From 6115b5f3b0ed8451eac079e11b1fb5d3c3a09096 Mon Sep 17 00:00:00 2001 From: Shelley Vohr Date: Tue, 16 Apr 2024 06:35:16 -0400 Subject: [PATCH] test: add tests for Storage Access API (#41864) test: add tests for Storage Access API (#41698) --- docs/api/session.md | 4 ++ spec/chromium-spec.ts | 132 ++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 136 insertions(+) diff --git a/docs/api/session.md b/docs/api/session.md index ec314bcf6a2c7..635508a9d3436 100644 --- a/docs/api/session.md +++ b/docs/api/session.md @@ -813,6 +813,8 @@ win.webContents.session.setCertificateVerifyProc((request, callback) => { * `pointerLock` - Request to directly interpret mouse movements as an input method via the [Pointer Lock API](https://developer.mozilla.org/en-US/docs/Web/API/Pointer_Lock_API). These requests always appear to originate from the main frame. * `keyboardLock` - Request capture of keypresses for any or all of the keys on the physical keyboard via the [Keyboard Lock API](https://developer.mozilla.org/en-US/docs/Web/API/Keyboard/lock). These requests always appear to originate from the main frame. * `openExternal` - Request to open links in external applications. + * `storage-access` - Allows content loaded in a third-party context to request access to third-party cookies using the [Storage Access API](https://developer.mozilla.org/en-US/docs/Web/API/Storage_Access_API). + * `top-level-storage-access` - Allow top-level sites to request third-party cookie access on behalf of embedded content originating from another site in the same related website set using the [Storage Access API](https://developer.mozilla.org/en-US/docs/Web/API/Storage_Access_API). * `window-management` - Request access to enumerate screens using the [`getScreenDetails`](https://developer.chrome.com/en/articles/multi-screen-window-placement/) API. * `unknown` - An unrecognized permission request. * `callback` Function @@ -861,6 +863,8 @@ session.fromPartition('some-partition').setPermissionRequestHandler((webContents * `openExternal` - Open links in external applications. * `pointerLock` - Directly interpret mouse movements as an input method via the [Pointer Lock API](https://developer.mozilla.org/en-US/docs/Web/API/Pointer_Lock_API). These requests always appear to originate from the main frame. * `serial` - Read from and write to serial devices with the [Web Serial API](https://developer.mozilla.org/en-US/docs/Web/API/Web_Serial_API). + * `storage-access` - Allows content loaded in a third-party context to request access to third-party cookies using the [Storage Access API](https://developer.mozilla.org/en-US/docs/Web/API/Storage_Access_API). + * `top-level-storage-access` - Allow top-level sites to request third-party cookie access on behalf of embedded content originating from another site in the same related website set using the [Storage Access API](https://developer.mozilla.org/en-US/docs/Web/API/Storage_Access_API). * `usb` - Expose non-standard Universal Serial Bus (USB) compatible devices services to the web with the [WebUSB API](https://developer.mozilla.org/en-US/docs/Web/API/WebUSB_API). * `requestingOrigin` string - The origin URL of the permission check * `details` Object - Some properties are only available on certain permission types. diff --git a/spec/chromium-spec.ts b/spec/chromium-spec.ts index d9d2f04380fb6..df6fff370890e 100644 --- a/spec/chromium-spec.ts +++ b/spec/chromium-spec.ts @@ -1384,6 +1384,138 @@ describe('chromium features', () => { }); }); + describe('Storage Access API', () => { + afterEach(closeAllWindows); + afterEach(() => { + session.defaultSession.setPermissionCheckHandler(null); + session.defaultSession.setPermissionRequestHandler(null); + }); + + it('can determine if a permission is granted for "storage-access"', async () => { + session.defaultSession.setPermissionCheckHandler( + (_wc, permission) => permission === 'storage-access' + ); + + const w = new BrowserWindow({ show: false }); + await w.loadFile(path.join(fixturesPath, 'pages', 'a.html')); + + const permission = await w.webContents.executeJavaScript(` + navigator.permissions.query({ name: 'storage-access' }) + .then(permission => permission.state).catch(err => err.message); + `, true); + + expect(permission).to.eq('granted'); + }); + + it('can determine if a permission is denied for "storage-access"', async () => { + session.defaultSession.setPermissionCheckHandler( + (_wc, permission) => permission !== 'storage-access' + ); + + const w = new BrowserWindow({ show: false }); + await w.loadFile(path.join(fixturesPath, 'pages', 'a.html')); + + const permission = await w.webContents.executeJavaScript(` + navigator.permissions.query({ name: 'storage-access' }) + .then(permission => permission.state).catch(err => err.message); + `, true); + + expect(permission).to.eq('denied'); + }); + + it('can determine if a permission is granted for "top-level-storage-access"', async () => { + session.defaultSession.setPermissionCheckHandler( + (_wc, permission) => permission === 'top-level-storage-access' + ); + + const w = new BrowserWindow({ show: false }); + await w.loadFile(path.join(fixturesPath, 'pages', 'a.html')); + + const permission = await w.webContents.executeJavaScript(` + navigator.permissions.query({ + name: 'top-level-storage-access', + requestedOrigin: "https://www.example.com", + }).then(permission => permission.state).catch(err => err.message); + `, true); + + expect(permission).to.eq('granted'); + }); + + it('can determine if a permission is denied for "top-level-storage-access"', async () => { + session.defaultSession.setPermissionCheckHandler( + (_wc, permission) => permission !== 'top-level-storage-access' + ); + + const w = new BrowserWindow({ show: false }); + await w.loadFile(path.join(fixturesPath, 'pages', 'a.html')); + + const permission = await w.webContents.executeJavaScript(` + navigator.permissions.query({ + name: 'top-level-storage-access', + requestedOrigin: "https://www.example.com", + }).then(permission => permission.state).catch(err => err.message); + `, true); + + expect(permission).to.eq('denied'); + }); + + it('can grant a permission request for "top-level-storage-access"', async () => { + session.defaultSession.setPermissionRequestHandler( + (_wc, permission, callback) => { + callback(permission === 'top-level-storage-access'); + } + ); + + const w = new BrowserWindow({ show: false }); + await w.loadFile(path.join(fixturesPath, 'pages', 'button.html')); + + // requestStorageAccessFor returns a Promise that fulfills with undefined + // if the access to third-party cookies was granted and rejects if access was denied. + const permission = await w.webContents.executeJavaScript(` + new Promise((resolve, reject) => { + const button = document.getElementById('button'); + button.addEventListener("click", () => { + document.requestStorageAccessFor('https://myfakesite').then( + (res) => { resolve('granted') }, + (err) => { resolve('denied') }, + ); + }); + button.click(); + }); + `, true); + + expect(permission).to.eq('granted'); + }); + + it('can deny a permission request for "top-level-storage-access"', async () => { + session.defaultSession.setPermissionRequestHandler( + (_wc, permission, callback) => { + callback(permission !== 'top-level-storage-access'); + } + ); + + const w = new BrowserWindow({ show: false }); + await w.loadFile(path.join(fixturesPath, 'pages', 'button.html')); + + // requestStorageAccessFor returns a Promise that fulfills with undefined + // if the access to third-party cookies was granted and rejects if access was denied. + const permission = await w.webContents.executeJavaScript(` + new Promise((resolve, reject) => { + const button = document.getElementById('button'); + button.addEventListener("click", () => { + document.requestStorageAccessFor('https://myfakesite').then( + (res) => { resolve('granted') }, + (err) => { resolve('denied') }, + ); + }); + button.click(); + }); + `, true); + + expect(permission).to.eq('denied'); + }); + }); + describe('IdleDetection', () => { afterEach(closeAllWindows); afterEach(() => {