Closed Bug 1818638 Opened 2 years ago Closed 2 years ago

[wpt-sync] Sync PR 38690 - Add negative tests for per-frame storage access re: navigation

Categories

(Testing :: web-platform-tests, task, P4)

Product:
Testing
Component:
web-platform-tests
Type:
task

Tracking

(firefox112 fixed)

Status:
RESOLVED FIXED
Milestone:
112 Branch
Tracking Flags:
Tracking Status
firefox112 --- fixed

People

(Reporter: wpt-sync, Unassigned)

References

(Depends on 1 open bug,
URL
)

Details

(Whiteboard: [wptsync downstream])

Sync web-platform-tests PR 38690 into mozilla-central (this bug is closed when the sync is complete).

PR: https://github.com/web-platform-tests/wpt/pull/38690
Details from upstream follow.

Chris Fredrickson <cfredric@chromium.org> wrote:

Add negative tests for per-frame storage access re: navigation

This adds 2 new cases where storage access should not be inherited
by the new document:

  • a non-self-initiated, same-origin navigation
  • a self-initiated, cross-origin navigation

Bug: 1401089
Change-Id: Ia20bcaf1833b4a93cec01209ef36976a6cbb73b1
Reviewed-on: https://chromium-review.googlesource.com/4289867
WPT-Export-Revision: 8892fc5b64aa85e9a8209ac7b0b65189753ba71d

Whiteboard: [wptsync downstream] → [wptsync downstream error]
Whiteboard: [wptsync downstream error] → [wptsync downstream]

CI Results

Ran 9 Firefox configurations based on mozilla-central, and Firefox, Chrome, and Safari on GitHub CI

Total 18 tests and 5 subtests

Status Summary

Firefox

OK : 6[GitHub] 7[Gecko-android-em-7.0-x86_64-lite-qr-opt-geckoview, Gecko-android-em-7.0-x86_64-qr-debug-geckoview, Gecko-android-em-7.0-x86_64-qr-opt-geckoview, Gecko-linux1804-64-qr-debug, Gecko-linux1804-64-qr-opt, Gecko-windows10-32-2004-qr-debug, Gecko-windows10-32-2004-qr-opt, Gecko-windows10-64-2004-qr-debug, Gecko-windows10-64-2004-qr-opt]
PASS : 31[GitHub] 32[Gecko-android-em-7.0-x86_64-lite-qr-opt-geckoview, Gecko-android-em-7.0-x86_64-qr-debug-geckoview, Gecko-android-em-7.0-x86_64-qr-opt-geckoview, Gecko-linux1804-64-qr-debug, Gecko-linux1804-64-qr-opt, Gecko-windows10-32-2004-qr-debug, Gecko-windows10-32-2004-qr-opt, Gecko-windows10-64-2004-qr-debug, Gecko-windows10-64-2004-qr-opt]
FAIL : 36[Gecko-android-em-7.0-x86_64-lite-qr-opt-geckoview, Gecko-android-em-7.0-x86_64-qr-debug-geckoview, Gecko-android-em-7.0-x86_64-qr-opt-geckoview, Gecko-linux1804-64-qr-debug, Gecko-linux1804-64-qr-opt, Gecko-windows10-32-2004-qr-debug, Gecko-windows10-32-2004-qr-opt, Gecko-windows10-64-2004-qr-debug, Gecko-windows10-64-2004-qr-opt] 38[GitHub]
TIMEOUT: 10[Gecko-android-em-7.0-x86_64-lite-qr-opt-geckoview, Gecko-android-em-7.0-x86_64-qr-debug-geckoview, Gecko-android-em-7.0-x86_64-qr-opt-geckoview, Gecko-linux1804-64-qr-debug, Gecko-windows10-32-2004-qr-debug, Gecko-windows10-64-2004-qr-debug] 12[Gecko-linux1804-64-qr-opt, Gecko-windows10-32-2004-qr-opt, Gecko-windows10-64-2004-qr-opt] 13[GitHub]
ERROR : 2[Gecko-linux1804-64-qr-opt, Gecko-windows10-32-2004-qr-opt, Gecko-windows10-64-2004-qr-opt] 4[Gecko-android-em-7.0-x86_64-lite-qr-opt-geckoview, Gecko-android-em-7.0-x86_64-qr-debug-geckoview, Gecko-android-em-7.0-x86_64-qr-opt-geckoview, Gecko-linux1804-64-qr-debug, Gecko-windows10-32-2004-qr-debug, Gecko-windows10-64-2004-qr-debug, GitHub]
NOTRUN : 23[Gecko-android-em-7.0-x86_64-lite-qr-opt-geckoview, Gecko-android-em-7.0-x86_64-qr-debug-geckoview, Gecko-android-em-7.0-x86_64-qr-opt-geckoview, Gecko-linux1804-64-qr-debug, Gecko-linux1804-64-qr-opt, Gecko-windows10-32-2004-qr-debug, Gecko-windows10-32-2004-qr-opt, Gecko-windows10-64-2004-qr-debug, Gecko-windows10-64-2004-qr-opt] 35[GitHub]

Chrome

OK : 17
PASS : 73
FAIL : 33
TIMEOUT: 2
NOTRUN : 1

Safari

OK : 8
PASS : 31
FAIL : 42
TIMEOUT: 9
ERROR : 4
NOTRUN : 32

Links

Gecko CI (Treeherder)
GitHub PR Head
GitHub PR Base

Details

Firefox-only Failures

New Tests That Don't Pass

  • /storage-access-api/hasStorageAccess-insecure.sub.window.html [wpt.fyi]
    • [top-level-context] document.hasStorageAccess() should be disallowed in insecure contexts: FAIL (Chrome: PASS, Safari: FAIL)
    • [top-level-context] document.hasStorageAccess() should reject in a document that isn't fully active.: FAIL (Chrome: PASS, Safari: FAIL)
    • [same-origin-frame] document.hasStorageAccess() should be disallowed in insecure contexts: FAIL (Chrome: PASS, Safari: FAIL)
    • [same-origin-frame] document.hasStorageAccess() should reject in a document that isn't fully active.: FAIL (Chrome: PASS, Safari: FAIL)
    • [cross-origin-frame] document.hasStorageAccess() should be disallowed in insecure contexts: FAIL (Chrome: PASS, Safari: PASS)
    • [cross-origin-frame] document.hasStorageAccess() should reject in a document that isn't fully active.: FAIL (Chrome: PASS, Safari: FAIL)
    • [nested-same-origin-frame] document.hasStorageAccess() should be disallowed in insecure contexts: FAIL (Chrome: PASS, Safari: FAIL)
    • [nested-same-origin-frame] document.hasStorageAccess() should reject in a document that isn't fully active.: FAIL (Chrome: PASS, Safari: FAIL)
    • [nested-cross-origin-frame] document.hasStorageAccess() should be disallowed in insecure contexts: FAIL (Chrome: PASS, Safari: PASS)
    • [nested-cross-origin-frame] document.hasStorageAccess() should reject in a document that isn't fully active.: FAIL (Chrome: PASS, Safari: FAIL)
  • /storage-access-api/hasStorageAccess.sub.https.window.html [wpt.fyi]
    • [top-level-context] document.hasStorageAccess() should reject in a document that isn't fully active.: FAIL (Chrome: PASS, Safari: FAIL)
    • [same-origin-frame] document.hasStorageAccess() should reject in a document that isn't fully active.: FAIL (Chrome: PASS, Safari: FAIL)
    • [cross-origin-frame] document.hasStorageAccess() should reject in a document that isn't fully active.: FAIL (Chrome: PASS, Safari: FAIL)
    • [nested-same-origin-frame] document.hasStorageAccess() should reject in a document that isn't fully active.: FAIL (Chrome: PASS, Safari: FAIL)
    • [nested-cross-origin-frame] document.hasStorageAccess() should reject in a document that isn't fully active.: FAIL (Chrome: PASS, Safari: FAIL)
    • [cross-origin-frame] document.hasStorageAccess() should not be allowed by default unless in top-level frame or same-origin iframe.: FAIL (Chrome: FAIL, Safari: PASS)
    • [nested-cross-origin-frame] document.hasStorageAccess() should not be allowed by default unless in top-level frame or same-origin iframe.: FAIL (Chrome: FAIL, Safari: PASS)
  • /storage-access-api/requestStorageAccess-cross-origin-iframe-navigation.sub.https.window.html [wpt.fyi]: TIMEOUT (Chrome: OK, Safari: TIMEOUT)
    • Self-initiated reloads preserve storage access: TIMEOUT (Chrome: FAIL, Safari: TIMEOUT)
    • Self-initiated same-origin navigations preserve storage access: NOTRUN (Chrome: FAIL, Safari: NOTRUN)
    • Non-self-initiated same-origin navigations do not preserve storage access: NOTRUN (Chrome: FAIL, Safari: NOTRUN)
    • Self-initiated cross-origin navigations do not preserve storage access: NOTRUN (Chrome: FAIL, Safari: NOTRUN)
  • /storage-access-api/requestStorageAccess-cross-origin-iframe.sub.https.window.html [wpt.fyi]: ERROR (Chrome: OK, Safari: ERROR)
    • [cross-origin-frame] document.requestStorageAccess() should resolve in top-level frame or otherwise reject with a NotAllowedError with no user gesture: NOTRUN
    • [cross-origin-frame] document.requestStorageAccess() should be resolved when called properly with a user gesture: NOTRUN
    • [cross-origin-frame] document.requestStorageAccess() should be rejected with a NotAllowedError without permission grant: NOTRUN (Chrome: FAIL, Safari: NOTRUN)
    • [cross-origin-frame] document.requestStorageAccess() should be rejected with a NotAllowedError with denied permission: NOTRUN (Chrome: FAIL, Safari: NOTRUN)
    • [cross-origin-frame] document.requestStorageAccess() should resolve in top-level frame or same-origin iframe, otherwise reject with a NotAllowedError with no user gesture.: NOTRUN (Chrome: PASS, Safari: NOTRUN)
    • [cross-origin-frame] document.requestStorageAccess() should be resolved with no user gesture when a permission grant exists, and should allow cookie access: NOTRUN (Chrome: FAIL, Safari: NOTRUN)
  • /storage-access-api/requestStorageAccess-cross-origin-sibling-iframes.sub.https.window.html [wpt.fyi]: TIMEOUT (Chrome: OK, Safari: TIMEOUT)
    • Grants have per-frame scope: TIMEOUT (Chrome: FAIL, Safari: TIMEOUT)
  • /storage-access-api/requestStorageAccess-insecure.sub.window.html [wpt.fyi]: TIMEOUT (Chrome: OK, Safari: OK)
    • [non-fully-active] document.requestStorageAccess() should reject when run in a detached frame: TIMEOUT (Chrome: PASS, Safari: FAIL)
    • [non-fully-active] document.requestStorageAccess() should reject when run in a detached DOMParser document: NOTRUN (Chrome: PASS, Safari: FAIL)
    • [top-level-context] document.requestStorageAccess() should be rejected when called with a user gesture in insecure context: NOTRUN
  • /storage-access-api/requestStorageAccess-nested-cross-origin-iframe.sub.https.window.html [wpt.fyi]: ERROR [Gecko-android-em-7.0-x86_64-lite-qr-opt-geckoview, Gecko-android-em-7.0-x86_64-qr-debug-geckoview, Gecko-android-em-7.0-x86_64-qr-opt-geckoview, Gecko-linux1804-64-qr-debug, Gecko-windows10-32-2004-qr-debug, Gecko-windows10-64-2004-qr-debug], TIMEOUT [Gecko-linux1804-64-qr-opt, Gecko-windows10-32-2004-qr-opt, Gecko-windows10-64-2004-qr-opt, GitHub] (Chrome: OK, Safari: TIMEOUT)
    • [nested-cross-origin-frame] document.requestStorageAccess() should resolve in top-level frame or otherwise reject with a NotAllowedError with no user gesture: NOTRUN
    • [nested-cross-origin-frame] document.requestStorageAccess() should be resolved when called properly with a user gesture: NOTRUN
    • [nested-cross-origin-frame] document.requestStorageAccess() should be rejected with a NotAllowedError without permission grant: NOTRUN (Chrome: FAIL, Safari: NOTRUN)
    • [nested-cross-origin-frame] document.requestStorageAccess() should be rejected with a NotAllowedError with denied permission: NOTRUN (Chrome: FAIL, Safari: NOTRUN)
    • [nested-cross-origin-frame] document.requestStorageAccess() should resolve in top-level frame or same-origin iframe, otherwise reject with a NotAllowedError with no user gesture.: NOTRUN (Chrome: PASS, Safari: NOTRUN)
    • [nested-cross-origin-frame] document.requestStorageAccess() should be resolved with no user gesture when a permission grant exists, and should allow cookie access: NOTRUN (Chrome: FAIL, Safari: NOTRUN)
  • /storage-access-api/requestStorageAccess-nested-same-origin-iframe.sub.https.window.html [wpt.fyi]: ERROR [Gecko-android-em-7.0-x86_64-lite-qr-opt-geckoview, Gecko-android-em-7.0-x86_64-qr-debug-geckoview, Gecko-android-em-7.0-x86_64-qr-opt-geckoview, Gecko-linux1804-64-qr-debug, Gecko-windows10-32-2004-qr-debug, Gecko-windows10-64-2004-qr-debug], TIMEOUT [Gecko-linux1804-64-qr-opt, Gecko-windows10-32-2004-qr-opt, Gecko-windows10-64-2004-qr-opt, GitHub] (Chrome: OK, Safari: TIMEOUT)
    • [nested-same-origin-frame] document.requestStorageAccess() should resolve in top-level frame or otherwise reject with a NotAllowedError with no user gesture: NOTRUN
    • [nested-same-origin-frame] document.requestStorageAccess() should be resolved when called properly with a user gesture: NOTRUN
    • [nested-same-origin-frame] document.requestStorageAccess() should resolve without permission grant or user gesture: NOTRUN (Chrome: FAIL, Safari: NOTRUN)
    • [nested-same-origin-frame] document.requestStorageAccess() should resolve with denied permission: NOTRUN (Chrome: FAIL, Safari: NOTRUN)
    • [nested-same-origin-frame] document.requestStorageAccess() should resolve in top-level frame or same-origin iframe, otherwise reject with a NotAllowedError with no user gesture.: NOTRUN (Chrome: FAIL, Safari: NOTRUN)
    • [nested-same-origin-frame] document.requestStorageAccess() should be resolved with no user gesture when a permission grant exists, and should allow cookie access: NOTRUN (Chrome: FAIL, Safari: NOTRUN)
  • /storage-access-api/requestStorageAccess-non-fully-active.sub.https.window.html [wpt.fyi]: TIMEOUT (Chrome: OK, Safari: OK)
    • [non-fully-active] document.requestStorageAccess() should not resolve when run in a detached frame: TIMEOUT (Chrome: PASS, Safari: FAIL)
    • [non-fully-active] document.requestStorageAccess() should not resolve when run in a detached DOMParser document: NOTRUN (Chrome: PASS, Safari: FAIL)
  • /storage-access-api/requestStorageAccess-same-origin-iframe.sub.https.window.html [wpt.fyi]: ERROR [GitHub], OK [Gecko-android-em-7.0-x86_64-lite-qr-opt-geckoview, Gecko-android-em-7.0-x86_64-qr-debug-geckoview, Gecko-android-em-7.0-x86_64-qr-opt-geckoview, Gecko-linux1804-64-qr-debug, Gecko-linux1804-64-qr-opt, Gecko-windows10-32-2004-qr-debug, Gecko-windows10-32-2004-qr-opt, Gecko-windows10-64-2004-qr-debug, Gecko-windows10-64-2004-qr-opt] (Chrome: OK, Safari: ERROR)
    • [same-origin-frame] document.requestStorageAccess() should resolve in top-level frame or same-origin iframe, otherwise reject with a NotAllowedError with no user gesture.: NOTRUN (Chrome: FAIL, Safari: NOTRUN)
    • [same-origin-frame] document.requestStorageAccess() should be resolved with no user gesture when a permission grant exists, and should allow cookie access: NOTRUN (Chrome: FAIL, Safari: NOTRUN)
    • [same-origin-frame] document.requestStorageAccess() should resolve without permission grant or user gesture: NOTRUN (Chrome: FAIL, Safari: NOTRUN)
    • [same-origin-frame] document.requestStorageAccess() should resolve with denied permission: NOTRUN (Chrome: FAIL, Safari: NOTRUN)
  • /storage-access-api/requestStorageAccess.sub.https.window.html [wpt.fyi]: ERROR (Chrome: OK, Safari: ERROR)
    • [top-level-context] document.requestStorageAccess() should resolve in top-level frame or otherwise reject with a NotAllowedError with no user gesture: NOTRUN
    • [top-level-context] document.requestStorageAccess() should be resolved when called properly with a user gesture: NOTRUN
    • [top-level-context] document.requestStorageAccess() should resolve without permission grant or user gesture: NOTRUN (Chrome: FAIL, Safari: NOTRUN)
    • [top-level-context] document.requestStorageAccess() should resolve with denied permission: NOTRUN (Chrome: FAIL, Safari: NOTRUN)
    • [top-level-context] document.requestStorageAccess() should resolve in top-level frame or same-origin iframe, otherwise reject with a NotAllowedError with no user gesture.: NOTRUN (Chrome: FAIL, Safari: NOTRUN)
    • [top-level-context] document.requestStorageAccess() should be resolved with no user gesture when a permission grant exists, and should allow cookie access: NOTRUN (Chrome: FAIL, Safari: NOTRUN)
  • /storage-access-api/storage-access-permission.sub.https.window.html [wpt.fyi]: TIMEOUT (Chrome: TIMEOUT, Safari: TIMEOUT)
    • Permissions grants are observable across same-origin iframes: TIMEOUT (Chrome: TIMEOUT, Safari: TIMEOUT)
    • IFrame tests: NOTRUN (Chrome: NOTRUN, Safari: NOTRUN)
  • /storage-access-api/storageAccess.testdriver.sub.html [wpt.fyi]
    • TestDriver - Set Storage Access Command Tests: FAIL (Chrome: FAIL, Safari: PASS)
  • /top-level-storage-access-api/tentative/requestStorageAccessForOrigin-insecure.sub.window.html [wpt.fyi]
    • [insecure-context] document.requestStorageAccessForOrigin() should be supported on the document interface: FAIL (Chrome: PASS, Safari: FAIL)
    • [insecure-context] document.requestStorageAccessForOrigin() should be rejected by default with no user gesture: FAIL (Chrome: PASS, Safari: FAIL)
    • [non-fully-active] document.requestStorageAccessForOrigin() should not resolve when run in a detached frame: FAIL (Chrome: PASS, Safari: FAIL)
    • [non-fully-active] document.requestStorageAccessForOrigin() should not resolve when run in a detached DOMParser document: FAIL (Chrome: PASS, Safari: FAIL)
    • [insecure-context] document.requestStorageAccessForOrigin() should be rejected when called in an insecure context: FAIL (Chrome: PASS, Safari: FAIL)
    • [frame-on-insecure-page] document.requestStorageAccessForOrigin() should be supported on the document interface: FAIL (Chrome: PASS, Safari: FAIL)
    • [frame-on-insecure-page] document.requestStorageAccessForOrigin() should be rejected when called in an iframe: FAIL (Chrome: FAIL, Safari: FAIL)
  • /top-level-storage-access-api/tentative/requestStorageAccessForOrigin.sub.https.window.html [wpt.fyi]
    • [top-level-context] document.requestStorageAccessForOrigin() should be supported on the document interface: FAIL (Chrome: PASS, Safari: FAIL)
    • [top-level-context] document.requestStorageAccessForOrigin() should be rejected when called with no argument: FAIL (Chrome: PASS, Safari: FAIL)
    • [top-level-context] document.requestStorageAccessForOrigin() should be rejected by default with no user gesture: FAIL (Chrome: PASS, Safari: FAIL)
    • [non-fully-active] document.requestStorageAccessForOrigin() should not resolve when run in a detached frame: FAIL (Chrome: PASS, Safari: FAIL)
    • [non-fully-active] document.requestStorageAccessForOrigin() should not resolve when run in a detached DOMParser document: FAIL (Chrome: PASS, Safari: FAIL)
    • [top-level-context] document.requestStorageAccessForOrigin() should be resolved when called properly with a user gesture and the same site: FAIL (Chrome: PASS, Safari: FAIL)
    • [top-level-context] document.requestStorageAccessForOrigin() should be rejected when called with an invalid site: FAIL (Chrome: PASS, Safari: FAIL)
    • [top-level-context] document.requestStorageAccessForOrigin() should be rejected when called with an opaque origin: FAIL (Chrome: PASS, Safari: FAIL)
    • [top-level-context] document.requestStorageAccessForOrigin() should be resolved when called properly with a user gesture: FAIL (Chrome: PASS, Safari: FAIL)
    • [same-origin-frame] document.requestStorageAccessForOrigin() should be supported on the document interface: FAIL (Chrome: PASS, Safari: FAIL)
    • [same-origin-frame] document.requestStorageAccessForOrigin() should be rejected when called with no argument: FAIL (Chrome: PASS, Safari: FAIL)
    • [same-origin-frame] document.requestStorageAccessForOrigin() should be rejected when called in an iframe: FAIL (Chrome: FAIL, Safari: FAIL)
  • /top-level-storage-access-api/tentative/top-level-storage-access-permission.sub.https.window.html [wpt.fyi]
    • Permission default state can be queried: FAIL (Chrome: FAIL, Safari: FAIL)
  • /storage-access-api/requestStorageAccess-cross-site-iframe.sub.https.window.html [wpt.fyi]: ERROR (Chrome: OK, Safari: ERROR)
    • [cross-site-frame] document.requestStorageAccess() should resolve in top-level frame or same-origin iframe, otherwise reject with a NotAllowedError with no user gesture.: NOTRUN (Chrome: PASS, Safari: NOTRUN)
    • [cross-site-frame] document.requestStorageAccess() should be resolved with no user gesture when a permission grant exists, and should allow cookie access: NOTRUN (Chrome: FAIL, Safari: NOTRUN)
    • [cross-site-frame] document.requestStorageAccess() should be rejected with a NotAllowedError without permission grant: NOTRUN (Chrome: PASS, Safari: NOTRUN)
    • [cross-site-frame] document.requestStorageAccess() should be rejected with a NotAllowedError with denied permission: NOTRUN (Chrome: PASS, Safari: NOTRUN)
  • /storage-access-api/requestStorageAccess-nested-cross-site-iframe.sub.https.window.html [wpt.fyi]: TIMEOUT (Chrome: OK, Safari: TIMEOUT)
    • [nested-cross-site-frame] document.requestStorageAccess() should resolve in top-level frame or same-origin iframe, otherwise reject with a NotAllowedError with no user gesture.: NOTRUN (Chrome: PASS, Safari: NOTRUN)
    • [nested-cross-site-frame] document.requestStorageAccess() should be resolved with no user gesture when a permission grant exists, and should allow cookie access: NOTRUN (Chrome: FAIL, Safari: NOTRUN)
    • [nested-cross-site-frame] document.requestStorageAccess() should be rejected with a NotAllowedError without permission grant: NOTRUN (Chrome: FAIL, Safari: NOTRUN)
    • [nested-cross-site-frame] document.requestStorageAccess() should be rejected with a NotAllowedError with denied permission: NOTRUN (Chrome: FAIL, Safari: NOTRUN)
Pushed by wptsync@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/1bd6ac41c747 [wpt PR 38690] - Add negative tests for per-frame storage access re: navigation, a=testonly https://hg.mozilla.org/integration/autoland/rev/f342c0815824 [wpt PR 38690] - Update wpt metadata, a=testonly

https://hg.mozilla.org/mozilla-central/rev/1bd6ac41c747
https://hg.mozilla.org/mozilla-central/rev/f342c0815824

Status: NEW → RESOLVED
Closed: 2 years ago
status-firefox112: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → 112 Branch
You need to log in before you can comment on or make changes to this bug.