Add ability to block same-origin access via document-access feature p…

…olicy Intent to Implement: https://groups.google.com/a/chromium.org/d/msg/blink-dev/Cibo-GNPs7Y/RznlX7WKDAAJ Spec: whatwg/html#4606 BUG=961448 Change-Id: I3c2ff129a71a8ccb5a0015661770adc7ff22d14b
web-platform-tests · Aug 1, 2019 · d156e25 · d156e25
1 parent 89f8327
commit d156e25
Show file tree

Hide file tree

Showing 4 changed files with 113 additions and 0 deletions.
diff --git a/feature-policy/resources/featurepolicy.js b/feature-policy/resources/featurepolicy.js
@@ -253,6 +253,65 @@ function run_all_fp_tests_allow_all(
           '" can be disabled in cross-origin iframes using "allow" attribute.');
 }
 
+// This function runs all feature policy tests for a particular feature that
+// has a default policy of "*". This includes testing:
+// 1. Feature usage succeeds by default in the top level frame.
+// 2. Feature usage succeeds by default in a same-origin iframe.
+// 3. Feature usage fails when an allow attribute is specified on a
+//    same-origin iframe with a value of "feature-name 'none'".
+//
+// The same page which called this function will be loaded in the iframe in
+// order to test feature usage there. When this function is called in that
+// context it will simply run the feature and return a result back via
+// postMessage.
+//
+// Arguments:
+//     feature_name: The name of the feature as it should be specified in an
+//         allow attribute.
+//     error_name: If feature usage does not succeed, this is the string
+//         representation of the error that will be passed in the rejected
+//         promise.
+//     feature_promise_factory: A function which returns a promise which tests
+//         feature usage. If usage succeeds, the promise should resolve. If it
+//         fails, the promise should reject with an error that can be
+//         represented as a string.
+function run_all_fp_tests_allow_all_same_origin(
+    feature_name, error_name, feature_promise_factory) {
+  // This may be the version of the page loaded up in an iframe. If so, just
+  // post the result of running the feature promise back to the parent.
+  if (page_loaded_in_iframe()) {
+    test_feature_in_iframe(feature_name, feature_promise_factory);
+    return;
+  }
+
+  // Run the various tests.
+  // 1. Allowed in top-level frame.
+  promise_test(
+      () => feature_promise_factory(),
+      'Default "' + feature_name +
+          '" feature policy ["*"] allows the top-level document.');
+
+  // 2. Allowed in same-origin iframe.
+  const same_origin_frame_pathname = same_origin_url(feature_name);
+  async_test(
+      t => {
+        test_feature_availability_with_post_message_result(
+            t, same_origin_frame_pathname, '#OK');
+      },
+      'Default "' + feature_name +
+          '" feature policy ["*"] allows same-origin iframes.');
+
+  // 3. Blocked in same-origin iframe with "allow" attribute set to 'none'.
+  async_test(
+      t => {
+        test_feature_availability_with_post_message_result(
+            t, same_origin_frame_pathname, '#' + error_name,
+            feature_name + " 'none'");
+      },
+      'Feature policy "' + feature_name +
+          '" can be disabled in same-origin iframes using "allow" attribute.');
+}
+
 // This function tests that a given policy allows each feature for the correct
 // list of origins specified by the |expected_policy|.
 // Arguments:

diff --git a/html/browsers/windows/document-access/document_access_feature_policy.tentative.html b/html/browsers/windows/document-access/document_access_feature_policy.tentative.html
@@ -0,0 +1,23 @@
+<!DOCTYPE html>
+<body>
+  <script src=/resources/testharness.js></script>
+  <script src=/resources/testharnessreport.js></script>
+  <script src=/feature-policy/resources/featurepolicy.js></script>
+  <script>
+  run_all_fp_tests_allow_all_same_origin(
+      'document-access',
+      'SecurityError',
+      () => {
+        return new Promise((resolve, reject) => {
+          try {
+            // attempt to access something in your parent that would
+            // be same-origin access only.
+            parent.location.href;
+            resolve();
+          } catch(e) {
+            reject(e);
+          }
+       });
+      });
+  </script>
+</body>
diff --git a/html/browsers/windows/document-access/document_access_parent_access.tentative.html b/html/browsers/windows/document-access/document_access_parent_access.tentative.html
@@ -0,0 +1,25 @@
+<!DOCTYPE html>
+<body>
+  <script src=/resources/testharness.js></script>
+  <script src=/resources/testharnessreport.js></script>
+  <iframe allow="document-access 'none'" src="resources/child.html"></iframe>
+  <script>
+    async_test(function (t) {
+      // Ensure post message works correctly.
+      window.onmessage = t.step_func((e) => {
+        if (e.data == 'load') {
+          frames[0].postMessage('ping');
+        } else if (e.data == 'pong') {
+          t.done();
+        }
+      });
+      try {
+        // Test that the parent is not allowed to access the child either.
+        frames[0].alert;
+        assert_unreachable('Security Error should have been thrown');
+      } catch(e) {
+        assert_equals(e.name, 'SecurityError', 'Security Error thrown');
+      }
+    });
+  </script>
+</body>
diff --git a/html/browsers/windows/document-access/resources/child.html b/html/browsers/windows/document-access/resources/child.html
@@ -0,0 +1,6 @@
+<script>
+  parent.postMessage('load');
+  window.onmessage = (e) => {
+    parent.postMessage('pong');
+  };
+</script>