Fix COEP reporting tests (#25177)

This is for whatwg/html#5848. Co-authored-by: Domenic Denicola <d@domenic.me>
web-platform-tests · Aug 22, 2020 · 8b381a6 · 8b381a6
1 parent e949f1f
commit 8b381a6
Show file tree

Hide file tree

Showing 7 changed files with 88 additions and 38 deletions.
diff --git a/html/cross-origin-embedder-policy/cache-storage-reporting-dedicated-worker.https.html b/html/cross-origin-embedder-policy/cache-storage-reporting-dedicated-worker.https.html
@@ -23,8 +23,10 @@
   const reports = (await new Promise(r => mc.port1.onmessage = r)).data;
   assert_equals(reports.length, 1);
   const report = reports[0];
-  assert_equals(report.body["blocked-url"], image_url);
+  assert_equals(report.body.blockedURL, image_url);
   assert_equals(report.body.type, "corp");
+  assert_equals(report.body.disposition, "enforce");
+  assert_equals(report.body.destination, "");
   assert_equals(report.type, "coep");
   assert_equals(report.url, worker_url);
 }, "COEP support on DedicatedWorker.")
@@ -37,8 +39,10 @@
   const reports = (await new Promise(r => mc.port1.onmessage = r)).data;
   assert_equals(reports.length, 1);
   const report = reports[0];
-  assert_equals(report.body["blocked-url"], image_url);
+  assert_equals(report.body.blockedURL, image_url);
   assert_equals(report.body.type, "corp");
+  assert_equals(report.body.disposition, "reporting");
+  assert_equals(report.body.destination, "");
   assert_equals(report.type, "coep");
   assert_equals(report.url, worker_url);
 }, "COEP-Report-Only support on DedicatedWorker.")

diff --git a/html/cross-origin-embedder-policy/cache-storage-reporting-document.https.html b/html/cross-origin-embedder-policy/cache-storage-reporting-document.https.html
@@ -32,8 +32,10 @@
   const reports = await waitReports(iframe);
   assert_equals(reports.length, 1);
   const report = reports[0];
-  assert_equals(report.body["blocked-url"], image_url);
+  assert_equals(report.body.blockedURL, image_url);
   assert_equals(report.body.type, "corp");
+  assert_equals(report.body.disposition, "enforce");
+  assert_equals(report.body.destination, "");
   assert_equals(report.type, "coep");
   assert_equals(report.url, iframe_url);
 }, "COEP support on document.")
@@ -44,8 +46,10 @@
   const reports = await waitReports(iframe);
   assert_equals(reports.length, 1);
   const report = reports[0];
-  assert_equals(report.body["blocked-url"], image_url);
+  assert_equals(report.body.blockedURL, image_url);
   assert_equals(report.body.type, "corp");
+  assert_equals(report.body.disposition, "reporting");
+  assert_equals(report.body.destination, "");
   assert_equals(report.type, "coep");
   assert_equals(report.url, iframe_url);
 }, "COEP-Report-Only support on document.")

diff --git a/html/cross-origin-embedder-policy/cache-storage-reporting-service-worker.https.html b/html/cross-origin-embedder-policy/cache-storage-reporting-service-worker.https.html
@@ -29,8 +29,10 @@
   assert_not_equals(reports, 'TIMEOUT');
   assert_equals(reports.length, 1);
   const report = reports[0];
-  assert_equals(report.body["blocked-url"], image_url);
+  assert_equals(report.body.blockedURL, image_url);
   assert_equals(report.body.type, "corp");
+  assert_equals(report.body.disposition, "enforce");
+  assert_equals(report.body.destination, "");
   assert_equals(report.type, "coep");
   assert_equals(report.url, worker_url);
 }, "COEP support on ServiceWorker.");
@@ -50,8 +52,10 @@
   assert_not_equals(reports, 'TIMEOUT');
   assert_equals(reports.length, 1);
   const report = reports[0];
-  assert_equals(report.body["blocked-url"], image_url);
+  assert_equals(report.body.blockedURL, image_url);
   assert_equals(report.body.type, "corp");
+  assert_equals(report.body.disposition, "reporting");
+  assert_equals(report.body.destination, "");
   assert_equals(report.type, "coep");
   assert_equals(report.url, worker_url);
 }, "COEP-Report-Only support on ServiceWorker.");

diff --git a/html/cross-origin-embedder-policy/cache-storage-reporting-shared-worker.https.html b/html/cross-origin-embedder-policy/cache-storage-reporting-shared-worker.https.html
@@ -21,8 +21,10 @@
   const reports = (await new Promise(r => mc.port1.onmessage = r)).data;
   assert_equals(reports.length, 1);
   const report = reports[0];
-  assert_equals(report.body["blocked-url"], image_url);
+  assert_equals(report.body.blockedURL, image_url);
   assert_equals(report.body.type, "corp");
+  assert_equals(report.body.disposition, "enforce");
+  assert_equals(report.body.destination, "");
   assert_equals(report.type, "coep");
   assert_equals(report.url, worker_url);
 }, "COEP support on SharedWorker.")
@@ -35,8 +37,10 @@
   const reports = (await new Promise(r => mc.port1.onmessage = r)).data;
   assert_equals(reports.length, 1);
   const report = reports[0];
-  assert_equals(report.body["blocked-url"], image_url);
+  assert_equals(report.body.blockedURL, image_url);
   assert_equals(report.body.type, "corp");
+  assert_equals(report.body.disposition, "reporting");
+  assert_equals(report.body.destination, "");
   assert_equals(report.type, "coep");
   assert_equals(report.url, worker_url);
 }, "COEP-Report-Only support on SharedWorker.")

diff --git a/html/cross-origin-embedder-policy/reporting-navigation.https.html b/html/cross-origin-embedder-policy/reporting-navigation.https.html
@@ -15,18 +15,21 @@
 const FRAME_URL = `${ORIGIN}/common/blank.html?pipe=`;
 const REMOTE_FRAME_URL = `${REMOTE_ORIGIN}/common/blank.html?pipe=`;
 
-function checkCorpReport(report, contextUrl, blockedUrl) {
+function checkCorpReport(report, contextUrl, blockedUrl, disposition) {
   assert_equals(report.type, 'coep');
   assert_equals(report.url, contextUrl);
   assert_equals(report.body.type, 'corp');
-  assert_equals(report.body['blocked-url'], blockedUrl);
+  assert_equals(report.body.blockedURL, blockedUrl);
+  assert_equals(report.body.disposition, disposition);
+  assert_equals(report.body.destination, 'iframe');
 }
 
-function checkCoepMismatchReport(report, contextUrl, blockedUrl) {
+function checkCoepMismatchReport(report, contextUrl, blockedUrl, disposition) {
   assert_equals(report.type, 'coep');
   assert_equals(report.url, contextUrl);
   assert_equals(report.body.type, 'navigation');
-  assert_equals(report.body['blocked-url'], blockedUrl);
+  assert_equals(report.body.blockedURL, blockedUrl);
+  assert_equals(report.body.disposition, disposition);
 }
 
 function loadFrame(document, url) {
@@ -82,9 +85,6 @@
 //     'CORP-RO' CORP violation (report only)
 //     'NAV': COEP mismatch between the frames.
 //     'NAV-RO': COEP mismatch between the frames (report only).
-//   Currently '-RO' is no-op, e.g., 'CORP' and 'CORP-RO' have the same
-//   expectation. We are planning to introduce "disposition" member in
-//   reports, which will differentiate them each other.
 const CASES = [
   { parent: '', target: '', reports: [] },
   { parent: '', target: COEP, reports: [] },
@@ -124,12 +124,16 @@
           const report = reports[i];
           switch (testcase.reports[i]) {
             case 'CORP':
+              checkCorpReport(report, contextUrl, targetUrl, 'enforce');
+              break;
             case 'CORP-RO':
-              checkCorpReport(report, contextUrl, targetUrl);
+              checkCorpReport(report, contextUrl, targetUrl, 'reporting');
               break;
             case 'NAV':
+              checkCoepMismatchReport(report, contextUrl, targetUrl, 'enforce');
+              break;
             case 'NAV-RO':
-              checkCoepMismatchReport(report, contextUrl, targetUrl);
+              checkCoepMismatchReport(report, contextUrl, targetUrl, 'reporting');
               break;
             default:
               assert_unreached(
@@ -146,4 +150,4 @@
 }
 
 </script>
-</body></html>
+</body></html>
diff --git a/html/cross-origin-embedder-policy/reporting-subresource-corp.https.html b/html/cross-origin-embedder-policy/reporting-subresource-corp.https.html
@@ -21,11 +21,13 @@
   return new Promise(resolve => step_timeout(resolve, ms));
 }
 
-function checkReport(report, contextUrl, blockedUrl) {
+function checkReport(report, contextUrl, blockedUrl, disposition, destination) {
   assert_equals(report.type, 'coep');
   assert_equals(report.url, contextUrl);
   assert_equals(report.body.type, 'corp');
-  assert_equals(report.body['blocked-url'], blockedUrl);
+  assert_equals(report.body.blockedURL, blockedUrl);
+  assert_equals(report.body.disposition, disposition);
+  assert_equals(report.body.destination, destination);
 }
 
 async function fetchInFrame(t, frameUrl, url) {
@@ -146,20 +148,18 @@
   name: 'blocked due to COEP',
   url: `${REMOTE_ORIGIN}/common/text-plain.txt`,
   check: (reports, contextUrl, url) => {
-    // One for COEP, one for COEP-RO.
     assert_equals(reports.length, 2);
-    checkReport(reports[0], contextUrl, url);
-    checkReport(reports[1], contextUrl, url);
+    checkReport(reports[0], contextUrl, url, 'reporting', '');
+    checkReport(reports[1], contextUrl, url, 'enforce', '');
   }
 }, {
   name: 'blocked during redirect',
   url: `${ORIGIN}/common/redirect.py?location=` +
        encodeURIComponent(`${REMOTE_ORIGIN}/common/text-plain.txt`),
   check: (reports, contextUrl, url) => {
-    // One for COEP, one for COEP-RO.
     assert_equals(reports.length, 2);
-    checkReport(reports[0], contextUrl, url);
-    checkReport(reports[1], contextUrl, url);
+    checkReport(reports[0], contextUrl, url, 'reporting', '');
+    checkReport(reports[1], contextUrl, url, 'enforce', '');
   },
 }];
 
@@ -173,4 +173,29 @@
   }
 }
 
+// A test for a non-empty destination.
+promise_test(async (t) => {
+  const reports = [];
+  const frame = await with_iframe(FRAME_URL);
+  t.add_cleanup(() => frame.remove());
+
+  const observer = new frame.contentWindow.ReportingObserver((rs) => {
+    for (const report of rs) {
+      reports.push(report.toJSON());
+    }
+  });
+  observer.observe();
+  const url = `${REMOTE_ORIGIN}$/common/utils.js`;
+  const script = frame.contentDocument.createElement('script');
+  script.src = url;
+  frame.contentDocument.body.appendChild(script);
+
+  // Wait 200ms for reports to settle.
+  await wait(200);
+
+  assert_equals(reports.length, 2);
+  checkReport(reports[0], FRAME_URL, url, 'reporting', 'script');
+  checkReport(reports[1], FRAME_URL, url, 'enforce', 'script');
+}, 'destination: script');
+
 </script>
diff --git a/html/cross-origin-embedder-policy/reporting-to-endpoint.https.html b/html/cross-origin-embedder-policy/reporting-to-endpoint.https.html
@@ -44,34 +44,37 @@
 pollReports('endpoint', reports);
 pollReports('report-only-endpoint', reportsForReportOnly);
 
-function checkCorpReportExistence(reports, blockedUrl, contextUrl) {
+function checkCorpReportExistence(reports, blockedUrl, contextUrl, disposition) {
   blockedUrl = new URL(blockedUrl, location).href;
   contextUrl = new URL(contextUrl, location).href;
   for (const report of reports) {
     if (report.type !== 'coep' || report.url !== contextUrl ||
         report.body.type !== 'corp') {
       continue;
     }
-    if (report.body['blocked-url'] === blockedUrl) {
+    if (report.body.blockedURL === blockedUrl &&
+        report.body.disposition === disposition) {
+      assert_equals(report.body.destination, '');
       return;
     }
   }
-  assert_unreached(`A report whose blocked-url is ${blockedUrl} and url is ${contextUrl} is not found.`);
+  assert_unreached(`A report whose blockedURL is ${blockedUrl} and url is ${contextUrl} is not found.`);
 }
 
-function checkNavigationReportExistence(reports, blockedUrl, contextUrl) {
+function checkNavigationReportExistence(reports, blockedUrl, contextUrl, disposition) {
   blockedUrl = new URL(blockedUrl, location).href;
   contextUrl = new URL(contextUrl, location).href;
   for (const report of reports) {
     if (report.type !== 'coep' || report.url !== contextUrl ||
         report.body.type !== 'navigation') {
       continue;
     }
-    if (report.body['blocked-url'] === blockedUrl) {
+    if (report.body.blockedURL === blockedUrl &&
+        report.body.disposition === disposition) {
       return;
     }
   }
-  assert_unreached(`A report whose blocked-url is ${blockedUrl} and url is ${contextUrl} is not found.`);
+  assert_unreached(`A report whose blockedURL is ${blockedUrl} and url is ${contextUrl} is not found.`);
 }
 
 async_test(async (t) => {
@@ -94,8 +97,9 @@
     // Wait 3 seconds for reports to settle.
     await wait(3000);
 
-    checkCorpReportExistence(reports, url, iframe.src);
-    checkCorpReportExistence(reportsForReportOnly, url, iframe.src);
+    checkCorpReportExistence(reports, url, iframe.src, 'enforce');
+    checkCorpReportExistence(
+      reportsForReportOnly, url, iframe.src, 'reporting');
 
     t.done();
   } catch (e) {
@@ -130,8 +134,9 @@
     // Wait 3 seconds for reports to settle.
     await wait(3000);
 
-    checkCorpReportExistence(reports, url, iframe.src);
-    checkCorpReportExistence(reportsForReportOnly, url, iframe.src);
+    checkCorpReportExistence(reports, url, iframe.src, 'enforce');
+    checkCorpReportExistence(
+      reportsForReportOnly, url, iframe.src, 'reporting');
 
     t.done();
   } catch (e) {
@@ -158,9 +163,9 @@
     // Wait 3 seconds for reports to settle.
     await wait(3000);
 
-    checkNavigationReportExistence(reports, targetUrl, iframe.src);
+    checkNavigationReportExistence(reports, targetUrl, iframe.src, 'enforce');
     checkNavigationReportExistence(
-      reportsForReportOnly, targetUrl, iframe.src);
+      reportsForReportOnly, targetUrl, iframe.src, 'reporting');
 
     t.done();
   } catch (e) {