Diff
Modified: trunk/LayoutTests/ChangeLog (266478 => 266479)
--- trunk/LayoutTests/ChangeLog 2020-09-02 19:15:43 UTC (rev 266478)
+++ trunk/LayoutTests/ChangeLog 2020-09-02 19:19:54 UTC (rev 266479)
@@ -1,3 +1,24 @@
+2020-09-02 John Wilander <wilan...@apple.com>
+
+ Storage Access API: Allow requests for storage access from nested iframes
+ https://bugs.webkit.org/show_bug.cgi?id=216019
+ <rdar://problem/68109918>
+
+ Reviewed by Alex Christensen.
+
+ It was decided browsers should support requests for storage access from nested
+ iframes as part of the standardization of the Storage Access API. The issue is
+ discussed here: https://github.com/privacycg/storage-access/issues/10.
+
+ * http/tests/storageAccess/request-and-grant-access-cross-origin-sandboxed-nested-iframe-database-expected.txt:
+ * http/tests/storageAccess/request-and-grant-access-cross-origin-sandboxed-nested-iframe-database.html:
+ Now sets a cookie for the third party so that the test checks granted access.
+ * http/tests/storageAccess/request-and-grant-access-cross-origin-sandboxed-nested-iframe-expected.txt:
+ * http/tests/storageAccess/request-and-grant-access-cross-origin-sandboxed-nested-iframe.html:
+ Now sets a cookie for the third party so that the test checks granted access.
+ * http/tests/storageAccess/resources/nesting-iframe.html:
+ Changed to now expect to be granted storage access.
+
2020-09-02 Devin Rousso <drou...@apple.com>
REGRESSION: [ macOS ] media/modern-media-controls/macos-inline-media-controls/macos-inline-media-controls-rtl.html is a flaky timeout
Modified: trunk/LayoutTests/http/tests/storageAccess/request-and-grant-access-cross-origin-sandboxed-nested-iframe-database-expected.txt (266478 => 266479)
--- trunk/LayoutTests/http/tests/storageAccess/request-and-grant-access-cross-origin-sandboxed-nested-iframe-database-expected.txt 2020-09-02 19:15:43 UTC (rev 266478)
+++ trunk/LayoutTests/http/tests/storageAccess/request-and-grant-access-cross-origin-sandboxed-nested-iframe-database-expected.txt 2020-09-02 19:19:54 UTC (rev 266479)
@@ -1,10 +1,27 @@
-Tests that cross-origin iframe storage access is denied if the iframe is sandboxed, has the allow token, but is nested.
+Tests that cross-origin iframe storage access is granted if the iframe is sandboxed, has the allow token, and is nested.
On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
-PASS Storage access was denied. document.cookie == , cookies seen server-side == "No cookies"
+PASS Storage access was granted. document.cookie == firstPartyCookie=value, cookies seen server-side == {"firstPartyCookie":"value"}
PASS successfullyParsed is true
TEST COMPLETE
+
+--------
+Frame: '<!--frame1-->'
+--------
+Should not receive cookies.
+Did not receive cookie named 'firstPartyCookie'.
+Client-side document.cookie:
+
+--------
+Frame: '<!--frame2-->'
+--------
+
+
+--------
+Frame: '<!--frame3-->'
+--------
+
Modified: trunk/LayoutTests/http/tests/storageAccess/request-and-grant-access-cross-origin-sandboxed-nested-iframe-database.html (266478 => 266479)
--- trunk/LayoutTests/http/tests/storageAccess/request-and-grant-access-cross-origin-sandboxed-nested-iframe-database.html 2020-09-02 19:15:43 UTC (rev 266478)
+++ trunk/LayoutTests/http/tests/storageAccess/request-and-grant-access-cross-origin-sandboxed-nested-iframe-database.html 2020-09-02 19:19:54 UTC (rev 266479)
@@ -5,14 +5,32 @@
<script src=""
<script src=""
<script>
- description("Tests that cross-origin iframe storage access is denied if the iframe is sandboxed, has the allow token, but is nested.");
+ description("Tests that cross-origin iframe storage access is granted if the iframe is sandboxed, has the allow token, and is nested.");
jsTestIsAsync = true;
const hostUnderTest = "localhost:8000";
const statisticsUrl = "http://" + hostUnderTest + "/temp";
+ const partitionHost = "127.0.0.1:8000";
+ const thirdPartyOrigin = "http://localhost:8000";
+ const resourcePath = "/storageAccess/resources";
+ const thirdPartyBaseUrl = thirdPartyOrigin + resourcePath;
+ const firstPartyCookieName = "firstPartyCookie";
+ const subPathToSetFirstPartyCookie = "/set-cookie.php?name=" + firstPartyCookieName + "&value=value";
+ const returnUrl = "http://" + partitionHost + "/storageAccess/request-and-grant-access-cross-origin-sandboxed-nested-iframe-database.html";
+ const subPathToGetCookies = "/get-cookies.php?name1=" + firstPartyCookieName;
+
window.addEventListener("message", receiveMessage, false);
+ function openIframe(url, onLoadHandler) {
+ const element = document.createElement("iframe");
+ element.src = ""
+ if (onLoadHandler) {
+ element._onload_ = onLoadHandler;
+ }
+ document.body.appendChild(element);
+ }
+
function receiveMessage(event) {
if (event.origin === "http://localhost:8000") {
if (event.data.indexOf("PASS") !== -1)
@@ -45,28 +63,40 @@
}
function runTest() {
- testRunner.setUseITPDatabase(true);
- setEnableFeature(true, function() {
- testRunner.setStatisticsPrevalentResource(statisticsUrl, true, function() {
- if (!testRunner.isStatisticsPrevalentResource(statisticsUrl))
- testFailed("Host did not get set as prevalent resource.");
+ switch (document.location.hash) {
+ case "":
+ testRunner.setUseITPDatabase(true);
+ setEnableFeature(true, function() {
+ testRunner.dumpChildFramesAsText();
+ document.location.hash = "step1";
+ testRunner.setStatisticsShouldBlockThirdPartyCookies(true, runTest);
+ });
+ break;
+ case "#step1":
+ // Set first-party cookie for localhost.
+ document.location.href = "" + subPathToSetFirstPartyCookie + "#" + returnUrl + "#step2";
+ break;
+ case "#step2":
+ document.location.hash = "step3";
+ // Check that the first-party cookie does not get sent for localhost under 127.0.0.1.
testRunner.setStatisticsHasHadUserInteraction(statisticsUrl, true, function() {
if (!testRunner.isStatisticsHasHadUserInteraction(statisticsUrl))
testFailed("Host did not get logged for user interaction.");
- testRunner.statisticsUpdateCookieBlocking(function() {
- let iframeElement = document.createElement("iframe");
- iframeElement.setAttribute("sandbox", "allow-storage-access-by-user-activation allow-scripts allow-same-origin allow-modals");
- iframeElement._onload_ = function() {
- activateElement("TheIframeThatRequestsStorageAccess");
- };
- iframeElement.id = "TheIframeThatRequestsStorageAccess";
- iframeElement.src = ""
- document.body.appendChild(iframeElement);
-
- });
+ openIframe(thirdPartyBaseUrl + subPathToGetCookies + "&message=Should not receive cookies.", runTest);
});
- });
- });
+ break;
+ case "#step3":
+ // Request and get granted storage access in a nested iframe.
+ let iframeElement = document.createElement("iframe");
+ iframeElement.setAttribute("sandbox", "allow-storage-access-by-user-activation allow-scripts allow-same-origin allow-modals");
+ iframeElement._onload_ = function() {
+ activateElement("TheIframeThatRequestsStorageAccess");
+ };
+ iframeElement.id = "TheIframeThatRequestsStorageAccess";
+ iframeElement.src = ""
+ document.body.appendChild(iframeElement);
+ break;
+ }
}
</script>
</head>
Modified: trunk/LayoutTests/http/tests/storageAccess/request-and-grant-access-cross-origin-sandboxed-nested-iframe-expected.txt (266478 => 266479)
--- trunk/LayoutTests/http/tests/storageAccess/request-and-grant-access-cross-origin-sandboxed-nested-iframe-expected.txt 2020-09-02 19:15:43 UTC (rev 266478)
+++ trunk/LayoutTests/http/tests/storageAccess/request-and-grant-access-cross-origin-sandboxed-nested-iframe-expected.txt 2020-09-02 19:19:54 UTC (rev 266479)
@@ -1,10 +1,27 @@
-Tests that cross-origin iframe storage access is denied if the iframe is sandboxed, has the allow token, but is nested.
+Tests that cross-origin iframe storage access is granted if the iframe is sandboxed, has the allow token, and is nested.
On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
-PASS Storage access was denied. document.cookie == , cookies seen server-side == "No cookies"
+PASS Storage access was granted. document.cookie == firstPartyCookie=value, cookies seen server-side == {"firstPartyCookie":"value"}
PASS successfullyParsed is true
TEST COMPLETE
+
+--------
+Frame: '<!--frame1-->'
+--------
+Should not receive cookies.
+Did not receive cookie named 'firstPartyCookie'.
+Client-side document.cookie:
+
+--------
+Frame: '<!--frame2-->'
+--------
+
+
+--------
+Frame: '<!--frame3-->'
+--------
+
Modified: trunk/LayoutTests/http/tests/storageAccess/request-and-grant-access-cross-origin-sandboxed-nested-iframe.html (266478 => 266479)
--- trunk/LayoutTests/http/tests/storageAccess/request-and-grant-access-cross-origin-sandboxed-nested-iframe.html 2020-09-02 19:15:43 UTC (rev 266478)
+++ trunk/LayoutTests/http/tests/storageAccess/request-and-grant-access-cross-origin-sandboxed-nested-iframe.html 2020-09-02 19:19:54 UTC (rev 266479)
@@ -5,14 +5,32 @@
<script src=""
<script src=""
<script>
- description("Tests that cross-origin iframe storage access is denied if the iframe is sandboxed, has the allow token, but is nested.");
+ description("Tests that cross-origin iframe storage access is granted if the iframe is sandboxed, has the allow token, and is nested.");
jsTestIsAsync = true;
const hostUnderTest = "localhost:8000";
const statisticsUrl = "http://" + hostUnderTest + "/temp";
+ const partitionHost = "127.0.0.1:8000";
+ const thirdPartyOrigin = "http://localhost:8000";
+ const resourcePath = "/storageAccess/resources";
+ const thirdPartyBaseUrl = thirdPartyOrigin + resourcePath;
+ const firstPartyCookieName = "firstPartyCookie";
+ const subPathToSetFirstPartyCookie = "/set-cookie.php?name=" + firstPartyCookieName + "&value=value";
+ const returnUrl = "http://" + partitionHost + "/storageAccess/request-and-grant-access-cross-origin-sandboxed-nested-iframe.html";
+ const subPathToGetCookies = "/get-cookies.php?name1=" + firstPartyCookieName;
+
window.addEventListener("message", receiveMessage, false);
+ function openIframe(url, onLoadHandler) {
+ const element = document.createElement("iframe");
+ element.src = ""
+ if (onLoadHandler) {
+ element._onload_ = onLoadHandler;
+ }
+ document.body.appendChild(element);
+ }
+
function receiveMessage(event) {
if (event.origin === "http://localhost:8000") {
if (event.data.indexOf("PASS") !== -1)
@@ -45,27 +63,39 @@
}
function runTest() {
- setEnableFeature(true, function() {
- testRunner.setStatisticsPrevalentResource(statisticsUrl, true, function() {
- if (!testRunner.isStatisticsPrevalentResource(statisticsUrl))
- testFailed("Host did not get set as prevalent resource.");
+ switch (document.location.hash) {
+ case "":
+ setEnableFeature(true, function() {
+ testRunner.dumpChildFramesAsText();
+ document.location.hash = "step1";
+ testRunner.setStatisticsShouldBlockThirdPartyCookies(true, runTest);
+ });
+ break;
+ case "#step1":
+ // Set first-party cookie for localhost.
+ document.location.href = "" + subPathToSetFirstPartyCookie + "#" + returnUrl + "#step2";
+ break;
+ case "#step2":
+ document.location.hash = "step3";
+ // Check that the first-party cookie does not get sent for localhost under 127.0.0.1.
testRunner.setStatisticsHasHadUserInteraction(statisticsUrl, true, function() {
if (!testRunner.isStatisticsHasHadUserInteraction(statisticsUrl))
testFailed("Host did not get logged for user interaction.");
- testRunner.statisticsUpdateCookieBlocking(function() {
- let iframeElement = document.createElement("iframe");
- iframeElement.setAttribute("sandbox", "allow-storage-access-by-user-activation allow-scripts allow-same-origin allow-modals");
- iframeElement._onload_ = function() {
- activateElement("TheIframeThatRequestsStorageAccess");
- };
- iframeElement.id = "TheIframeThatRequestsStorageAccess";
- iframeElement.src = ""
- document.body.appendChild(iframeElement);
-
- });
+ openIframe(thirdPartyBaseUrl + subPathToGetCookies + "&message=Should not receive cookies.", runTest);
});
- });
- });
+ break;
+ case "#step3":
+ // Request and get granted storage access in a nested iframe.
+ let iframeElement = document.createElement("iframe");
+ iframeElement.setAttribute("sandbox", "allow-storage-access-by-user-activation allow-scripts allow-same-origin allow-modals");
+ iframeElement._onload_ = function() {
+ activateElement("TheIframeThatRequestsStorageAccess");
+ };
+ iframeElement.id = "TheIframeThatRequestsStorageAccess";
+ iframeElement.src = ""
+ document.body.appendChild(iframeElement);
+ break;
+ }
}
</script>
</head>
Modified: trunk/LayoutTests/http/tests/storageAccess/resources/nesting-iframe.html (266478 => 266479)
--- trunk/LayoutTests/http/tests/storageAccess/resources/nesting-iframe.html 2020-09-02 19:15:43 UTC (rev 266478)
+++ trunk/LayoutTests/http/tests/storageAccess/resources/nesting-iframe.html 2020-09-02 19:19:54 UTC (rev 266479)
@@ -3,6 +3,6 @@
<head>
</head>
<body>
-<iframe sandbox="allow-storage-access-by-user-activation allow-scripts allow-same-origin allow-modals" id="TheIframeThatRequestsStorageAccess" src=""
+<iframe sandbox="allow-storage-access-by-user-activation allow-scripts allow-same-origin allow-modals" id="TheIframeThatRequestsStorageAccess" src=""
</body>
</html>
\ No newline at end of file
Modified: trunk/Source/WebCore/ChangeLog (266478 => 266479)
--- trunk/Source/WebCore/ChangeLog 2020-09-02 19:15:43 UTC (rev 266478)
+++ trunk/Source/WebCore/ChangeLog 2020-09-02 19:19:54 UTC (rev 266479)
@@ -1,3 +1,20 @@
+2020-09-02 John Wilander <wilan...@apple.com>
+
+ Storage Access API: Allow requests for storage access from nested iframes
+ https://bugs.webkit.org/show_bug.cgi?id=216019
+ <rdar://problem/68109918>
+
+ Reviewed by Alex Christensen.
+
+ It was decided browsers should support requests for storage access from nested
+ iframes as part of the standardization of the Storage Access API. The issue is
+ discussed here: https://github.com/privacycg/storage-access/issues/10.
+
+ No new tests. Existing tests were changed.
+
+ * dom/DocumentStorageAccess.cpp:
+ (WebCore::DocumentStorageAccess::requestStorageAccessQuickCheck):
+
2020-09-02 Chris Dumez <cdu...@apple.com>
OfflineAudioContext incorrectly renders at beginning of output buffer after resuming
Modified: trunk/Source/WebCore/dom/DocumentStorageAccess.cpp (266478 => 266479)
--- trunk/Source/WebCore/dom/DocumentStorageAccess.cpp 2020-09-02 19:15:43 UTC (rev 266478)
+++ trunk/Source/WebCore/dom/DocumentStorageAccess.cpp 2020-09-02 19:19:54 UTC (rev 266479)
@@ -167,10 +167,6 @@
if (m_document.sandboxFlags() != SandboxNone && m_document.isSandboxed(SandboxStorageAccessByUserActivation))
return StorageAccessQuickResult::Reject;
- // The iframe has to be a direct child of the top document.
- if (&topDocument != m_document.parentDocument())
- return StorageAccessQuickResult::Reject;
-
if (!UserGestureIndicator::processingUserGesture())
return StorageAccessQuickResult::Reject;
