From 30993ca02f2c8a959c821930673ab69cb85f61e4 Mon Sep 17 00:00:00 2001
From: Yao Xiao <yaoxia@chromium.org>
Date: Thu, 4 Apr 2024 10:32:14 -0700
Subject: [PATCH] [shared storage] Implement the
 Shared-Storage-Cross-Origin-Worklet-Allowed response header check

When creating a cross-origin worklet, require the
"Shared-Storage-Cross-Origin-Worklet-Allowed: ?1" response header,
or the request should fail (similar to the handling for CORS failure).

Note that shared storage worklet request doesn't allow redirects, so
it's sufficient to check inside `OnReceiveResponse` only.

PR: https://github.com/WICG/shared-storage/pull/131

Bug: 332564979
Change-Id: I6c2a07473527ede995cf4bd337d293f3168351bb
---
 ...edentials-include.tentative.https.sub.html |  1 +
 ...-credentials-omit.tentative.https.sub.html |  1 +
 ...tials-same-origin.tentative.https.sub.html |  1 +
 ...n-worklet-allowed.tentative.https.sub.html | 31 +++++++++++++++++++
 ...allow-credentials.tentative.https.sub.html |  1 +
 ...trol-allow-origin.tentative.https.sub.html |  1 +
 ...n-worklet-allowed.tentative.https.sub.html | 30 ++++++++++++++++++
 .../resources/credentials-test-helper.py      |  3 ++
 8 files changed, 69 insertions(+)
 create mode 100644 shared-storage/cross-origin-create-worklet-failure-false-shared-storage-cross-origin-worklet-allowed.tentative.https.sub.html
 create mode 100644 shared-storage/cross-origin-create-worklet-failure-missing-shared-storage-cross-origin-worklet-allowed.tentative.https.sub.html

diff --git a/shared-storage/cross-origin-create-worklet-credentials-include.tentative.https.sub.html b/shared-storage/cross-origin-create-worklet-credentials-include.tentative.https.sub.html
index 9c44d2a29f8d33..4c0e91c15613f5 100644
--- a/shared-storage/cross-origin-create-worklet-credentials-include.tentative.https.sub.html
+++ b/shared-storage/cross-origin-create-worklet-credentials-include.tentative.https.sub.html
@@ -19,6 +19,7 @@
                      `/shared-storage/resources/credentials-test-helper.py` +
                      `?access_control_allow_origin_header=${window.origin}` +
                      `&access_control_allow_credentials_header=true` +
+                     `&shared_storage_cross_origin_worklet_allowed_header=?1` +
                      `&token=${ancestor_key}`;
 
   await fetch(set_cookie_url, { mode: 'no-cors', credentials: 'include' });
diff --git a/shared-storage/cross-origin-create-worklet-credentials-omit.tentative.https.sub.html b/shared-storage/cross-origin-create-worklet-credentials-omit.tentative.https.sub.html
index ddda1809f2ca95..86b56ce80d6a1e 100644
--- a/shared-storage/cross-origin-create-worklet-credentials-omit.tentative.https.sub.html
+++ b/shared-storage/cross-origin-create-worklet-credentials-omit.tentative.https.sub.html
@@ -18,6 +18,7 @@
   const helper_url = crossOrigin +
                      `/shared-storage/resources/credentials-test-helper.py` +
                      `?access_control_allow_origin_header=${window.origin}` +
+                     `&shared_storage_cross_origin_worklet_allowed_header=?1` +
                      `&token=${ancestor_key}`;
 
   await fetch(set_cookie_url, { mode: 'no-cors', credentials: 'include' });
diff --git a/shared-storage/cross-origin-create-worklet-credentials-same-origin.tentative.https.sub.html b/shared-storage/cross-origin-create-worklet-credentials-same-origin.tentative.https.sub.html
index 99701d2b7d40a1..0b8faad7830019 100644
--- a/shared-storage/cross-origin-create-worklet-credentials-same-origin.tentative.https.sub.html
+++ b/shared-storage/cross-origin-create-worklet-credentials-same-origin.tentative.https.sub.html
@@ -18,6 +18,7 @@
   const helper_url = crossOrigin +
                      `/shared-storage/resources/credentials-test-helper.py` +
                      `?access_control_allow_origin_header=${window.origin}` +
+                     `&shared_storage_cross_origin_worklet_allowed_header=?1` +
                      `&token=${ancestor_key}`;
 
   await fetch(set_cookie_url, { mode: 'no-cors', credentials: 'include' });
diff --git a/shared-storage/cross-origin-create-worklet-failure-false-shared-storage-cross-origin-worklet-allowed.tentative.https.sub.html b/shared-storage/cross-origin-create-worklet-failure-false-shared-storage-cross-origin-worklet-allowed.tentative.https.sub.html
new file mode 100644
index 00000000000000..db361776f63873
--- /dev/null
+++ b/shared-storage/cross-origin-create-worklet-failure-false-shared-storage-cross-origin-worklet-allowed.tentative.https.sub.html
@@ -0,0 +1,31 @@
+<!doctype html>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+<script src="/common/utils.js"></script>
+<script src="/shared-storage/resources/util.js"></script>
+<script src="/fenced-frame/resources/utils.js"></script>
+
+<body>
+<script>
+'use strict';
+
+promise_test(async t => {
+  const ancestor_key = token();
+  const crossOrigin = 'https://{{domains[www]}}:{{ports[https][0]}}';
+  const helper_url = crossOrigin +
+                     `/shared-storage/resources/credentials-test-helper.py` +
+                     `?access_control_allow_origin_header=${window.origin}` +
+                     `&access_control_allow_credentials_header=true` +
+                     `&shared_storage_cross_origin_worklet_allowed_header=?0` +
+                     `&token=${ancestor_key}`;
+
+  return promise_rejects_dom(t, "OperationError",
+    sharedStorage.createWorklet(
+      helper_url + `&action=store-cookie`,
+      { credentials: "include" }));
+}, 'createWorklet() with cross-origin module script and credentials ' +
+   '"include", and with the Shared-Storage-Cross-Origin-Worklet-Allowed ' +
+   'response header value set to false (?0)');
+
+</script>
+</body>
diff --git a/shared-storage/cross-origin-create-worklet-failure-missing-access-control-allow-credentials.tentative.https.sub.html b/shared-storage/cross-origin-create-worklet-failure-missing-access-control-allow-credentials.tentative.https.sub.html
index 598fd8f405abdc..8887aad64dc72e 100644
--- a/shared-storage/cross-origin-create-worklet-failure-missing-access-control-allow-credentials.tentative.https.sub.html
+++ b/shared-storage/cross-origin-create-worklet-failure-missing-access-control-allow-credentials.tentative.https.sub.html
@@ -15,6 +15,7 @@
   const helper_url = crossOrigin +
                      `/shared-storage/resources/credentials-test-helper.py` +
                      `?access_control_allow_origin_header=${window.origin}` +
+                     `&shared_storage_cross_origin_worklet_allowed_header=?1` +
                      `&token=${ancestor_key}`;
 
   return promise_rejects_dom(t, "OperationError",
diff --git a/shared-storage/cross-origin-create-worklet-failure-missing-access-control-allow-origin.tentative.https.sub.html b/shared-storage/cross-origin-create-worklet-failure-missing-access-control-allow-origin.tentative.https.sub.html
index 4195d09fc06c46..58a2f3a77bbfb4 100644
--- a/shared-storage/cross-origin-create-worklet-failure-missing-access-control-allow-origin.tentative.https.sub.html
+++ b/shared-storage/cross-origin-create-worklet-failure-missing-access-control-allow-origin.tentative.https.sub.html
@@ -15,6 +15,7 @@
   const helper_url = crossOrigin +
                      `/shared-storage/resources/credentials-test-helper.py` +
                      `&access_control_allow_credentials_header=true` +
+                     `&shared_storage_cross_origin_worklet_allowed_header=?1` +
                      `&token=${ancestor_key}`;
 
   return promise_rejects_dom(t, "OperationError",
diff --git a/shared-storage/cross-origin-create-worklet-failure-missing-shared-storage-cross-origin-worklet-allowed.tentative.https.sub.html b/shared-storage/cross-origin-create-worklet-failure-missing-shared-storage-cross-origin-worklet-allowed.tentative.https.sub.html
new file mode 100644
index 00000000000000..5b140a8141c964
--- /dev/null
+++ b/shared-storage/cross-origin-create-worklet-failure-missing-shared-storage-cross-origin-worklet-allowed.tentative.https.sub.html
@@ -0,0 +1,30 @@
+<!doctype html>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+<script src="/common/utils.js"></script>
+<script src="/shared-storage/resources/util.js"></script>
+<script src="/fenced-frame/resources/utils.js"></script>
+
+<body>
+<script>
+'use strict';
+
+promise_test(async t => {
+  const ancestor_key = token();
+  const crossOrigin = 'https://{{domains[www]}}:{{ports[https][0]}}';
+  const helper_url = crossOrigin +
+                     `/shared-storage/resources/credentials-test-helper.py` +
+                     `?access_control_allow_origin_header=${window.origin}` +
+                     `&access_control_allow_credentials_header=true` +
+                     `&token=${ancestor_key}`;
+
+  return promise_rejects_dom(t, "OperationError",
+    sharedStorage.createWorklet(
+      helper_url + `&action=store-cookie`,
+      { credentials: "include" }));
+}, 'createWorklet() with cross-origin module script and credentials ' +
+   '"include", and without the Shared-Storage-Cross-Origin-Worklet-Allowed ' +
+   'response header');
+
+</script>
+</body>
diff --git a/shared-storage/resources/credentials-test-helper.py b/shared-storage/resources/credentials-test-helper.py
index 46fc0ea6fb2a99..575e504e64f7dc 100644
--- a/shared-storage/resources/credentials-test-helper.py
+++ b/shared-storage/resources/credentials-test-helper.py
@@ -19,6 +19,9 @@ def main(request, response):
     if b"access_control_allow_origin_header" in request.GET:
       response.headers.append(b"Access-Control-Allow-Origin", request.GET[b"access_control_allow_origin_header"])
 
+    if b"shared_storage_cross_origin_worklet_allowed_header" in request.GET:
+      response.headers.append(b"Shared-Storage-Cross-Origin-Worklet-Allowed", request.GET[b"shared_storage_cross_origin_worklet_allowed_header"])
+
     if action == b"store-cookie":
       cookie = request.headers.get(b"Cookie", b"NO_COOKIE_HEADER")
       request.server.stash.put(token, cookie)