Origin isolation: report that opaque origins are origin-isolated

This reports data: and sandboxed iframes as always origin-isolated,
according to the window.originIsolationRestricted property. This is
done regardless of the process isolation state or the presence/absence
of the Origin-Isolation header.

The web platform tests were revamped in the following ways:

* Sandboxed iframes and data: URL tests were split into -yes and -no
  variants, to ensure that the parent frame didn't influence the
  result. For sandboxed iframes in particular, the -no variant was not
  tested previously, and was failing until after the code changes here.

* Additional tests for javascript: URLs were introduced, as an earlier
  version of this CL would trigger a DCHECK on opaque-origin pages
  navigating to javascript: URLs.

* Shared code was factored out. The .html files are now just wrappers
  that delegate to resources/*-test.mjs files.

Bug: 1095653
Change-Id: I69a1f388250d1364dd33c365c936a76546add5b2
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2334103
Reviewed-by: Nate Chapin <[email protected]>
Reviewed-by: Alex Moshchuk <[email protected]>
Reviewed-by: Arthur Sonzogni <[email protected]>
Commit-Queue: Domenic Denicola <[email protected]>
Cr-Commit-Position: refs/heads/master@{#798741}

Author: domenic

origin-isolation/getter-special-cases/csp-sandbox-no.https.html

@@ -0,0 +1,15 @@
+<!DOCTYPE html>
+<meta charset="utf-8">
+<title>window.originIsolationRestricted for a top-level frame sandboxed by CSP with no Origin-Isolation header</title>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+
+<div id="log"></div>
+
+<script type="module">
+import { testOriginIsolationRestricted } from "../resources/helpers.mjs";
+
+// Even without the header, sandboxing makes this page have an opaque origin,
+// so it is origin-isolated.
+testOriginIsolationRestricted(self, true);
+</script>

origin-isolation/getter-special-cases/csp-sandbox-no.https.html.headers

@@ -0,0 +1 @@
+Content-Security-Policy: sandbox allow-scripts;

origin-isolation/getter-special-cases/csp-sandbox-yes.https.html

@@ -0,0 +1,15 @@
+<!DOCTYPE html>
+<meta charset="utf-8">
+<title>window.originIsolationRestricted for a top-level frame sandboxed by CSP with an Origin-Isolation header</title>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+
+<div id="log"></div>
+
+<script type="module">
+import { testOriginIsolationRestricted } from "../resources/helpers.mjs";
+
+// We're definitely origin-isolated: both the CSP sandboxing and the
+// Origin-Isolation header should ensure this.
+testOriginIsolationRestricted(self, true);
+</script>

origin-isolation/getter-special-cases/csp-sandbox-yes.https.html.headers

@@ -0,0 +1,2 @@
+Content-Security-Policy: sandbox allow-scripts;
+Origin-Isolation: ?1

origin-isolation/getter-special-cases/data-to-javascript-no.https.html

@@ -0,0 +1,12 @@
+<!DOCTYPE html>
+<meta charset="utf-8">
+<title>window.originIsolationRestricted for a javascript: URL navigated to from a data: URL on a non-isolated page</title>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+
+<div id="log"></div>
+
+<script type="module">
+import runTest from "./resources/data-to-javascript-test.mjs";
+runTest();
+</script>

origin-isolation/getter-special-cases/data-to-javascript-yes.https.html

@@ -0,0 +1,12 @@
+<!DOCTYPE html>
+<meta charset="utf-8">
+<title>window.originIsolationRestricted for a javascript: URL navigated to from a data: URL on an isolated page</title>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+
+<div id="log"></div>
+
+<script type="module">
+import runTest from "./resources/data-to-javascript-test.mjs";
+runTest();
+</script>

origin-isolation/getter-special-cases/data-url.https.html.headers renamed to origin-isolation/getter-special-cases/data-to-javascript-yes.https.html.headers

@@ -0,0 +1,12 @@
+<!DOCTYPE html>
+<meta charset="utf-8">
+<title>window.originIsolationRestricted for a data: URL on a non-isolated page</title>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+
+<div id="log"></div>
+
+<script type="module">
+import runTest from "./resources/data-url-test.mjs";
+runTest();
+</script>

origin-isolation/getter-special-cases/data-url-no.https.html

@@ -0,0 +1,12 @@
+<!DOCTYPE html>
+<meta charset="utf-8">
+<title>window.originIsolationRestricted for a data: URL on an isolated page</title>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+
+<div id="log"></div>
+
+<script type="module">
+import runTest from "./resources/data-url-test.mjs";
+runTest();
+</script>

origin-isolation/getter-special-cases/data-url-yes.https.html

@@ -0,0 +1,12 @@
+<!DOCTYPE html>
+<meta charset="utf-8">
+<title>window.originIsolationRestricted for a javascript: URL on a non-isolated page</title>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+
+<div id="log"></div>
+
+<script type="module">
+import runTest from "./resources/data-url-test.mjs";
+runTest({ expected: false });
+</script>

origin-isolation/getter-special-cases/sandboxed-iframe.sub.https.html.headers renamed to origin-isolation/getter-special-cases/data-url-yes.https.html.headers

@@ -0,0 +1,12 @@
+<!DOCTYPE html>
+<meta charset="utf-8">
+<title>window.originIsolationRestricted for a javascript: URL on an isolated page</title>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+
+<div id="log"></div>
+
+<script type="module">
+import runTest from "./resources/data-url-test.mjs";
+runTest({ expected: true });
+</script>

origin-isolation/getter-special-cases/data-url.https.html

@@ -0,0 +1 @@
+Origin-Isolation: ?1

origin-isolation/getter-special-cases/javascript-url-no.https.html

@@ -0,0 +1,33 @@
+import { insertCustomIframe, testSupportScript } from "./helpers.mjs";
+import { waitForIframe, testOriginIsolationRestricted } from "../../resources/helpers.mjs";
+
+const testSupportScriptSuitableForNesting =
+  testSupportScript.replace('</script>', '</scri` + `pt>');
+
+export default () => {
+  promise_setup(async () => {
+    const jsURL = `javascript:'${testSupportScript}'`;
+    const iframe = await insertCustomIframe(`data:text/html,
+      Start page
+      <script>
+        window.onmessage = () => {
+          location.href = \`javascript:'End page${testSupportScriptSuitableForNesting}'\`;
+        };
+      </script>
+    `);
+
+    const waitPromise = waitForIframe(iframe, "javascript: URL");
+
+    // Kick off the navigation. We can't do it directly because only same-origin
+    // pages can navigate to a javascript: URL, and we're not same-origin with
+    // a data: URL.
+    iframe.contentWindow.postMessage(undefined, "*");
+
+    await waitPromise;
+  });
+
+  // The javascript: URL iframe inherits its origin from the previous occupant
+  // of the iframe, which is a data: URL, so it should always be true.
+
+  testOriginIsolationRestricted(0, true);
+};

origin-isolation/getter-special-cases/javascript-url-yes.https.html

@@ -0,0 +1,13 @@
+import { insertCustomIframe, testSupportScript } from "./helpers.mjs";
+import { testOriginIsolationRestricted } from "../../resources/helpers.mjs";
+
+export default () => {
+  promise_setup(() => {
+    return insertCustomIframe(`data:text/html,${testSupportScript}`);
+  });
+
+  // The data: URL iframe has an opaque origin, so it should return true, since
+  // for them site === origin so they are always "origin-isolated".
+
+  testOriginIsolationRestricted(0, true, "data: URL child");
+};

origin-isolation/getter-special-cases/javascript-url-yes.https.html.headers

@@ -0,0 +1,29 @@
+import { waitForIframe } from "../../resources/helpers.mjs";
+
+/**
+ * Inserts an iframe, not specialized for origin-isolation testing, pointing to
+ * a custom URL. This is just a wrapper to remove some boilerplate.
+ * @param {string} src - The src="" value for the iframe
+ */
+export async function insertCustomIframe(src) {
+  const iframe = document.createElement("iframe");
+  iframe.src = src;
+
+  const waitPromise = waitForIframe(iframe);
+  document.body.append(iframe);
+  await waitPromise;
+
+  return iframe;
+}
+
+/**
+ * This is the part of send-origin-isolation-header.py that allows
+ * us to reuse testOriginIsolationRestricted.
+ */
+export const testSupportScript = `
+  <script>
+  window.onmessage = () => {
+    parent.postMessage(self.originIsolationRestricted, "*");
+  };
+  </script>
+`;

origin-isolation/getter-special-cases/resources/data-to-javascript-test.mjs

@@ -0,0 +1,14 @@
+import { insertCustomIframe, testSupportScript } from "./helpers.mjs";
+import { testOriginIsolationRestricted } from "../../resources/helpers.mjs";
+
+export default ({ expected }) => {
+  promise_setup(() => {
+    return insertCustomIframe(`javascript:'${testSupportScript}'`);
+  });
+
+  // The javascript: URL iframe inherits its origin from the previous occupant
+  // of the iframe, which is about:blank, which in turn inherits from the
+  // parent. So, the caller needs to tell us what to expect.
+
+  testOriginIsolationRestricted(0, expected);
+};

origin-isolation/getter-special-cases/resources/data-url-test.mjs

@@ -0,0 +1,20 @@
+import {
+  navigateIframe,
+  testOriginIsolationRestricted
+} from "../../resources/helpers.mjs";
+
+export default () => {
+  // We do this manually instead of using insertIframe because we want to add a
+  // sandbox="" attribute and we don't want to set both document.domains.
+  promise_setup(() => {
+    const iframe = document.createElement("iframe");
+    iframe.sandbox = "allow-scripts";
+    const navigatePromise = navigateIframe(iframe, "{{hosts[][]}}", "?1");
+    document.body.append(iframe);
+    return navigatePromise;
+  });
+
+  // Sandboxed iframes have an opaque origin, so it should return true, since
+  // for them site === origin so they are always "origin-isolated".
+  testOriginIsolationRestricted(0, true);
+};

origin-isolation/getter-special-cases/resources/helpers.mjs

@@ -0,0 +1,20 @@
+import {
+  navigateIframe,
+  testOriginIsolationRestricted
+} from "../../resources/helpers.mjs";
+
+export default ({ expected }) => {
+  // We do this manually instead of using insertIframe because we want to add a
+  // sandbox="" attribute and we don't want to set both document.domains.
+  promise_setup(() => {
+    const iframe = document.createElement("iframe");
+    iframe.sandbox = "allow-scripts allow-same-origin";
+    const navigatePromise = navigateIframe(iframe, "{{hosts[][]}}", "?1");
+    document.body.append(iframe);
+    return navigatePromise;
+  });
+
+  // Since the allow-same-origin token is set, this should behave like a normal
+  // iframe, and follow the embedder.
+  testOriginIsolationRestricted(0, expected);
+};

origin-isolation/getter-special-cases/resources/javascript-url-test.mjs

@@ -0,0 +1,12 @@
+<!DOCTYPE html>
+<meta charset="utf-8">
+<title>window.originIsolationRestricted for a sandboxed iframe on a non-isolated page</title>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+
+<div id="log"></div>
+
+<script type="module">
+import runTest from "./resources/sandboxed-iframe-test.sub.mjs";
+runTest();
+</script>

origin-isolation/getter-special-cases/resources/sandboxed-iframe-test.sub.mjs

@@ -0,0 +1,12 @@
+<!DOCTYPE html>
+<meta charset="utf-8">
+<title>window.originIsolationRestricted for a sandboxed iframe on an isolated page</title>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+
+<div id="log"></div>
+
+<script type="module">
+import runTest from "./resources/sandboxed-iframe-test.sub.mjs";
+runTest();
+</script>

origin-isolation/getter-special-cases/resources/sandboxed-same-origin-iframe-test.sub.mjs

@@ -0,0 +1 @@
+Origin-Isolation: ?1

origin-isolation/getter-special-cases/sandboxed-iframe-no.https.html

@@ -0,0 +1,12 @@
+<!DOCTYPE html>
+<meta charset="utf-8">
+<title>window.originIsolationRestricted for a sandboxed, but same-origin, iframe on a non-isolated page</title>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+
+<div id="log"></div>
+
+<script type="module">
+import runTest from "./resources/sandboxed-same-origin-iframe-test.sub.mjs";
+runTest({ expected: false });
+</script>

origin-isolation/getter-special-cases/sandboxed-iframe-yes.https.html

@@ -0,0 +1,12 @@
+<!DOCTYPE html>
+<meta charset="utf-8">
+<title>window.originIsolationRestricted for a sandboxed, but same-origin, iframe on an isolated page</title>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+
+<div id="log"></div>
+
+<script type="module">
+import runTest from "./resources/sandboxed-same-origin-iframe-test.sub.mjs";
+runTest({ expected: true });
+</script>

origin-isolation/getter-special-cases/sandboxed-iframe-yes.https.html.headers

@@ -0,0 +1 @@
+Origin-Isolation: ?1