Closed Bug 1892810 Opened 2 months ago Closed 2 months ago

[wpt-sync] Sync PR 45813 - [shared storage] For cross-origin worklet, don't expose error after prefs check

Categories

(Testing :: web-platform-tests, task, P4)

Product:
Testing
Component:
web-platform-tests
Type:
task

Tracking

(firefox127 fixed)

Status:
RESOLVED FIXED
Milestone:
127 Branch
Tracking Flags:
Tracking Status
firefox127 --- fixed

People

(Reporter: wpt-sync, Unassigned)

References

(
URL
)

Details

(Whiteboard: [wptsync downstream])

Sync web-platform-tests PR 45813 into mozilla-central (this bug is closed when the sync is complete).

PR: https://github.com/web-platform-tests/wpt/pull/45813
Details from upstream follow.

Yao Xiao <yaoxia@chromium.org> wrote:

[shared storage] For cross-origin worklet, don't expose error after prefs check

For cross-origin worklet, don't expose error encountered at/after
the user preferences check, as it could leak the user preferences
for the worklet origin to the worklet creator context.

For createWorklet(), since there are more async operations after
the prefs check before returning (e.g. network request can fail
and expose an error), we intercept and modify the callback
response before returning.

For selectURL()/run(), since all the checks are synchronous, we
could simply move the user preference check to the place right
before returning.

Bug: 335839125
Change-Id: I19bdd2ecab062ee51897321240194ce6b88d24bb
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5469020
Reviewed-by: Cammie Smith Barnes \<cammie@chromium.org>
Commit-Queue: Cammie Smith Barnes \<cammie@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1290805}

CI Results

Ran 9 Firefox configurations based on mozilla-central, and Firefox, Chrome, and Safari on GitHub CI

Total 4 tests and 1 subtests

Status Summary

Firefox

OK : 4
FAIL: 4

Chrome

OK : 4
FAIL: 4

Safari

OK : 4
FAIL: 4

Links

Gecko CI (Treeherder)
GitHub PR Head
GitHub PR Base

Details

New Tests That Don't Pass

  • /shared-storage/cross-origin-create-worklet-unrevealed-failure-false-shared-storage-cross-origin-worklet-allowed.tentative.https.sub.html [wpt.fyi]: OK [GitHub], SKIP [Gecko-android-em-7.0-x86_64-lite-qr-opt-geckoview, Gecko-android-em-7.0-x86_64-qr-debug-geckoview, Gecko-android-em-7.0-x86_64-qr-opt-geckoview, Gecko-linux1804-64-qr-debug, Gecko-linux1804-64-qr-opt, Gecko-windows11-32-2009-qr-debug, Gecko-windows11-32-2009-qr-opt, Gecko-windows11-64-2009-qr-debug, Gecko-windows11-64-2009-qr-opt] (Chrome: OK, Safari: OK)
    • createWorklet() with cross-origin module script and credentials "include", and with the Shared-Storage-Cross-Origin-Worklet-Allowed response header value set to false (?0): FAIL (Chrome: FAIL, Safari: FAIL)
  • /shared-storage/cross-origin-create-worklet-unrevealed-failure-missing-access-control-allow-credentials.tentative.https.sub.html [wpt.fyi]: OK [GitHub], SKIP [Gecko-android-em-7.0-x86_64-lite-qr-opt-geckoview, Gecko-android-em-7.0-x86_64-qr-debug-geckoview, Gecko-android-em-7.0-x86_64-qr-opt-geckoview, Gecko-linux1804-64-qr-debug, Gecko-linux1804-64-qr-opt, Gecko-windows11-32-2009-qr-debug, Gecko-windows11-32-2009-qr-opt, Gecko-windows11-64-2009-qr-debug, Gecko-windows11-64-2009-qr-opt] (Chrome: OK, Safari: OK)
    • createWorklet() with cross-origin module script and credentials "include", and without the Access-Control-Allow-Credentials response header: FAIL (Chrome: FAIL, Safari: FAIL)
  • /shared-storage/cross-origin-create-worklet-unrevealed-failure-missing-access-control-allow-origin.tentative.https.sub.html [wpt.fyi]: OK [GitHub], SKIP [Gecko-android-em-7.0-x86_64-lite-qr-opt-geckoview, Gecko-android-em-7.0-x86_64-qr-debug-geckoview, Gecko-android-em-7.0-x86_64-qr-opt-geckoview, Gecko-linux1804-64-qr-debug, Gecko-linux1804-64-qr-opt, Gecko-windows11-32-2009-qr-debug, Gecko-windows11-32-2009-qr-opt, Gecko-windows11-64-2009-qr-debug, Gecko-windows11-64-2009-qr-opt] (Chrome: OK, Safari: OK)
    • createWorklet() with cross-origin module script and credentials "include", and without the Access-Control-Allow-Origin response header: FAIL (Chrome: FAIL, Safari: FAIL)
  • /shared-storage/cross-origin-create-worklet-unrevealed-failure-missing-shared-storage-cross-origin-worklet-allowed.tentative.https.sub.html [wpt.fyi]: OK [GitHub], SKIP [Gecko-android-em-7.0-x86_64-lite-qr-opt-geckoview, Gecko-android-em-7.0-x86_64-qr-debug-geckoview, Gecko-android-em-7.0-x86_64-qr-opt-geckoview, Gecko-linux1804-64-qr-debug, Gecko-linux1804-64-qr-opt, Gecko-windows11-32-2009-qr-debug, Gecko-windows11-32-2009-qr-opt, Gecko-windows11-64-2009-qr-debug, Gecko-windows11-64-2009-qr-opt] (Chrome: OK, Safari: OK)
    • createWorklet() with cross-origin module script and credentials "include", and without the Shared-Storage-Cross-Origin-Worklet-Allowed response header: FAIL (Chrome: FAIL, Safari: FAIL)

Tests Disabled in Gecko Infrastructure

Pushed by wptsync@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/a6b08832e4d7
[wpt PR 45813] - [shared storage] For cross-origin worklet, don't expose error after prefs check, a=testonly
https://hg.mozilla.org/integration/autoland/rev/751b5da2fe3d
[wpt PR 45813] - Update wpt metadata, a=testonly

https://hg.mozilla.org/mozilla-central/rev/a6b08832e4d7
https://hg.mozilla.org/mozilla-central/rev/751b5da2fe3d

Status: NEW → RESOLVED
Closed: 2 months ago
status-firefox127: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → 127 Branch
You need to log in before you can comment on or make changes to this bug.