[wpt-sync] Sync PR 31690 - Add WPT tests for SameSite cookies in ServiceWorkers with nested frames.
Categories
(Core :: DOM: Service Workers, task, P4)
Tracking
()
Tracking | Status | |
---|---|---|
firefox96 | --- | fixed |
People
(Reporter: mozilla.org, Unassigned)
References
()
Details
(Whiteboard: [wptsync downstream])
Sync web-platform-tests PR 31690 into mozilla-central (this bug is closed when the sync is complete).
PR: https://github.com/web-platform-tests/wpt/pull/31690
Details from upstream follow.
Ben Kelly <wanderview@chromium.org> wrote:
Add WPT tests for SameSite cookies in ServiceWorkers with nested frames.
This CL adds a number of new cases to the service worker SameSite
cookies test. The cases break down into two general types:
- Cases where A1 frames B frames A2, and then A2 calls window.open()
to an A origin URL.- Cases where A1 frames B frames A2, and then A2 sets the location
to an A origin URL.For (1) we expect SameSite strict cookies to be sent because
window.open() creates a top-level context that will have a populated
site-for-cookies and the initiator is same-origin (regardless of the
cross-site ancestor chain).For (2) we expect only SameSite=None cookies to be sent. This is
because setting the location results in a navigation to an A1->B->A3
nested frame with an empty site-for-cookies.We currently fail the passthrough and change-request cases for (2).
We plan to fix this as part of storage partitioning with an ancestor
chain bit in the StorageKey. See:https://github.com/privacycg/storage-partitioning/issues/25
This CL also includes some minor cleanup of the WPT test and associated
resources.Bug: 1115847
Change-Id: I9002e60a271ae95d1d702068d44b30bd0e33b5dcReviewed-on: https://chromium-review.googlesource.com/3277058
WPT-Export-Revision: eae6ef3cc387ae142df6938793c0cce12984aeae
Assignee | ||
Updated•3 years ago
|
Assignee | ||
Updated•2 years ago
|
Assignee | ||
Updated•2 years ago
|
Assignee | ||
Comment 1•2 years ago
|
||
Pushed to try (stability) https://treeherder.mozilla.org/#/jobs?repo=try&revision=9184c6d206947910a08552b636b6fbea8c6f1fb2
Assignee | ||
Comment 2•2 years ago
|
||
CI Results
Ran 11 Firefox configurations based on mozilla-central, and Firefox, Chrome, and Safari on GitHub CI
Total 2 tests and 66 subtests
Status Summary
Firefox
OK : 1
PASS : 57
FAIL : 29
TIMEOUT: 2
NOTRUN : 62
Chrome
OK : 2
PASS : 123
FAIL : 26
Safari
OK : 2
PASS : 71
FAIL : 78
Links
Gecko CI (Treeherder)
GitHub PR Head
GitHub PR Base
Details
Firefox-only Failures
/service-workers/service-worker/navigation-headers.https.html
POST Navigation, same-site with passthrough service worker sets correct origin and referer headers.: FAIL
POST Navigation, cross-site with passthrough service worker sets correct origin and referer headers.: FAIL
POST Navigation, same-origin with same-site redirect and no service worker sets correct origin and referer headers.: FAIL
POST Navigation, same-origin with same-site redirect and fallback service worker sets correct origin and referer headers.: FAIL
POST Navigation, same-origin with cross-site redirect and no service worker sets correct origin and referer headers.: FAIL
POST Navigation, same-origin with cross-site redirect and fallback service worker sets correct origin and referer headers.: FAIL
POST Navigation, same-origin with cross-site redirect, same-origin redirect, and no service worker sets correct origin and referer headers.: FAIL
POST Navigation, same-origin with cross-site redirect, same-origin redirect, and fallback service worker sets correct origin and referer headers.: FAIL
/service-workers/service-worker/same-site-cookies.https.html: TIMEOUT
same-origin, window.open with passthrough: TIMEOUT
same-origin, window.open with change-request: NOTRUN
same-site, window.open with no service worker: NOTRUN
same-site, window.open with fallback: NOTRUN
same-site, window.open with passthrough: NOTRUN
same-site, window.open with change-request: NOTRUN
cross-site, window.open with no service worker: NOTRUN
cross-site, window.open with fallback: NOTRUN
same-origin, window.open with no service worker and same-site redirect: NOTRUN
same-origin, window.open with fallback and same-site redirect: NOTRUN
same-origin, window.open with passthrough and same-site redirect: NOTRUN
same-origin, window.open with change-request and same-site redirect: NOTRUN
same-origin, window.open with no service worker and cross-site redirect: NOTRUN
same-origin, window.open with no service worker, cross-site redirect, and same-origin redirect: NOTRUN
same-origin, nested window.open with cross-site middle frame and no service worker: NOTRUN
same-origin, nested window.open with cross-site middle frame and fallback service worker: NOTRUN
same-origin, nested window.open with cross-site middle frame and passthrough service worker: NOTRUN
same-origin, nested window.open with cross-site middle frame and change-request service worker: NOTRUN
same-origin, form post with no service worker: NOTRUN
same-origin, form post with fallback: NOTRUN
same-origin, form post with passthrough: NOTRUN
same-origin, form post with change-request: NOTRUN
same-site, form post with no service worker: NOTRUN
same-site, form post with fallback: NOTRUN
same-site, form post with passthrough: NOTRUN
same-site, form post with change-request: NOTRUN
same-origin, form post with no service worker and same-site redirect: NOTRUN
same-origin, form post with fallback and same-site redirect: NOTRUN
same-origin, form post with passthrough and same-site redirect: NOTRUN
same-origin, form post with change-request and same-site redirect: NOTRUN
Cleanup service workers: NOTRUN
New Tests That Don't Pass
/service-workers/service-worker/navigation-headers.https.html
GET Navigation, same-origin with navpreload service worker sets correct origin and referer headers.: FAIL (Chrome: PASS, Safari: FAIL)
POST Navigation, same-site with passthrough service worker sets correct origin and referer headers.: FAIL (Chrome: PASS, Safari: PASS)
GET Navigation, same-site with navpreload service worker sets correct origin and referer headers.: FAIL (Chrome: PASS, Safari: FAIL)
POST Navigation, cross-site with passthrough service worker sets correct origin and referer headers.: FAIL (Chrome: PASS, Safari: PASS)
GET Navigation, cross-site with navpreload service worker sets correct origin and referer headers.: FAIL (Chrome: PASS, Safari: FAIL)
POST Navigation, same-origin with same-site redirect and no service worker sets correct origin and referer headers.: FAIL (Chrome: PASS, Safari: PASS)
POST Navigation, same-origin with same-site redirect and passthrough service worker sets correct origin and referer headers.: FAIL (Chrome: PASS, Safari: FAIL)
POST Navigation, same-origin with same-site redirect and fallback service worker sets correct origin and referer headers.: FAIL (Chrome: PASS, Safari: PASS)
POST Navigation, same-origin with cross-site redirect and no service worker sets correct origin and referer headers.: FAIL (Chrome: PASS, Safari: PASS)
POST Navigation, same-origin with cross-site redirect and passthrough service worker sets correct origin and referer headers.: FAIL (Chrome: PASS, Safari: FAIL)
POST Navigation, same-origin with cross-site redirect and fallback service worker sets correct origin and referer headers.: FAIL (Chrome: PASS, Safari: PASS)
POST Navigation, same-origin with cross-site redirect, same-origin redirect, and no service worker sets correct origin and referer headers.: FAIL (Chrome: PASS, Safari: PASS)
POST Navigation, same-origin with cross-site redirect, same-origin redirect, and passthrough service worker sets correct origin and referer headers.: FAIL (Chrome: PASS, Safari: FAIL)
POST Navigation, same-origin with cross-site redirect, same-origin redirect, and fallback service worker sets correct origin and referer headers.: FAIL (Chrome: PASS, Safari: PASS)
GET Navigation, same-origin with passthrough service worker sets correct sec-fetch headers.: FAIL (Chrome: PASS, Safari: FAIL)
POST Navigation, same-origin with passthrough service worker sets correct sec-fetch headers.: FAIL (Chrome: PASS, Safari: FAIL)
GET Navigation, same-origin with navpreload service worker sets correct sec-fetch headers.: FAIL (Chrome: PASS, Safari: FAIL)
GET Navigation, same-site with passthrough service worker sets correct sec-fetch headers.: FAIL (Chrome: PASS, Safari: FAIL)
POST Navigation, same-site with passthrough service worker sets correct sec-fetch headers.: FAIL (Chrome: PASS, Safari: FAIL)
GET Navigation, same-site with navpreload service worker sets correct sec-fetch headers.: FAIL (Chrome: PASS, Safari: FAIL)
GET Navigation, cross-site with passthrough service worker sets correct sec-fetch headers.: FAIL (Chrome: PASS, Safari: FAIL)
POST Navigation, cross-site with passthrough service worker sets correct sec-fetch headers.: FAIL (Chrome: PASS, Safari: FAIL)
GET Navigation, cross-site with navpreload service worker sets correct sec-fetch headers.: FAIL (Chrome: PASS, Safari: FAIL)
GET Navigation, same-origin with same-site redirect and passthrough service worker sets correct sec-fetch headers.: FAIL (Chrome: FAIL, Safari: FAIL)
GET Navigation, same-origin with same-site redirect and navpreload service worker sets correct sec-fetch headers.: FAIL (Chrome: FAIL, Safari: FAIL)
GET Navigation, same-origin with cross-site redirect and passthrough service worker sets correct sec-fetch headers.: FAIL (Chrome: FAIL, Safari: FAIL)
GET Navigation, same-origin with cross-site redirect and navpreload service worker sets correct sec-fetch headers.: FAIL (Chrome: FAIL, Safari: FAIL)
GET Navigation, same-origin with cross-site redirect, same-origin redirect, and passthrough service worker sets correct sec-fetch headers.: FAIL (Chrome: FAIL, Safari: FAIL)
GET Navigation, same-origin with cross-site redirect, same-origin redirect, and navpreload service worker sets correct sec-fetch headers.: FAIL (Chrome: FAIL, Safari: FAIL)
/service-workers/service-worker/same-site-cookies.https.html: TIMEOUT (Chrome: OK, Safari: OK)
same-origin, window.open with passthrough: TIMEOUT (Chrome: PASS, Safari: PASS)
same-origin, window.open with change-request: NOTRUN (Chrome: PASS, Safari: PASS)
same-origin, window.open with navpreload: NOTRUN (Chrome: PASS, Safari: FAIL)
same-site, window.open with no service worker: NOTRUN (Chrome: PASS, Safari: PASS)
same-site, window.open with fallback: NOTRUN (Chrome: PASS, Safari: PASS)
same-site, window.open with passthrough: NOTRUN (Chrome: PASS, Safari: PASS)
same-site, window.open with change-request: NOTRUN (Chrome: PASS, Safari: PASS)
same-site, window.open with navpreload: NOTRUN (Chrome: PASS, Safari: FAIL)
cross-site, window.open with no service worker: NOTRUN (Chrome: PASS, Safari: PASS)
cross-site, window.open with fallback: NOTRUN (Chrome: PASS, Safari: PASS)
cross-site, window.open with passthrough: NOTRUN (Chrome: PASS, Safari: FAIL)
cross-site, window.open with change-request: NOTRUN (Chrome: PASS, Safari: FAIL)
cross-site, window.open with navpreload: NOTRUN (Chrome: PASS, Safari: FAIL)
same-origin, window.open with no service worker and same-site redirect: NOTRUN (Chrome: PASS, Safari: PASS)
same-origin, window.open with fallback and same-site redirect: NOTRUN (Chrome: PASS, Safari: PASS)
same-origin, window.open with passthrough and same-site redirect: NOTRUN (Chrome: PASS, Safari: PASS)
same-origin, window.open with change-request and same-site redirect: NOTRUN (Chrome: PASS, Safari: PASS)
same-origin, window.open with navpreload and same-site redirect: NOTRUN (Chrome: PASS, Safari: FAIL)
same-origin, window.open with no service worker and cross-site redirect: NOTRUN (Chrome: PASS, Safari: PASS)
same-origin, window.open with fallback and cross-site redirect: NOTRUN (Chrome: FAIL, Safari: PASS)
same-origin, window.open with passthrough and cross-site redirect: NOTRUN (Chrome: FAIL, Safari: FAIL)
same-origin, window.open with change-request and cross-site redirect: NOTRUN (Chrome: PASS, Safari: FAIL)
same-origin, window.open with navpreload and cross-site redirect: NOTRUN (Chrome: FAIL, Safari: FAIL)
same-origin, window.open with no service worker, cross-site redirect, and same-origin redirect: NOTRUN (Chrome: PASS, Safari: PASS)
same-origin, window.open with fallback, cross-site redirect, and same-origin redirect: NOTRUN (Chrome: FAIL, Safari: PASS)
same-origin, window.open with passthrough, cross-site redirect, and same-origin redirect: NOTRUN (Chrome: FAIL, Safari: FAIL)
same-origin, window.open with change-request, cross-site redirect, and same-origin redirect: NOTRUN (Chrome: PASS, Safari: FAIL)
same-origin, window.open with navpreload, cross-site redirect, and same-origin redirect: NOTRUN (Chrome: FAIL, Safari: FAIL)
same-origin, nested window.open with cross-site middle frame and no service worker: NOTRUN (Chrome: PASS, Safari: PASS)
same-origin, nested window.open with cross-site middle frame and fallback service worker: NOTRUN (Chrome: PASS, Safari: PASS)
same-origin, nested window.open with cross-site middle frame and passthrough service worker: NOTRUN (Chrome: PASS, Safari: PASS)
same-origin, nested window.open with cross-site middle frame and change-request service worker: NOTRUN (Chrome: PASS, Safari: PASS)
same-origin, nested window.open with cross-site middle frame and navpreload service worker: NOTRUN (Chrome: PASS, Safari: FAIL)
same-origin, nested set location with cross-site middle frame and no service worker: NOTRUN (Chrome: PASS, Safari: FAIL)
same-origin, nested set location with cross-site middle frame and fallback service worker: NOTRUN (Chrome: PASS, Safari: FAIL)
same-origin, nested set location with cross-site middle frame and passthrough service worker: NOTRUN (Chrome: FAIL, Safari: FAIL)
same-origin, nested set location with cross-site middle frame and change-request service worker: NOTRUN (Chrome: FAIL, Safari: FAIL)
same-origin, nested set location with cross-site middle frame and navpreload service worker: NOTRUN (Chrome: PASS, Safari: FAIL)
same-origin, form post with no service worker: NOTRUN (Chrome: PASS, Safari: PASS)
same-origin, form post with fallback: NOTRUN (Chrome: PASS, Safari: PASS)
same-origin, form post with passthrough: NOTRUN (Chrome: PASS, Safari: PASS)
same-origin, form post with change-request: NOTRUN (Chrome: PASS, Safari: PASS)
same-site, form post with no service worker: NOTRUN (Chrome: PASS, Safari: PASS)
same-site, form post with fallback: NOTRUN (Chrome: PASS, Safari: PASS)
same-site, form post with passthrough: NOTRUN (Chrome: PASS, Safari: PASS)
same-site, form post with change-request: NOTRUN (Chrome: PASS, Safari: PASS)
cross-site, form post with no service worker: NOTRUN (Chrome: FAIL, Safari: FAIL)
cross-site, form post with fallback: NOTRUN (Chrome: FAIL, Safari: FAIL)
cross-site, form post with passthrough: NOTRUN (Chrome: FAIL, Safari: FAIL)
cross-site, form post with change-request: NOTRUN (Chrome: PASS, Safari: FAIL)
same-origin, form post with no service worker and same-site redirect: NOTRUN (Chrome: PASS, Safari: PASS)
same-origin, form post with fallback and same-site redirect: NOTRUN (Chrome: PASS, Safari: PASS)
same-origin, form post with passthrough and same-site redirect: NOTRUN (Chrome: PASS, Safari: PASS)
same-origin, form post with change-request and same-site redirect: NOTRUN (Chrome: PASS, Safari: PASS)
same-origin, form post with no service worker and cross-site redirect: NOTRUN (Chrome: FAIL, Safari: FAIL)
same-origin, form post with fallback and cross-site redirect: NOTRUN (Chrome: FAIL, Safari: FAIL)
same-origin, form post with passthrough and cross-site redirect: NOTRUN (Chrome: FAIL, Safari: FAIL)
same-origin, form post with change-request and cross-site redirect: NOTRUN (Chrome: PASS, Safari: FAIL)
same-origin, form post with no service worker, cross-site redirect, and same-origin redirect: NOTRUN (Chrome: FAIL, Safari: FAIL)
same-origin, form post with fallback, cross-site redirect, and same-origin redirect: NOTRUN (Chrome: FAIL, Safari: FAIL)
same-origin, form post with passthrough, cross-site redirect, and same-origin redirect: NOTRUN (Chrome: FAIL, Safari: FAIL)
same-origin, form post with change-request, cross-site redirect, and same-origin redirect: NOTRUN (Chrome: PASS, Safari: FAIL)
Cleanup service workers: NOTRUN (Chrome: PASS, Safari: PASS)
Pushed by wptsync@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/4b19001d4029 [wpt PR 31690] - Add WPT tests for SameSite cookies in ServiceWorkers with nested frames., a=testonly https://hg.mozilla.org/integration/autoland/rev/10ba5d013eb2 [wpt PR 31690] - Update wpt metadata, a=testonly
Comment 4•2 years ago
|
||
bugherder |
https://hg.mozilla.org/mozilla-central/rev/4b19001d4029
https://hg.mozilla.org/mozilla-central/rev/10ba5d013eb2
Description
•