-
Notifications
You must be signed in to change notification settings - Fork 3.1k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
[SAA] Implementing SharedWorker support (Part 2: Expose same-site coo…
…kie IDL) The Storage Access API provides access to unpartitioned cookies in third-party contexts. This CL is part of a series to extend that access to SharedWorkers. Before we actually provide access to SharedWorkers, we need a way for the renderer to limit the scope of SameSite cookies provided to the worker. Normally, a worker with a first-party storage key could access all cookies, but if access is via the SAA handle we want to limit that access to just SameSite: None cookies. This CL is part of a series to allow that limiting ability. For now, we expose the option in IDL but do not implement the change needed to limit cookie access in first-party contexts when the option is set to 'none'. The next CL will implement this limit. Note: The ability to request 'all' in a third-party context is not added here nor will it be added. We verify that an exception is thrown if this is attempted. Explainer: https://privacycg.github.io/saa-non-cookie-storage/shared-workers.html Part 1: Expose same-site cookie IPC Part 2: Expose same-site cookie IDL Part 3: Implement same-site cookie filtering Part 4: Add SharedWorker support to SAA handle Bug: 1484966 Change-Id: I8c56c02025950e119e3967afd49ed684446fd6e3 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5251551 Reviewed-by: Weizhong Xia <[email protected]> Auto-Submit: Ari Chivukula <[email protected]> Commit-Queue: Ari Chivukula <[email protected]> Reviewed-by: Sun Yueru <[email protected]> Reviewed-by: Nate Chapin <[email protected]> Cr-Commit-Position: refs/heads/main@{#1255183}
- Loading branch information
1 parent
b077dc1
commit 3edd482
Showing
9 changed files
with
179 additions
and
0 deletions.
There are no files selected for viewing
19 changes: 19 additions & 0 deletions
19
workers/same-site-cookies/first-party.all.tentative.https.window.js
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,19 @@ | ||
| // META: script=/resources/testdriver.js | ||
| // META: script=/resources/testdriver-vendor.js | ||
|
|
||
| 'use strict'; | ||
|
|
||
| // Here's the set-up for this test: | ||
| // Step 1 (window) Set up listener for "DidStart" message and start worker. | ||
| // Step 2 (worker) Send "DidStart" message to window. | ||
| // Step 3 (window) Receive "DidStart" message and cleanup. | ||
|
|
||
| async_test(t => { | ||
| // Step 1 | ||
| const worker = new SharedWorker("/workers/same-site-cookies/resources/worker.js", {sameSiteCookies: "all"}); | ||
| worker.port.onmessage = t.step_func(e => { | ||
| // Step 3 | ||
| assert_equals(e.data, "DidStart", "Worker should have started"); | ||
| t.done(); | ||
| }); | ||
| }, "Check SharedWorker sameSiteCookies option all for first-party"); |
19 changes: 19 additions & 0 deletions
19
workers/same-site-cookies/first-party.default.tentative.https.window.js
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,19 @@ | ||
| // META: script=/resources/testdriver.js | ||
| // META: script=/resources/testdriver-vendor.js | ||
|
|
||
| 'use strict'; | ||
|
|
||
| // Here's the set-up for this test: | ||
| // Step 1 (window) Set up listener for "DidStart" message and start worker. | ||
| // Step 2 (worker) Send "DidStart" message to window. | ||
| // Step 3 (window) Receive "DidStart" message and cleanup. | ||
|
|
||
| async_test(t => { | ||
| // Step 1 | ||
| const worker = new SharedWorker("/workers/same-site-cookies/resources/worker.js"); | ||
| worker.port.onmessage = t.step_func(e => { | ||
| // Step 3 | ||
| assert_equals(e.data, "DidStart", "Worker should have started"); | ||
| t.done(); | ||
| }); | ||
| }, "Check SharedWorker sameSiteCookies option default for first-party"); |
19 changes: 19 additions & 0 deletions
19
workers/same-site-cookies/first-party.none.tentative.https.window.js
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,19 @@ | ||
| // META: script=/resources/testdriver.js | ||
| // META: script=/resources/testdriver-vendor.js | ||
|
|
||
| 'use strict'; | ||
|
|
||
| // Here's the set-up for this test: | ||
| // Step 1 (window) Set up listener for "DidStart" message and start worker. | ||
| // Step 2 (worker) Send "DidStart" message to window. | ||
| // Step 3 (window) Receive "DidStart" message and cleanup. | ||
|
|
||
| async_test(t => { | ||
| // Step 1 | ||
| const worker = new SharedWorker("/workers/same-site-cookies/resources/worker.js", {sameSiteCookies: "none"}); | ||
| worker.port.onmessage = t.step_func(e => { | ||
| // Step 3 | ||
| assert_equals(e.data, "DidStart", "Worker should have started"); | ||
| t.done(); | ||
| }); | ||
| }, "Check SharedWorker sameSiteCookies option none for first-party"); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,31 @@ | ||
| <!doctype html> | ||
| <meta charset="utf-8"> | ||
| <script src="/resources/testdriver.js"></script> | ||
| <script src="/resources/testdriver-vendor.js"></script> | ||
| <body> | ||
| <script> | ||
| // Step 3 (workers/same-site-cookies/third-party.{}) | ||
| test_driver.set_test_context(window.top); | ||
| const type = (new URLSearchParams(window.location.search)).get("type"); | ||
| let options = {}; | ||
| switch (type) { | ||
| case "default": | ||
| break; | ||
| case "all": | ||
| options.sameSiteCookies = "all"; | ||
| break; | ||
| case "none": | ||
| options.sameSiteCookies = "none"; | ||
| break; | ||
| } | ||
| // Step 5 (workers/same-site-cookies/third-party.{}) | ||
| try { | ||
| const worker = new SharedWorker("/workers/same-site-cookies/resources/worker.js", options); | ||
| worker.port.onmessage = (e) => { | ||
| window.top.postMessage(e.data, "*"); | ||
| }; | ||
| } catch (_) { | ||
| window.top.postMessage("DidNotStart", "*"); | ||
| } | ||
| </script> | ||
| </body> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,14 @@ | ||
| <!doctype html> | ||
| <meta charset="utf-8"> | ||
| <script src="/resources/testdriver.js"></script> | ||
| <script src="/resources/testdriver-vendor.js"></script> | ||
| <body> | ||
| <script> | ||
| // Step 2 (workers/same-site-cookies/third-party.{}) | ||
| test_driver.set_test_context(window.top); | ||
| const type = (new URLSearchParams(window.location.search)).get("type"); | ||
| let iframe = document.createElement("iframe"); | ||
| iframe.src = "https://{{hosts[][]}}:{{ports[https][0]}}/workers/same-site-cookies/resources/iframe-iframe.html?type=" + type; | ||
| document.body.appendChild(iframe); | ||
| </script> | ||
| </body> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,5 @@ | ||
| // Step 2/4 (workers/same-site-cookies/{}) | ||
| self.onconnect = (e) => { | ||
| e.ports[0].postMessage("DidStart"); | ||
| self.close(); | ||
| } |
24 changes: 24 additions & 0 deletions
24
workers/same-site-cookies/third-party.all.tentative.sub.https.window.js
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,24 @@ | ||
| // META: script=/resources/testdriver.js | ||
| // META: script=/resources/testdriver-vendor.js | ||
|
|
||
| 'use strict'; | ||
|
|
||
| // Here's the set-up for this test: | ||
| // Step 1 (top-frame) Set up listener for "DidNotStart" message and open cross-site iframe. | ||
| // Step 2 (sub-frame) Open iframe same-site to top-frame. | ||
| // Step 3 (sub-sub-frame) Set up listener for message and start worker. | ||
| // Step 4 (worker) Skipped. | ||
| // Step 5 (sub-sub-frame) Worker failed to start and window messages "DidNotStart". | ||
| // Step 6 (top-frame) Receive "DidNotStart" message and cleanup. | ||
|
|
||
| async_test(t => { | ||
| // Step 1 | ||
| window.addEventListener("message", t.step_func(e => { | ||
| // Step 6 | ||
| assert_equals(e.data, "DidNotStart", "Worker should not have started"); | ||
| t.done(); | ||
| })); | ||
| let iframe = document.createElement("iframe"); | ||
| iframe.src = "https://{{hosts[alt][]}}:{{ports[https][0]}}/workers/same-site-cookies/resources/iframe.sub.html?type=all"; | ||
| document.body.appendChild(iframe); | ||
| }, "Check SharedWorker sameSiteCookies option all for third-party"); |
24 changes: 24 additions & 0 deletions
24
workers/same-site-cookies/third-party.default.tentative.sub.https.window.js
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,24 @@ | ||
| // META: script=/resources/testdriver.js | ||
| // META: script=/resources/testdriver-vendor.js | ||
|
|
||
| 'use strict'; | ||
|
|
||
| // Here's the set-up for this test: | ||
| // Step 1 (top-frame) Set up listener for "DidStart" message and open cross-site iframe. | ||
| // Step 2 (sub-frame) Open iframe same-site to top-frame. | ||
| // Step 3 (sub-sub-frame) Set up listener for message and start worker. | ||
| // Step 4 (worker) Send "DidStart" message to iframe. | ||
| // Step 5 (sub-sub-frame) Receive message and pass on to window. | ||
| // Step 6 (top-frame) Receive "DidStart" message and cleanup. | ||
|
|
||
| async_test(t => { | ||
| // Step 1 | ||
| window.addEventListener("message", t.step_func(e => { | ||
| // Step 6 | ||
| assert_equals(e.data, "DidStart", "Worker should have started"); | ||
| t.done(); | ||
| })); | ||
| let iframe = document.createElement("iframe"); | ||
| iframe.src = "https://{{hosts[alt][]}}:{{ports[https][0]}}/workers/same-site-cookies/resources/iframe.sub.html?type=default"; | ||
| document.body.appendChild(iframe); | ||
| }, "Check SharedWorker sameSiteCookies option default for third-party"); |
24 changes: 24 additions & 0 deletions
24
workers/same-site-cookies/third-party.none.tentative.sub.https.window.js
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,24 @@ | ||
| // META: script=/resources/testdriver.js | ||
| // META: script=/resources/testdriver-vendor.js | ||
|
|
||
| 'use strict'; | ||
|
|
||
| // Here's the set-up for this test: | ||
| // Step 1 (top-frame) Set up listener for "DidStart" message and open cross-site iframe. | ||
| // Step 2 (sub-frame) Open iframe same-site to top-frame. | ||
| // Step 3 (sub-sub-frame) Set up listener for message and start worker. | ||
| // Step 4 (worker) Send "DidStart" message to iframe. | ||
| // Step 5 (sub-sub-frame) Receive message and pass on to window. | ||
| // Step 6 (top-frame) Receive "DidStart" message and cleanup. | ||
|
|
||
| async_test(t => { | ||
| // Step 1 | ||
| window.addEventListener("message", t.step_func(e => { | ||
| // Step 6 | ||
| assert_equals(e.data, "DidStart", "Worker should have started"); | ||
| t.done(); | ||
| })); | ||
| let iframe = document.createElement("iframe"); | ||
| iframe.src = "https://{{hosts[alt][]}}:{{ports[https][0]}}/workers/same-site-cookies/resources/iframe.sub.html?type=none"; | ||
| document.body.appendChild(iframe); | ||
| }, "Check SharedWorker sameSiteCookies option none for third-party"); |