[SAA] Check cookie access and permission access
We need to check if either permission was granted *or* if full cookie
access was granted as pre-3PCD the permission isn't possible to set and
post-3PCD full cookie access remains sufficient, but is not necessary
as permission access is possible without enabling full cookie access.
Fixed: 350426228
Change-Id: I51cec95889cc9cbe8caddf631a019dad6d8037a1
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5675704
Reviewed-by: Johann Hofmann <[email protected]>
Auto-Submit: Ari Chivukula <[email protected]>
Reviewed-by: Avi Drissman <[email protected]>
Commit-Queue: Johann Hofmann <[email protected]>
Cr-Commit-Position: refs/heads/main@{#1322965}
diff --git a/chrome/browser/net/storage_test_utils.cc b/chrome/browser/net/storage_test_utils.cc
index 8f65ce4..7bee6713 100644
--- a/chrome/browser/net/storage_test_utils.cc
+++ b/chrome/browser/net/storage_test_utils.cc
@@ -33,6 +33,10 @@
"document.requestStorageAccess()"
" .then(() => document.hasStorageAccess())";
+constexpr char kRequestStorageAccessBeyondCookies[] =
+ "document.requestStorageAccess({estimate: true}).then((handle) => "
+ "handle.estimate().then(() => true, () => false), () => false)";
+
constexpr char kRequestStorageAccessFor[] =
"document.requestStorageAccessFor($1)";
@@ -165,6 +169,12 @@
return content::EvalJs(frame, kRequestStorageAccess, options).ExtractBool();
}
+bool RequestAndCheckStorageAccessBeyondCookiesForFrame(
+ content::RenderFrameHost* frame) {
+ return content::EvalJs(frame, kRequestStorageAccessBeyondCookies)
+ .ExtractBool();
+}
+
bool RequestStorageAccessForOrigin(content::RenderFrameHost* frame,
const std::string& origin,
bool omit_user_gesture) {
diff --git a/chrome/browser/net/storage_test_utils.h b/chrome/browser/net/storage_test_utils.h
index ade0092..2f2d3a1 100644
--- a/chrome/browser/net/storage_test_utils.h
+++ b/chrome/browser/net/storage_test_utils.h
@@ -48,6 +48,11 @@
// document.hasStorageAccess(). If either call rejects, this helper DCHECKs.
bool RequestAndCheckStorageAccessForFrame(content::RenderFrameHost* frame,
bool omit_user_gesture = false);
+// Helper to request storage access for a frame using
+// document.requestStorageAccess({estimate: true}) and then check the
+// functionality of the handle.
+bool RequestAndCheckStorageAccessBeyondCookiesForFrame(
+ content::RenderFrameHost* frame);
// Helper to request storage access with a site override for a frame using
// document.requestStorageAccessFor(origin). Returns true if the promise
// resolves; false if it rejects.
diff --git a/chrome/browser/storage_access_api/api_browsertest.cc b/chrome/browser/storage_access_api/api_browsertest.cc
index db40f0c..afeccec 100644
--- a/chrome/browser/storage_access_api/api_browsertest.cc
+++ b/chrome/browser/storage_access_api/api_browsertest.cc
@@ -1699,6 +1699,36 @@
permissions::RequestType::kStorageAccess));
}
+// Validate that if third-party cookies are blocked and the permission is
+// denied, requestStorageAccess beyond cookies fails.
+IN_PROC_BROWSER_TEST_F(StorageAccessAPIBrowserTest,
+ BeyondCookies_WithoutCookiesWithoutPermission) {
+ SetBlockThirdPartyCookies(true);
+ prompt_factory()->set_response_type(
+ permissions::PermissionRequestManager::DENY_ALL);
+
+ NavigateToPageWithFrame(kHostA);
+ NavigateFrameTo(EchoCookiesURL(kHostB));
+
+ EXPECT_FALSE(storage::test::RequestAndCheckStorageAccessBeyondCookiesForFrame(
+ GetFrame()));
+}
+
+// Validate that if third-party cookies are blocked but the permission is
+// allowed, requestStorageAccess beyond cookies succeeds.
+IN_PROC_BROWSER_TEST_F(StorageAccessAPIBrowserTest,
+ BeyondCookies_WithoutCookiesWithPermission) {
+ SetBlockThirdPartyCookies(true);
+ prompt_factory()->set_response_type(
+ permissions::PermissionRequestManager::ACCEPT_ALL);
+
+ NavigateToPageWithFrame(kHostA);
+ NavigateFrameTo(EchoCookiesURL(kHostB));
+
+ EXPECT_TRUE(storage::test::RequestAndCheckStorageAccessBeyondCookiesForFrame(
+ GetFrame()));
+}
+
class StorageAccessAPIStorageBrowserTest
: public StorageAccessAPIBaseBrowserTest,
public testing::WithParamInterface<std::tuple<TestType, bool>> {
@@ -2515,29 +2545,34 @@
EXPECT_EQ(0, prompt_factory()->TotalRequestCount());
}
-// Validate that if third-party cookies are not blocked, requestStorageAccess
-// beyond cookies returns a usable handle.
+// Validate that if third-party cookies are allowed but the permission is
+// denied, requestStorageAccess beyond cookies succeeds.
IN_PROC_BROWSER_TEST_F(StorageAccessAPIWith3PCEnabledBrowserTest,
- BeyondCookies) {
+ BeyondCookies_WithCookiesWithoutPermission) {
SetBlockThirdPartyCookies(false);
+ prompt_factory()->set_response_type(
+ permissions::PermissionRequestManager::DENY_ALL);
NavigateToPageWithFrame(kHostA);
NavigateFrameTo(EchoCookiesURL(kHostB));
- EXPECT_TRUE(storage::test::HasStorageAccessForFrame(GetFrame()));
+ EXPECT_TRUE(storage::test::RequestAndCheckStorageAccessBeyondCookiesForFrame(
+ GetFrame()));
+}
- EXPECT_EQ(ReadCookiesAndContent(GetFrame(), kHostB),
- CookieBundleWithContent("cross-site=b.test"));
-
+// Validate that if third-party cookies are allowed and the permission is
+// allowed, requestStorageAccess beyond cookies succeeds.
+IN_PROC_BROWSER_TEST_F(StorageAccessAPIWith3PCEnabledBrowserTest,
+ BeyondCookies_WithCookiesWithPermission) {
+ SetBlockThirdPartyCookies(false);
prompt_factory()->set_response_type(
- permissions::PermissionRequestManager::DISMISS);
- EXPECT_TRUE(
- content::EvalJs(
- GetFrame(),
- "document.requestStorageAccess({all: true}).then((handle) => "
- "handle.estimate().then(() => true, () => false), () => false)")
- .ExtractBool());
- EXPECT_EQ(0, prompt_factory()->TotalRequestCount());
+ permissions::PermissionRequestManager::ACCEPT_ALL);
+
+ NavigateToPageWithFrame(kHostA);
+ NavigateFrameTo(EchoCookiesURL(kHostB));
+
+ EXPECT_TRUE(storage::test::RequestAndCheckStorageAccessBeyondCookiesForFrame(
+ GetFrame()));
}
class StorageAccessAPIAutograntsWithFedCMBrowserTest
