1821473 - [wpt-sync] Sync PR 38919 - Fix failure to include cookies via Storage Access API on navigations

Status: RESOLVED FIXED

(Testing :: web-platform-tests, task, P4)

Description

[Web Platform Test Sync Bot [:wpt-sync] (Matrix: #interop:mozilla.org)]

Sync web-platform-tests PR 38919 into mozilla-central (this bug is closed when the sync is complete).

PR: https://github.com/web-platform-tests/wpt/pull/38919
Details from upstream follow.

Chris Fredrickson <cfredric@chromium.org> wrote:

Fix failure to include cookies via Storage Access API on navigations

This fix is not quite ideal, since it relies on the existing
has_storage_access bool in CommonNavigationParams, which is only set
to true under strict circumstances. A proper fix will introduce a new
bool in BeginNavigationParams which will be true in more situations,
and will use that instead in NavigationURLLoaderImpl.

However, given that branch cut is around the corner, and I'm OOO all
next week, and this hack will fix the overwhelmingly-common case
(frame reloads), this is ok for now.

Bug: 1423092
Change-Id: I309c0608b478f8a93d68383ef1188097b6253c2d

Reviewed-on: https://chromium-review.googlesource.com/4326169
WPT-Export-Revision: d8aef7825e274398fce21ee5e6ccf1316bcbb206

Comment 1

[Web Platform Test Sync Bot [:wpt-sync] (Matrix: #interop:mozilla.org)]

Pushed to try (stability) https://treeherder.mozilla.org/#/jobs?repo=try&revision=1a360554fd6da4cd3193fd8a07b3a97469801273

Comment 2

[Web Platform Test Sync Bot [:wpt-sync] (Matrix: #interop:mozilla.org)]

CI Results

Ran 0 Firefox configurations based on mozilla-central, and Firefox, Chrome, and Safari on GitHub CI

Total 18 tests and 2 subtests

Status Summary

Firefox

OK : 5
PASS : 31
FAIL : 27
TIMEOUT: 13
ERROR : 5
NOTRUN : 45

Chrome

OK : 16
PASS : 87
FAIL : 20
TIMEOUT: 2
ERROR : 1
NOTRUN : 3

Safari

OK : 7
PASS : 31
FAIL : 31
TIMEOUT: 9
ERROR : 5
NOTRUN : 42

Links

GitHub PR Head
GitHub PR Base

Details

Firefox-only Failures

• /storage-access-api/hasStorageAccess-insecure.sub.window.html [wpt.fyi]
  • [cross-origin-frame] document.hasStorageAccess() should be disallowed in insecure contexts: FAIL
  • [nested-cross-origin-frame] document.hasStorageAccess() should be disallowed in insecure contexts: FAIL
• /storage-access-api/hasStorageAccess.sub.https.window.html [wpt.fyi]
  • [cross-origin-frame] document.hasStorageAccess() should not be allowed by default unless in top-level frame or same-origin iframe.: FAIL
  • [nested-cross-origin-frame] document.hasStorageAccess() should not be allowed by default unless in top-level frame or same-origin iframe.: FAIL
• /storage-access-api/requestStorageAccess-insecure.sub.window.html [wpt.fyi]: TIMEOUT
• /storage-access-api/requestStorageAccess-non-fully-active.sub.https.window.html [wpt.fyi]: TIMEOUT

New Tests That Don't Pass

• /storage-access-api/hasStorageAccess-insecure.sub.window.html [wpt.fyi]
  • [top-level-context] document.hasStorageAccess() should be disallowed in insecure contexts: FAIL (Chrome: PASS, Safari: FAIL)
  • [top-level-context] document.hasStorageAccess() should reject in a document that isn't fully active.: FAIL (Chrome: PASS, Safari: FAIL)
  • [same-origin-frame] document.hasStorageAccess() should be disallowed in insecure contexts: FAIL (Chrome: PASS, Safari: FAIL)
  • [same-origin-frame] document.hasStorageAccess() should reject in a document that isn't fully active.: FAIL (Chrome: PASS, Safari: FAIL)
  • [cross-origin-frame] document.hasStorageAccess() should be disallowed in insecure contexts: FAIL (Chrome: PASS, Safari: PASS)
  • [cross-origin-frame] document.hasStorageAccess() should reject in a document that isn't fully active.: FAIL (Chrome: PASS, Safari: FAIL)
  • [nested-same-origin-frame] document.hasStorageAccess() should be disallowed in insecure contexts: FAIL (Chrome: PASS, Safari: FAIL)
  • [nested-same-origin-frame] document.hasStorageAccess() should reject in a document that isn't fully active.: FAIL (Chrome: PASS, Safari: FAIL)
  • [nested-cross-origin-frame] document.hasStorageAccess() should be disallowed in insecure contexts: FAIL (Chrome: PASS, Safari: PASS)
  • [nested-cross-origin-frame] document.hasStorageAccess() should reject in a document that isn't fully active.: FAIL (Chrome: PASS, Safari: FAIL)
• /storage-access-api/hasStorageAccess.sub.https.window.html [wpt.fyi]
  • [top-level-context] document.hasStorageAccess() should reject in a document that isn't fully active.: FAIL (Chrome: PASS, Safari: FAIL)
  • [same-origin-frame] document.hasStorageAccess() should reject in a document that isn't fully active.: FAIL (Chrome: PASS, Safari: FAIL)
  • [cross-origin-frame] document.hasStorageAccess() should not be allowed by default unless in top-level frame or same-origin iframe.: FAIL (Chrome: PASS, Safari: PASS)
  • [cross-origin-frame] document.hasStorageAccess() should reject in a document that isn't fully active.: FAIL (Chrome: PASS, Safari: FAIL)
  • [nested-same-origin-frame] document.hasStorageAccess() should reject in a document that isn't fully active.: FAIL (Chrome: PASS, Safari: FAIL)
  • [nested-cross-origin-frame] document.hasStorageAccess() should not be allowed by default unless in top-level frame or same-origin iframe.: FAIL (Chrome: PASS, Safari: PASS)
  • [nested-cross-origin-frame] document.hasStorageAccess() should reject in a document that isn't fully active.: FAIL (Chrome: PASS, Safari: FAIL)
• /storage-access-api/requestStorageAccess-cross-origin-iframe-navigation.sub.https.window.html [wpt.fyi]: TIMEOUT (Chrome: OK, Safari: TIMEOUT)
  • Self-initiated reloads preserve storage access: TIMEOUT (Chrome: FAIL, Safari: TIMEOUT)
  • Self-initiated same-origin navigations preserve storage access: NOTRUN (Chrome: FAIL, Safari: NOTRUN)
  • Non-self-initiated same-origin navigations do not preserve storage access: NOTRUN (Chrome: FAIL, Safari: NOTRUN)
  • Self-initiated cross-origin navigations do not preserve storage access: NOTRUN (Chrome: FAIL, Safari: NOTRUN)
• /storage-access-api/requestStorageAccess-cross-origin-iframe.sub.https.window.html [wpt.fyi]: ERROR (Chrome: OK, Safari: ERROR)
  • [cross-origin-frame] document.requestStorageAccess() should resolve in top-level frame or same-origin iframe, otherwise reject with a NotAllowedError with no user gesture.: NOTRUN (Chrome: PASS, Safari: NOTRUN)
  • [cross-origin-frame] document.requestStorageAccess() should be resolved with no user gesture when a permission grant exists, and should allow cookie access: NOTRUN (Chrome: FAIL, Safari: NOTRUN)
  • [cross-origin-frame] document.requestStorageAccess() should be rejected with a NotAllowedError without permission grant: NOTRUN (Chrome: FAIL, Safari: NOTRUN)
  • [cross-origin-frame] document.requestStorageAccess() should be rejected with a NotAllowedError with denied permission: NOTRUN (Chrome: FAIL, Safari: NOTRUN)
• /storage-access-api/requestStorageAccess-cross-site-iframe.sub.https.window.html [wpt.fyi]: ERROR (Chrome: OK, Safari: ERROR)
  • [cross-site-frame] document.requestStorageAccess() should resolve in top-level frame or same-origin iframe, otherwise reject with a NotAllowedError with no user gesture.: NOTRUN (Chrome: PASS, Safari: NOTRUN)
  • [cross-site-frame] document.requestStorageAccess() should be resolved with no user gesture when a permission grant exists, and should allow cookie access: NOTRUN (Chrome: FAIL, Safari: NOTRUN)
  • [cross-site-frame] document.requestStorageAccess() should be rejected with a NotAllowedError without permission grant: NOTRUN (Chrome: PASS, Safari: NOTRUN)
  • [cross-site-frame] document.requestStorageAccess() should be rejected with a NotAllowedError with denied permission: NOTRUN (Chrome: FAIL, Safari: NOTRUN)
• /storage-access-api/requestStorageAccess-cross-site-sibling-iframes.sub.https.window.html [wpt.fyi]: TIMEOUT (Chrome: OK, Safari: TIMEOUT)
  • Grants have per-frame scope: TIMEOUT (Chrome: FAIL, Safari: TIMEOUT)
  • Cross-site sibling iframes should not be able to take advantage of the existing permission grant requested by others.: NOTRUN (Chrome: FAIL, Safari: NOTRUN)
• /storage-access-api/requestStorageAccess-insecure.sub.window.html [wpt.fyi]: TIMEOUT (Chrome: OK, Safari: OK)
  • [non-fully-active] document.requestStorageAccess() should reject when run in a detached frame: TIMEOUT (Chrome: PASS, Safari: FAIL)
  • [non-fully-active] document.requestStorageAccess() should reject when run in a detached DOMParser document: NOTRUN (Chrome: PASS, Safari: FAIL)
  • [top-level-context] document.requestStorageAccess() should be rejected when called with a user gesture in insecure context: NOTRUN
• /storage-access-api/requestStorageAccess-nested-cross-origin-iframe.sub.https.window.html [wpt.fyi]: TIMEOUT (Chrome: OK, Safari: TIMEOUT)
  • [nested-cross-origin-frame] document.requestStorageAccess() should resolve in top-level frame or same-origin iframe, otherwise reject with a NotAllowedError with no user gesture.: NOTRUN (Chrome: FAIL, Safari: NOTRUN)
  • [nested-cross-origin-frame] document.requestStorageAccess() should be resolved with no user gesture when a permission grant exists, and should allow cookie access: NOTRUN (Chrome: PASS, Safari: NOTRUN)
  • [nested-cross-origin-frame] document.requestStorageAccess() should be rejected with a NotAllowedError without permission grant: NOTRUN (Chrome: FAIL, Safari: NOTRUN)
  • [nested-cross-origin-frame] document.requestStorageAccess() should be rejected with a NotAllowedError with denied permission: NOTRUN (Chrome: FAIL, Safari: NOTRUN)
• /storage-access-api/requestStorageAccess-nested-cross-site-iframe.sub.https.window.html [wpt.fyi]: TIMEOUT (Chrome: OK, Safari: TIMEOUT)
  • [nested-cross-site-frame] document.requestStorageAccess() should resolve in top-level frame or same-origin iframe, otherwise reject with a NotAllowedError with no user gesture.: NOTRUN (Chrome: FAIL, Safari: NOTRUN)
  • [nested-cross-site-frame] document.requestStorageAccess() should be resolved with no user gesture when a permission grant exists, and should allow cookie access: NOTRUN (Chrome: PASS, Safari: NOTRUN)
  • [nested-cross-site-frame] document.requestStorageAccess() should be rejected with a NotAllowedError without permission grant: NOTRUN (Chrome: FAIL, Safari: NOTRUN)
  • [nested-cross-site-frame] document.requestStorageAccess() should be rejected with a NotAllowedError with denied permission: NOTRUN (Chrome: FAIL, Safari: NOTRUN)
• /storage-access-api/requestStorageAccess-nested-same-origin-iframe.sub.https.window.html [wpt.fyi]: TIMEOUT (Chrome: OK, Safari: TIMEOUT)
  • [nested-same-origin-frame] document.requestStorageAccess() should resolve in top-level frame or same-origin iframe, otherwise reject with a NotAllowedError with no user gesture.: NOTRUN (Chrome: PASS, Safari: NOTRUN)
  • [nested-same-origin-frame] document.requestStorageAccess() should be resolved with no user gesture when a permission grant exists, and should allow cookie access: NOTRUN (Chrome: PASS, Safari: NOTRUN)
  • [nested-same-origin-frame] document.requestStorageAccess() should resolve without permission grant or user gesture: NOTRUN (Chrome: PASS, Safari: NOTRUN)
  • [nested-same-origin-frame] document.requestStorageAccess() should resolve with denied permission: NOTRUN (Chrome: PASS, Safari: NOTRUN)
• /storage-access-api/requestStorageAccess-non-fully-active.sub.https.window.html [wpt.fyi]: TIMEOUT (Chrome: OK, Safari: OK)
  • [non-fully-active] document.requestStorageAccess() should not resolve when run in a detached frame: TIMEOUT (Chrome: PASS, Safari: FAIL)
  • [non-fully-active] document.requestStorageAccess() should not resolve when run in a detached DOMParser document: NOTRUN (Chrome: PASS, Safari: FAIL)
• /storage-access-api/requestStorageAccess-same-origin-iframe.sub.https.window.html [wpt.fyi]: ERROR (Chrome: OK, Safari: ERROR)
  • [same-origin-frame] document.requestStorageAccess() should resolve in top-level frame or same-origin iframe, otherwise reject with a NotAllowedError with no user gesture.: NOTRUN (Chrome: PASS, Safari: NOTRUN)
  • [same-origin-frame] document.requestStorageAccess() should be resolved with no user gesture when a permission grant exists, and should allow cookie access: NOTRUN (Chrome: PASS, Safari: NOTRUN)
  • [same-origin-frame] document.requestStorageAccess() should resolve without permission grant or user gesture: NOTRUN (Chrome: PASS, Safari: NOTRUN)
  • [same-origin-frame] document.requestStorageAccess() should resolve with denied permission: NOTRUN (Chrome: PASS, Safari: NOTRUN)
• /storage-access-api/requestStorageAccess.sub.https.window.html [wpt.fyi]: ERROR (Chrome: OK, Safari: ERROR)
  • [top-level-context] document.requestStorageAccess() should resolve in top-level frame or same-origin iframe, otherwise reject with a NotAllowedError with no user gesture.: NOTRUN (Chrome: PASS, Safari: NOTRUN)
  • [top-level-context] document.requestStorageAccess() should be resolved with no user gesture when a permission grant exists, and should allow cookie access: NOTRUN (Chrome: PASS, Safari: NOTRUN)
  • [top-level-context] document.requestStorageAccess() should resolve without permission grant or user gesture: NOTRUN (Chrome: PASS, Safari: NOTRUN)
  • [top-level-context] document.requestStorageAccess() should resolve with denied permission: NOTRUN (Chrome: PASS, Safari: NOTRUN)
• /storage-access-api/storage-access-permission.sub.https.window.html [wpt.fyi]: TIMEOUT (Chrome: TIMEOUT, Safari: TIMEOUT)
  • Permissions grants are observable across same-origin iframes: TIMEOUT (Chrome: TIMEOUT, Safari: TIMEOUT)
  • IFrame tests: NOTRUN (Chrome: NOTRUN, Safari: NOTRUN)
• /storage-access-api/storageAccess.testdriver.sub.html [wpt.fyi]
  • TestDriver - Set Storage Access Command Tests: FAIL (Chrome: FAIL, Safari: PASS)
• /top-level-storage-access-api/tentative/requestStorageAccessForOrigin-insecure.sub.window.html [wpt.fyi]
  • [insecure-context] document.requestStorageAccessForOrigin() should be supported on the document interface: FAIL (Chrome: PASS, Safari: FAIL)
  • [insecure-context] document.requestStorageAccessForOrigin() should be rejected by default with no user gesture: FAIL (Chrome: PASS, Safari: FAIL)
  • [non-fully-active] document.requestStorageAccessForOrigin() should not resolve when run in a detached frame: FAIL (Chrome: PASS, Safari: FAIL)
  • [non-fully-active] document.requestStorageAccessForOrigin() should not resolve when run in a detached DOMParser document: FAIL (Chrome: PASS, Safari: FAIL)
  • [insecure-context] document.requestStorageAccessForOrigin() should be rejected when called in an insecure context: FAIL (Chrome: PASS, Safari: FAIL)
  • [frame-on-insecure-page] document.requestStorageAccessForOrigin() should be supported on the document interface: FAIL (Chrome: PASS, Safari: FAIL)
  • [frame-on-insecure-page] document.requestStorageAccessForOrigin() should be rejected when called in an iframe: FAIL (Chrome: FAIL, Safari: FAIL)
• /top-level-storage-access-api/tentative/requestStorageAccessForOrigin.sub.https.window.html [wpt.fyi]: ERROR (Chrome: ERROR, Safari: ERROR)
  • [top-level-context] document.requestStorageAccessForOrigin() should be supported on the document interface: FAIL (Chrome: PASS, Safari: FAIL)
  • [top-level-context] document.requestStorageAccessForOrigin() should be rejected when called with no argument: NOTRUN (Chrome: PASS, Safari: NOTRUN)
  • [top-level-context] document.requestStorageAccessForOrigin() should be rejected by default with no user gesture: NOTRUN (Chrome: PASS, Safari: NOTRUN)
  • [non-fully-active] document.requestStorageAccessForOrigin() should not resolve when run in a detached frame: NOTRUN (Chrome: PASS, Safari: NOTRUN)
  • [non-fully-active] document.requestStorageAccessForOrigin() should not resolve when run in a detached DOMParser document: NOTRUN (Chrome: PASS, Safari: NOTRUN)
  • [top-level-context] document.requestStorageAccessForOrigin() should be resolved without a user gesture with an existing permission: NOTRUN (Chrome: FAIL, Safari: NOTRUN)
  • [top-level-context] document.requestStorageAccess() should be resolved without a user gesture after a successful requestStorageAccessForOrigin() call: NOTRUN (Chrome: PASS, Safari: NOTRUN)
  • [top-level-context] document.requestStorageAccessForOrigin() should be resolved when called properly with a user gesture and the same site: NOTRUN (Chrome: PASS, Safari: NOTRUN)
  • [top-level-context] document.requestStorageAccessForOrigin() should be rejected when called with an invalid site: NOTRUN (Chrome: PASS, Safari: NOTRUN)
  • [top-level-context] document.requestStorageAccessForOrigin() should be rejected when called with an opaque origin: NOTRUN (Chrome: PASS, Safari: NOTRUN)
• /top-level-storage-access-api/tentative/top-level-storage-access-permission.sub.https.window.html [wpt.fyi]
  • Permission default state can be queried: FAIL (Chrome: PASS, Safari: FAIL)

Comment 3

[Pulsebot]

Pushed by wptsync@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/18107de5722a
[wpt PR 38919] - Fix failure to include cookies via Storage Access API on navigations, a=testonly

Comment 4

[Narcis Beleuzu [:NarcisB]]

https://hg.mozilla.org/mozilla-central/rev/18107de5722a