Changeset 282305 in webkit

Timestamp:

Sep 10, 2021 7:51:32 PM (10 months ago)

Author:

Chris Dumez

Message:

Implement navigation reporting for Cross-Origin-Opener-Policy
​https://bugs.webkit.org/show_bug.cgi?id=230046

Reviewed by Alex Christensen.

LayoutTests/imported/w3c:

Rebaseline WPT COOP navigation reporting tests now that they are passing.

Merge the following fix to WPT tests so they can run with the WebKit infrastructure:

• ​https://github.com/web-platform-tests/wpt/pull/30411

Merge the following WPT test fix to address flakiness:

• ​https://github.com/web-platform-tests/wpt/pull/30548

• web-platform-tests/html/cross-origin-opener-policy/reporting/navigation-reporting/report-only-four-reports.https-expected.txt:
• web-platform-tests/html/cross-origin-opener-policy/reporting/navigation-reporting/report-only-four-reports.https.html.sub.headers:
• web-platform-tests/html/cross-origin-opener-policy/reporting/navigation-reporting/report-only-from-unsafe-none.https-expected.txt:
• web-platform-tests/html/cross-origin-opener-policy/reporting/navigation-reporting/report-only-same-origin-report-to.https-expected.txt:
• web-platform-tests/html/cross-origin-opener-policy/reporting/navigation-reporting/report-only-same-origin-report-to.https.html.sub.headers:
• web-platform-tests/html/cross-origin-opener-policy/reporting/navigation-reporting/report-only-same-origin.https-expected.txt:
• web-platform-tests/html/cross-origin-opener-policy/reporting/navigation-reporting/reporting-coop-navigated-opener.https-expected.txt:
• web-platform-tests/html/cross-origin-opener-policy/reporting/navigation-reporting/reporting-coop-navigated-popup.https-expected.txt:
• web-platform-tests/html/cross-origin-opener-policy/reporting/navigation-reporting/reporting-popup-same-origin-allow-popups-report-to.https-expected.txt:
• web-platform-tests/html/cross-origin-opener-policy/reporting/navigation-reporting/reporting-popup-same-origin-allow-popups-report-to.https.html.sub.headers:
• web-platform-tests/html/cross-origin-opener-policy/reporting/navigation-reporting/reporting-popup-same-origin-coep-report-to.https-expected.txt:
• web-platform-tests/html/cross-origin-opener-policy/reporting/navigation-reporting/reporting-popup-same-origin-coep-report-to.https.html.sub.headers:
• web-platform-tests/html/cross-origin-opener-policy/reporting/navigation-reporting/reporting-popup-same-origin-report-to.https-expected.txt:
• web-platform-tests/html/cross-origin-opener-policy/reporting/navigation-reporting/reporting-popup-same-origin-report-to.https.html.sub.headers:
• web-platform-tests/html/cross-origin-opener-policy/reporting/navigation-reporting/reporting-popup-same-origin.https-expected.txt:
• web-platform-tests/html/cross-origin-opener-policy/reporting/navigation-reporting/reporting-popup-unsafe-none-report-to.https-expected.txt:
• web-platform-tests/html/cross-origin-opener-policy/reporting/navigation-reporting/reporting-popup-unsafe-none-report-to.https.html.sub.headers:
• web-platform-tests/html/cross-origin-opener-policy/reporting/navigation-reporting/reporting-redirect-with-same-origin-allow-popups.https-expected.txt:
• web-platform-tests/html/cross-origin-opener-policy/reporting/resources/reporting-common.js:

Source/WebCore:

Implement navigation reporting for Cross-Origin-Opener-Policy as per:

• ​https://html.spec.whatwg.org/multipage/origin.html#coop-violation-navigation-to
• ​https://html.spec.whatwg.org/multipage/origin.html#coop-violation-navigation-from

With support for the Report-To HTTP header as documented here:

• ​https://www.w3.org/TR/reporting/#header

When adopting Cross-Origin-Opener-Policy or Cross-Origin-Opener-Policy-Report-Only HTTP headers,
developers can now specify a report-to directive with the name of the endpoint to report
COOP violations to. The mapping from endpoint name to URL is provided via teh Report-To HTTP
header, as is expected by the WPT tests.

No new tests, unskipped and rebaselined existing tests.

• Sources.txt:
• WebCore.xcodeproj/project.pbxproj:
• loader/CrossOriginOpenerPolicy.cpp:

(WebCore::sanitizeReferrerForURLReport):
(WebCore::crossOriginOpenerPolicyValueToString):
(WebCore::sendCOOPViolationReport):
(WebCore::sendViolationReportWhenNavigatingToCOOPResponse):
(WebCore::sendViolationReportWhenNavigatingAwayFromCOOPResponse):

• loader/CrossOriginOpenerPolicy.h:
• loader/DocumentLoader.cpp:

(WebCore::DocumentLoader::willSendRequest):
(WebCore::checkIfEnforcingReportOnlyCOOPWouldRequireBrowsingContextGroupSwitch):
(WebCore::DocumentLoader::enforceResponseCrossOriginOpenerPolicy):
(WebCore::DocumentLoader::responseReceived):

• loader/PingLoader.cpp:

(WebCore::PingLoader::sendViolationReport):
(WebCore::PingLoader::startPingLoad):

• loader/PingLoader.h:
• loader/ReportingEndpointsCache.cpp: Added.

(WebCore::ReportingEndpointsCache::singleton):
(WebCore::ReportingEndpointsCache::addEndPointsFromResponse):
(WebCore::ReportingEndpointsCache::addEndpointFromDictionary):
(WebCore::ReportingEndpointsCache::endpointURL const):
(WebCore::ReportingEndpointsCache::EndPoint::EndPoint):
(WebCore::ReportingEndpointsCache::EndPoint::hasExpired const):

• loader/ReportingEndpointsCache.h: Added.
• loader/ResourceLoaderOptions.h:

(WebCore::ResourceLoaderOptions::shouldOmitUserAgent):
(WebCore::ResourceLoaderOptions::ResourceLoaderOptions):

• loader/WorkerThreadableLoader.cpp:
• loader/cache/CachedResourceLoader.cpp:

(WebCore::CachedResourceLoader::updateHTTPRequestHeaders):

• platform/network/HTTPHeaderNames.in:

Source/WebKit:

• NetworkProcess/NetworkConnectionToWebProcess.cpp:

(WebKit::NetworkConnectionToWebProcess::didCleanupResourceLoader):
Now that we may abort expired loaders that are cached on the NetworkSession
(because awaiting transfer to another web process connection), we would hit
this assertion because the loader is not associated with this connection
anymore at the point it is adopted. For this reason, I silenced this
assertion.

• NetworkProcess/NetworkSession.cpp:

(WebKit::NetworkSession::CachedNetworkResourceLoader::expirationTimerFired):
Abort the loader before destroying it to avoid hitting an assertion in the
destructor (loaders cannot be loading at the point they are destroyed).

Tools:

Fix issue where [DumpJSConsoleLogInStdErr] was not working for tests that process-swap
due to COOP. Some data members on InjectedBundle such as m_dumpJSConsoleLogInStdErr
were only set in didReceiveMessageToPage(), before calling beginTesting(). However, in
case of process-swap, beginTesting() gets called a second time in the new process, from
InjectedBundle::didCreatePage() with BegingTestingMode::Resume. As a result, the
m_dumpJSConsoleLogInStdErr flag was not getting set in the new process' injected bundle
after a process-swap. To address the issue, those data members now get initialized in
beginTesting() instead.

• WebKitTestRunner/InjectedBundle/InjectedBundle.cpp:

(WTR::InjectedBundle::didReceiveMessageToPage):
(WTR::InjectedBundle::beginTesting):

LayoutTests:

Unskip COOP navigation reporting tests.

• TestExpectations:

Location:

trunk

Files:

• LayoutTests/ChangeLog (modified) (1 diff)
• LayoutTests/TestExpectations (modified) (2 diffs)
• LayoutTests/imported/w3c/ChangeLog (modified) (1 diff)
• LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-opener-policy/reporting/navigation-reporting/report-only-four-reports.https-expected.txt (modified) (1 diff)
• LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-opener-policy/reporting/navigation-reporting/report-only-four-reports.https.html.sub.headers (modified) (1 diff)
• LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-opener-policy/reporting/navigation-reporting/report-only-from-unsafe-none.https-expected.txt (modified) (1 diff)
• LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-opener-policy/reporting/navigation-reporting/report-only-same-origin-report-to.https-expected.txt (modified) (1 diff)
• LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-opener-policy/reporting/navigation-reporting/report-only-same-origin-report-to.https.html.sub.headers (modified) (1 diff)
• LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-opener-policy/reporting/navigation-reporting/report-only-same-origin.https-expected.txt (modified) (1 diff)
• LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-opener-policy/reporting/navigation-reporting/reporting-coop-navigated-opener.https-expected.txt (modified) (1 diff)
• LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-opener-policy/reporting/navigation-reporting/reporting-coop-navigated-popup.https-expected.txt (modified) (1 diff)
• LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-opener-policy/reporting/navigation-reporting/reporting-popup-same-origin-allow-popups-report-to.https-expected.txt (modified) (1 diff)
• LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-opener-policy/reporting/navigation-reporting/reporting-popup-same-origin-allow-popups-report-to.https.html.sub.headers (modified) (1 diff)
• LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-opener-policy/reporting/navigation-reporting/reporting-popup-same-origin-coep-report-to.https-expected.txt (modified) (1 diff)
• LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-opener-policy/reporting/navigation-reporting/reporting-popup-same-origin-coep-report-to.https.html.sub.headers (modified) (1 diff)
• LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-opener-policy/reporting/navigation-reporting/reporting-popup-same-origin-report-to.https-expected.txt (modified) (1 diff)
• LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-opener-policy/reporting/navigation-reporting/reporting-popup-same-origin-report-to.https.html.sub.headers (modified) (1 diff)
• LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-opener-policy/reporting/navigation-reporting/reporting-popup-same-origin.https-expected.txt (modified) (1 diff)
• LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-opener-policy/reporting/navigation-reporting/reporting-popup-unsafe-none-report-to.https-expected.txt (modified) (1 diff)
• LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-opener-policy/reporting/navigation-reporting/reporting-popup-unsafe-none-report-to.https.html.sub.headers (modified) (1 diff)
• LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-opener-policy/reporting/navigation-reporting/reporting-redirect-with-same-origin-allow-popups.https-expected.txt (modified) (1 diff)
• LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-opener-policy/reporting/resources/reporting-common.js (modified) (1 diff)
• Source/WebCore/ChangeLog (modified) (1 diff)
• Source/WebCore/Headers.cmake (modified) (1 diff)
• Source/WebCore/Sources.txt (modified) (1 diff)
• Source/WebCore/WebCore.xcodeproj/project.pbxproj (modified) (4 diffs)
• Source/WebCore/loader/CrossOriginOpenerPolicy.cpp (modified) (3 diffs)
• Source/WebCore/loader/CrossOriginOpenerPolicy.h (modified) (1 diff)
• Source/WebCore/loader/DocumentLoader.cpp (modified) (6 diffs)
• Source/WebCore/loader/PingLoader.cpp (modified) (4 diffs)
• Source/WebCore/loader/PingLoader.h (modified) (2 diffs)
• Source/WebCore/loader/ReportingEndpointsCache.cpp (added)
• Source/WebCore/loader/ReportingEndpointsCache.h (added)
• Source/WebCore/loader/WorkerThreadableLoader.cpp (modified) (1 diff)
• Source/WebCore/loader/cache/CachedResourceLoader.cpp (modified) (1 diff)
• Source/WebCore/page/Page.cpp (modified) (2 diffs)
• Source/WebCore/page/Page.h (modified) (3 diffs)
• Source/WebCore/page/PageConfiguration.cpp (modified) (1 diff)
• Source/WebCore/page/PageConfiguration.h (modified) (2 diffs)
• Source/WebCore/platform/network/HTTPHeaderNames.in (modified) (1 diff)
• Source/WebKit/ChangeLog (modified) (1 diff)
• Source/WebKit/NetworkProcess/NetworkConnectionToWebProcess.cpp (modified) (1 diff)
• Source/WebKit/NetworkProcess/NetworkSession.cpp (modified) (1 diff)
• Source/WebKit/WebProcess/WebPage/WebPage.cpp (modified) (2 diffs)
• Source/WebKit/WebProcess/WebProcess.cpp (modified) (2 diffs)
• Source/WebKit/WebProcess/WebProcess.h (modified) (3 diffs)
• Tools/ChangeLog (modified) (1 diff)
• Tools/WebKitTestRunner/InjectedBundle/InjectedBundle.cpp (modified) (2 diffs)

trunk/LayoutTests/ChangeLog

@@ +1 @@
+2021-09-10  Chris Dumez  <cdumez@apple.com>
+
+        Implement navigation reporting for Cross-Origin-Opener-Policy
+        https://bugs.webkit.org/show_bug.cgi?id=230046
+
+        Reviewed by Alex Christensen.
+
+        Unskip COOP navigation reporting tests.
+
+        * TestExpectations:
+
 2021-09-10  Eric Hutchison  <ehutchison@apple.com>
 

trunk/LayoutTests/TestExpectations

@@ -411 +411 @@
 imported/w3c/web-platform-tests/html/cross-origin-opener-policy/navigate-top-to-aboutblank.https.html [ DumpJSConsoleLogInStdErr ]
 imported/w3c/web-platform-tests/html/cross-origin-opener-policy/popup-coop-by-sw.https.html [ DumpJSConsoleLogInStdErr ]
+imported/w3c/web-platform-tests/html/cross-origin-opener-policy/reporting/navigation-reporting/reporting-coop-navigated-opener.https.html [ DumpJSConsoleLogInStdErr ]
+imported/w3c/web-platform-tests/html/cross-origin-opener-policy/reporting/navigation-reporting/reporting-coop-navigated-popup.https.html [ DumpJSConsoleLogInStdErr ]
 imported/w3c/web-platform-tests/html/semantics/embedded-content/the-iframe-element/iframe-network-error.sub.html [ DumpJSConsoleLogInStdErr ]
 imported/w3c/web-platform-tests/html/semantics/scripting-1/the-script-element/css-module/integrity.html [ DumpJSConsoleLogInStdErr ]
@@ -718 +720 @@
 imported/w3c/web-platform-tests/html/rendering/non-replaced-elements/phrasing-content-0/font-element-text-decoration-color/001-x.xhtml [ ImageOnlyFailure ]
 
-# Cross-Origin Opener Policy reporting is not supported and it is causing those tests to time out.
-imported/w3c/web-platform-tests/html/cross-origin-opener-policy/reporting [ Skip ]
+# Cross-Origin Opener Policy access reporting is not supported and it is causing those tests to time out.
+imported/w3c/web-platform-tests/html/cross-origin-opener-policy/reporting/access-reporting [ Skip ]
 
 # Cross-Origin-Embedder-Policy: credentialless is not supported.

trunk/LayoutTests/imported/w3c/ChangeLog

@@ +1 @@
+2021-09-10  Chris Dumez  <cdumez@apple.com>
+
+        Implement navigation reporting for Cross-Origin-Opener-Policy
+        https://bugs.webkit.org/show_bug.cgi?id=230046
+
+        Reviewed by Alex Christensen.
+
+        Rebaseline WPT COOP navigation reporting tests now that they are passing.
+
+        Merge the following fix to WPT tests so they can run with the WebKit infrastructure:
+        - https://github.com/web-platform-tests/wpt/pull/30411
+
+        Merge the following WPT test fix to address flakiness:
+        - https://github.com/web-platform-tests/wpt/pull/30548
+
+        * web-platform-tests/html/cross-origin-opener-policy/reporting/navigation-reporting/report-only-four-reports.https-expected.txt:
+        * web-platform-tests/html/cross-origin-opener-policy/reporting/navigation-reporting/report-only-four-reports.https.html.sub.headers:
+        * web-platform-tests/html/cross-origin-opener-policy/reporting/navigation-reporting/report-only-from-unsafe-none.https-expected.txt:
+        * web-platform-tests/html/cross-origin-opener-policy/reporting/navigation-reporting/report-only-same-origin-report-to.https-expected.txt:
+        * web-platform-tests/html/cross-origin-opener-policy/reporting/navigation-reporting/report-only-same-origin-report-to.https.html.sub.headers:
+        * web-platform-tests/html/cross-origin-opener-policy/reporting/navigation-reporting/report-only-same-origin.https-expected.txt:
+        * web-platform-tests/html/cross-origin-opener-policy/reporting/navigation-reporting/reporting-coop-navigated-opener.https-expected.txt:
+        * web-platform-tests/html/cross-origin-opener-policy/reporting/navigation-reporting/reporting-coop-navigated-popup.https-expected.txt:
+        * web-platform-tests/html/cross-origin-opener-policy/reporting/navigation-reporting/reporting-popup-same-origin-allow-popups-report-to.https-expected.txt:
+        * web-platform-tests/html/cross-origin-opener-policy/reporting/navigation-reporting/reporting-popup-same-origin-allow-popups-report-to.https.html.sub.headers:
+        * web-platform-tests/html/cross-origin-opener-policy/reporting/navigation-reporting/reporting-popup-same-origin-coep-report-to.https-expected.txt:
+        * web-platform-tests/html/cross-origin-opener-policy/reporting/navigation-reporting/reporting-popup-same-origin-coep-report-to.https.html.sub.headers:
+        * web-platform-tests/html/cross-origin-opener-policy/reporting/navigation-reporting/reporting-popup-same-origin-report-to.https-expected.txt:
+        * web-platform-tests/html/cross-origin-opener-policy/reporting/navigation-reporting/reporting-popup-same-origin-report-to.https.html.sub.headers:
+        * web-platform-tests/html/cross-origin-opener-policy/reporting/navigation-reporting/reporting-popup-same-origin.https-expected.txt:
+        * web-platform-tests/html/cross-origin-opener-policy/reporting/navigation-reporting/reporting-popup-unsafe-none-report-to.https-expected.txt:
+        * web-platform-tests/html/cross-origin-opener-policy/reporting/navigation-reporting/reporting-popup-unsafe-none-report-to.https.html.sub.headers:
+        * web-platform-tests/html/cross-origin-opener-policy/reporting/navigation-reporting/reporting-redirect-with-same-origin-allow-popups.https-expected.txt:
+        * web-platform-tests/html/cross-origin-opener-policy/reporting/resources/reporting-common.js:
+
 2021-09-10  Simon Fraser  <simon.fraser@apple.com>
 

trunk/LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-opener-policy/reporting/navigation-reporting/report-only-four-reports.https-expected.txt

@@ -1 +1 @@
 
-FAIL coop reporting test A test with both COOP and COOP report only setup to CROSS_ORIGIN with same-origin-allow-popups; report-to="coop-popup-report-endpoint", require-corp, same-origin; report-to="coop-popup-report-only-endpoint", require-corp promise_test: Unhandled rejection with value: "No report matched the expected report for endpoint: coop-report-endpoint, expected report: {\"body\":{\"disposition\":\"enforce\",\"effectivePolicy\":\"same-origin-allow-popups\",\"nextResponseURL\":\"/uuid=(uuid)$/\",\"type\":\"navigation-from-response\"},\"url\":\"https://localhost:9443/html/cross-origin-opener-policy/reporting/navigation-reporting/report-only-four-reports.https.html\",\"type\":\"coop\"}, within available reports: []"
+PASS coop reporting test A test with both COOP and COOP report only setup to CROSS_ORIGIN with same-origin-allow-popups; report-to="coop-popup-report-endpoint", require-corp, same-origin; report-to="coop-popup-report-only-endpoint", require-corp
 PASS verify remaining reports
 

trunk/LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-opener-policy/reporting/navigation-reporting/report-only-four-reports.https.html.sub.headers

@@ -4 +4 @@
 Cross-Origin-Embedder-Policy-Report-Only: require-corp
 Referrer-Policy: origin
-report-to: { "group": "coop-report-endpoint", "max_age": 10886400, "endpoints": [{ "url": "https://{{hosts[][www]}}:{{ports[https][0]}}/reporting/resources/report.py?endpoint=coop-report-endpoint" }] }, { "group": "coop-report-only-endpoint", "max_age": 10886400, "endpoints": [{ "url": "https://{{hosts[][www]}}:{{ports[https][0]}}/reporting/resources/report.py?endpoint=coop-report-only-endpoint" }]}
+report-to: { "group": "coop-report-endpoint", "max_age": 10886400, "endpoints": [{ "url": "/reporting/resources/report.py?endpoint=coop-report-endpoint" }] }, { "group": "coop-report-only-endpoint", "max_age": 10886400, "endpoints": [{ "url": "/reporting/resources/report.py?endpoint=coop-report-only-endpoint" }]}

trunk/LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-opener-policy/reporting/navigation-reporting/report-only-from-unsafe-none.https-expected.txt

@@ -1 +1 @@
 
-FAIL coop reporting test Report only tests for an opener without any COOP/COOP report only set to SAME_ORIGIN with , , same-origin; report-to="coop-popup-report-only-endpoint",  promise_test: Unhandled rejection with value: "No report matched the expected report for endpoint: coop-popup-report-only-endpoint, expected report: {\"body\":{\"disposition\":\"reporting\",\"effectivePolicy\":\"same-origin\",\"previousResponseURL\":\"https://localhost:9443/html/cross-origin-opener-policy/reporting/navigation-reporting/report-only-from-unsafe-none.https.html\",\"referrer\":\"https://localhost:9443/\",\"type\":\"navigation-to-response\"},\"url\":\"/uuid=(uuid)$/\",\"type\":\"coop\"}, within available reports: []"
-FAIL coop reporting test Report only tests for an opener without any COOP/COOP report only set to CROSS_ORIGIN with , , same-origin; report-to="coop-popup-report-only-endpoint",  promise_test: Unhandled rejection with value: "No report matched the expected report for endpoint: coop-popup-report-only-endpoint, expected report: {\"body\":{\"disposition\":\"reporting\",\"effectivePolicy\":\"same-origin\",\"previousResponseURL\":\"\",\"referrer\":\"https://localhost:9443/\",\"type\":\"navigation-to-response\"},\"url\":\"/uuid=(uuid)$/\",\"type\":\"coop\"}, within available reports: []"
+PASS coop reporting test Report only tests for an opener without any COOP/COOP report only set to SAME_ORIGIN with , , same-origin; report-to="coop-popup-report-only-endpoint",
+PASS coop reporting test Report only tests for an opener without any COOP/COOP report only set to CROSS_ORIGIN with , , same-origin; report-to="coop-popup-report-only-endpoint",
 PASS verify remaining reports
 

trunk/LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-opener-policy/reporting/navigation-reporting/report-only-same-origin-report-to.https-expected.txt

@@ -1 +1 @@
 
-FAIL coop reporting test reporting same origin with report-to to CROSS_ORIGIN with , , ,  promise_test: Unhandled rejection with value: "No report matched the expected report for endpoint: coop-report-only-endpoint, expected report: {\"body\":{\"disposition\":\"reporting\",\"effectivePolicy\":\"same-origin\",\"nextResponseURL\":\"/uuid=(uuid)$/\",\"type\":\"navigation-from-response\"},\"url\":\"https://localhost:9443/html/cross-origin-opener-policy/reporting/navigation-reporting/report-only-same-origin-report-to.https.html\",\"type\":\"coop\"}, within available reports: []"
-FAIL coop reporting test reporting same origin with report-to to CROSS_ORIGIN with , , same-origin; report-to="coop-popup-report-only-endpoint",  promise_test: Unhandled rejection with value: "No report matched the expected report for endpoint: coop-report-only-endpoint, expected report: {\"body\":{\"disposition\":\"reporting\",\"effectivePolicy\":\"same-origin\",\"nextResponseURL\":\"/uuid=(uuid)$/\",\"type\":\"navigation-from-response\"},\"url\":\"https://localhost:9443/html/cross-origin-opener-policy/reporting/navigation-reporting/report-only-same-origin-report-to.https.html\",\"type\":\"coop\"}, within available reports: []"
+PASS coop reporting test reporting same origin with report-to to CROSS_ORIGIN with , , ,
+PASS coop reporting test reporting same origin with report-to to CROSS_ORIGIN with , , same-origin; report-to="coop-popup-report-only-endpoint",
 PASS coop reporting test reporting same origin with report-to to SAME_ORIGIN with , , same-origin; report-to="coop-popup-report-only-endpoint",
 PASS verify remaining reports

trunk/LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-opener-policy/reporting/navigation-reporting/report-only-same-origin-report-to.https.html.sub.headers

@@ -1 +1 @@
 Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="coop-report-only-endpoint"
 Referrer-Policy: origin
-report-to: { "group": "coop-report-endpoint", "max_age": 10886400, "endpoints": [{ "url": "https://{{hosts[][www]}}:{{ports[https][0]}}/reporting/resources/report.py?endpoint=coop-report-endpoint" }] }, { "group": "coop-report-only-endpoint", "max_age": 10886400, "endpoints": [{ "url": "https://{{hosts[][www]}}:{{ports[https][0]}}/reporting/resources/report.py?endpoint=coop-report-only-endpoint" }]}
+report-to: { "group": "coop-report-endpoint", "max_age": 10886400, "endpoints": [{ "url": "/reporting/resources/report.py?endpoint=coop-report-endpoint" }] }, { "group": "coop-report-only-endpoint", "max_age": 10886400, "endpoints": [{ "url": "/reporting/resources/report.py?endpoint=coop-report-only-endpoint" }]}

trunk/LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-opener-policy/reporting/navigation-reporting/report-only-same-origin.https-expected.txt

@@ -1 +1 @@
 
-FAIL coop reporting test reporting same origin with report-to to SAME_ORIGIN with , require-corp, same-origin; report-to="coop-popup-report-only-endpoint",  promise_test: Unhandled rejection with value: "No report matched the expected report for endpoint: coop-popup-report-only-endpoint, expected report: {\"body\":{\"disposition\":\"reporting\",\"effectivePolicy\":\"same-origin-plus-coep\",\"previousResponseURL\":\"https://localhost:9443/html/cross-origin-opener-policy/reporting/navigation-reporting/report-only-same-origin.https.html\",\"referrer\":\"https://localhost:9443/\",\"type\":\"navigation-to-response\"},\"url\":\"/uuid=(uuid)$/\",\"type\":\"coop\"}, within available reports: []"
-FAIL coop reporting test reporting same origin with report-to to SAME_ORIGIN with , , same-origin; report-to="coop-popup-report-only-endpoint", require-corp promise_test: Unhandled rejection with value: "No report matched the expected report for endpoint: coop-popup-report-only-endpoint, expected report: {\"body\":{\"disposition\":\"reporting\",\"effectivePolicy\":\"same-origin-plus-coep\",\"previousResponseURL\":\"https://localhost:9443/html/cross-origin-opener-policy/reporting/navigation-reporting/report-only-same-origin.https.html\",\"referrer\":\"https://localhost:9443/\",\"type\":\"navigation-to-response\"},\"url\":\"/uuid=(uuid)$/\",\"type\":\"coop\"}, within available reports: []"
+PASS coop reporting test reporting same origin with report-to to SAME_ORIGIN with , require-corp, same-origin; report-to="coop-popup-report-only-endpoint",
+PASS coop reporting test reporting same origin with report-to to SAME_ORIGIN with , , same-origin; report-to="coop-popup-report-only-endpoint", require-corp
 PASS verify remaining reports
 

trunk/LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-opener-policy/reporting/navigation-reporting/reporting-coop-navigated-opener.https-expected.txt

@@ -1 @@
-CONSOLE MESSAGE: Unhandled Promise Rejection: TypeError: cancelled
 
-Harness Error (TIMEOUT), message = null
+PASS navigation-report-from-opener-navigation
 
-TIMEOUT navigation-report-from-opener-navigation Test timed out
-

trunk/LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-opener-policy/reporting/navigation-reporting/reporting-coop-navigated-popup.https-expected.txt

@@ -1 +1 @@
 
-FAIL Open a popup to a document without COOP, then navigate it to a document with promise_test: Unhandled rejection with value: "No report matched the expected report for endpoint: coop-popup-report-endpoint, expected report: {\"body\":{\"disposition\":\"enforce\",\"effectivePolicy\":\"unsafe-none\",\"nextResponseURL\":\"/uuid=(uuid)$/\",\"type\":\"navigation-from-response\"},\"url\":\"/uuid=(uuid)$/\",\"type\":\"coop\"}, within available reports: []"
+PASS Open a popup to a document without COOP, then navigate it to a document with
 PASS verify remaining reports
 

trunk/LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-opener-policy/reporting/navigation-reporting/reporting-popup-same-origin-allow-popups-report-to.https-expected.txt

@@ -1 +1 @@
 
-FAIL coop reporting test reporting same origin with report-to to SAME_ORIGIN with same-origin; report-to="coop-popup-report-endpoint", , ,  promise_test: Unhandled rejection with value: "No report matched the expected report for endpoint: coop-report-endpoint, expected report: {\"body\":{\"disposition\":\"enforce\",\"effectivePolicy\":\"same-origin-allow-popups\",\"nextResponseURL\":\"/uuid=(uuid)$/\",\"type\":\"navigation-from-response\"},\"url\":\"https://localhost:9443/html/cross-origin-opener-policy/reporting/navigation-reporting/reporting-popup-same-origin-allow-popups-report-to.https.html\",\"type\":\"coop\"}, within available reports: []"
-FAIL coop reporting test reporting same origin with report-to to CROSS_ORIGIN with same-origin-allow-popups; report-to="coop-popup-report-endpoint", require-corp, ,  promise_test: Unhandled rejection with value: "No report matched the expected report for endpoint: coop-report-endpoint, expected report: {\"body\":{\"disposition\":\"enforce\",\"effectivePolicy\":\"same-origin-allow-popups\",\"nextResponseURL\":\"/uuid=(uuid)$/\",\"type\":\"navigation-from-response\"},\"url\":\"https://localhost:9443/html/cross-origin-opener-policy/reporting/navigation-reporting/reporting-popup-same-origin-allow-popups-report-to.https.html\",\"type\":\"coop\"}, within available reports: []"
-FAIL coop reporting test reporting same origin with report-to to CROSS_ORIGIN with same-origin, require-corp, ,  promise_test: Unhandled rejection with value: "No report matched the expected report for endpoint: coop-report-endpoint, expected report: {\"body\":{\"disposition\":\"enforce\",\"effectivePolicy\":\"same-origin-allow-popups\",\"nextResponseURL\":\"/uuid=(uuid)$/\",\"type\":\"navigation-from-response\"},\"url\":\"https://localhost:9443/html/cross-origin-opener-policy/reporting/navigation-reporting/reporting-popup-same-origin-allow-popups-report-to.https.html\",\"type\":\"coop\"}, within available reports: []"
+PASS coop reporting test reporting same origin with report-to to SAME_ORIGIN with same-origin; report-to="coop-popup-report-endpoint", , ,
+PASS coop reporting test reporting same origin with report-to to CROSS_ORIGIN with same-origin-allow-popups; report-to="coop-popup-report-endpoint", require-corp, ,
+PASS coop reporting test reporting same origin with report-to to CROSS_ORIGIN with same-origin, require-corp, ,
 PASS verify remaining reports
 

trunk/LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-opener-policy/reporting/navigation-reporting/reporting-popup-same-origin-allow-popups-report-to.https.html.sub.headers

@@ -1 @@
-report-to: { "group": "coop-report-endpoint", "max_age": 10886400, "endpoints": [{ "url": "https://{{hosts[][www]}}:{{ports[https][0]}}/reporting/resources/report.py?endpoint=coop-report-endpoint" }] }, { "group": "coop-report-only-endpoint", "max_age": 10886400, "endpoints": [{ "url": "https://{{hosts[][www]}}:{{ports[https][0]}}/reporting/resources/report.py?endpoint=coop-report-only-endpoint" }]}
+report-to: { "group": "coop-report-endpoint", "max_age": 10886400, "endpoints": [{ "url": "/reporting/resources/report.py?endpoint=coop-report-endpoint" }] }, { "group": "coop-report-only-endpoint", "max_age": 10886400, "endpoints": [{ "url": "/reporting/resources/report.py?endpoint=coop-report-only-endpoint" }]}
 Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="coop-report-endpoint"
 Referrer-Policy: origin

trunk/LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-opener-policy/reporting/navigation-reporting/reporting-popup-same-origin-coep-report-to.https-expected.txt

@@ -2 +2 @@
 
 PASS coop reporting test reporting same origin with report-to to SAME_ORIGIN with same-origin; report-to="coop-popup-report-endpoint", require-corp, ,
-FAIL coop reporting test reporting same origin with report-to to SAME_ORIGIN with same-origin; report-to="coop-popup-report-endpoint", , ,  promise_test: Unhandled rejection with value: "No report matched the expected report for endpoint: coop-report-endpoint, expected report: {\"body\":{\"disposition\":\"enforce\",\"effectivePolicy\":\"same-origin-plus-coep\",\"nextResponseURL\":\"/uuid=(uuid)$/\",\"type\":\"navigation-from-response\"},\"url\":\"https://localhost:9443/html/cross-origin-opener-policy/reporting/navigation-reporting/reporting-popup-same-origin-coep-report-to.https.html\",\"type\":\"coop\"}, within available reports: []"
-FAIL coop reporting test reporting same origin with report-to to CROSS_ORIGIN with same-origin; report-to="coop-popup-report-endpoint", require-corp, ,  promise_test: Unhandled rejection with value: "No report matched the expected report for endpoint: coop-report-endpoint, expected report: {\"body\":{\"disposition\":\"enforce\",\"effectivePolicy\":\"same-origin-plus-coep\",\"nextResponseURL\":\"/uuid=(uuid)$/\",\"type\":\"navigation-from-response\"},\"url\":\"https://localhost:9443/html/cross-origin-opener-policy/reporting/navigation-reporting/reporting-popup-same-origin-coep-report-to.https.html\",\"type\":\"coop\"}, within available reports: []"
-FAIL coop reporting test reporting same origin with report-to to SAME_ORIGIN with , , same-origin; report-to="coop-popup-report-only-endpoint", require-corp promise_test: Unhandled rejection with value: "No report matched the expected report for endpoint: coop-report-endpoint, expected report: {\"body\":{\"disposition\":\"enforce\",\"effectivePolicy\":\"same-origin-plus-coep\",\"nextResponseURL\":\"/uuid=(uuid)$/\",\"type\":\"navigation-from-response\"},\"url\":\"https://localhost:9443/html/cross-origin-opener-policy/reporting/navigation-reporting/reporting-popup-same-origin-coep-report-to.https.html\",\"type\":\"coop\"}, within available reports: []"
-FAIL coop reporting test reporting same origin with report-to to CROSS_ORIGIN with , , same-origin; report-to="coop-popup-report-only-endpoint", require-corp promise_test: Unhandled rejection with value: "No report matched the expected report for endpoint: coop-report-endpoint, expected report: {\"body\":{\"disposition\":\"enforce\",\"effectivePolicy\":\"same-origin-plus-coep\",\"nextResponseURL\":\"/uuid=(uuid)$/\",\"type\":\"navigation-from-response\"},\"url\":\"https://localhost:9443/html/cross-origin-opener-policy/reporting/navigation-reporting/reporting-popup-same-origin-coep-report-to.https.html\",\"type\":\"coop\"}, within available reports: []"
+PASS coop reporting test reporting same origin with report-to to SAME_ORIGIN with same-origin; report-to="coop-popup-report-endpoint", , ,
+PASS coop reporting test reporting same origin with report-to to CROSS_ORIGIN with same-origin; report-to="coop-popup-report-endpoint", require-corp, ,
+PASS coop reporting test reporting same origin with report-to to SAME_ORIGIN with , , same-origin; report-to="coop-popup-report-only-endpoint", require-corp
+PASS coop reporting test reporting same origin with report-to to CROSS_ORIGIN with , , same-origin; report-to="coop-popup-report-only-endpoint", require-corp
 PASS verify remaining reports
 

trunk/LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-opener-policy/reporting/navigation-reporting/reporting-popup-same-origin-coep-report-to.https.html.sub.headers

@@ -1 @@
-report-to: { "group": "coop-report-endpoint", "max_age": 10886400, "endpoints": [{ "url": "https://{{hosts[][www]}}:{{ports[https][0]}}/reporting/resources/report.py?endpoint=coop-report-endpoint" }] }, { "group": "coop-report-only-endpoint", "max_age": 10886400, "endpoints": [{ "url": "https://{{hosts[][www]}}:{{ports[https][0]}}/reporting/resources/report.py?endpoint=coop-report-only-endpoint" }]}
+report-to: { "group": "coop-report-endpoint", "max_age": 10886400, "endpoints": [{ "url": "/reporting/resources/report.py?endpoint=coop-report-endpoint" }] }, { "group": "coop-report-only-endpoint", "max_age": 10886400, "endpoints": [{ "url": "/reporting/resources/report.py?endpoint=coop-report-only-endpoint" }]}
 Cross-Origin-Opener-Policy: same-origin; report-to="coop-report-endpoint"
 Cross-Origin-Embedder-Policy: require-corp

trunk/LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-opener-policy/reporting/navigation-reporting/reporting-popup-same-origin-report-to.https-expected.txt

@@ -1 +1 @@
 
 PASS coop reporting test reporting same origin with report-to to SAME_ORIGIN with same-origin; report-to="coop-popup-report-endpoint", , ,
-FAIL coop reporting test reporting same origin with report-to to CROSS_ORIGIN with same-origin; report-to="coop-popup-report-endpoint", , ,  promise_test: Unhandled rejection with value: "No report matched the expected report for endpoint: coop-report-endpoint, expected report: {\"body\":{\"disposition\":\"enforce\",\"effectivePolicy\":\"same-origin\",\"nextResponseURL\":\"/uuid=(uuid)$/\",\"type\":\"navigation-from-response\"},\"url\":\"https://localhost:9443/html/cross-origin-opener-policy/reporting/navigation-reporting/reporting-popup-same-origin-report-to.https.html\",\"type\":\"coop\"}, within available reports: []"
-FAIL coop reporting test reporting same origin with report-to to SAME_ORIGIN with unsafe-none; report-to="coop-popup-report-endpoint", , ,  promise_test: Unhandled rejection with value: "No report matched the expected report for endpoint: coop-report-endpoint, expected report: {\"body\":{\"disposition\":\"enforce\",\"effectivePolicy\":\"same-origin\",\"nextResponseURL\":\"/uuid=(uuid)$/\",\"type\":\"navigation-from-response\"},\"url\":\"https://localhost:9443/html/cross-origin-opener-policy/reporting/navigation-reporting/reporting-popup-same-origin-report-to.https.html\",\"type\":\"coop\"}, within available reports: []"
-FAIL coop reporting test reporting same origin with report-to to SAME_ORIGIN with same-origin; report-to="coop-popup-report-endpoint", require-corp, ,  promise_test: Unhandled rejection with value: "No report matched the expected report for endpoint: coop-report-endpoint, expected report: {\"body\":{\"disposition\":\"enforce\",\"effectivePolicy\":\"same-origin\",\"nextResponseURL\":\"/uuid=(uuid)$/\",\"type\":\"navigation-from-response\"},\"url\":\"https://localhost:9443/html/cross-origin-opener-policy/reporting/navigation-reporting/reporting-popup-same-origin-report-to.https.html\",\"type\":\"coop\"}, within available reports: []"
-FAIL coop reporting test reporting same origin with report-to to CROSS_ORIGIN with unsafe-none; report-to="coop-popup-report-endpoint", , ,  promise_test: Unhandled rejection with value: "No report matched the expected report for endpoint: coop-report-endpoint, expected report: {\"body\":{\"disposition\":\"enforce\",\"effectivePolicy\":\"same-origin\",\"nextResponseURL\":\"/uuid=(uuid)$/\",\"type\":\"navigation-from-response\"},\"url\":\"https://localhost:9443/html/cross-origin-opener-policy/reporting/navigation-reporting/reporting-popup-same-origin-report-to.https.html\",\"type\":\"coop\"}, within available reports: []"
-FAIL coop reporting test reporting same origin with report-to to SAME_ORIGIN with unsafe-none, , ,  promise_test: Unhandled rejection with value: "No report matched the expected report for endpoint: coop-report-endpoint, expected report: {\"body\":{\"disposition\":\"enforce\",\"effectivePolicy\":\"same-origin\",\"nextResponseURL\":\"/uuid=(uuid)$/\",\"type\":\"navigation-from-response\"},\"url\":\"https://localhost:9443/html/cross-origin-opener-policy/reporting/navigation-reporting/reporting-popup-same-origin-report-to.https.html\",\"type\":\"coop\"}, within available reports: []"
+PASS coop reporting test reporting same origin with report-to to CROSS_ORIGIN with same-origin; report-to="coop-popup-report-endpoint", , ,
+PASS coop reporting test reporting same origin with report-to to SAME_ORIGIN with unsafe-none; report-to="coop-popup-report-endpoint", , ,
+PASS coop reporting test reporting same origin with report-to to SAME_ORIGIN with same-origin; report-to="coop-popup-report-endpoint", require-corp, ,
+PASS coop reporting test reporting same origin with report-to to CROSS_ORIGIN with unsafe-none; report-to="coop-popup-report-endpoint", , ,
+PASS coop reporting test reporting same origin with report-to to SAME_ORIGIN with unsafe-none, , ,
 PASS verify remaining reports
 

trunk/LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-opener-policy/reporting/navigation-reporting/reporting-popup-same-origin-report-to.https.html.sub.headers

@@ -1 @@
-report-to: { "group": "coop-report-endpoint", "max_age": 10886400, "endpoints": [{ "url": "https://{{hosts[][www]}}:{{ports[https][0]}}/reporting/resources/report.py?endpoint=coop-report-endpoint" }] }, { "group": "coop-report-only-endpoint", "max_age": 10886400, "endpoints": [{ "url": "https://{{hosts[][www]}}:{{ports[https][0]}}/reporting/resources/report.py?endpoint=coop-report-only-endpoint" }]}
+report-to: { "group": "coop-report-endpoint", "max_age": 10886400, "endpoints": [{ "url": "/reporting/resources/report.py?endpoint=coop-report-endpoint" }] }, { "group": "coop-report-only-endpoint", "max_age": 10886400, "endpoints": [{ "url": "/reporting/resources/report.py?endpoint=coop-report-only-endpoint" }]}
 Cross-Origin-Opener-Policy: same-origin; report-to="coop-report-endpoint"
 Referrer-Policy: no-referrer

trunk/LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-opener-policy/reporting/navigation-reporting/reporting-popup-same-origin.https-expected.txt

@@ -1 +1 @@
 
-FAIL coop reporting test reporting same origin to CROSS_ORIGIN with same-origin; report-to="coop-popup-report-endpoint", , ,  promise_test: Unhandled rejection with value: "No report matched the expected report for endpoint: coop-popup-report-endpoint, expected report: {\"body\":{\"disposition\":\"enforce\",\"effectivePolicy\":\"same-origin\",\"previousResponseURL\":\"\",\"referrer\":\"https://localhost:9443/\",\"type\":\"navigation-to-response\"},\"url\":\"/uuid=(uuid)$/\",\"type\":\"coop\"}, within available reports: []"
-FAIL coop reporting test reporting same origin to SAME_ORIGIN with unsafe-none; report-to="coop-popup-report-endpoint", , ,  promise_test: Unhandled rejection with value: "No report matched the expected report for endpoint: coop-popup-report-endpoint, expected report: {\"body\":{\"disposition\":\"enforce\",\"effectivePolicy\":\"unsafe-none\",\"previousResponseURL\":\"https://localhost:9443/html/cross-origin-opener-policy/reporting/navigation-reporting/reporting-popup-same-origin.https.html\",\"referrer\":\"https://localhost:9443/html/cross-origin-opener-policy/reporting/navigation-reporting/reporting-popup-same-origin.https.html\",\"type\":\"navigation-to-response\"},\"url\":\"/uuid=(uuid)$/\",\"type\":\"coop\"}, within available reports: []"
-FAIL coop reporting test reporting same origin to CROSS_ORIGIN with unsafe-none; report-to="coop-popup-report-endpoint", , ,  promise_test: Unhandled rejection with value: "No report matched the expected report for endpoint: coop-popup-report-endpoint, expected report: {\"body\":{\"disposition\":\"enforce\",\"previousResponseURL\":\"\",\"referrer\":\"https://localhost:9443/\",\"type\":\"navigation-to-response\"},\"url\":\"/uuid=(uuid)$/\",\"type\":\"coop\"}, within available reports: []"
+PASS coop reporting test reporting same origin to CROSS_ORIGIN with same-origin; report-to="coop-popup-report-endpoint", , ,
+PASS coop reporting test reporting same origin to SAME_ORIGIN with unsafe-none; report-to="coop-popup-report-endpoint", , ,
+PASS coop reporting test reporting same origin to CROSS_ORIGIN with unsafe-none; report-to="coop-popup-report-endpoint", , ,
 PASS coop reporting test reporting same origin to SAME_ORIGIN with , , same-origin; report-to="coop-popup-report-only-endpoint",
 PASS verify remaining reports

trunk/LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-opener-policy/reporting/navigation-reporting/reporting-popup-unsafe-none-report-to.https-expected.txt

@@ -1 +1 @@
 
-FAIL coop reporting test reporting same origin with report-to to SAME_ORIGIN with same-origin; report-to="coop-popup-report-endpoint", , ,  promise_test: Unhandled rejection with value: "No report matched the expected report for endpoint: coop-report-endpoint, expected report: {\"body\":{\"disposition\":\"enforce\",\"effectivePolicy\":\"unsafe-none\",\"nextResponseURL\":\"/uuid=(uuid)$/\",\"type\":\"navigation-from-response\"},\"url\":\"https://localhost:9443/html/cross-origin-opener-policy/reporting/navigation-reporting/reporting-popup-unsafe-none-report-to.https.html\",\"type\":\"coop\"}, within available reports: []"
-FAIL coop reporting test reporting same origin with report-to to SAME_ORIGIN with same-origin, , ,  promise_test: Unhandled rejection with value: "No report matched the expected report for endpoint: coop-report-endpoint, expected report: {\"body\":{\"disposition\":\"enforce\",\"effectivePolicy\":\"unsafe-none\",\"nextResponseURL\":\"/uuid=(uuid)$/\",\"type\":\"navigation-from-response\"},\"url\":\"https://localhost:9443/html/cross-origin-opener-policy/reporting/navigation-reporting/reporting-popup-unsafe-none-report-to.https.html\",\"type\":\"coop\"}, within available reports: []"
-FAIL coop reporting test reporting same origin with report-to to CROSS_ORIGIN with same-origin; report-to="coop-popup-report-endpoint", , ,  promise_test: Unhandled rejection with value: "No report matched the expected report for endpoint: coop-report-endpoint, expected report: {\"body\":{\"disposition\":\"enforce\",\"effectivePolicy\":\"unsafe-none\",\"nextResponseURL\":\"/uuid=(uuid)$/\",\"type\":\"navigation-from-response\"},\"url\":\"https://localhost:9443/html/cross-origin-opener-policy/reporting/navigation-reporting/reporting-popup-unsafe-none-report-to.https.html\",\"type\":\"coop\"}, within available reports: []"
+PASS coop reporting test reporting same origin with report-to to SAME_ORIGIN with same-origin; report-to="coop-popup-report-endpoint", , ,
+PASS coop reporting test reporting same origin with report-to to SAME_ORIGIN with same-origin, , ,
+PASS coop reporting test reporting same origin with report-to to CROSS_ORIGIN with same-origin; report-to="coop-popup-report-endpoint", , ,
 PASS verify remaining reports
 

trunk/LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-opener-policy/reporting/navigation-reporting/reporting-popup-unsafe-none-report-to.https.html.sub.headers

@@ -1 @@
-report-to: { "group": "coop-report-endpoint", "max_age": 10886400, "endpoints": [{ "url": "https://{{hosts[][www]}}:{{ports[https][0]}}/reporting/resources/report.py?endpoint=coop-report-endpoint" }] }, { "group": "coop-report-only-endpoint", "max_age": 10886400, "endpoints": [{ "url": "https://{{hosts[][www]}}:{{ports[https][0]}}/reporting/resources/report.py?endpoint=coop-report-only-endpoint" }]}
+report-to: { "group": "coop-report-endpoint", "max_age": 10886400, "endpoints": [{ "url": "/reporting/resources/report.py?endpoint=coop-report-endpoint" }] }, { "group": "coop-report-only-endpoint", "max_age": 10886400, "endpoints": [{ "url": "/reporting/resources/report.py?endpoint=coop-report-only-endpoint" }]}
 Cross-Origin-Opener-Policy: unsafe-none; report-to="coop-report-endpoint"

trunk/LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-opener-policy/reporting/navigation-reporting/reporting-redirect-with-same-origin-allow-popups.https-expected.txt

@@ -1 +1 @@
 
-Harness Error (TIMEOUT), message = null
+PASS Same origin openee redirected to same-origin with same-origin-allow-popups
+PASS Cross origin openee redirected to same-origin with same-origin-allow-popups
 
-TIMEOUT Same origin openee redirected to same-origin with same-origin-allow-popups Test timed out
-NOTRUN Cross origin openee redirected to same-origin with same-origin-allow-popups
-

trunk/LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-opener-policy/reporting/resources/reporting-common.js

@@ -73 +73 @@
           expectedReport.endpoint.reports.splice(j,1);
           resolve();
+          return;
         }
       };

trunk/Source/WebCore/ChangeLog

@@ +1 @@
+2021-09-10  Chris Dumez  <cdumez@apple.com>
+
+        Implement navigation reporting for Cross-Origin-Opener-Policy
+        https://bugs.webkit.org/show_bug.cgi?id=230046
+
+        Reviewed by Alex Christensen.
+
+        Implement navigation reporting for Cross-Origin-Opener-Policy as per:
+        - https://html.spec.whatwg.org/multipage/origin.html#coop-violation-navigation-to
+        - https://html.spec.whatwg.org/multipage/origin.html#coop-violation-navigation-from
+
+        With support for the Report-To HTTP header as documented here:
+        - https://www.w3.org/TR/reporting/#header
+
+        When adopting Cross-Origin-Opener-Policy or Cross-Origin-Opener-Policy-Report-Only HTTP headers,
+        developers can now specify a `report-to` directive with the name of the endpoint to report
+        COOP violations to. The mapping from endpoint name to URL is provided via teh Report-To HTTP
+        header, as is expected by the WPT tests.
+
+        No new tests, unskipped and rebaselined existing tests.
+
+        * Sources.txt:
+        * WebCore.xcodeproj/project.pbxproj:
+        * loader/CrossOriginOpenerPolicy.cpp:
+        (WebCore::sanitizeReferrerForURLReport):
+        (WebCore::crossOriginOpenerPolicyValueToString):
+        (WebCore::sendCOOPViolationReport):
+        (WebCore::sendViolationReportWhenNavigatingToCOOPResponse):
+        (WebCore::sendViolationReportWhenNavigatingAwayFromCOOPResponse):
+        * loader/CrossOriginOpenerPolicy.h:
+        * loader/DocumentLoader.cpp:
+        (WebCore::DocumentLoader::willSendRequest):
+        (WebCore::checkIfEnforcingReportOnlyCOOPWouldRequireBrowsingContextGroupSwitch):
+        (WebCore::DocumentLoader::enforceResponseCrossOriginOpenerPolicy):
+        (WebCore::DocumentLoader::responseReceived):
+        * loader/PingLoader.cpp:
+        (WebCore::PingLoader::sendViolationReport):
+        (WebCore::PingLoader::startPingLoad):
+        * loader/PingLoader.h:
+        * loader/ReportingEndpointsCache.cpp: Added.
+        (WebCore::ReportingEndpointsCache::singleton):
+        (WebCore::ReportingEndpointsCache::addEndPointsFromResponse):
+        (WebCore::ReportingEndpointsCache::addEndpointFromDictionary):
+        (WebCore::ReportingEndpointsCache::endpointURL const):
+        (WebCore::ReportingEndpointsCache::EndPoint::EndPoint):
+        (WebCore::ReportingEndpointsCache::EndPoint::hasExpired const):
+        * loader/ReportingEndpointsCache.h: Added.
+        * loader/ResourceLoaderOptions.h:
+        (WebCore::ResourceLoaderOptions::shouldOmitUserAgent):
+        (WebCore::ResourceLoaderOptions::ResourceLoaderOptions):
+        * loader/WorkerThreadableLoader.cpp:
+        * loader/cache/CachedResourceLoader.cpp:
+        (WebCore::CachedResourceLoader::updateHTTPRequestHeaders):
+        * platform/network/HTTPHeaderNames.in:
+
 2021-09-10  Myles C. Maxfield  <mmaxfield@apple.com>
 

trunk/Source/WebCore/Headers.cmake

@@ -832 +832 @@
     loader/ProgressTracker.h
     loader/ProgressTrackerClient.h
+    loader/ReportingEndpointsCache.h
     loader/ResourceCryptographicDigest.h
     loader/ResourceLoadInfo.h

trunk/Source/WebCore/Sources.txt

@@ -1543 +1543 @@
 loader/PolicyChecker.cpp
 loader/ProgressTracker.cpp
+loader/ReportingEndpointsCache.cpp
 loader/ResourceCryptographicDigest.cpp
 loader/ResourceLoadInfo.cpp

trunk/Source/WebCore/WebCore.xcodeproj/project.pbxproj

@@ -1326 +1326 @@
                 46D0004026A0FEB300D1BF1E /* SubmitEvent.h in Headers */ = {isa = PBXBuildFile; fileRef = 46D0003E26A0FE6F00D1BF1E /* SubmitEvent.h */; };
                 46DBB6501AB8C96F00D9A813 /* PowerObserverMac.h in Headers */ = {isa = PBXBuildFile; fileRef = 46DBB64E1AB8C96F00D9A813 /* PowerObserverMac.h */; settings = {ATTRIBUTES = (Private, ); }; };
+                46DD6E1F26E7DBE7008C1F4C /* ReportingEndpointsCache.h in Headers */ = {isa = PBXBuildFile; fileRef = 46DD6E1C26E7DBE6008C1F4C /* ReportingEndpointsCache.h */; settings = {ATTRIBUTES = (Private, ); }; };
                 46DD93D7269DE756001AFD88 /* BroadcastChannelIdentifier.h in Headers */ = {isa = PBXBuildFile; fileRef = 46DD93D5269DE74B001AFD88 /* BroadcastChannelIdentifier.h */; settings = {ATTRIBUTES = (Private, ); }; };
                 46DE9BB5269DF93E0024C5A6 /* BroadcastChannelRegistry.h in Headers */ = {isa = PBXBuildFile; fileRef = 46DE9BB4269DF9320024C5A6 /* BroadcastChannelRegistry.h */; settings = {ATTRIBUTES = (Private, ); }; };
@@ -8424 +8425 @@
                 46D0003F26A0FE7000D1BF1E /* SubmitEvent.idl */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text; path = SubmitEvent.idl; sourceTree = "<group>"; };
                 46DBB64E1AB8C96F00D9A813 /* PowerObserverMac.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = PowerObserverMac.h; sourceTree = "<group>"; };
+                46DD6E1C26E7DBE6008C1F4C /* ReportingEndpointsCache.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = ReportingEndpointsCache.h; sourceTree = "<group>"; };
+                46DD6E1E26E7DBE7008C1F4C /* ReportingEndpointsCache.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = ReportingEndpointsCache.cpp; sourceTree = "<group>"; };
                 46DD93D5269DE74B001AFD88 /* BroadcastChannelIdentifier.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = BroadcastChannelIdentifier.h; sourceTree = "<group>"; };
                 46DE9BB4269DF9320024C5A6 /* BroadcastChannelRegistry.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = BroadcastChannelRegistry.h; sourceTree = "<group>"; };
@@ -27568 +27571 @@
                                 1A2A68220B5BEDE70002A480 /* ProgressTracker.h */,
                                 1ACADD781880D91C00D8B71D /* ProgressTrackerClient.h */,
+                                46DD6E1E26E7DBE7008C1F4C /* ReportingEndpointsCache.cpp */,
+                                46DD6E1C26E7DBE6008C1F4C /* ReportingEndpointsCache.h */,
                                 7C2FA60F1EA95A3200A03108 /* ResourceCryptographicDigest.cpp */,
                                 7C2FA6101EA95A3200A03108 /* ResourceCryptographicDigest.h */,
@@ -34488 +34493 @@
                                 2DF512CE1D873E47001D6780 /* ReplaceRangeWithTextCommand.h in Headers */,
                                 93309E0A099E64920056E581 /* ReplaceSelectionCommand.h in Headers */,
+                                46DD6E1F26E7DBE7008C1F4C /* ReportingEndpointsCache.h in Headers */,
                                 4998AEC613F9D0EA0090B1AA /* RequestAnimationFrameCallback.h in Headers */,
                                 F55B3DD01251F12D003EF269 /* ResetInputType.h in Headers */,

trunk/Source/WebCore/loader/CrossOriginOpenerPolicy.cpp

@@ -30 +30 @@
 #include "HTTPHeaderNames.h"
 #include "HTTPParsers.h"
+#include "PingLoader.h"
+#include "ReportingEndpointsCache.h"
 #include "ResourceResponse.h"
 #include "ScriptExecutionContext.h"
+#include <wtf/JSONValues.h>
 
 namespace WebCore {
 
-static String crossOriginOpenerPolicyToString(const CrossOriginOpenerPolicyValue& coop)
+// https://html.spec.whatwg.org/multipage/origin.html#sanitize-url-report
+static String sanitizeReferrerForURLReport(const URL& referrer)
+{
+    URL sanitizedReferrer = referrer;
+    sanitizedReferrer.removeCredentials();
+    sanitizedReferrer.removeFragmentIdentifier();
+    return sanitizedReferrer.string();
+}
+
+static ASCIILiteral crossOriginOpenerPolicyToString(const CrossOriginOpenerPolicyValue& coop)
 {
     switch (coop) {
@@ -43 +55 @@
     case CrossOriginOpenerPolicyValue::SameOriginAllowPopups:
         return "same-origin-allow-popups"_s;
+    case CrossOriginOpenerPolicyValue::UnsafeNone:
+        break;
+    }
+    return "unsafe-none"_s;
+}
+
+static ASCIILiteral crossOriginOpenerPolicyValueToEffectivePolicyString(CrossOriginOpenerPolicyValue coop)
+{
+    switch (coop) {
+    case CrossOriginOpenerPolicyValue::SameOriginAllowPopups:
+        return "same-origin-allow-popups"_s;
+    case CrossOriginOpenerPolicyValue::SameOrigin:
+        return "same-origin"_s;
+    case CrossOriginOpenerPolicyValue::SameOriginPlusCOEP:
+        return "same-origin-plus-coep"_s;
     case CrossOriginOpenerPolicyValue::UnsafeNone:
         break;
@@ -110 +137 @@
 }
 
+// https://www.w3.org/TR/reporting/#try-delivery
+static void sendCOOPViolationReport(Frame& frame, CrossOriginOpenerPolicy coop, COOPDisposition disposition, const URL& coopURL, const SecurityOrigin& coopOrigin, const String& userAgent, Function<void(JSON::Object&)>&& populateBody)
+{
+    auto& reportingEndpoint = disposition == COOPDisposition::Reporting ? coop.reportOnlyReportingEndpoint : coop.reportingEndpoint;
+    if (reportingEndpoint.isEmpty())
+        return;
+
+    auto reportingEndpointsCache = frame.page() ? frame.page()->reportingEndpointsCache() : nullptr;
+    if (!reportingEndpointsCache)
+        return;
+    auto endpointURL = reportingEndpointsCache->endpointURL(coopOrigin.data(), reportingEndpoint);
+    if (!endpointURL.isValid())
+        return;
+
+    auto body = JSON::Object::create();
+    body->setString("disposition"_s, disposition == COOPDisposition::Reporting ? "reporting"_s : "enforce"_s);
+    body->setString("effectivePolicy"_s, crossOriginOpenerPolicyValueToEffectivePolicyString(disposition == COOPDisposition::Reporting ? coop.reportOnlyValue : coop.value));
+    populateBody(body);
+
+    auto reportObject = JSON::Object::create();
+    reportObject->setString("type"_s, "coop"_s);
+    reportObject->setString("url"_s, coopURL.string());
+    reportObject->setString("user_agent", userAgent);
+    reportObject->setInteger("age", 0); // We currently do not delay sending the reports.
+    reportObject->setObject("body"_s, WTFMove(body));
+
+    auto reportList = JSON::Array::create();
+    reportList->pushObject(reportObject);
+
+    auto report = FormData::create(reportList->toJSONString().utf8());
+    PingLoader::sendViolationReport(frame, endpointURL, WTFMove(report), ViolationReportType::StandardReportingAPIViolation);
+}
+
+// https://html.spec.whatwg.org/multipage/origin.html#coop-violation-navigation-to
+void sendViolationReportWhenNavigatingToCOOPResponse(Frame& frame, CrossOriginOpenerPolicy coop, COOPDisposition disposition, const URL& coopURL, const URL& previousResponseURL, const SecurityOrigin& coopOrigin, const SecurityOrigin& previousResponseOrigin, const String& referrer, const String& userAgent)
+{
+    sendCOOPViolationReport(frame, coop, disposition, coopURL, coopOrigin, userAgent, [&](auto& body) {
+        body.setString("previousResponseURL"_s, coopOrigin.isSameOriginAs(previousResponseOrigin) ? sanitizeReferrerForURLReport(previousResponseURL) : String());
+        body.setString("type"_s, "navigation-to-response"_s);
+        body.setString("referrer"_s, referrer);
+    });
+}
+
+// https://html.spec.whatwg.org/multipage/origin.html#coop-violation-navigation-from
+void sendViolationReportWhenNavigatingAwayFromCOOPResponse(Frame& frame, CrossOriginOpenerPolicy coop, COOPDisposition disposition, const URL& coopURL, const URL& nextResponseURL, const SecurityOrigin& coopOrigin, const SecurityOrigin& nextResponseOrigin, bool isCOOPResponseNavigationSource, const String& userAgent)
+{
+    sendCOOPViolationReport(frame, coop, disposition, coopURL, coopOrigin, userAgent, [&](auto& body) {
+        body.setString("nextResponseURL"_s, coopOrigin.isSameOriginAs(nextResponseOrigin) || isCOOPResponseNavigationSource ? sanitizeReferrerForURLReport(nextResponseURL) : String());
+        body.setString("type"_s, "navigation-from-response"_s);
+    });
+}
+
 } // namespace WebCore

trunk/Source/WebCore/loader/CrossOriginOpenerPolicy.h

@@ -107 +107 @@
 };
 
+enum class COOPDisposition : bool { Reporting , Enforce };
+
 CrossOriginOpenerPolicy obtainCrossOriginOpenerPolicy(const ResourceResponse&, const ScriptExecutionContext&);
 WEBCORE_EXPORT void addCrossOriginOpenerPolicyHeaders(ResourceResponse&, const CrossOriginOpenerPolicy&);
+void sendViolationReportWhenNavigatingToCOOPResponse(Frame&, CrossOriginOpenerPolicy, COOPDisposition, const URL& coopURL, const URL& previousResponseURL, const SecurityOrigin& coopOrigin, const SecurityOrigin& previousResponseOrigin, const String& referrer, const String& userAgent);
+void sendViolationReportWhenNavigatingAwayFromCOOPResponse(Frame&, CrossOriginOpenerPolicy, COOPDisposition, const URL& coopURL, const URL& nextResponseURL, const SecurityOrigin& coopOrigin, const SecurityOrigin& nextResponseOrigin, bool isCOOPResponseNavigationSource, const String& userAgent);
 
 } // namespace WebCore

trunk/Source/WebCore/loader/DocumentLoader.cpp

@@ -80 +80 @@
 #include "ProgressTracker.h"
 #include "Quirks.h"
+#include "ReportingEndpointsCache.h"
 #include "ResourceHandle.h"
 #include "ResourceLoadObserver.h"
@@ -633 +634 @@
 
     bool didReceiveRedirectResponse = !redirectResponse.isNull();
+    if (didReceiveRedirectResponse && m_frame->isMainFrame()) {
+        if (auto reportingEndpointsCache = m_frame->page() ? m_frame->page()->reportingEndpointsCache() : nullptr)
+            reportingEndpointsCache->addEndPointsFromResponse(redirectResponse);
+    }
+
     if (!frameLoader()->checkIfFormActionAllowedByCSP(newRequest.url(), didReceiveRedirectResponse)) {
         DOCUMENTLOADER_RELEASE_LOG("willSendRequest: canceling - form action not allowed by CSP");
@@ -758 +764 @@
 
     return true;
+}
+
+// https://html.spec.whatwg.org/multipage/origin.html#check-bcg-switch-navigation-report-only
+static bool checkIfEnforcingReportOnlyCOOPWouldRequireBrowsingContextGroupSwitch(bool isInitialAboutBlank, const CrossOriginOpenerPolicy& activeDocumentCOOP, const SecurityOrigin& activeDocumentNavigationOrigin, const CrossOriginOpenerPolicy& responseCOOP, const SecurityOrigin& responseOrigin)
+{
+    if (!checkIfCOOPValuesRequireBrowsingContextGroupSwitch(isInitialAboutBlank, activeDocumentCOOP.reportOnlyValue, activeDocumentNavigationOrigin, responseCOOP.reportOnlyValue, responseOrigin))
+        return false;
+
+    if (checkIfCOOPValuesRequireBrowsingContextGroupSwitch(isInitialAboutBlank, activeDocumentCOOP.reportOnlyValue, activeDocumentNavigationOrigin, responseCOOP.value, responseOrigin))
+        return true;
+
+    if (checkIfCOOPValuesRequireBrowsingContextGroupSwitch(isInitialAboutBlank, activeDocumentCOOP.value, activeDocumentNavigationOrigin, responseCOOP.reportOnlyValue, responseOrigin))
+        return true;
+
+    return false;
 }
 
@@ -814 +835 @@
             currentContextIsSource,
         };
+        if (SecurityPolicy::shouldInheritSecurityOriginFromOwner(m_frame->document()->url())) {
+            if (auto openerFrame = m_frame->loader().opener()) {
+                if (auto openerDocument = openerFrame->document())
+                    m_currentCoopEnforcementResult->url = openerDocument->url();
+            }
+        }
     }
 
@@ -825 +852 @@
     };
 
-    if (checkIfCOOPValuesRequireBrowsingContextGroupSwitch(frameLoader()->stateMachine().isDisplayingInitialEmptyDocument(), m_currentCoopEnforcementResult->crossOriginOpenerPolicy.value, m_currentCoopEnforcementResult->currentOrigin, responseCOOP.value, responseOrigin))
+    if (checkIfCOOPValuesRequireBrowsingContextGroupSwitch(frameLoader()->stateMachine().isDisplayingInitialEmptyDocument(), m_currentCoopEnforcementResult->crossOriginOpenerPolicy.value, m_currentCoopEnforcementResult->currentOrigin, responseCOOP.value, responseOrigin)) {
         newCOOPEnforcementResult.needsBrowsingContextGroupSwitch = true;
+
+        // FIXME: Add the concept of browsing context group like in the specification instead of treating the whole process as a group.
+        if (Page::nonUtilityPageCount() > 1) {
+            sendViolationReportWhenNavigatingToCOOPResponse(*m_frame, responseCOOP, COOPDisposition::Enforce, responseURL, m_currentCoopEnforcementResult->url, responseOrigin, m_currentCoopEnforcementResult->currentOrigin, m_request.httpReferrer(), m_request.httpUserAgent());
+            sendViolationReportWhenNavigatingAwayFromCOOPResponse(*m_frame, m_currentCoopEnforcementResult->crossOriginOpenerPolicy, COOPDisposition::Enforce, m_currentCoopEnforcementResult->url, responseURL, m_currentCoopEnforcementResult->currentOrigin, responseOrigin, m_currentCoopEnforcementResult->isCurrentContextNavigationSource, m_request.httpUserAgent());
+        }
+    }
+
+    if (checkIfEnforcingReportOnlyCOOPWouldRequireBrowsingContextGroupSwitch(frameLoader()->stateMachine().isDisplayingInitialEmptyDocument(), m_currentCoopEnforcementResult->crossOriginOpenerPolicy, m_currentCoopEnforcementResult->currentOrigin, responseCOOP, responseOrigin)) {
+        newCOOPEnforcementResult.needsBrowsingContextGroupSwitchDueToReportOnly = true;
+
+        // FIXME: Add the concept of browsing context group like in the specification instead of treating the whole process as a group.
+        if (Page::nonUtilityPageCount() > 1) {
+            sendViolationReportWhenNavigatingToCOOPResponse(*m_frame, responseCOOP, COOPDisposition::Reporting, responseURL, m_currentCoopEnforcementResult->url, responseOrigin, m_currentCoopEnforcementResult->currentOrigin, m_request.httpReferrer(), m_request.httpUserAgent());
+            sendViolationReportWhenNavigatingAwayFromCOOPResponse(*m_frame, m_currentCoopEnforcementResult->crossOriginOpenerPolicy, COOPDisposition::Reporting, m_currentCoopEnforcementResult->url, responseURL, m_currentCoopEnforcementResult->currentOrigin, responseOrigin, m_currentCoopEnforcementResult->isCurrentContextNavigationSource, m_request.httpUserAgent());
+        }
+    }
 
     return newCOOPEnforcementResult;
@@ -987 +1031 @@
     if (willLoadFallback)
         return;
+
+    if (m_frame->isMainFrame()) {
+        if (auto reportingEndpointsCache = m_frame->page() ? m_frame->page()->reportingEndpointsCache() : nullptr)
+            reportingEndpointsCache->addEndPointsFromResponse(response);
+    }
 
     ASSERT(m_identifierForLoadWithoutResourceLoader || m_mainResource);

trunk/Source/WebCore/loader/PingLoader.cpp

@@ -175 +175 @@
         request.setHTTPContentType("application/json"_s);
         break;
+    case ViolationReportType::StandardReportingAPIViolation:
+        request.setHTTPContentType("application/reports+json"_s);
+        break;
     }
 
@@ -185 +188 @@
     HTTPHeaderMap originalRequestHeader = request.httpHeaderFields();
 
-    frame.loader().updateRequestAndAddExtraFields(request, IsMainResource::No);
+    if (reportType != ViolationReportType::StandardReportingAPIViolation)
+        frame.loader().updateRequestAndAddExtraFields(request, IsMainResource::No);
 
     String referrer = SecurityPolicy::generateReferrerHeader(document.referrerPolicy(), reportURL, frame.loader().outgoingReferrer());
@@ -191 +195 @@
         request.setHTTPReferrer(referrer);
 
-    startPingLoad(frame, request, WTFMove(originalRequestHeader), ShouldFollowRedirects::No, ContentSecurityPolicyImposition::SkipPolicyCheck, ReferrerPolicy::EmptyString);
-}
-
-void PingLoader::startPingLoad(Frame& frame, ResourceRequest& request, HTTPHeaderMap&& originalRequestHeaders, ShouldFollowRedirects shouldFollowRedirects, ContentSecurityPolicyImposition policyCheck, ReferrerPolicy referrerPolicy)
+    startPingLoad(frame, request, WTFMove(originalRequestHeader), ShouldFollowRedirects::No, ContentSecurityPolicyImposition::SkipPolicyCheck, ReferrerPolicy::EmptyString, reportType);
+}
+
+void PingLoader::startPingLoad(Frame& frame, ResourceRequest& request, HTTPHeaderMap&& originalRequestHeaders, ShouldFollowRedirects shouldFollowRedirects, ContentSecurityPolicyImposition policyCheck, ReferrerPolicy referrerPolicy, std::optional<ViolationReportType> violationReportType)
 {
     unsigned long identifier = frame.page()->progress().createUniqueIdentifier();
@@ -212 +216 @@
     options.cache = FetchOptions::Cache::NoCache;
 
+    // https://www.w3.org/TR/reporting/#try-delivery
+    if (violationReportType == ViolationReportType::StandardReportingAPIViolation) {
+        options.credentials = FetchOptions::Credentials::SameOrigin;
+        options.mode = FetchOptions::Mode::Cors;
+        options.serviceWorkersMode = ServiceWorkersMode::None;
+        options.destination = FetchOptions::Destination::Report;
+    }
+
     // FIXME: Deprecate the ping load code path.
     if (platformStrategies()->loaderStrategy()->usePingLoad()) {

trunk/Source/WebCore/loader/PingLoader.h

@@ -44 +44 @@
 class ResourceRequest;
 
-enum class ViolationReportType {
+enum class ViolationReportType : uint8_t {
     ContentSecurityPolicy,
     XSSAuditor,
+    StandardReportingAPIViolation // https://www.w3.org/TR/reporting/#try-delivery
 };
 
@@ -59 +60 @@
 private:
     enum class ShouldFollowRedirects { No, Yes };
-    static void startPingLoad(Frame&, ResourceRequest&, HTTPHeaderMap&& originalRequestHeaders, ShouldFollowRedirects, ContentSecurityPolicyImposition, ReferrerPolicy);
+    static void startPingLoad(Frame&, ResourceRequest&, HTTPHeaderMap&& originalRequestHeaders, ShouldFollowRedirects, ContentSecurityPolicyImposition, ReferrerPolicy, std::optional<ViolationReportType> = std::nullopt);
 };
 

trunk/Source/WebCore/loader/WorkerThreadableLoader.cpp

@@ -46 +46 @@
 #include "ServiceWorkerGlobalScope.h"
 #include "ThreadableLoader.h"
+#include "WorkerGlobalScope.h"
 #include "WorkerLoaderProxy.h"
 #include "WorkerOrWorkletGlobalScope.h"

trunk/Source/WebCore/loader/cache/CachedResourceLoader.cpp

@@ -359 +359 @@
 ResourceErrorOr<CachedResourceHandle<CachedRawResource>> CachedResourceLoader::requestPingResource(CachedResourceRequest&& request)
 {
-    ASSERT(request.options().destination == FetchOptions::Destination::EmptyString);
+    ASSERT(request.options().destination == FetchOptions::Destination::EmptyString || request.options().destination == FetchOptions::Destination::Report);
     return castCachedResourceTo<CachedRawResource>(requestResource(CachedResource::Type::Ping, WTFMove(request)));
 }

trunk/Source/WebCore/page/Page.cpp

@@ -118 +118 @@
 #include "RenderWidget.h"
 #include "RenderingUpdateScheduler.h"
+#include "ReportingEndpointsCache.h"
 #include "ResizeObserver.h"
 #include "ResourceUsageOverlay.h"
@@ -329 +330 @@
     , m_httpsUpgradeEnabled(pageConfiguration.httpsUpgradeEnabled)
     , m_permissionController(WTFMove(pageConfiguration.permissionController))
+    , m_reportingEndpointsCache(WTFMove(pageConfiguration.reportingEndpointsCache))
     , m_storageProvider(WTFMove(pageConfiguration.storageProvider))
 {

trunk/Source/WebCore/page/Page.h

@@ -140 +140 @@
 class ProgressTracker;
 class RenderObject;
+class ReportingEndpointsCache;
 class ResourceUsageOverlay;
 class RenderingUpdateScheduler;
@@ -308 +309 @@
 #endif
 
+    ReportingEndpointsCache* reportingEndpointsCache() { return m_reportingEndpointsCache.get(); }
+
     Chrome& chrome() const { return *m_chrome; }
     DragCaretController& dragCaretController() const { return *m_dragCaretController; }
@@ -1201 +1204 @@
 
     Ref<PermissionController> m_permissionController;
+    RefPtr<ReportingEndpointsCache> m_reportingEndpointsCache;
     UniqueRef<StorageProvider> m_storageProvider;
 

trunk/Source/WebCore/page/PageConfiguration.cpp

@@ -44 +44 @@
 #include "PluginInfoProvider.h"
 #include "ProgressTrackerClient.h"
+#include "ReportingEndpointsCache.h"
 #include "SocketProvider.h"
 #include "SpeechRecognitionProvider.h"

trunk/Source/WebCore/page/PageConfiguration.h

@@ -63 +63 @@
 class PluginInfoProvider;
 class ProgressTrackerClient;
+class ReportingEndpointsCache;
 class SocketProvider;
 class SpeechRecognitionProvider;
@@ -134 +135 @@
     UniqueRef<SpeechRecognitionProvider> speechRecognitionProvider;
     UniqueRef<MediaRecorderProvider> mediaRecorderProvider;
+    RefPtr<ReportingEndpointsCache> reportingEndpointsCache;
 
     // FIXME: These should be all be Settings.

trunk/Source/WebCore/platform/network/HTTPHeaderNames.in

@@ -84 +84 @@
 Referrer-Policy
 Refresh
+Report-To
 Sec-WebSocket-Accept
 Sec-WebSocket-Extensions

trunk/Source/WebKit/ChangeLog

@@ +1 @@
+2021-09-10  Chris Dumez  <cdumez@apple.com>
+
+        Implement navigation reporting for Cross-Origin-Opener-Policy
+        https://bugs.webkit.org/show_bug.cgi?id=230046
+
+        Reviewed by Alex Christensen.
+
+        * NetworkProcess/NetworkConnectionToWebProcess.cpp:
+        (WebKit::NetworkConnectionToWebProcess::didCleanupResourceLoader):
+        Now that we may abort expired loaders that are cached on the NetworkSession
+        (because awaiting transfer to another web process connection), we would hit
+        this assertion because the loader is not associated with this connection
+        anymore at the point it is adopted. For this reason, I silenced this
+        assertion.
+
+        * NetworkProcess/NetworkSession.cpp:
+        (WebKit::NetworkSession::CachedNetworkResourceLoader::expirationTimerFired):
+        Abort the loader before destroying it to avoid hitting an assertion in the
+        destructor (loaders cannot be loading at the point they are destroyed).
+
 2021-09-10  Stephan Szabo  <stephan.szabo@sony.com>
 

trunk/Source/WebKit/NetworkProcess/NetworkConnectionToWebProcess.cpp

@@ -176 +176 @@
     }
 
-    ASSERT(m_networkResourceLoaders.get(loader.coreIdentifier()) == &loader);
     m_networkResourceLoaders.remove(loader.coreIdentifier());
 }

trunk/Source/WebKit/NetworkProcess/NetworkSession.cpp

@@ -430 +430 @@
 
     auto loader = session->takeLoaderAwaitingWebProcessTransfer(m_loader->identifier());
-    ASSERT_UNUSED(loader, loader);
+    ASSERT(loader);
+    if (loader)
+        loader->abort();
 }
 

trunk/Source/WebKit/WebProcess/WebPage/WebPage.cpp

@@ -232 +232 @@
 #include <WebCore/RenderTreeAsText.h>
 #include <WebCore/RenderView.h>
+#include <WebCore/ReportingEndpointsCache.h>
 #include <WebCore/ResourceLoadStatistics.h>
 #include <WebCore/ResourceRequest.h>
@@ -605 +606 @@
     pageConfiguration.storageNamespaceProvider = WebStorageNamespaceProvider::getOrCreate(*m_pageGroup);
     pageConfiguration.visitedLinkStore = VisitedLinkTableController::getOrCreate(parameters.visitedLinkTableID);
+    pageConfiguration.reportingEndpointsCache = &WebProcess::singleton().reportingEndpointsCache();
 
 #if ENABLE(APPLE_PAY)

trunk/Source/WebKit/WebProcess/WebProcess.cpp

@@ -127 +127 @@
 #include <WebCore/RegistrableDomain.h>
 #include <WebCore/RemoteCommandListener.h>
+#include <WebCore/ReportingEndpointsCache.h>
 #include <WebCore/ResourceLoadStatistics.h>
 #include <WebCore/RuntimeApplicationChecks.h>
@@ -275 +276 @@
     , m_broadcastChannelRegistry(WebBroadcastChannelRegistry::create())
     , m_cookieJar(WebCookieJar::create())
+    , m_reportingEndpointsCache(ReportingEndpointsCache::create())
     , m_dnsPrefetchHystereris([this](PAL::HysteresisState state) { if (state == PAL::HysteresisState::Stopped) m_dnsPrefetchedHosts.clear(); })
 #if ENABLE(NETSCAPE_PLUGIN_API)

trunk/Source/WebKit/WebProcess/WebProcess.h

@@ -95 +95 @@
 class PageGroup;
 class RegistrableDomain;
+class ReportingEndpointsCache;
 class ResourceRequest;
 class UserGestureToken;
@@ -341 +342 @@
     WebCookieJar& cookieJar() { return m_cookieJar.get(); }
     WebSocketChannelManager& webSocketChannelManager() { return m_webSocketChannelManager; }
+    WebCore::ReportingEndpointsCache& reportingEndpointsCache() { return m_reportingEndpointsCache.get(); }
 
 #if PLATFORM(IOS_FAMILY) && !PLATFORM(MACCATALYST)
@@ -663 +665 @@
     Ref<WebBroadcastChannelRegistry> m_broadcastChannelRegistry;
     Ref<WebCookieJar> m_cookieJar;
+    Ref<WebCore::ReportingEndpointsCache> m_reportingEndpointsCache;
     WebSocketChannelManager m_webSocketChannelManager;
 

trunk/Tools/ChangeLog

@@ +1 @@
+2021-09-10  Chris Dumez  <cdumez@apple.com>
+
+        Implement navigation reporting for Cross-Origin-Opener-Policy
+        https://bugs.webkit.org/show_bug.cgi?id=230046
+
+        Reviewed by Alex Christensen.
+
+        Fix issue where [DumpJSConsoleLogInStdErr] was not working for tests that process-swap
+        due to COOP. Some data members on InjectedBundle such as m_dumpJSConsoleLogInStdErr
+        were only set in didReceiveMessageToPage(), before calling beginTesting(). However, in
+        case of process-swap, beginTesting() gets called a second time in the new process, from
+        InjectedBundle::didCreatePage() with BegingTestingMode::Resume. As a result, the
+        m_dumpJSConsoleLogInStdErr flag was not getting set in the new process' injected bundle
+        after a process-swap. To address the issue, those data members now get initialized in
+        beginTesting() instead.
+
+        * WebKitTestRunner/InjectedBundle/InjectedBundle.cpp:
+        (WTR::InjectedBundle::didReceiveMessageToPage):
+        (WTR::InjectedBundle::beginTesting):
+
 2021-09-10  Jonathan Bedard  <jbedard@apple.com>
 

trunk/Tools/WebKitTestRunner/InjectedBundle/InjectedBundle.cpp

@@ -193 +193 @@
         ASSERT(messageBody);
         auto messageBodyDictionary = dictionaryValue(messageBody);
-        m_dumpPixels = booleanValue(messageBodyDictionary, "DumpPixels");
-        m_timeout = Seconds::fromMilliseconds(uint64Value(messageBodyDictionary, "Timeout"));
-        m_dumpJSConsoleLogInStdErr = booleanValue(messageBodyDictionary, "DumpJSConsoleLogInStdErr");
         WKBundlePagePostMessage(page, toWK("Ack").get(), toWK("BeginTest").get());
         beginTesting(messageBodyDictionary, BegingTestingMode::New);
@@ -492 +489 @@
     m_state = Testing;
 
+    m_dumpPixels = booleanValue(settings, "DumpPixels");
+    m_timeout = Seconds::fromMilliseconds(uint64Value(settings, "Timeout"));
+    m_dumpJSConsoleLogInStdErr = booleanValue(settings, "DumpJSConsoleLogInStdErr");
+
     m_pixelResult.clear();
     m_repaintRects.clear();