Web Platform Test Sync Bot (Matrix: #interop:mozilla.org)

Assignee

Description

•

3 years ago

Sync web-platform-tests PR 31690 into mozilla-central (this bug is closed when the sync is complete).

PR: https://github.com/web-platform-tests/wpt/pull/31690
Details from upstream follow.

Ben Kelly <wanderview@chromium.org> wrote:

Add WPT tests for SameSite cookies in ServiceWorkers with nested frames.

This CL adds a number of new cases to the service worker SameSite
cookies test. The cases break down into two general types:

Cases where A1 frames B frames A2, and then A2 calls window.open()
to an A origin URL.

Cases where A1 frames B frames A2, and then A2 sets the location
to an A origin URL.

For (1) we expect SameSite strict cookies to be sent because
window.open() creates a top-level context that will have a populated
site-for-cookies and the initiator is same-origin (regardless of the
cross-site ancestor chain).

For (2) we expect only SameSite=None cookies to be sent. This is
because setting the location results in a navigation to an A1->B->A3
nested frame with an empty site-for-cookies.

We currently fail the passthrough and change-request cases for (2).
We plan to fix this as part of storage partitioning with an ancestor
chain bit in the StorageKey. See:

https://github.com/privacycg/storage-partitioning/issues/25

This CL also includes some minor cleanup of the WPT test and associated
resources.

Bug: 1115847
Change-Id: I9002e60a271ae95d1d702068d44b30bd0e33b5dc

Reviewed-on: https://chromium-review.googlesource.com/3277058
WPT-Export-Revision: eae6ef3cc387ae142df6938793c0cce12984aeae

Web Platform Test Sync Bot (Matrix: #interop:mozilla.org)

Assignee

Updated

•

3 years ago

Component: web-platform-tests → DOM: Service Workers

Product: Testing → Core

Web Platform Test Sync Bot (Matrix: #interop:mozilla.org)

Assignee

Updated

•

2 years ago

Status: NEW → RESOLVED

Closed: 2 years ago

Resolution: --- → INVALID

Web Platform Test Sync Bot (Matrix: #interop:mozilla.org)

Assignee

Updated

•

2 years ago

Status: RESOLVED → REOPENED

Resolution: INVALID → ---

Web Platform Test Sync Bot (Matrix: #interop:mozilla.org)

Assignee

Comment 1

•

2 years ago

Pushed to try (stability) https://treeherder.mozilla.org/#/jobs?repo=try&revision=9184c6d206947910a08552b636b6fbea8c6f1fb2

Web Platform Test Sync Bot (Matrix: #interop:mozilla.org)

Assignee

Comment 2

•

2 years ago

CI Results

Ran 11 Firefox configurations based on mozilla-central, and Firefox, Chrome, and Safari on GitHub CI

Total 2 tests and 66 subtests

Status Summary

Firefox

OK : 1
PASS : 57
FAIL : 29
TIMEOUT: 2
NOTRUN : 62

Chrome

OK : 2
PASS : 123
FAIL : 26

Safari

OK : 2
PASS : 71
FAIL : 78

Links

Gecko CI (Treeherder)
GitHub PR Head
GitHub PR Base

Details

Firefox-only Failures

/service-workers/service-worker/navigation-headers.https.html
POST Navigation, same-site with passthrough service worker sets correct origin and referer headers.: FAIL
POST Navigation, cross-site with passthrough service worker sets correct origin and referer headers.: FAIL
POST Navigation, same-origin with same-site redirect and no service worker sets correct origin and referer headers.: FAIL
POST Navigation, same-origin with same-site redirect and fallback service worker sets correct origin and referer headers.: FAIL
POST Navigation, same-origin with cross-site redirect and no service worker sets correct origin and referer headers.: FAIL
POST Navigation, same-origin with cross-site redirect and fallback service worker sets correct origin and referer headers.: FAIL
POST Navigation, same-origin with cross-site redirect, same-origin redirect, and no service worker sets correct origin and referer headers.: FAIL
POST Navigation, same-origin with cross-site redirect, same-origin redirect, and fallback service worker sets correct origin and referer headers.: FAIL
/service-workers/service-worker/same-site-cookies.https.html: TIMEOUT
same-origin, window.open with passthrough: TIMEOUT
same-origin, window.open with change-request: NOTRUN
same-site, window.open with no service worker: NOTRUN
same-site, window.open with fallback: NOTRUN
same-site, window.open with passthrough: NOTRUN
same-site, window.open with change-request: NOTRUN
cross-site, window.open with no service worker: NOTRUN
cross-site, window.open with fallback: NOTRUN
same-origin, window.open with no service worker and same-site redirect: NOTRUN
same-origin, window.open with fallback and same-site redirect: NOTRUN
same-origin, window.open with passthrough and same-site redirect: NOTRUN
same-origin, window.open with change-request and same-site redirect: NOTRUN
same-origin, window.open with no service worker and cross-site redirect: NOTRUN
same-origin, window.open with no service worker, cross-site redirect, and same-origin redirect: NOTRUN
same-origin, nested window.open with cross-site middle frame and no service worker: NOTRUN
same-origin, nested window.open with cross-site middle frame and fallback service worker: NOTRUN
same-origin, nested window.open with cross-site middle frame and passthrough service worker: NOTRUN
same-origin, nested window.open with cross-site middle frame and change-request service worker: NOTRUN
same-origin, form post with no service worker: NOTRUN
same-origin, form post with fallback: NOTRUN
same-origin, form post with passthrough: NOTRUN
same-origin, form post with change-request: NOTRUN
same-site, form post with no service worker: NOTRUN
same-site, form post with fallback: NOTRUN
same-site, form post with passthrough: NOTRUN
same-site, form post with change-request: NOTRUN
same-origin, form post with no service worker and same-site redirect: NOTRUN
same-origin, form post with fallback and same-site redirect: NOTRUN
same-origin, form post with passthrough and same-site redirect: NOTRUN
same-origin, form post with change-request and same-site redirect: NOTRUN
Cleanup service workers: NOTRUN

New Tests That Don't Pass

/service-workers/service-worker/navigation-headers.https.html
GET Navigation, same-origin with navpreload service worker sets correct origin and referer headers.: FAIL (Chrome: PASS, Safari: FAIL)
POST Navigation, same-site with passthrough service worker sets correct origin and referer headers.: FAIL (Chrome: PASS, Safari: PASS)
GET Navigation, same-site with navpreload service worker sets correct origin and referer headers.: FAIL (Chrome: PASS, Safari: FAIL)
POST Navigation, cross-site with passthrough service worker sets correct origin and referer headers.: FAIL (Chrome: PASS, Safari: PASS)
GET Navigation, cross-site with navpreload service worker sets correct origin and referer headers.: FAIL (Chrome: PASS, Safari: FAIL)
POST Navigation, same-origin with same-site redirect and no service worker sets correct origin and referer headers.: FAIL (Chrome: PASS, Safari: PASS)
POST Navigation, same-origin with same-site redirect and passthrough service worker sets correct origin and referer headers.: FAIL (Chrome: PASS, Safari: FAIL)
POST Navigation, same-origin with same-site redirect and fallback service worker sets correct origin and referer headers.: FAIL (Chrome: PASS, Safari: PASS)
POST Navigation, same-origin with cross-site redirect and no service worker sets correct origin and referer headers.: FAIL (Chrome: PASS, Safari: PASS)
POST Navigation, same-origin with cross-site redirect and passthrough service worker sets correct origin and referer headers.: FAIL (Chrome: PASS, Safari: FAIL)
POST Navigation, same-origin with cross-site redirect and fallback service worker sets correct origin and referer headers.: FAIL (Chrome: PASS, Safari: PASS)
POST Navigation, same-origin with cross-site redirect, same-origin redirect, and no service worker sets correct origin and referer headers.: FAIL (Chrome: PASS, Safari: PASS)
POST Navigation, same-origin with cross-site redirect, same-origin redirect, and passthrough service worker sets correct origin and referer headers.: FAIL (Chrome: PASS, Safari: FAIL)
POST Navigation, same-origin with cross-site redirect, same-origin redirect, and fallback service worker sets correct origin and referer headers.: FAIL (Chrome: PASS, Safari: PASS)
GET Navigation, same-origin with passthrough service worker sets correct sec-fetch headers.: FAIL (Chrome: PASS, Safari: FAIL)
POST Navigation, same-origin with passthrough service worker sets correct sec-fetch headers.: FAIL (Chrome: PASS, Safari: FAIL)
GET Navigation, same-origin with navpreload service worker sets correct sec-fetch headers.: FAIL (Chrome: PASS, Safari: FAIL)
GET Navigation, same-site with passthrough service worker sets correct sec-fetch headers.: FAIL (Chrome: PASS, Safari: FAIL)
POST Navigation, same-site with passthrough service worker sets correct sec-fetch headers.: FAIL (Chrome: PASS, Safari: FAIL)
GET Navigation, same-site with navpreload service worker sets correct sec-fetch headers.: FAIL (Chrome: PASS, Safari: FAIL)
GET Navigation, cross-site with passthrough service worker sets correct sec-fetch headers.: FAIL (Chrome: PASS, Safari: FAIL)
POST Navigation, cross-site with passthrough service worker sets correct sec-fetch headers.: FAIL (Chrome: PASS, Safari: FAIL)
GET Navigation, cross-site with navpreload service worker sets correct sec-fetch headers.: FAIL (Chrome: PASS, Safari: FAIL)
GET Navigation, same-origin with same-site redirect and passthrough service worker sets correct sec-fetch headers.: FAIL (Chrome: FAIL, Safari: FAIL)
GET Navigation, same-origin with same-site redirect and navpreload service worker sets correct sec-fetch headers.: FAIL (Chrome: FAIL, Safari: FAIL)
GET Navigation, same-origin with cross-site redirect and passthrough service worker sets correct sec-fetch headers.: FAIL (Chrome: FAIL, Safari: FAIL)
GET Navigation, same-origin with cross-site redirect and navpreload service worker sets correct sec-fetch headers.: FAIL (Chrome: FAIL, Safari: FAIL)
GET Navigation, same-origin with cross-site redirect, same-origin redirect, and passthrough service worker sets correct sec-fetch headers.: FAIL (Chrome: FAIL, Safari: FAIL)
GET Navigation, same-origin with cross-site redirect, same-origin redirect, and navpreload service worker sets correct sec-fetch headers.: FAIL (Chrome: FAIL, Safari: FAIL)
/service-workers/service-worker/same-site-cookies.https.html: TIMEOUT (Chrome: OK, Safari: OK)
same-origin, window.open with passthrough: TIMEOUT (Chrome: PASS, Safari: PASS)
same-origin, window.open with change-request: NOTRUN (Chrome: PASS, Safari: PASS)
same-origin, window.open with navpreload: NOTRUN (Chrome: PASS, Safari: FAIL)
same-site, window.open with no service worker: NOTRUN (Chrome: PASS, Safari: PASS)
same-site, window.open with fallback: NOTRUN (Chrome: PASS, Safari: PASS)
same-site, window.open with passthrough: NOTRUN (Chrome: PASS, Safari: PASS)
same-site, window.open with change-request: NOTRUN (Chrome: PASS, Safari: PASS)
same-site, window.open with navpreload: NOTRUN (Chrome: PASS, Safari: FAIL)
cross-site, window.open with no service worker: NOTRUN (Chrome: PASS, Safari: PASS)
cross-site, window.open with fallback: NOTRUN (Chrome: PASS, Safari: PASS)
cross-site, window.open with passthrough: NOTRUN (Chrome: PASS, Safari: FAIL)
cross-site, window.open with change-request: NOTRUN (Chrome: PASS, Safari: FAIL)
cross-site, window.open with navpreload: NOTRUN (Chrome: PASS, Safari: FAIL)
same-origin, window.open with no service worker and same-site redirect: NOTRUN (Chrome: PASS, Safari: PASS)
same-origin, window.open with fallback and same-site redirect: NOTRUN (Chrome: PASS, Safari: PASS)
same-origin, window.open with passthrough and same-site redirect: NOTRUN (Chrome: PASS, Safari: PASS)
same-origin, window.open with change-request and same-site redirect: NOTRUN (Chrome: PASS, Safari: PASS)
same-origin, window.open with navpreload and same-site redirect: NOTRUN (Chrome: PASS, Safari: FAIL)
same-origin, window.open with no service worker and cross-site redirect: NOTRUN (Chrome: PASS, Safari: PASS)
same-origin, window.open with fallback and cross-site redirect: NOTRUN (Chrome: FAIL, Safari: PASS)
same-origin, window.open with passthrough and cross-site redirect: NOTRUN (Chrome: FAIL, Safari: FAIL)
same-origin, window.open with change-request and cross-site redirect: NOTRUN (Chrome: PASS, Safari: FAIL)
same-origin, window.open with navpreload and cross-site redirect: NOTRUN (Chrome: FAIL, Safari: FAIL)
same-origin, window.open with no service worker, cross-site redirect, and same-origin redirect: NOTRUN (Chrome: PASS, Safari: PASS)
same-origin, window.open with fallback, cross-site redirect, and same-origin redirect: NOTRUN (Chrome: FAIL, Safari: PASS)
same-origin, window.open with passthrough, cross-site redirect, and same-origin redirect: NOTRUN (Chrome: FAIL, Safari: FAIL)
same-origin, window.open with change-request, cross-site redirect, and same-origin redirect: NOTRUN (Chrome: PASS, Safari: FAIL)
same-origin, window.open with navpreload, cross-site redirect, and same-origin redirect: NOTRUN (Chrome: FAIL, Safari: FAIL)
same-origin, nested window.open with cross-site middle frame and no service worker: NOTRUN (Chrome: PASS, Safari: PASS)
same-origin, nested window.open with cross-site middle frame and fallback service worker: NOTRUN (Chrome: PASS, Safari: PASS)
same-origin, nested window.open with cross-site middle frame and passthrough service worker: NOTRUN (Chrome: PASS, Safari: PASS)
same-origin, nested window.open with cross-site middle frame and change-request service worker: NOTRUN (Chrome: PASS, Safari: PASS)
same-origin, nested window.open with cross-site middle frame and navpreload service worker: NOTRUN (Chrome: PASS, Safari: FAIL)
same-origin, nested set location with cross-site middle frame and no service worker: NOTRUN (Chrome: PASS, Safari: FAIL)
same-origin, nested set location with cross-site middle frame and fallback service worker: NOTRUN (Chrome: PASS, Safari: FAIL)
same-origin, nested set location with cross-site middle frame and passthrough service worker: NOTRUN (Chrome: FAIL, Safari: FAIL)
same-origin, nested set location with cross-site middle frame and change-request service worker: NOTRUN (Chrome: FAIL, Safari: FAIL)
same-origin, nested set location with cross-site middle frame and navpreload service worker: NOTRUN (Chrome: PASS, Safari: FAIL)
same-origin, form post with no service worker: NOTRUN (Chrome: PASS, Safari: PASS)
same-origin, form post with fallback: NOTRUN (Chrome: PASS, Safari: PASS)
same-origin, form post with passthrough: NOTRUN (Chrome: PASS, Safari: PASS)
same-origin, form post with change-request: NOTRUN (Chrome: PASS, Safari: PASS)
same-site, form post with no service worker: NOTRUN (Chrome: PASS, Safari: PASS)
same-site, form post with fallback: NOTRUN (Chrome: PASS, Safari: PASS)
same-site, form post with passthrough: NOTRUN (Chrome: PASS, Safari: PASS)
same-site, form post with change-request: NOTRUN (Chrome: PASS, Safari: PASS)
cross-site, form post with no service worker: NOTRUN (Chrome: FAIL, Safari: FAIL)
cross-site, form post with fallback: NOTRUN (Chrome: FAIL, Safari: FAIL)
cross-site, form post with passthrough: NOTRUN (Chrome: FAIL, Safari: FAIL)
cross-site, form post with change-request: NOTRUN (Chrome: PASS, Safari: FAIL)
same-origin, form post with no service worker and same-site redirect: NOTRUN (Chrome: PASS, Safari: PASS)
same-origin, form post with fallback and same-site redirect: NOTRUN (Chrome: PASS, Safari: PASS)
same-origin, form post with passthrough and same-site redirect: NOTRUN (Chrome: PASS, Safari: PASS)
same-origin, form post with change-request and same-site redirect: NOTRUN (Chrome: PASS, Safari: PASS)
same-origin, form post with no service worker and cross-site redirect: NOTRUN (Chrome: FAIL, Safari: FAIL)
same-origin, form post with fallback and cross-site redirect: NOTRUN (Chrome: FAIL, Safari: FAIL)
same-origin, form post with passthrough and cross-site redirect: NOTRUN (Chrome: FAIL, Safari: FAIL)
same-origin, form post with change-request and cross-site redirect: NOTRUN (Chrome: PASS, Safari: FAIL)
same-origin, form post with no service worker, cross-site redirect, and same-origin redirect: NOTRUN (Chrome: FAIL, Safari: FAIL)
same-origin, form post with fallback, cross-site redirect, and same-origin redirect: NOTRUN (Chrome: FAIL, Safari: FAIL)
same-origin, form post with passthrough, cross-site redirect, and same-origin redirect: NOTRUN (Chrome: FAIL, Safari: FAIL)
same-origin, form post with change-request, cross-site redirect, and same-origin redirect: NOTRUN (Chrome: PASS, Safari: FAIL)
Cleanup service workers: NOTRUN (Chrome: PASS, Safari: PASS)

Web Platform Test Sync Bot (Matrix: #interop:mozilla.org)

Assignee

Updated

•

2 years ago

Depends on: 1743230

Pulsebot

Comment 3

•

2 years ago

Pushed by wptsync@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/4b19001d4029
[wpt PR 31690] - Add WPT tests for SameSite cookies in ServiceWorkers with nested frames., a=testonly
https://hg.mozilla.org/integration/autoland/rev/10ba5d013eb2
[wpt PR 31690] - Update wpt metadata, a=testonly

Iulian Moraru

Comment 4

•

2 years ago

bugherder

https://hg.mozilla.org/mozilla-central/rev/4b19001d4029
https://hg.mozilla.org/mozilla-central/rev/10ba5d013eb2

Status: REOPENED → RESOLVED

Closed: 2 years ago → 2 years ago

status-firefox96: --- → fixed

Resolution: --- → FIXED

Target Milestone: --- → 96 Branch

Bugzilla

Quick Search

[wpt-sync] Sync PR 31690 - Add WPT tests for SameSite cookies in ServiceWorkers with nested frames.

Categories

(Core :: DOM: Service Workers, task, P4)

Tracking

()

People

(Reporter: mozilla.org, Unassigned)

References

(
URL
)

Details

(Whiteboard: [wptsync downstream])

Crash Data

Security

(public)

User Story

Description

Updated

Updated

Updated

Comment 1

Comment 2

CI Results

Status Summary

Firefox

Chrome

Safari

Links

Details

Firefox-only Failures

New Tests That Don't Pass

Updated

Comment 3

Comment 4