Fenced frames: window.fence.disableUntrustedNetwork API surface

Add nonfunctional window.fence.disableUntrustedNetwork API surface (behind feature flag), which is not available in urn iframes. Later CLs will gradually make it functional. This entails the following internal changes: * New fields `can_disable_untrusted_network_` and `has_disabled_untrusted_network_` in FencedFrameProperties. `can_disable_untrusted_network_` is true for all fenced frame configs, but disabled for urn iframes at the same time as partition nonce. `can_disable_untrusted_network_` is sent to same-origin renderers to gate availability of the window.fence.disableUntrustedNetwork API. * Navigations through the FencedFrameConfig(url) constructor now store `url` as the mapped url in the resulting FencedFrameProperties, so that we can perform same- vs. cross-origin checks for availability of window.fence.disableUntrustedNetwork. I2P: https://groups.google.com/a/chromium.org/g/blink-dev/c/ofii__csdOY Explainer: https://github.com/WICG/fenced-frame/blob/master/explainer/fenced_frames_with_local_unpartitioned_data_access.md#revoking-network-access Bug: 1515599 Change-Id: I13ec7a570bd7d84b2bc3780b577e318b4d103e9a Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5124560 Reviewed-by: Dominic Farolino <[email protected]> Commit-Queue: Garrett Tanzer <[email protected]> Reviewed-by: Arthur Sonzogni <[email protected]> Cr-Commit-Position: refs/heads/main@{#1246541}
web-platform-tests · Jan 12, 2024 · a09d86d · a09d86d
1 parent aee3194
commit a09d86d
Showing 1 changed file with 49 additions and 0 deletions.
diff --git a/fenced-frame/disable-untrusted-network.https.html b/fenced-frame/disable-untrusted-network.https.html
@@ -0,0 +1,49 @@
+<!DOCTYPE html>
+<title>Test window.fence.disableUntrustedNetwork availability.</title>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+<script src="/common/utils.js"></script>
+<script src="/common/dispatcher/dispatcher.js"></script>
+<script src="resources/utils.js"></script>
+
+<body>
+<script>
+promise_test(async(t) => {
+  const fencedframe = await attachFencedFrameContext();
+  await fencedframe.execute(async () => {
+    const cross_origin_fenced_frame = await attachFencedFrameContext({
+        origin: get_host_info().HTTPS_REMOTE_ORIGIN});
+    await cross_origin_fenced_frame.execute(async () => {
+      const promise = window.fence.disableUntrustedNetwork();
+      assert_true(typeof promise.then != 'undefined');
+      await promise;
+    });
+
+    const same_origin_iframe = await attachIFrameContext();
+    await same_origin_iframe.execute(async () => {
+      const promise = window.fence.disableUntrustedNetwork();
+      assert_true(typeof promise.then != 'undefined');
+      await promise;
+    });
+
+    const cross_origin_iframe = await attachIFrameContext({
+        origin: get_host_info().HTTPS_REMOTE_ORIGIN});
+    await cross_origin_iframe.execute(async () => {
+      try {
+        const promise = window.fence.disableUntrustedNetwork();
+        await promise;
+        assert_unreached(
+          'disableUntrustedNetwork should fail when not same-origin to the '
+          + 'mapped url.');
+      } catch (e) {
+        assert_equals(e.name, 'TypeError');
+      }
+    });
+
+    const promise = window.fence.disableUntrustedNetwork();
+    assert_true(typeof promise.then != 'undefined');
+    await promise;
+  });
+}, 'window.fence.disableUntrustedNetwork availability');
+</script>
+</body>