Closed Bug 1636952 Opened 5 years ago Closed 5 years ago

[wpt-sync] Sync PR 23506 - [Security][Coop] Use COOP only if this is top level

Categories

(Core :: DOM: Core & HTML, task, P4)

task

Tracking

()

RESOLVED FIXED
mozilla78
Tracking Status
firefox78 --- fixed

People

(Reporter: wpt-sync, Unassigned)

References

()

Details

(Whiteboard: [wptsync downstream])

Sync web-platform-tests PR 23506 into mozilla-central (this bug is closed when the sync is complete).

PR: https://github.com/web-platform-tests/wpt/pull/23506
Details from upstream follow.

Pâris Meuleman <pmeuleman@chromium.org> wrote:

[Security][Coop] Use COOP only if this is top level

COOP is used only in top level document, and COOP headers from iframes
are ignored. This led to an issue in the linked bug, where COOP prevents
a sandboxed iframe to load.

The spec change corresponding to this is under review here:
https://whatpr.org/html/5334/browsing-the-web.html

with this relevant extract:

Let navigationCOOP be "unsafe-none".

If browsingContext is a top-level browsing context, then:

Set navigationCOOP to the result of obtaining a cross-origin opener
policy given response and reservedEnvironment.

If sandboxFlags is not empty and navigationCOOP is not "unsafe-none",
then display the inline content with an appropriate error shown to the
user, with the newly created Document object's origin set to a new
opaque origin, run the environment discarding steps for
reservedEnvironment, and return.

Bug: 1081169
Change-Id: I2c0b59c84ca52f63436a2312529a4bb0351fff30
Reviewed-on: https://chromium-review.googlesource.com/2193771
WPT-Export-Revision: 5fb26cfd84e6bce455b10ba42bb00c23e690aef9

Component: web-platform-tests → DOM: Core & HTML
Product: Testing → Core

CI Results

Ran 12 Firefox configurations based on mozilla-central, and Firefox, Chrome, and Safari on GitHub CI

Total 72 tests

Status Summary

Firefox

OK : 1
PASS: 2[GitHub] 71[Gecko-android-em-7.0-x86_64-debug-geckoview, Gecko-android-em-7.0-x86_64-opt-geckoview] 73[Gecko-linux1804-64-debug, Gecko-linux1804-64-opt, Gecko-linux1804-64-qr-debug, Gecko-linux1804-64-qr-opt, Gecko-windows10-64-debug, Gecko-windows10-64-opt, Gecko-windows10-64-qr-debug, Gecko-windows10-64-qr-opt, Gecko-windows7-32-debug, Gecko-windows7-32-opt]
FAIL: 1

Chrome

OK : 1
PASS: 2
FAIL: 1

Safari

OK : 1
FAIL: 3

Links

Gecko CI (Treeherder)
GitHub PR Head
GitHub PR Base

Details

New Tests That Don't Pass

/html/cross-origin-opener-policy/coop-sandbox.https.html: OK [Gecko-linux1804-64-debug, Gecko-linux1804-64-opt, Gecko-linux1804-64-qr-debug, Gecko-linux1804-64-qr-opt, Gecko-windows10-64-debug, Gecko-windows10-64-opt, Gecko-windows10-64-qr-debug, Gecko-windows10-64-qr-opt, Gecko-windows7-32-debug, Gecko-windows7-32-opt, GitHub], SKIP [Gecko-android-em-7.0-x86_64-debug-geckoview, Gecko-android-em-7.0-x86_64-opt-geckoview] (Chrome: OK, Safari: OK)
<iframe sandbox="allow-popups allow-scripts"> Sandboxed Cross-Origin-Opener-Policy popup should result in a network error: FAIL (Chrome: PASS, Safari: FAIL)

Tests Disabled in Gecko Infrastructure

/html/cross-origin-opener-policy/coop-sandbox.https.html: OK [Gecko-linux1804-64-debug, Gecko-linux1804-64-opt, Gecko-linux1804-64-qr-debug, Gecko-linux1804-64-qr-opt, Gecko-windows10-64-debug, Gecko-windows10-64-opt, Gecko-windows10-64-qr-debug, Gecko-windows10-64-qr-opt, Gecko-windows7-32-debug, Gecko-windows7-32-opt, GitHub], SKIP [Gecko-android-em-7.0-x86_64-debug-geckoview, Gecko-android-em-7.0-x86_64-opt-geckoview] (Chrome: OK, Safari: OK)

Pushed by wptsync@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/7e4449460eee [wpt PR 23506] - [Security][Coop] Use COOP only if this is top level, a=testonly
Pushed by wptsync@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/347d148c23a4 [wpt PR 23506] - [Security][Coop] Use COOP only if this is top level, a=testonly
Status: NEW → RESOLVED
Closed: 5 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla78
You need to log in before you can comment on or make changes to this bug.