[wpt-sync] Sync PR 32385 - AnonymousIframe: check FencedFrame interactions (1/3)
Categories
(Core :: DOM: Core & HTML, task, P4)
Tracking
()
| Tracking | Status | |
|---|---|---|
| firefox98 | --- | fixed |
People
(Reporter: wpt-sync, Unassigned)
References
()
Details
(Whiteboard: [wptsync downstream])
Sync web-platform-tests PR 32385 into mozilla-central (this bug is closed when the sync is complete).
PR: https://github.com/web-platform-tests/wpt/pull/32385
Details from upstream follow.
Arthur Sonzogni <arthursonzogni@chromium.org> wrote:
AnonymousIframe: check FencedFrame interactions (1/3)
Embeds a FencedFrame into an anonymous iframe. Check whether the
anonymous bit is propagated or not.Currently:
- base: fenced-frame not enabled.
- fenced-frame-shadow-dom: window.anonymous = true
- fenced-frame-mparch: window.anonymous = false
I discussed with clamy@. We think the anonymous bit should not propagate.
This avoid difficult questions about mixing both FencedFrame and
AnonymousFrame together.We think the security properties still hold without the anonymous bit,
as long as we require the FencedFrame to adhere to the COEP policy of
its embedder in exchange.Bug:1287458
Change-Id: I33f0ae891023f87665b077227ba6a81166fb7e34Reviewed-on: https://chromium-review.googlesource.com/3389436
WPT-Export-Revision: c52027c87cef3cac7d37db4b540b72d382a045c6
|
Assignee | |
Updated•4 years ago
|
|
|
Assignee | |
Comment 1•4 years ago
|
||
|
|
Assignee | |
Comment 2•4 years ago
|
||
|
|
Assignee | |
Comment 3•4 years ago
|
||
CI Results
Ran 11 Firefox configurations based on mozilla-central, and Firefox, Chrome, and Safari on GitHub CI
Total 8 tests and 1 subtests
Status Summary
Firefox
OK : 4[Gecko-android-em-7.0-x86_64-lite-qr-debug-geckoview, Gecko-android-em-7.0-x86_64-lite-qr-opt-geckoview, Gecko-android-em-7.0-x86_64-qr-debug-geckoview, Gecko-android-em-7.0-x86_64-qr-opt-geckoview, Gecko-linux1804-64-qr-debug, Gecko-linux1804-64-qr-opt, Gecko-linux1804-64-tsan-qr-opt, Gecko-windows10-32-2004-qr-debug, Gecko-windows10-32-2004-qr-opt, Gecko-windows10-64-2004-qr-debug, Gecko-windows10-64-2004-qr-opt] 6[GitHub]
PASS : 6[Gecko-android-em-7.0-x86_64-lite-qr-debug-geckoview, Gecko-android-em-7.0-x86_64-lite-qr-opt-geckoview, Gecko-android-em-7.0-x86_64-qr-debug-geckoview, Gecko-android-em-7.0-x86_64-qr-opt-geckoview, Gecko-linux1804-64-qr-debug, Gecko-linux1804-64-qr-opt, Gecko-linux1804-64-tsan-qr-opt, Gecko-windows10-32-2004-qr-debug, Gecko-windows10-32-2004-qr-opt, Gecko-windows10-64-2004-qr-debug, Gecko-windows10-64-2004-qr-opt] 8[GitHub]
FAIL : 14[Gecko-android-em-7.0-x86_64-lite-qr-debug-geckoview, Gecko-android-em-7.0-x86_64-lite-qr-opt-geckoview, Gecko-android-em-7.0-x86_64-qr-debug-geckoview, Gecko-android-em-7.0-x86_64-qr-opt-geckoview, Gecko-linux1804-64-qr-debug, Gecko-linux1804-64-qr-opt, Gecko-linux1804-64-tsan-qr-opt, Gecko-windows10-32-2004-qr-debug, Gecko-windows10-32-2004-qr-opt, Gecko-windows10-64-2004-qr-debug, Gecko-windows10-64-2004-qr-opt] 16[GitHub]
ERROR: 2
Chrome
OK : 7
PASS : 11
FAIL : 17
ERROR: 1
Safari
OK : 7
PASS : 12
FAIL : 16
ERROR: 1
Links
Gecko CI (Treeherder)
GitHub PR Head
GitHub PR Base
Details
Firefox-only Failures
/html/cross-origin-embedder-policy/anonymous-iframe/broadcast-channel.tentative.window.html: ERROR linked bug:Bug 1751477
New Tests That Don't Pass
/html/cross-origin-embedder-policy/anonymous-iframe/anonymous-iframe-popup.tentative.https.window.html
Cross-origin popup from normal/anonymous iframes.: FAIL (Chrome: FAIL, Safari: FAIL)
Same-origin popup from normal/anonymous iframes.: FAIL (Chrome: FAIL, Safari: FAIL)
/html/cross-origin-embedder-policy/anonymous-iframe/broadcast-channel.tentative.window.html: ERROR (Chrome: OK, Safari: OK)
/html/cross-origin-embedder-policy/anonymous-iframe/cookie.tentative.https.window.html
Anonymous same-origin iframe is loaded without credentials: FAIL (Chrome: FAIL, Safari: FAIL)
Anonymous cross-origin iframe is loaded without credentials: FAIL (Chrome: FAIL, Safari: FAIL)
same_origin anonymous iframe can't send same_origin credentials: FAIL (Chrome: FAIL, Safari: FAIL)
same_origin anonymous iframe can't send cross_origin credentials: FAIL (Chrome: FAIL, Safari: FAIL)
cross_origin anonymous iframe can't send cross_origin credentials: FAIL (Chrome: FAIL, Safari: FAIL)
cross_origin anonymous iframe can't send same_origin credentials: FAIL (Chrome: FAIL, Safari: FAIL)
same_origin anonymous iframe can't send same_origin credentials on child iframe: FAIL (Chrome: FAIL, Safari: FAIL)
same_origin anonymous iframe can't send cross_origin credentials on child iframe: FAIL (Chrome: FAIL, Safari: FAIL)
cross_origin anonymous iframe can't send cross_origin credentials on child iframe: FAIL (Chrome: FAIL, Safari: FAIL)
cross_origin anonymous iframe can't send same_origin credentials on child iframe: FAIL (Chrome: FAIL, Safari: FAIL)
/html/cross-origin-embedder-policy/anonymous-iframe/fenced-frame.tentative.https.window.html: ERROR (Chrome: ERROR, Safari: ERROR)
/html/cross-origin-embedder-policy/anonymous-iframe/local-storage.tentative.https.window.html
same_origin anonymous iframe can't access the localStorage: FAIL (Chrome: FAIL, Safari: FAIL)
cross_origin anonymous iframe can't access the localStorage: FAIL (Chrome: FAIL, Safari: PASS)
/html/cross-origin-embedder-policy/anonymous-iframe/session-storage.tentative.https.window.html
same_origin anonymous iframe can't access the sessionStorage: FAIL (Chrome: FAIL, Safari: FAIL)
/html/cross-origin-embedder-policy/anonymous-iframe/web-lock.tentative.https.window.html
web-lock: FAIL (Chrome: FAIL, Safari: FAIL)
|
||
Comment 4•4 years ago
|
||
| bugherder | ||
https://hg.mozilla.org/mozilla-central/rev/259b2b6ec60f
https://hg.mozilla.org/mozilla-central/rev/7af2b714ba9f
Description
•