Skip to content

Commit 6938634

Browse files
isaboorichromium-wpt-export-bot
isaboori
authored and
chromium-wpt-export-bot
committed
Revert "[LNA] rename fetch targetAddressSpace options"
This reverts commit d3158d4e53f9c6bcf080da32eb3ab03b5fbe748c. Reason for revert: Chrome build gardener: It caused new failing tests b/420455025 Bug: 418737577 Original change's description: > [LNA] rename fetch targetAddressSpace options > > Rename the targetAddressSpace args based on LNA's naming. Mapping of PNA > names -> LNA names: > > PNA | LNA > ------------------- > local | loopback > private | local > public | public > > keep private as an alias for local. > > Removing > private-network-access/mixed-content-fetch.tentative.https.window.js as > PNA is being removed and its not straightforward to keep this test > working with the rename. > > LNA = Local Network Access = new hotness > PNA = Private Network Access = old and busted > > Bug: 418737577 > Change-Id: I195a63e90a1300e58c40761069daad00b3680696 > Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/6564545 > Reviewed-by: Chris Thompson <[email protected]> > Reviewed-by: Adam Rice <[email protected]> > Commit-Queue: Hubert Chao <[email protected]> > Cr-Commit-Position: refs/heads/main@{#1465461} Bug: 418737577 No-Presubmit: true No-Tree-Checks: true No-Try: true Change-Id: I60ab2127ac0f54d24290234ebd1bb781c4ffc1e9 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/6588736 Bot-Commit: Rubber Stamper <[email protected]> Commit-Queue: Adam Rice <[email protected]> Reviewed-by: Adam Rice <[email protected]> Cr-Commit-Position: refs/heads/main@{#1465696}
1 parent 14c7fac commit 6938634

File tree

1 file changed

+278
-0
lines changed

1 file changed

+278
-0
lines changed

fetch/private-network-access/mixed-content-fetch.tentative.https.window.js

Lines changed: 278 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,278 @@
1+
// META: script=/common/utils.js
2+
// META: script=resources/support.sub.js
3+
// META: timeout=long
4+
//
5+
// Spec: https://wicg.github.io/private-network-access
6+
//
7+
// These tests verify that secure contexts can fetch non-secure subresources
8+
// from more private address spaces, avoiding mixed context checks, as long as
9+
// they specify a valid `targetAddressSpace` fetch option that matches the
10+
// target server's address space.
11+
12+
setup(() => {
13+
// Making sure we are in a secure context, as expected.
14+
assert_true(window.isSecureContext);
15+
});
16+
17+
// Given `addressSpace`, returns the other three possible IP address spaces.
18+
function otherAddressSpaces(addressSpace) {
19+
switch (addressSpace) {
20+
case "local": return ["unknown", "private", "public"];
21+
case "private": return ["unknown", "local", "public"];
22+
case "public": return ["unknown", "local", "private"];
23+
}
24+
}
25+
26+
// Generates tests of `targetAddressSpace` for the given (source, target)
27+
// address space pair, expecting fetches to succeed iff `targetAddressSpace` is
28+
// correct.
29+
//
30+
// Scenarios exercised:
31+
//
32+
// - cors mode:
33+
// - missing targetAddressSpace option
34+
// - incorrect targetAddressSpace option (x3, see `otherAddressSpaces()`)
35+
// - failed preflight
36+
// - success
37+
// - success with PUT method (non-"simple" request)
38+
// - no-cors mode:
39+
// - success
40+
//
41+
function makeTests({ source, target }) {
42+
const sourceServer = Server.get("https", source);
43+
const targetServer = Server.get("http", target);
44+
45+
const makeTest = ({
46+
fetchOptions,
47+
targetBehavior,
48+
name,
49+
expected
50+
}) => {
51+
promise_test_parallel(t => fetchTest(t, {
52+
source: { server: sourceServer },
53+
target: {
54+
server: targetServer,
55+
behavior: targetBehavior,
56+
},
57+
fetchOptions,
58+
expected,
59+
}), `${sourceServer.name} to ${targetServer.name}: ${name}.`);
60+
};
61+
62+
makeTest({
63+
name: "missing targetAddressSpace",
64+
targetBehavior: {
65+
preflight: PreflightBehavior.success(token()),
66+
response: ResponseBehavior.allowCrossOrigin(),
67+
},
68+
expected: FetchTestResult.FAILURE,
69+
});
70+
71+
const correctAddressSpace = targetServer.addressSpace;
72+
73+
for (const targetAddressSpace of otherAddressSpaces(correctAddressSpace)) {
74+
makeTest({
75+
name: `wrong targetAddressSpace "${targetAddressSpace}"`,
76+
targetBehavior: {
77+
preflight: PreflightBehavior.success(token()),
78+
response: ResponseBehavior.allowCrossOrigin(),
79+
},
80+
fetchOptions: { targetAddressSpace },
81+
expected: FetchTestResult.FAILURE,
82+
});
83+
}
84+
85+
makeTest({
86+
name: "failed preflight",
87+
targetBehavior: {
88+
preflight: PreflightBehavior.failure(),
89+
response: ResponseBehavior.allowCrossOrigin(),
90+
},
91+
fetchOptions: { targetAddressSpace: correctAddressSpace },
92+
expected: FetchTestResult.FAILURE,
93+
});
94+
95+
makeTest({
96+
name: "success",
97+
targetBehavior: {
98+
preflight: PreflightBehavior.success(token()),
99+
response: ResponseBehavior.allowCrossOrigin(),
100+
},
101+
fetchOptions: { targetAddressSpace: correctAddressSpace },
102+
expected: FetchTestResult.SUCCESS,
103+
});
104+
105+
makeTest({
106+
name: "PUT success",
107+
targetBehavior: {
108+
preflight: PreflightBehavior.success(token()),
109+
response: ResponseBehavior.allowCrossOrigin(),
110+
},
111+
fetchOptions: {
112+
targetAddressSpace: correctAddressSpace,
113+
method: "PUT",
114+
},
115+
expected: FetchTestResult.SUCCESS,
116+
});
117+
118+
makeTest({
119+
name: "no-cors success",
120+
targetBehavior: {
121+
preflight: PreflightBehavior.success(token()),
122+
response: ResponseBehavior.allowCrossOrigin(),
123+
},
124+
fetchOptions: {
125+
targetAddressSpace: correctAddressSpace,
126+
mode: "no-cors",
127+
},
128+
expected: FetchTestResult.OPAQUE,
129+
});
130+
}
131+
132+
// Generates tests for the given (source, target) address space pair expecting
133+
// that `targetAddressSpace` cannot be used to bypass mixed content.
134+
//
135+
// Scenarios exercised:
136+
//
137+
// - wrong `targetAddressSpace` (x3, see `otherAddressSpaces()`)
138+
// - correct `targetAddressSpace`
139+
//
140+
function makeNoBypassTests({ source, target }) {
141+
const sourceServer = Server.get("https", source);
142+
const targetServer = Server.get("http", target);
143+
144+
const prefix = `${sourceServer.name} to ${targetServer.name}: `;
145+
146+
const correctAddressSpace = targetServer.addressSpace;
147+
for (const targetAddressSpace of otherAddressSpaces(correctAddressSpace)) {
148+
promise_test_parallel(t => fetchTest(t, {
149+
source: { server: sourceServer },
150+
target: {
151+
server: targetServer,
152+
behavior: {
153+
preflight: PreflightBehavior.success(token()),
154+
response: ResponseBehavior.allowCrossOrigin(),
155+
},
156+
},
157+
fetchOptions: { targetAddressSpace },
158+
expected: FetchTestResult.FAILURE,
159+
}), prefix + `wrong targetAddressSpace "${targetAddressSpace}".`);
160+
}
161+
162+
promise_test_parallel(t => fetchTest(t, {
163+
source: { server: sourceServer },
164+
target: {
165+
server: targetServer,
166+
behavior: {
167+
preflight: PreflightBehavior.success(token()),
168+
response: ResponseBehavior.allowCrossOrigin(),
169+
},
170+
},
171+
fetchOptions: { targetAddressSpace: correctAddressSpace },
172+
expected: FetchTestResult.FAILURE,
173+
}), prefix + 'not a private network request.');
174+
}
175+
176+
// Source: local secure context.
177+
//
178+
// Fetches to the local and private address spaces cannot use
179+
// `targetAddressSpace` to bypass mixed content, as they are not otherwise
180+
// blocked by Private Network Access.
181+
182+
makeNoBypassTests({ source: "local", target: "local" });
183+
makeNoBypassTests({ source: "local", target: "private" });
184+
makeNoBypassTests({ source: "local", target: "public" });
185+
186+
// Source: private secure context.
187+
//
188+
// Fetches to the local address space requires the right `targetAddressSpace`
189+
// option, as well as a successful preflight response carrying a PNA-specific
190+
// header.
191+
//
192+
// Fetches to the private address space cannot use `targetAddressSpace` to
193+
// bypass mixed content, as they are not otherwise blocked by Private Network
194+
// Access.
195+
196+
makeTests({ source: "private", target: "local" });
197+
198+
makeNoBypassTests({ source: "private", target: "private" });
199+
makeNoBypassTests({ source: "private", target: "public" });
200+
201+
// Source: public secure context.
202+
//
203+
// Fetches to the local and private address spaces require the right
204+
// `targetAddressSpace` option, as well as a successful preflight response
205+
// carrying a PNA-specific header.
206+
207+
makeTests({ source: "public", target: "local" });
208+
makeTests({ source: "public", target: "private" });
209+
210+
makeNoBypassTests({ source: "public", target: "public" });
211+
212+
// These tests verify that documents fetched from the `local` address space yet
213+
// carrying the `treat-as-public-address` CSP directive are treated as if they
214+
// had been fetched from the `public` address space.
215+
216+
promise_test_parallel(t => fetchTest(t, {
217+
source: {
218+
server: Server.HTTPS_LOCAL,
219+
treatAsPublic: true,
220+
},
221+
target: {
222+
server: Server.HTTP_LOCAL,
223+
behavior: {
224+
preflight: PreflightBehavior.optionalSuccess(token()),
225+
response: ResponseBehavior.allowCrossOrigin(),
226+
},
227+
},
228+
fetchOptions: { targetAddressSpace: "private" },
229+
expected: FetchTestResult.FAILURE,
230+
}), 'https-treat-as-public to http-local: wrong targetAddressSpace "private".');
231+
232+
promise_test_parallel(t => fetchTest(t, {
233+
source: {
234+
server: Server.HTTPS_LOCAL,
235+
treatAsPublic: true,
236+
},
237+
target: {
238+
server: Server.HTTP_LOCAL,
239+
behavior: {
240+
preflight: PreflightBehavior.optionalSuccess(token()),
241+
response: ResponseBehavior.allowCrossOrigin(),
242+
},
243+
},
244+
fetchOptions: { targetAddressSpace: "local" },
245+
expected: FetchTestResult.SUCCESS,
246+
}), "https-treat-as-public to http-local: success.");
247+
248+
promise_test_parallel(t => fetchTest(t, {
249+
source: {
250+
server: Server.HTTPS_LOCAL,
251+
treatAsPublic: true,
252+
},
253+
target: {
254+
server: Server.HTTP_PRIVATE,
255+
behavior: {
256+
preflight: PreflightBehavior.success(token()),
257+
response: ResponseBehavior.allowCrossOrigin(),
258+
},
259+
},
260+
fetchOptions: { targetAddressSpace: "local" },
261+
expected: FetchTestResult.FAILURE,
262+
}), 'https-treat-as-public to http-private: wrong targetAddressSpace "local".');
263+
264+
promise_test_parallel(t => fetchTest(t, {
265+
source: {
266+
server: Server.HTTPS_LOCAL,
267+
treatAsPublic: true,
268+
},
269+
target: {
270+
server: Server.HTTP_PRIVATE,
271+
behavior: {
272+
preflight: PreflightBehavior.success(token()),
273+
response: ResponseBehavior.allowCrossOrigin(),
274+
},
275+
},
276+
fetchOptions: { targetAddressSpace: "private" },
277+
expected: FetchTestResult.SUCCESS,
278+
}), "https-treat-as-public to http-private: success.");

0 commit comments

Comments
 (0)