// META: script=/resources/testdriver.js
// META: script=/resources/testdriver-vendor.js
// META: script=/common/subset-tests.js
// META: script=/common/utils.js
// META: script=resources/fledge-util.sub.js
// META: timeout=long
// META: variant=?1-5
// META: variant=?6-10
// META: variant=?11-15
// META: variant=?16-last
"use strict";
// These tests focus on Protected Audience network requests - make sure they
// have no cookies, can set no cookies, and otherwise behave in the expected
// manner as related to the fetch spec. These tests don't cover additional
// request or response headers specific to Protected Audience API.
// URL that sets a cookie named "cookie" with a value of "cookie".
const SET_COOKIE_URL = `${BASE_URL}resources/set-cookie.asis`;
// URL that redirects to trusted bidding or scoring signals, depending on the
// query parameters, maintaining the query parameters for the redirect.
const REDIRECT_TO_TRUSTED_SIGNALS_URL = `${BASE_URL}resources/redirect-to-trusted-signals.py`;
// Returns a URL that stores request headers. Headers can later be retrieved
// as a name-to-list-of-values mapping with
// "(await fetchTrackedData(uuid)).trackedHeaders"
function createHeaderTrackerURL(uuid) {
return createTrackerURL(window.location.origin, uuid, 'track_headers');
}
// Returns a URL that redirects to the provided URL. Uses query strings, so
// not suitable for generating trusted bidding/scoring signals URLs.
function createRedirectURL(location) {
let url = new URL(`${BASE_URL}resources/redirect.py`);
url.searchParams.append('location', location);
return url.toString();
}
// Assert that "headers" has a single header with "name", whose value is "value".
function assertHasHeader(headers, name, value) {
assert_equals(JSON.stringify(headers[name]), JSON.stringify([value]),
'Header ' + name);
}
// Assert that "headers" has no header with "name"
function assertDoesNotHaveHeader(headers, name) {
assert_equals(headers[name], undefined, 'Header ' + name);
}
subsetTest(promise_test, async test => {
const uuid = generateUuid(test);
await setCookie(test);
await joinGroupAndRunBasicFledgeTestExpectingNoWinner(
test,
{ uuid: uuid,
interestGroupOverrides: { biddingLogicURL: createHeaderTrackerURL(uuid) }
});
let headers = (await fetchTrackedData(uuid)).trackedHeaders;
assertHasHeader(headers, 'accept', 'application/javascript');
assertHasHeader(headers, 'sec-fetch-dest', 'empty');
assertHasHeader(headers, 'sec-fetch-mode', 'no-cors');
assertHasHeader(headers, 'sec-fetch-site', 'same-origin');
assertDoesNotHaveHeader(headers, 'cookie');
assertDoesNotHaveHeader(headers, 'referer');
}, 'biddingLogicURL request headers.');
subsetTest(promise_test, async test => {
const uuid = generateUuid(test);
await deleteAllCookies();
await joinGroupAndRunBasicFledgeTestExpectingNoWinner(
test,
{ uuid: uuid,
interestGroupOverrides: { biddingLogicURL: SET_COOKIE_URL }
});
assert_equals(document.cookie, '');
await deleteAllCookies();
}, 'biddingLogicURL Set-Cookie.');
subsetTest(promise_test, async test => {
const uuid = generateUuid(test);
await joinGroupAndRunBasicFledgeTestExpectingNoWinner(
test,
{ uuid: uuid,
interestGroupOverrides: {
biddingLogicURL: createRedirectURL(createBiddingScriptURL()) }
});
}, 'biddingLogicURL redirect.');
subsetTest(promise_test, async test => {
const uuid = generateUuid(test);
await setCookie(test);
await joinGroupAndRunBasicFledgeTestExpectingNoWinner(
test,
{ uuid: uuid,
interestGroupOverrides: { biddingWasmHelperURL: createHeaderTrackerURL(uuid) }
});
let headers = (await fetchTrackedData(uuid)).trackedHeaders;
assertHasHeader(headers, 'accept', 'application/wasm');
assertHasHeader(headers, 'sec-fetch-dest', 'empty');
assertHasHeader(headers, 'sec-fetch-mode', 'no-cors');
assertHasHeader(headers, 'sec-fetch-site', 'same-origin');
assertDoesNotHaveHeader(headers, 'cookie');
assertDoesNotHaveHeader(headers, 'referer');
}, 'biddingWasmHelperURL request headers.');
subsetTest(promise_test, async test => {
const uuid = generateUuid(test);
await deleteAllCookies();
await joinGroupAndRunBasicFledgeTestExpectingNoWinner(
test,
{ uuid: uuid,
interestGroupOverrides: { biddingWasmHelperURL: SET_COOKIE_URL }
});
assert_equals(document.cookie, '');
await deleteAllCookies();
}, 'biddingWasmHelperURL Set-Cookie.');
subsetTest(promise_test, async test => {
const uuid = generateUuid(test);
await joinGroupAndRunBasicFledgeTestExpectingNoWinner(
test,
{ uuid: uuid,
interestGroupOverrides:
{ biddingWasmHelperURL: createRedirectURL(createBiddingWasmHelperURL()) }
});
}, 'biddingWasmHelperURL redirect.');
subsetTest(promise_test, async test => {
const uuid = generateUuid(test);
await setCookie(test);
await joinGroupAndRunBasicFledgeTestExpectingNoWinner(
test,
{ uuid: uuid,
auctionConfigOverrides: { decisionLogicURL: createHeaderTrackerURL(uuid) }
});
let headers = (await fetchTrackedData(uuid)).trackedHeaders;
assertHasHeader(headers, 'accept', 'application/javascript');
assertHasHeader(headers, 'sec-fetch-dest', 'empty');
assertHasHeader(headers, 'sec-fetch-mode', 'no-cors');
assertHasHeader(headers, 'sec-fetch-site', 'same-origin');
assertDoesNotHaveHeader(headers, 'cookie');
assertDoesNotHaveHeader(headers, 'referer');
}, 'decisionLogicURL request headers.');
subsetTest(promise_test, async test => {
const uuid = generateUuid(test);
await deleteAllCookies();
await joinGroupAndRunBasicFledgeTestExpectingNoWinner(
test,
{ uuid: uuid,
auctionConfigOverrides: { decisionLogicURL: SET_COOKIE_URL }
});
assert_equals(document.cookie, '');
await deleteAllCookies();
}, 'decisionLogicURL Set-Cookie.');
subsetTest(promise_test, async test => {
const uuid = generateUuid(test);
await joinGroupAndRunBasicFledgeTestExpectingNoWinner(
test,
{ uuid: uuid,
auctionConfigOverrides:
{ decisionLogicURL: createRedirectURL(createDecisionScriptURL(uuid)) }
});
}, 'decisionLogicURL redirect.');
subsetTest(promise_test, async test => {
const uuid = generateUuid(test);
await setCookie(test);
await joinGroupAndRunBasicFledgeTestExpectingWinner(
test,
{ uuid: uuid,
interestGroupOverrides: {
trustedBiddingSignalsURL: TRUSTED_BIDDING_SIGNALS_URL,
trustedBiddingSignalsKeys: ['headers'],
biddingLogicURL: createBiddingScriptURL({
generateBid:
`let headers = trustedBiddingSignals.headers;
function checkHeader(name, value) {
jsonActualValue = JSON.stringify(headers[name]);
if (jsonActualValue !== JSON.stringify([value]))
throw "Unexpected " + name + ": " + jsonActualValue;
}
checkHeader("accept", "application/json");
checkHeader("sec-fetch-dest", "empty");
checkHeader("sec-fetch-mode", "cors");
checkHeader("sec-fetch-site", "same-origin");
if (headers.cookie !== undefined)
throw "Unexpected cookie: " + JSON.stringify(headers.cookie);
if (headers.referer !== undefined)
throw "Unexpected referer: " + JSON.stringify(headers.referer);`,
})
}
});
}, 'trustedBiddingSignalsURL request headers.');
subsetTest(promise_test, async test => {
const uuid = generateUuid(test);
let cookieFrame = await createFrame(test, OTHER_ORIGIN1);
await runInFrame(test, cookieFrame, `await setCookie(test_instance)`);
await joinGroupAndRunBasicFledgeTestExpectingWinner(
test,
{ uuid: uuid,
interestGroupOverrides: {
trustedBiddingSignalsURL: CROSS_ORIGIN_TRUSTED_BIDDING_SIGNALS_URL,
trustedBiddingSignalsKeys: ['headers', 'cors'],
biddingLogicURL: createBiddingScriptURL({
generateBid:
`let headers = crossOriginTrustedBiddingSignals[
'${OTHER_ORIGIN1}'].headers;
function checkHeader(name, value) {
jsonActualValue = JSON.stringify(headers[name]);
if (jsonActualValue !== JSON.stringify([value]))
throw "Unexpected " + name + ": " + jsonActualValue;
}
checkHeader("accept", "application/json");
checkHeader("sec-fetch-dest", "empty");
checkHeader("sec-fetch-mode", "cors");
checkHeader("sec-fetch-site", "cross-site");
checkHeader("origin", "${window.location.origin}");
if (headers.cookie !== undefined)
throw "Unexpected cookie: " + JSON.stringify(headers.cookie);
if (headers.referer !== undefined)
throw "Unexpected referer: " + JSON.stringify(headers.referer);`,
})
}
});
}, 'cross-origin trustedBiddingSignalsURL request headers.');
subsetTest(promise_test, async test => {
const uuid = generateUuid(test);
await deleteAllCookies();
await joinGroupAndRunBasicFledgeTestExpectingWinner(
test,
{ uuid: uuid,
interestGroupOverrides: { trustedBiddingSignalsURL: SET_COOKIE_URL }
});
assert_equals(document.cookie, '');
await deleteAllCookies();
}, 'trustedBiddingSignalsURL Set-Cookie.');
subsetTest(promise_test, async test => {
const uuid = generateUuid(test);
await joinGroupAndRunBasicFledgeTestExpectingWinner(
test,
{ uuid: uuid,
interestGroupOverrides: {
trustedBiddingSignalsURL: REDIRECT_TO_TRUSTED_SIGNALS_URL,
trustedBiddingSignalsKeys: ['num-value'],
biddingLogicURL: createBiddingScriptURL({
generateBid:
`// The redirect should not be followed, so no signals should be received.
if (trustedBiddingSignals !== null)
throw "Unexpected trustedBiddingSignals: " + JSON.stringify(trustedBiddingSignals);`
})
}
});
}, 'trustedBiddingSignalsURL redirect.');
subsetTest(promise_test, async test => {
const uuid = generateUuid(test);
await setCookie(test);
let renderURL = createRenderURL(uuid, /*script=*/null, /*signalsParam=*/'headers');
await joinGroupAndRunBasicFledgeTestExpectingWinner(
test,
{ uuid: uuid,
interestGroupOverrides: {
ads: [{ renderURL: renderURL }]
},
auctionConfigOverrides: {
trustedScoringSignalsURL: TRUSTED_SCORING_SIGNALS_URL,
decisionLogicURL: createDecisionScriptURL(uuid,
{
scoreAd:
`let headers = trustedScoringSignals.renderURL["${renderURL}"];
function checkHeader(name, value) {
jsonActualValue = JSON.stringify(headers[name]);
if (jsonActualValue !== JSON.stringify([value]))
throw "Unexpected " + name + ": " + jsonActualValue;
}
checkHeader("accept", "application/json");
checkHeader("sec-fetch-dest", "empty");
checkHeader("sec-fetch-mode", "cors");
checkHeader("sec-fetch-site", "same-origin");
if (headers.cookie !== undefined)
throw "Unexpected cookie: " + JSON.stringify(headers.cookie);
if (headers.referer !== undefined)
throw "Unexpected referer: " + JSON.stringify(headers.referer);`,
})
}
});
}, 'trustedScoringSignalsURL request headers.');
subsetTest(promise_test, async test => {
const uuid = generateUuid(test);
let cookieFrame = await createFrame(test, OTHER_ORIGIN1);
await runInFrame(test, cookieFrame, `await setCookie(test_instance)`);
let renderURL = createRenderURL(uuid, /*script=*/null, /*signalsParam=*/'headers,cors');
await joinGroupAndRunBasicFledgeTestExpectingWinner(
test,
{ uuid: uuid,
interestGroupOverrides: {
ads: [{ renderURL: renderURL }]
},
auctionConfigOverrides: {
trustedScoringSignalsURL: CROSS_ORIGIN_TRUSTED_SCORING_SIGNALS_URL,
decisionLogicURL: createDecisionScriptURL(uuid,
{
permitCrossOriginTrustedSignals: `"${OTHER_ORIGIN1}"`,
scoreAd:
`let headers = crossOriginTrustedScoringSignals[
'${OTHER_ORIGIN1}'].renderURL["${renderURL}"];
function checkHeader(name, value) {
jsonActualValue = JSON.stringify(headers[name]);
if (jsonActualValue !== JSON.stringify([value]))
throw "Unexpected " + name + ": " + jsonActualValue;
}
checkHeader("accept", "application/json");
checkHeader("sec-fetch-dest", "empty");
checkHeader("sec-fetch-mode", "cors");
checkHeader("sec-fetch-site", "cross-site");
checkHeader("origin", "${window.location.origin}");
if (headers.cookie !== undefined)
throw "Unexpected cookie: " + JSON.stringify(headers.cookie);
if (headers.referer !== undefined)
throw "Unexpected referer: " + JSON.stringify(headers.referer);`,
})
}
});
}, 'cross-origin trustedScoringSignalsURL request headers.');
subsetTest(promise_test, async test => {
const uuid = generateUuid(test);
await deleteAllCookies();
await joinGroupAndRunBasicFledgeTestExpectingWinner(
test,
{ uuid: uuid,
auctionConfigOverrides: { trustedScoringSignalsURL: SET_COOKIE_URL }
});
assert_equals(document.cookie, '');
await deleteAllCookies();
}, 'trustedScoringSignalsURL Set-Cookie.');
subsetTest(promise_test, async test => {
const uuid = generateUuid(test);
await joinGroupAndRunBasicFledgeTestExpectingWinner(
test,
{ uuid: uuid,
auctionConfigOverrides: {
trustedScoringSignalsURL: REDIRECT_TO_TRUSTED_SIGNALS_URL,
decisionLogicURL: createDecisionScriptURL(uuid,
{
scoreAd:
`// The redirect should not be followed, so no signals should be received.
if (trustedScoringSignals !== null)
throw "Unexpected trustedScoringSignals: " + JSON.stringify(trustedScoringSignals);`
})
}
});
}, 'trustedScoringSignalsURL redirect.');
Codebase Browser
chromium