Closed Bug 1742174 Opened 2 months ago Closed 2 months ago

[wpt-sync] Sync PR 31690 - Add WPT tests for SameSite cookies in ServiceWorkers with nested frames.

Categories

(Core :: DOM: Service Workers, task, P4)

task

Tracking

()

RESOLVED FIXED
96 Branch
Tracking Status
firefox96 --- fixed

People

(Reporter: mozilla.org, Unassigned)

References

()

Details

(Whiteboard: [wptsync downstream])

Sync web-platform-tests PR 31690 into mozilla-central (this bug is closed when the sync is complete).

PR: https://github.com/web-platform-tests/wpt/pull/31690
Details from upstream follow.

Ben Kelly <wanderview@chromium.org> wrote:

Add WPT tests for SameSite cookies in ServiceWorkers with nested frames.

This CL adds a number of new cases to the service worker SameSite
cookies test. The cases break down into two general types:

  1. Cases where A1 frames B frames A2, and then A2 calls window.open()
    to an A origin URL.
  2. Cases where A1 frames B frames A2, and then A2 sets the location
    to an A origin URL.

For (1) we expect SameSite strict cookies to be sent because
window.open() creates a top-level context that will have a populated
site-for-cookies and the initiator is same-origin (regardless of the
cross-site ancestor chain).

For (2) we expect only SameSite=None cookies to be sent. This is
because setting the location results in a navigation to an A1->B->A3
nested frame with an empty site-for-cookies.

We currently fail the passthrough and change-request cases for (2).
We plan to fix this as part of storage partitioning with an ancestor
chain bit in the StorageKey. See:

https://github.com/privacycg/storage-partitioning/issues/25

This CL also includes some minor cleanup of the WPT test and associated
resources.

Bug: 1115847
Change-Id: I9002e60a271ae95d1d702068d44b30bd0e33b5dc

Reviewed-on: https://chromium-review.googlesource.com/3277058
WPT-Export-Revision: eae6ef3cc387ae142df6938793c0cce12984aeae

Component: web-platform-tests → DOM: Service Workers
Product: Testing → Core
Status: NEW → RESOLVED
Closed: 2 months ago
Resolution: --- → INVALID
Status: RESOLVED → REOPENED
Resolution: INVALID → ---

CI Results

Ran 11 Firefox configurations based on mozilla-central, and Firefox, Chrome, and Safari on GitHub CI

Total 2 tests and 66 subtests

Status Summary

Firefox

OK : 1
PASS : 57
FAIL : 29
TIMEOUT: 2
NOTRUN : 62

Chrome

OK : 2
PASS : 123
FAIL : 26

Safari

OK : 2
PASS : 71
FAIL : 78

Links

Gecko CI (Treeherder)
GitHub PR Head
GitHub PR Base

Details

Firefox-only Failures

/service-workers/service-worker/navigation-headers.https.html
POST Navigation, same-site with passthrough service worker sets correct origin and referer headers.: FAIL
POST Navigation, cross-site with passthrough service worker sets correct origin and referer headers.: FAIL
POST Navigation, same-origin with same-site redirect and no service worker sets correct origin and referer headers.: FAIL
POST Navigation, same-origin with same-site redirect and fallback service worker sets correct origin and referer headers.: FAIL
POST Navigation, same-origin with cross-site redirect and no service worker sets correct origin and referer headers.: FAIL
POST Navigation, same-origin with cross-site redirect and fallback service worker sets correct origin and referer headers.: FAIL
POST Navigation, same-origin with cross-site redirect, same-origin redirect, and no service worker sets correct origin and referer headers.: FAIL
POST Navigation, same-origin with cross-site redirect, same-origin redirect, and fallback service worker sets correct origin and referer headers.: FAIL
/service-workers/service-worker/same-site-cookies.https.html: TIMEOUT
same-origin, window.open with passthrough: TIMEOUT
same-origin, window.open with change-request: NOTRUN
same-site, window.open with no service worker: NOTRUN
same-site, window.open with fallback: NOTRUN
same-site, window.open with passthrough: NOTRUN
same-site, window.open with change-request: NOTRUN
cross-site, window.open with no service worker: NOTRUN
cross-site, window.open with fallback: NOTRUN
same-origin, window.open with no service worker and same-site redirect: NOTRUN
same-origin, window.open with fallback and same-site redirect: NOTRUN
same-origin, window.open with passthrough and same-site redirect: NOTRUN
same-origin, window.open with change-request and same-site redirect: NOTRUN
same-origin, window.open with no service worker and cross-site redirect: NOTRUN
same-origin, window.open with no service worker, cross-site redirect, and same-origin redirect: NOTRUN
same-origin, nested window.open with cross-site middle frame and no service worker: NOTRUN
same-origin, nested window.open with cross-site middle frame and fallback service worker: NOTRUN
same-origin, nested window.open with cross-site middle frame and passthrough service worker: NOTRUN
same-origin, nested window.open with cross-site middle frame and change-request service worker: NOTRUN
same-origin, form post with no service worker: NOTRUN
same-origin, form post with fallback: NOTRUN
same-origin, form post with passthrough: NOTRUN
same-origin, form post with change-request: NOTRUN
same-site, form post with no service worker: NOTRUN
same-site, form post with fallback: NOTRUN
same-site, form post with passthrough: NOTRUN
same-site, form post with change-request: NOTRUN
same-origin, form post with no service worker and same-site redirect: NOTRUN
same-origin, form post with fallback and same-site redirect: NOTRUN
same-origin, form post with passthrough and same-site redirect: NOTRUN
same-origin, form post with change-request and same-site redirect: NOTRUN
Cleanup service workers: NOTRUN

New Tests That Don't Pass

/service-workers/service-worker/navigation-headers.https.html
GET Navigation, same-origin with navpreload service worker sets correct origin and referer headers.: FAIL (Chrome: PASS, Safari: FAIL)
POST Navigation, same-site with passthrough service worker sets correct origin and referer headers.: FAIL (Chrome: PASS, Safari: PASS)
GET Navigation, same-site with navpreload service worker sets correct origin and referer headers.: FAIL (Chrome: PASS, Safari: FAIL)
POST Navigation, cross-site with passthrough service worker sets correct origin and referer headers.: FAIL (Chrome: PASS, Safari: PASS)
GET Navigation, cross-site with navpreload service worker sets correct origin and referer headers.: FAIL (Chrome: PASS, Safari: FAIL)
POST Navigation, same-origin with same-site redirect and no service worker sets correct origin and referer headers.: FAIL (Chrome: PASS, Safari: PASS)
POST Navigation, same-origin with same-site redirect and passthrough service worker sets correct origin and referer headers.: FAIL (Chrome: PASS, Safari: FAIL)
POST Navigation, same-origin with same-site redirect and fallback service worker sets correct origin and referer headers.: FAIL (Chrome: PASS, Safari: PASS)
POST Navigation, same-origin with cross-site redirect and no service worker sets correct origin and referer headers.: FAIL (Chrome: PASS, Safari: PASS)
POST Navigation, same-origin with cross-site redirect and passthrough service worker sets correct origin and referer headers.: FAIL (Chrome: PASS, Safari: FAIL)
POST Navigation, same-origin with cross-site redirect and fallback service worker sets correct origin and referer headers.: FAIL (Chrome: PASS, Safari: PASS)
POST Navigation, same-origin with cross-site redirect, same-origin redirect, and no service worker sets correct origin and referer headers.: FAIL (Chrome: PASS, Safari: PASS)
POST Navigation, same-origin with cross-site redirect, same-origin redirect, and passthrough service worker sets correct origin and referer headers.: FAIL (Chrome: PASS, Safari: FAIL)
POST Navigation, same-origin with cross-site redirect, same-origin redirect, and fallback service worker sets correct origin and referer headers.: FAIL (Chrome: PASS, Safari: PASS)
GET Navigation, same-origin with passthrough service worker sets correct sec-fetch headers.: FAIL (Chrome: PASS, Safari: FAIL)
POST Navigation, same-origin with passthrough service worker sets correct sec-fetch headers.: FAIL (Chrome: PASS, Safari: FAIL)
GET Navigation, same-origin with navpreload service worker sets correct sec-fetch headers.: FAIL (Chrome: PASS, Safari: FAIL)
GET Navigation, same-site with passthrough service worker sets correct sec-fetch headers.: FAIL (Chrome: PASS, Safari: FAIL)
POST Navigation, same-site with passthrough service worker sets correct sec-fetch headers.: FAIL (Chrome: PASS, Safari: FAIL)
GET Navigation, same-site with navpreload service worker sets correct sec-fetch headers.: FAIL (Chrome: PASS, Safari: FAIL)
GET Navigation, cross-site with passthrough service worker sets correct sec-fetch headers.: FAIL (Chrome: PASS, Safari: FAIL)
POST Navigation, cross-site with passthrough service worker sets correct sec-fetch headers.: FAIL (Chrome: PASS, Safari: FAIL)
GET Navigation, cross-site with navpreload service worker sets correct sec-fetch headers.: FAIL (Chrome: PASS, Safari: FAIL)
GET Navigation, same-origin with same-site redirect and passthrough service worker sets correct sec-fetch headers.: FAIL (Chrome: FAIL, Safari: FAIL)
GET Navigation, same-origin with same-site redirect and navpreload service worker sets correct sec-fetch headers.: FAIL (Chrome: FAIL, Safari: FAIL)
GET Navigation, same-origin with cross-site redirect and passthrough service worker sets correct sec-fetch headers.: FAIL (Chrome: FAIL, Safari: FAIL)
GET Navigation, same-origin with cross-site redirect and navpreload service worker sets correct sec-fetch headers.: FAIL (Chrome: FAIL, Safari: FAIL)
GET Navigation, same-origin with cross-site redirect, same-origin redirect, and passthrough service worker sets correct sec-fetch headers.: FAIL (Chrome: FAIL, Safari: FAIL)
GET Navigation, same-origin with cross-site redirect, same-origin redirect, and navpreload service worker sets correct sec-fetch headers.: FAIL (Chrome: FAIL, Safari: FAIL)
/service-workers/service-worker/same-site-cookies.https.html: TIMEOUT (Chrome: OK, Safari: OK)
same-origin, window.open with passthrough: TIMEOUT (Chrome: PASS, Safari: PASS)
same-origin, window.open with change-request: NOTRUN (Chrome: PASS, Safari: PASS)
same-origin, window.open with navpreload: NOTRUN (Chrome: PASS, Safari: FAIL)
same-site, window.open with no service worker: NOTRUN (Chrome: PASS, Safari: PASS)
same-site, window.open with fallback: NOTRUN (Chrome: PASS, Safari: PASS)
same-site, window.open with passthrough: NOTRUN (Chrome: PASS, Safari: PASS)
same-site, window.open with change-request: NOTRUN (Chrome: PASS, Safari: PASS)
same-site, window.open with navpreload: NOTRUN (Chrome: PASS, Safari: FAIL)
cross-site, window.open with no service worker: NOTRUN (Chrome: PASS, Safari: PASS)
cross-site, window.open with fallback: NOTRUN (Chrome: PASS, Safari: PASS)
cross-site, window.open with passthrough: NOTRUN (Chrome: PASS, Safari: FAIL)
cross-site, window.open with change-request: NOTRUN (Chrome: PASS, Safari: FAIL)
cross-site, window.open with navpreload: NOTRUN (Chrome: PASS, Safari: FAIL)
same-origin, window.open with no service worker and same-site redirect: NOTRUN (Chrome: PASS, Safari: PASS)
same-origin, window.open with fallback and same-site redirect: NOTRUN (Chrome: PASS, Safari: PASS)
same-origin, window.open with passthrough and same-site redirect: NOTRUN (Chrome: PASS, Safari: PASS)
same-origin, window.open with change-request and same-site redirect: NOTRUN (Chrome: PASS, Safari: PASS)
same-origin, window.open with navpreload and same-site redirect: NOTRUN (Chrome: PASS, Safari: FAIL)
same-origin, window.open with no service worker and cross-site redirect: NOTRUN (Chrome: PASS, Safari: PASS)
same-origin, window.open with fallback and cross-site redirect: NOTRUN (Chrome: FAIL, Safari: PASS)
same-origin, window.open with passthrough and cross-site redirect: NOTRUN (Chrome: FAIL, Safari: FAIL)
same-origin, window.open with change-request and cross-site redirect: NOTRUN (Chrome: PASS, Safari: FAIL)
same-origin, window.open with navpreload and cross-site redirect: NOTRUN (Chrome: FAIL, Safari: FAIL)
same-origin, window.open with no service worker, cross-site redirect, and same-origin redirect: NOTRUN (Chrome: PASS, Safari: PASS)
same-origin, window.open with fallback, cross-site redirect, and same-origin redirect: NOTRUN (Chrome: FAIL, Safari: PASS)
same-origin, window.open with passthrough, cross-site redirect, and same-origin redirect: NOTRUN (Chrome: FAIL, Safari: FAIL)
same-origin, window.open with change-request, cross-site redirect, and same-origin redirect: NOTRUN (Chrome: PASS, Safari: FAIL)
same-origin, window.open with navpreload, cross-site redirect, and same-origin redirect: NOTRUN (Chrome: FAIL, Safari: FAIL)
same-origin, nested window.open with cross-site middle frame and no service worker: NOTRUN (Chrome: PASS, Safari: PASS)
same-origin, nested window.open with cross-site middle frame and fallback service worker: NOTRUN (Chrome: PASS, Safari: PASS)
same-origin, nested window.open with cross-site middle frame and passthrough service worker: NOTRUN (Chrome: PASS, Safari: PASS)
same-origin, nested window.open with cross-site middle frame and change-request service worker: NOTRUN (Chrome: PASS, Safari: PASS)
same-origin, nested window.open with cross-site middle frame and navpreload service worker: NOTRUN (Chrome: PASS, Safari: FAIL)
same-origin, nested set location with cross-site middle frame and no service worker: NOTRUN (Chrome: PASS, Safari: FAIL)
same-origin, nested set location with cross-site middle frame and fallback service worker: NOTRUN (Chrome: PASS, Safari: FAIL)
same-origin, nested set location with cross-site middle frame and passthrough service worker: NOTRUN (Chrome: FAIL, Safari: FAIL)
same-origin, nested set location with cross-site middle frame and change-request service worker: NOTRUN (Chrome: FAIL, Safari: FAIL)
same-origin, nested set location with cross-site middle frame and navpreload service worker: NOTRUN (Chrome: PASS, Safari: FAIL)
same-origin, form post with no service worker: NOTRUN (Chrome: PASS, Safari: PASS)
same-origin, form post with fallback: NOTRUN (Chrome: PASS, Safari: PASS)
same-origin, form post with passthrough: NOTRUN (Chrome: PASS, Safari: PASS)
same-origin, form post with change-request: NOTRUN (Chrome: PASS, Safari: PASS)
same-site, form post with no service worker: NOTRUN (Chrome: PASS, Safari: PASS)
same-site, form post with fallback: NOTRUN (Chrome: PASS, Safari: PASS)
same-site, form post with passthrough: NOTRUN (Chrome: PASS, Safari: PASS)
same-site, form post with change-request: NOTRUN (Chrome: PASS, Safari: PASS)
cross-site, form post with no service worker: NOTRUN (Chrome: FAIL, Safari: FAIL)
cross-site, form post with fallback: NOTRUN (Chrome: FAIL, Safari: FAIL)
cross-site, form post with passthrough: NOTRUN (Chrome: FAIL, Safari: FAIL)
cross-site, form post with change-request: NOTRUN (Chrome: PASS, Safari: FAIL)
same-origin, form post with no service worker and same-site redirect: NOTRUN (Chrome: PASS, Safari: PASS)
same-origin, form post with fallback and same-site redirect: NOTRUN (Chrome: PASS, Safari: PASS)
same-origin, form post with passthrough and same-site redirect: NOTRUN (Chrome: PASS, Safari: PASS)
same-origin, form post with change-request and same-site redirect: NOTRUN (Chrome: PASS, Safari: PASS)
same-origin, form post with no service worker and cross-site redirect: NOTRUN (Chrome: FAIL, Safari: FAIL)
same-origin, form post with fallback and cross-site redirect: NOTRUN (Chrome: FAIL, Safari: FAIL)
same-origin, form post with passthrough and cross-site redirect: NOTRUN (Chrome: FAIL, Safari: FAIL)
same-origin, form post with change-request and cross-site redirect: NOTRUN (Chrome: PASS, Safari: FAIL)
same-origin, form post with no service worker, cross-site redirect, and same-origin redirect: NOTRUN (Chrome: FAIL, Safari: FAIL)
same-origin, form post with fallback, cross-site redirect, and same-origin redirect: NOTRUN (Chrome: FAIL, Safari: FAIL)
same-origin, form post with passthrough, cross-site redirect, and same-origin redirect: NOTRUN (Chrome: FAIL, Safari: FAIL)
same-origin, form post with change-request, cross-site redirect, and same-origin redirect: NOTRUN (Chrome: PASS, Safari: FAIL)
Cleanup service workers: NOTRUN (Chrome: PASS, Safari: PASS)

Pushed by wptsync@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/4b19001d4029
[wpt PR 31690] - Add WPT tests for SameSite cookies in ServiceWorkers with nested frames., a=testonly
https://hg.mozilla.org/integration/autoland/rev/10ba5d013eb2
[wpt PR 31690] - Update wpt metadata, a=testonly
Status: REOPENED → RESOLVED
Closed: 2 months ago2 months ago
Resolution: --- → FIXED
Target Milestone: --- → 96 Branch
You need to log in before you can comment on or make changes to this bug.