mirror of
https://github.com/mozilla/gecko-dev.git
synced 2024-10-21 17:25:36 +00:00
cbb5758ad0
Automatic update from web-platform-tests Fix allow/sandbox attribute timing issue on browser side The issue of allow/sandbox attribute timing originates from bug crbug.com/972089. The initial fix to that bug only deals with feature policy replication problem on renderer side. This CL adds a wpt test that targets a feature(camera) that is tested on browser side. A test on similar issue with sandbox attribute is added as well but as tentative. On browser-side: Frame policy value is captured at RenderFrameHostImpl::BeginNavigation, and travel through the whole navigation process in NavigationRequest::commit_params. Finally it will reach NavigatorImpl::DidNavigate which is called by RenderFrameHostImpl::DidCommitNavigationInternal. NavigatorImpl will then use the value captured from the beginning of navigation in commit_params to set the active frame policy instead of using currently pending frame policy, which could be further modified by the time the navigation commits. This CL also gets rid of separate handling of remote frame container policy in document.cc by capturing pending frame policy at NavigationControllerImpl:: CreateNavigationRequestFromLoadParams. Quick Example: 1. we start on frames A(B), where A applies frame_policy P1 to B. 2. A changes policy to P2. 3. B starts navigation to C. 4. A changes policy to P3. 5. Navigation to C commits. 6. C navigates to D and commits. Previously, we would have committed with policy P3 in both steps 5 and 6. Now, we'll commit with P2 in step 5, and P3 in step 6. Bug: 1012786, 972089, 1026627 Change-Id: Ib944ee204ca82e1ede6052ca58187fe97f0aab00 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1852905 Reviewed-by: Daniel Cheng <dcheng@chromium.org> Reviewed-by: Alex Moshchuk <alexmos@chromium.org> Reviewed-by: Ian Clelland <iclelland@chromium.org> Commit-Queue: Charlie Hu <chenleihu@google.com> Cr-Commit-Position: refs/heads/master@{#722486} -- wpt-commits: 1e107f02690374251a203d4467681393181a3ef9 wpt-pr: 19994
70 lines
2.9 KiB
HTML
70 lines
2.9 KiB
HTML
<!doctype html>
|
|
<html>
|
|
<header>
|
|
<title>allow/sandbox attr changed after document creation, before response</title>
|
|
<script src=/resources/testharness.js></script>
|
|
<script src=/resources/testharnessreport.js></script>
|
|
<script>
|
|
let lastCallbackId = 0;
|
|
const callbacks = {};
|
|
|
|
function postMessageToFrame(frame, cb) {
|
|
var id = ++lastCallbackId;
|
|
callbacks[id] = cb;
|
|
frame.contentWindow.postMessage({id:id}, '*');
|
|
step_timeout(() => {
|
|
if (id in callbacks) {
|
|
callbacks[id]('timeout');
|
|
delete callbacks[id];
|
|
}
|
|
}, 1000);
|
|
}
|
|
|
|
window.onmessage = function(e) {
|
|
const message = e.data;
|
|
const id = message['id'];
|
|
const callback = callbacks[id];
|
|
delete callbacks[id];
|
|
callback(message.result);
|
|
};
|
|
// @param {string} url
|
|
// @param {Function} iframe_pre_nav_callback - a callback with signature (iframe) => () which gets
|
|
// triggered before setting src attribute.
|
|
// @param {Function} iframe_post_nav_callback - a callback with signature (iframe) => () which gets
|
|
// triggered after setting src attribute but before commit
|
|
// of navigation.
|
|
// @param {Function} result_handler - a callback that handles the result posted back from iframe.
|
|
// @param {string} test_name
|
|
function timing_test(url,
|
|
iframe_pre_nav_callback,
|
|
iframe_post_nav_callback,
|
|
result_handler, test_name) {
|
|
async_test((t) => {
|
|
const iframe = document.createElement('iframe');
|
|
document.body.appendChild(iframe);
|
|
iframe_pre_nav_callback(iframe);
|
|
iframe.src = url;
|
|
iframe_post_nav_callback(iframe);
|
|
iframe.onload = t.step_func(() => {
|
|
postMessageToFrame(iframe, t.step_func_done(result_handler));
|
|
});
|
|
}, test_name);
|
|
}
|
|
|
|
const path = location.pathname.substring(0, location.pathname.lastIndexOf('/') + 1);
|
|
const same_origin = path;
|
|
const cross_origin = "https://{{domains[www1]}}:{{ports[https][0]}}" + path;
|
|
|
|
const cameraUrl = 'feature-policy-frame-policy-timing-iframe-camera.https.sub.html';
|
|
function disallowCamera(iframe) { iframe.allow = "camera 'none'"; }
|
|
function allowCamera(iframe) { iframe.allow = 'camera *'; }
|
|
function verifyCamera(result) { assert_equals(result, 'NotAllowedError'); }
|
|
timing_test(same_origin + cameraUrl, disallowCamera, allowCamera, verifyCamera, 'allow attr timing test same origin');
|
|
timing_test(cross_origin + cameraUrl, disallowCamera, allowCamera, verifyCamera, 'allow attr timing test diff origin');
|
|
</script>
|
|
</header>
|
|
<body>
|
|
<div id="log"></div>
|
|
</body>
|
|
</html>
|