium.org> Commit-Queue: mmenke <mmenke@chromium.org> Cr-Commit-Position: refs/heads/main@{#1439642}
diff --git a/fledge/tentative/resources/additional-bids.py b/fledge/tentative/resources/additional-bids.py
@@ -23,7 +23,7 @@ class BadRequestError(Exception):
 
 def main(request, response):
   try:
-    if fledge_http_server_util.handle_cors_headers_and_preflight(request, response):
+    if fledge_http_server_util.handle_cors_headers_fail_if_preflight(request, response):
       return
 
     # Verify that Sec-Ad-Auction-Fetch is present
diff --git a/fledge/tentative/resources/bidding-logic.sub.py b/fledge/tentative/resources/bidding-logic.sub.py
@@ -8,7 +8,7 @@
 # injected in them. generateBid() will by default return a bid of 9 for the
 # first ad.
 def main(request, response):
-  if fledge_http_server_util.handle_cors_headers_and_preflight(request, response):
+  if fledge_http_server_util.handle_cors_headers_fail_if_preflight(request, response):
     return
 
   error = request.GET.first(b"error", None)
diff --git a/fledge/tentative/resources/fledge_http_server_util.py b/fledge/tentative/resources/fledge_http_server_util.py
@@ -2,6 +2,17 @@
 from collections import namedtuple
 from urllib.parse import unquote_plus, urlparse
 
+def fail(response, body):
+    """Sets up response to fail with the provided response body.
+
+    Args:
+      response: the wptserve Response that was passed to main
+      body: the HTTP response body to use
+    """
+    response.status = (400, "Bad Request")
+    response.headers.set(b"Content-Type", b"text/plain")
+    response.content = body
+
 def headers_to_ascii(headers):
   """Converts a header map with binary values to one with ASCII values.
 
@@ -22,18 +33,15 @@ def headers_to_ascii(headers):
       header_map[pair[0].decode("ASCII")] = values
   return header_map
 
-
-def handle_cors_headers_and_preflight(request, response):
-  """Applies CORS logic common to many entrypoints.
+def attach_origin_and_credentials_headers(request, response):
+  """Attaches Access-Control-Allow-Origin and Access-Control-Allow-Credentials
+  response headers to a response, if the request indicates they're needed.
+  Only intended for internal use.
 
   Args:
     request: the wptserve Request that was passed to main
     response: the wptserve Response that was passed to main
-
-  Returns True if the request is a CORS preflight, which is entirely handled by
-  this function, so that the calling function should immediately return.
   """
-  # Append CORS headers if needed
   if b"origin" in request.headers:
     response.headers.set(b"Access-Control-Allow-Origin",
                         request.headers.get(b"origin"))
@@ -42,20 +50,50 @@ def handle_cors_headers_and_preflight(request, response):
     response.headers.set(b"Access-Control-Allow-Credentials",
                         request.headers.get(b"credentials"))
 
+def handle_cors_headers_fail_if_preflight(request, response):
+  """Adds CORS headers if necessary. In the case of CORS preflights, generates
+  a failure response. To be used when CORS preflights are not expected.
+
+  Args:
+    request: the wptserve Request that was passed to main
+    response: the wptserve Response that was passed to main
+
+  Returns True if the request is a CORS preflight, in which case the calling
+  function should immediately return.
+  """
+  # Handle CORS preflight requests.
+  if request.method == u"OPTIONS":
+    fail(response, "CORS preflight unexpectedly received.")
+    return True
+
+  # Append CORS headers if needed
+  attach_origin_and_credentials_headers(request, response)
+  return False
+
+def handle_cors_headers_and_preflight(request, response):
+  """Applies CORS logic, either adding CORS headers to response or generating
+  an entire response to preflights.
+
+  Args:
+    request: the wptserve Request that was passed to main
+    response: the wptserve Response that was passed to main
+
+  Returns True if the request is a CORS preflight, in which case the calling
+  function should immediately return.
+  """
+  # Append CORS headers if needed
+  attach_origin_and_credentials_headers(request, response)
+
   # Handle CORS preflight requests.
   if not request.method == u"OPTIONS":
     return False
 
   if not b"Access-Control-Request-Method" in request.headers:
-    response.status = (400, b"Bad Request")
-    response.headers.set(b"Content-Type", b"text/plain")
-    response.content = "Failed to get access-control-request-method in preflight!"
+    fail(response, "Failed to get access-control-request-method in preflight!")
     return True
 
   if not b"Access-Control-Request-Headers" in request.headers:
-    response.status = (400, b"Bad Request")
-    response.headers.set(b"Content-Type", b"text/plain")
-    response.content = "Failed to get access-control-request-headers in preflight!"
+    fail(response, "Failed to get access-control-request-headers in preflight!")
     return True
 
   response.headers.set(b"Access-Control-Allow-Methods",
diff --git a/fledge/tentative/resources/permissions.py b/fledge/tentative/resources/permissions.py
@@ -35,7 +35,7 @@ def get_permissions(request, response):
   - 天気の良い日 / élève: allow both join and leave
   - anything else (including no subdomain): returns a 404
   """
-  if fledge_http_server_util.handle_cors_headers_and_preflight(request, response):
+  if fledge_http_server_util.handle_cors_headers_fail_if_preflight(request, response):
     return
 
   first_domain_label = re.search(r"[^.]*", request.url_parts.netloc).group(0)
diff --git a/fledge/tentative/resources/trusted-bidding-signals.py b/fledge/tentative/resources/trusted-bidding-signals.py
@@ -20,10 +20,12 @@ def main(request, response):
     for param in request.url_parts.query.split("&"):
         pair = param.split("=", 1)
         if len(pair) != 2:
-            return fail(response, "Bad query parameter: " + param)
+            fail(response, "Bad query parameter: " + param)
+            return
         # Browsers should escape query params consistently.
         if "%20" in pair[1]:
-            return fail(response, "Query parameter should escape using '+': " + param)
+            fail(response, "Query parameter should escape using '+': " + param)
+            return
 
         # Hostname can't be empty. The empty string can be a key or interest group name, though.
         if pair[0] == "hostname" and hostname == None and len(pair[1]) > 0:
@@ -37,20 +39,22 @@ def main(request, response):
             continue
         if pair[0] == "slotSize" or pair[0] == "allSlotsRequestedSizes":
             continue
-        return fail(response, "Unexpected query parameter: " + param)
+        fail(response, "Unexpected query parameter: " + param)
+        return
 
     # If trusted signal keys are passed in, and one of them is "cors",
-    # add appropriate Access-Control-* headers to normal requests, and handle
-    # CORS preflights.
-    if keys and "cors" in keys and fledge_http_server_util.handle_cors_headers_and_preflight(
+    # add appropriate Access-Control-* headers to normal requests.
+    if keys and "cors" in keys and fledge_http_server_util.handle_cors_headers_fail_if_preflight(
             request, response):
         return
 
     # "interestGroupNames" and "hostname" are mandatory.
     if not hostname:
-        return fail(response, "hostname missing")
+        fail(response, "hostname missing")
+        return
     if not interestGroupNames:
-        return fail(response, "interestGroupNames missing")
+        fail(response, "interestGroupNames missing")
+        return
 
     response.status = (200, b"OK")
 
@@ -153,8 +157,3 @@ def main(request, response):
     if body != None:
         return body
     return json.dumps(responseBody)
-
-def fail(response, body):
-    response.status = (400, "Bad Request")
-    response.headers.set(b"Content-Type", b"text/plain")
-    return body
diff --git a/fledge/tentative/resources/trusted-scoring-signals.py b/fledge/tentative/resources/trusted-scoring-signals.py
@@ -13,7 +13,8 @@ def main(request, response):
     try:
         params = fledge_http_server_util.decode_trusted_scoring_signals_params(request)
     except ValueError as ve:
-        return fail(response, str(ve))
+        fail(response, str(ve))
+        return
 
     response.status = (200, b"OK")
 
@@ -36,7 +37,8 @@ def main(request, response):
             try:
                 signalsParams = fledge_http_server_util.decode_render_url_signals_params(renderUrl)
             except ValueError as ve:
-                return fail(response, str(ve))
+                fail(response, str(ve))
+                return
 
             for signalsParam in signalsParams:
                 if signalsParam == "close-connection":
@@ -92,8 +94,8 @@ def main(request, response):
                 responseBody[urlList["type"]][renderUrl] = value
 
     # If the signalsParam embedded inside a render URL calls for CORS, add
-    # appropriate response headers, and fully handle preflights.
-    if cors and fledge_http_server_util.handle_cors_headers_and_preflight(
+    # appropriate response headers.
+    if cors and fledge_http_server_util.handle_cors_headers_fail_if_preflight(
             request, response):
         return
 
@@ -107,8 +109,3 @@ def main(request, response):
     if body != None:
         return body
     return json.dumps(responseBody)
-
-def fail(response, body):
-    response.status = (400, "Bad Request")
-    response.headers.set(b"Content-Type", b"text/plain")
-    return body
