Skip to content

Commit

Permalink
Test that cross-origin subframes can't set automatic beacon data
Browse files Browse the repository at this point in the history
Cross-origin subframes are allowed to send automatic beacons, but they
are not allowed to set the data that will be sent out. This CL adds a
WPT to confirm that behavior.

Change-Id: I490eb5aa7d2a75cc8f6372382d311acbb173ee6f
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5783504
Reviewed-by: Andrew Verge <averge@chromium.org>
Commit-Queue: Liam Brady <lbrady@google.com>
Cr-Commit-Position: refs/heads/main@{#1343773}
  • Loading branch information
Liam Brady authored and Westbrook committed Aug 21, 2024
1 parent 57d1ca5 commit 63fd4cb
Show file tree
Hide file tree
Showing 2 changed files with 52 additions and 0 deletions.
Original file line number Diff line number Diff line change
@@ -0,0 +1,51 @@
<!DOCTYPE html>
<title>Test window.fence.setReportEventDataForAutomaticBeacons</title>
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
<script src="/common/utils.js"></script>
<script src="/common/dispatcher/dispatcher.js"></script>
<script src="resources/utils.js"></script>
<script src="/resources/testdriver.js"></script>
<script src="/resources/testdriver-actions.js"></script>
<script src="/resources/testdriver-vendor.js"></script>
<script src="/common/get-host-info.sub.js"></script>
<script src="resources/automatic-beacon-helper.js"></script>

<body>
<script>
promise_test(async(t) => {
const fencedframe = await attachFencedFrameContext({
generator_api: 'fledge', register_beacon: true
});

const beacon = {
eventType: "reserved.top_navigation_start",
eventData: "This is the start data",
destination: ["buyer"],
crossOriginExposed: true
}

await fencedframe.execute(async (beacon) => {
const iframe = await attachIFrameContext({
origin: get_host_info().HTTPS_REMOTE_ORIGIN,
headers: [['Allow-Fenced-Frame-Automatic-Beacons', 'true']]
});
return setupAutomaticBeacon(iframe, [beacon],
"resources/close.html", NavigationTrigger.Click,
"_blank");
}, [beacon]);

await multiClick(10, 10, fencedframe.element)

// An automatic beacon should be sent, but no data should be attached to it,
// as it shouldn't have been able to be set from a cross-origin subframe.
await verifyBeaconData(beacon.eventType, "<No data>",
get_host_info().HTTPS_REMOTE_ORIGIN);

// Leaving this fenced frame around for subsequent tests can lead to
// flakiness.
document.body.removeChild(fencedframe.element);
}, 'A cross origin subframe cannot set automatic beacon data.');

</script>
</body>
1 change: 1 addition & 0 deletions fenced-frame/resources/remote-context-executor.https.html
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
<!DOCTYPE html>
<script src="/resources/testharness.js"></script>
<script src="utils.js"></script>
<script src="automatic-beacon-helper.js"></script>
<script src="/common/dispatcher/dispatcher.js"></script>
<script src="/common/get-host-info.sub.js"></script>
<script src="/common/utils.js"></script>
Expand Down

0 comments on commit 63fd4cb

Please sign in to comment.