Check cookie accessibility in requestStorageAccess WPTs

This CL extends the existing WPTs for document.requestStorageAccess such that they actually verify the accessibility of cookies after storage access is obtained. This is just a check that the API does what it's supposed to do, in addition to returning the result that it's supposed to. This would have caught https://crbug.com/1409163, https://crbug.com/1409162, and https://crbug.com/1408969. Change-Id: Icf53e696a709398f7cf0079d0047a9e5cba20b5e Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4369340 Commit-Queue: Matt Reichhoff <mreichhoff@chromium.org> Auto-Submit: Chris Fredrickson <cfredric@chromium.org> Reviewed-by: Matt Reichhoff <mreichhoff@chromium.org> Cr-Commit-Position: refs/heads/main@{#1122494}
web-platform-tests · Mar 27, 2023 · 331357d · 331357d
1 parent dae18f9
commit 331357d
Show file tree

Hide file tree

Showing 4 changed files with 49 additions and 19 deletions.
diff --git a/cookies/resources/cookie-helper.sub.js b/cookies/resources/cookie-helper.sub.js
@@ -60,20 +60,14 @@ function assert_cookie(origin, obj, name, value, present) {
 // Remove the cookie named |name| from |origin|, then set it on |origin| anew.
 // If |origin| matches `self.origin`, also assert (via `document.cookie`) that
 // the cookie was correctly removed and reset.
-function create_cookie(origin, name, value, extras) {
+async function create_cookie(origin, name, value, extras) {
   alert("Create_cookie: " + origin + "/cookies/resources/drop.py?name=" + name);
-  return credFetch(origin + "/cookies/resources/drop.py?name=" + name)
-    .then(_ => {
-      if (origin == self.origin)
-        assert_dom_cookie(name, value, false);
-    })
-    .then(_ => {
-      return credFetch(origin + "/cookies/resources/set.py?" + name + "=" + value + ";path=/;" + extras)
-        .then(_ => {
-          if (origin == self.origin)
-            assert_dom_cookie(name, value, true);
-        });
-    });
+  await credFetch(origin + "/cookies/resources/drop.py?name=" + name);
+  if (origin == self.origin)
+    assert_dom_cookie(name, value, false);
+  await credFetch(origin + "/cookies/resources/set.py?" + name + "=" + value + ";path=/;" + extras);
+  if (origin == self.origin)
+    assert_dom_cookie(name, value, true);
 }
 
 //

diff --git a/storage-access-api/helpers.js b/storage-access-api/helpers.js
@@ -150,6 +150,35 @@ async function CanFrameWriteCookies(frame, keep_after_writing = false) {
   return can_write;
 }
 
+// Tests whether the current frame can read and write cookies via HTTP headers.
+// This deletes, writes, reads, then deletes a cookie named "cookie".
+async function CanAccessCookiesViaHTTP() {
+  await create_cookie(window.location.origin, "cookie", "1", "samesite=None;Secure");
+  const http_cookies = await fetch(`${window.location.origin}/storage-access-api/resources/echo-cookie-header.py`)
+      .then((resp) => resp.text());
+  const can_access = cookieStringHasCookie("cookie", "1", http_cookies);
+
+  erase_cookie_from_js("cookie", "SameSite=None;Secure;Path=/");
+
+  return can_access;
+}
+
+// Tests whether the current frame can read and write cookies via
+// document.cookie. This deletes, writes, reads, then deletes a cookie named
+// "cookie".
+function CanAccessCookiesViaJS() {
+  erase_cookie_from_js("cookie", "SameSite=None;Secure;Path=/");
+  assert_false(cookieStringHasCookie("cookie", "1", document.cookie));
+
+  document.cookie = "cookie=1;SameSite=None;Secure;Path=/";
+  const can_access = cookieStringHasCookie("cookie", "1", document.cookie);
+
+  erase_cookie_from_js("cookie", "SameSite=None;Secure;Path=/");
+  assert_false(cookieStringHasCookie("cookie", "1", document.cookie));
+
+  return can_access;
+}
+
 // Reads cookies via the `httpCookies` variable in the given frame.
 function GetHTTPCookiesFromFrame(frame) {
   return PostMessageAndAwaitReply(

diff --git a/storage-access-api/requestStorageAccess.sub.https.window.js b/storage-access-api/requestStorageAccess.sub.https.window.js
@@ -1,4 +1,5 @@
 // META: script=helpers.js
+// META: script=/cookies/resources/cookie-helper.sub.js
 // META: script=/resources/testdriver.js
 // META: script=/resources/testdriver-vendor.js
 'use strict';
@@ -35,6 +36,9 @@ promise_test(
           testPrefix.includes('ABA')) {
         await document.requestStorageAccess().catch(t.unreached_func(
             'document.requestStorageAccess() call should resolve in top-level frame or same-site iframe.'));
+
+        assert_true(await CanAccessCookiesViaHTTP(), 'After obtaining storage access, subresource requests from the frame should send and set cookies.');
+        assert_true(CanAccessCookiesViaJS(), 'After obtaining storage access, scripts in the frame should be able to access cookies.');
       } else {
         return promise_rejects_dom(
             t, "NotAllowedError", document.requestStorageAccess(),
@@ -54,12 +58,8 @@ promise_test(
 
       await document.requestStorageAccess();
 
-      await fetch(`${window.location.origin}/cookies/resources/set-cookie.py?name=cookie&path=/&samesite=None&secure=`)
-          .then((resp) => resp.text());
-      const httpCookies = await fetch(`${window.location.origin}/storage-access-api/resources/echo-cookie-header.py`)
-          .then((resp) => resp.text());
-      assert_true(httpCookies.includes('cookie=1'),
-          'After obtaining storage access, subresource requests from the frame should send and set cookies.');
+      assert_true(await CanAccessCookiesViaHTTP(), 'After obtaining storage access, subresource requests from the frame should send and set cookies.');
+      assert_true(CanAccessCookiesViaJS(), 'After obtaining storage access, scripts in the frame should be able to access cookies.');
     },
     '[' + testPrefix +
         '] document.requestStorageAccess() should be resolved with no user gesture when a permission grant exists, and ' +
@@ -92,6 +92,9 @@ if (testPrefix.includes('cross-site')) {
   promise_test(
       async () => {
         await document.requestStorageAccess();
+
+        assert_true(await CanAccessCookiesViaHTTP(), 'After obtaining storage access, subresource requests from the frame should send and set cookies.');
+        assert_true(CanAccessCookiesViaJS(), 'After obtaining storage access, scripts in the frame should be able to access cookies.');
       },
       `[${testPrefix}] document.requestStorageAccess() should resolve without permission grant or user gesture`);
 
@@ -101,6 +104,9 @@ if (testPrefix.includes('cross-site')) {
             {name: 'storage-access'}, 'denied');
 
         await document.requestStorageAccess();
+
+        assert_true(await CanAccessCookiesViaHTTP(), 'After obtaining storage access, subresource requests from the frame should send and set cookies.');
+        assert_true(CanAccessCookiesViaJS(), 'After obtaining storage access, scripts in the frame should be able to access cookies.');
       },
       `[${testPrefix}] document.requestStorageAccess() should resolve with denied permission`);
 }
diff --git a/storage-access-api/resources/requestStorageAccess-iframe.https.html b/storage-access-api/resources/requestStorageAccess-iframe.https.html
@@ -6,5 +6,6 @@
 <script src="/resources/testdriver-vendor.js"></script>
 <!-- no testharnessreport.js -->
 <script src="../helpers.js"></script>
+<script src="/cookies/resources/cookie-helper.sub.js"></script>
 <div id=log></div>
 <script src="/storage-access-api/requestStorageAccess.sub.https.window.js"></script>