Adding changes to COOP audit similar to HSTS audit (recommendations f…

…rom GoogleChrome#16257).
sebastian9er · Dec 4, 2024 · f91ebe6 · f91ebe6
1 parent 9ae444b
commit f91ebe6
Show file tree

Hide file tree

Showing 3 changed files with 96 additions and 15 deletions.
diff --git a/core/audits/origin-isolation.js b/core/audits/origin-isolation.js
@@ -39,7 +39,7 @@ import {Audit} from './audit.js';
 
 >>>>>>> 4d7aa600b (Re-format origin isolation audit and enable it in the default config.)
 const UIStrings = {
-  /** Title of a Lighthouse audit that evaluates the security of a page's COOP      header for origin isolation. "COOP" stands for "Cross-Origin-Opener-Policy". */
+  /** Title of a Lighthouse audit that evaluates the security of a page's COOP header for origin isolation. "COOP" stands for "Cross-Origin-Opener-Policy". */
   title: 'Ensure the proper usage of the COOP header to isolate the origin.',
   /** Description of a Lighthouse audit that evaluates the security of a page's COOP header for origin isolation. This is displayed after a user expands the section to see more. No character length limits. The last sentence starting with 'Learn' becomes link text to additional documentation. "COOP" stands for "Cross-Origin-Opener-Policy". */
   description: 'Deployment of the COOP header allows isolation of the top-level document to not share a browsing context group with cross-origin documents. ' +
@@ -118,6 +118,7 @@ class OriginIsolation extends Audit {
    * @param {LH.Audit.Context} context
 <<<<<<< HEAD
 <<<<<<< HEAD
+<<<<<<< HEAD
 <<<<<<< HEAD
    * @return {Promise<coopHeaders: string[]>}
    */
@@ -166,13 +167,16 @@ class OriginIsolation extends Audit {
 >>>>>>> b2851bf51 (Adding changes to COOP audit similar to HSTS audit (recommendations from https://github.com/GoogleChrome/lighthouse/pull/16257).)
 =======
    * @return {Promise<{coopHeaders: string[]}>}
+=======
+   * @return {Promise<coopHeaders: string[]>}
+>>>>>>> b2851bf51 (Adding changes to COOP audit similar to HSTS audit (recommendations from https://github.com/GoogleChrome/lighthouse/pull/16257).)
    */
   static async getRawCoop(artifacts, context) {
     const devtoolsLog = artifacts.devtoolsLogs[Audit.DEFAULT_PASS];
     const mainResource =
         await MainResource.request({devtoolsLog, URL: artifacts.URL}, context);
 
-    var coopHeaders =
+    let coopHeaders =
         mainResource.responseHeaders
             .filter(h => {
               return h.name.toLowerCase() === 'cross-origin-opener-policy';
@@ -182,8 +186,12 @@ class OriginIsolation extends Audit {
     // Sanitize the header value.
     coopHeaders = coopHeaders.map(v => v.toLowerCase().replace(/\s/g, ''));
 
+<<<<<<< HEAD
     return {coopHeaders};
 >>>>>>> 287296188 (Add Lighthouse audit to check for presence of the COOP header (origin isolation).)
+=======
+    return coopHeaders;
+>>>>>>> b2851bf51 (Adding changes to COOP audit similar to HSTS audit (recommendations from https://github.com/GoogleChrome/lighthouse/pull/16257).)
   }
 
   /**
@@ -236,6 +244,7 @@ class OriginIsolation extends Audit {
         directive: undefined,
 <<<<<<< HEAD
 <<<<<<< HEAD
+<<<<<<< HEAD
 <<<<<<< HEAD
       });
 =======
@@ -247,6 +256,9 @@ class OriginIsolation extends Audit {
 =======
       })
 >>>>>>> 287296188 (Add Lighthouse audit to check for presence of the COOP header (origin isolation).)
+=======
+      });
+>>>>>>> b2851bf51 (Adding changes to COOP audit similar to HSTS audit (recommendations from https://github.com/GoogleChrome/lighthouse/pull/16257).)
     }
 
     for (const actualDirective of coopHeaders) {
@@ -262,6 +274,7 @@ class OriginIsolation extends Audit {
           directive: actualDirective,
         });
 <<<<<<< HEAD
+<<<<<<< HEAD
 =======
       if(!allowedDirectives.includes(actualDirective)){
 =======
@@ -284,6 +297,8 @@ class OriginIsolation extends Audit {
 >>>>>>> b2851bf51 (Adding changes to COOP audit similar to HSTS audit (recommendations from https://github.com/GoogleChrome/lighthouse/pull/16257).)
 =======
 >>>>>>> 287296188 (Add Lighthouse audit to check for presence of the COOP header (origin isolation).)
+=======
+>>>>>>> b2851bf51 (Adding changes to COOP audit similar to HSTS audit (recommendations from https://github.com/GoogleChrome/lighthouse/pull/16257).)
       }
     }
 
@@ -324,6 +339,7 @@ class OriginIsolation extends Audit {
 
 <<<<<<< HEAD
 <<<<<<< HEAD
+<<<<<<< HEAD
 <<<<<<< HEAD
     return {score: violations.length || syntax.length > 1 ? 0 : 1, results};
 =======
@@ -335,6 +351,9 @@ class OriginIsolation extends Audit {
 =======
     return {score: violations.length ? 0 : 1, results};
 >>>>>>> 287296188 (Add Lighthouse audit to check for presence of the COOP header (origin isolation).)
+=======
+    return {score: violations.length || syntax.length > 1 ? 0 : 1, results};
+>>>>>>> b2851bf51 (Adding changes to COOP audit similar to HSTS audit (recommendations from https://github.com/GoogleChrome/lighthouse/pull/16257).)
   }
 
   /**
@@ -345,6 +364,7 @@ class OriginIsolation extends Audit {
   static async audit(artifacts, context) {
 <<<<<<< HEAD
 <<<<<<< HEAD
+<<<<<<< HEAD
 <<<<<<< HEAD
     const coopHeaders = await this.getRawCoop(artifacts, context);
 =======
@@ -356,14 +376,17 @@ class OriginIsolation extends Audit {
 =======
     const {coopHeaders} = await this.getRawCoop(artifacts, context);
 >>>>>>> 287296188 (Add Lighthouse audit to check for presence of the COOP header (origin isolation).)
+=======
+    const coopHeaders = await this.getRawCoop(artifacts, context);
+>>>>>>> b2851bf51 (Adding changes to COOP audit similar to HSTS audit (recommendations from https://github.com/GoogleChrome/lighthouse/pull/16257).)
     const {score, results} = this.constructResults(coopHeaders);
 
     /** @type {LH.Audit.Details.Table['headings']} */
     const headings = [
       /* eslint-disable max-len */
-      { key: 'description', valueType: 'text', subItemsHeading: {key: 'description'}, label: str_(i18n.UIStrings.columnDescription)},
-      { key: 'directive', valueType: 'code', subItemsHeading: {key: 'directive'}, label: str_(UIStrings.columnDirective)},
-      { key: 'severity', valueType: 'text', subItemsHeading: {key: 'severity'}, label: str_(UIStrings.columnSeverity)},
+      {key: 'description', valueType: 'text', subItemsHeading: {key: 'description'}, label: str_(i18n.UIStrings.columnDescription)},
+      {key: 'directive', valueType: 'code', subItemsHeading: {key: 'directive'}, label: str_(UIStrings.columnDirective)},
+      {key: 'severity', valueType: 'text', subItemsHeading: {key: 'severity'}, label: str_(UIStrings.columnSeverity)},
       /* eslint-enable max-len */
     ];
     const details = Audit.makeTableDetails(headings, results);

diff --git a/core/config/default-config.js b/core/config/default-config.js
@@ -552,13 +552,17 @@ const defaultConfig = {
         {id: 'csp-xss', weight: 0, group: 'best-practices-trust-safety'},
         {id: 'has-hsts', weight: 0, group: 'best-practices-trust-safety'},
 <<<<<<< HEAD
+<<<<<<< HEAD
 <<<<<<< HEAD
         {id: 'origin-isolation', weight: 0, group: 'hidden'},
 =======
 >>>>>>> 5fb0b760d (Adding a lighthouse audit to check for the presence of HSTS.)
 =======
         {id: 'origin-isolation', weight: 0, group: 'best-practices-trust-safety'},
 >>>>>>> 4d7aa600b (Re-format origin isolation audit and enable it in the default config.)
+=======
+        {id: 'origin-isolation', weight: 0},
+>>>>>>> b2851bf51 (Adding changes to COOP audit similar to HSTS audit (recommendations from https://github.com/GoogleChrome/lighthouse/pull/16257).)
         // User Experience
         {id: 'paste-preventing-inputs', weight: 3, group: 'best-practices-ux'},
         {id: 'image-aspect-ratio', weight: 1, group: 'best-practices-ux'},

diff --git a/core/test/audits/origin-isolation-test.js b/core/test/audits/origin-isolation-test.js
@@ -27,6 +27,7 @@ it('marked N/A if no violations found', async () => {
   };
 <<<<<<< HEAD
 <<<<<<< HEAD
+<<<<<<< HEAD
 <<<<<<< HEAD
   const results =
       await OriginIsolation.audit(artifacts, {computedCache: new Map()});
@@ -40,6 +41,10 @@ it('marked N/A if no violations found', async () => {
 =======
   const results = await OriginIsolation.audit(artifacts, {computedCache: new Map()});
 >>>>>>> 287296188 (Add Lighthouse audit to check for presence of the COOP header (origin isolation).)
+=======
+  const results =
+      await OriginIsolation.audit(artifacts, {computedCache: new Map()});
+>>>>>>> b2851bf51 (Adding changes to COOP audit similar to HSTS audit (recommendations from https://github.com/GoogleChrome/lighthouse/pull/16257).)
   expect(results.details.items).toHaveLength(0);
   expect(results.notApplicable).toBeTruthy();
 });
@@ -65,6 +70,7 @@ it('No COOP header found', async () => {
 
 <<<<<<< HEAD
 <<<<<<< HEAD
+<<<<<<< HEAD
 <<<<<<< HEAD
   const results =
       await OriginIsolation.audit(artifacts, {computedCache: new Map()});
@@ -89,9 +95,17 @@ it('No COOP header found', async () => {
 <<<<<<< HEAD
 =======
   const results = await OriginIsolation.audit(artifacts, {computedCache: new Map()});
+=======
+  const results =
+      await OriginIsolation.audit(artifacts, {computedCache: new Map()});
+>>>>>>> b2851bf51 (Adding changes to COOP audit similar to HSTS audit (recommendations from https://github.com/GoogleChrome/lighthouse/pull/16257).)
   expect(results.notApplicable).toBeFalsy();
+  expect(results.details.items[0].severity).toBeDisplayString('High');
+  expect(results.details.items[0].description)
+      .toBeDisplayString('No COOP header found');
   expect(results.details.items).toMatchObject([
     {
+<<<<<<< HEAD
 >>>>>>> 287296188 (Add Lighthouse audit to check for presence of the COOP header (origin isolation).)
       severity: {
         i18nId: "core/lib/i18n/i18n.js | itemSeverityHigh",
@@ -109,6 +123,8 @@ it('No COOP header found', async () => {
 >>>>>>> b2851bf51 (Adding changes to COOP audit similar to HSTS audit (recommendations from https://github.com/GoogleChrome/lighthouse/pull/16257).)
 =======
 >>>>>>> 287296188 (Add Lighthouse audit to check for presence of the COOP header (origin isolation).)
+=======
+>>>>>>> b2851bf51 (Adding changes to COOP audit similar to HSTS audit (recommendations from https://github.com/GoogleChrome/lighthouse/pull/16257).)
       directive: undefined,
     },
   ]);
@@ -135,6 +151,7 @@ it('Messed up directive.', async () => {
 
 <<<<<<< HEAD
 <<<<<<< HEAD
+<<<<<<< HEAD
 <<<<<<< HEAD
   const results =
       await OriginIsolation.audit(artifacts, {computedCache: new Map()});
@@ -160,9 +177,17 @@ it('Messed up directive.', async () => {
 <<<<<<< HEAD
 =======
   const results = await OriginIsolation.audit(artifacts, {computedCache: new Map()});
+=======
+  const results =
+      await OriginIsolation.audit(artifacts, {computedCache: new Map()});
+>>>>>>> b2851bf51 (Adding changes to COOP audit similar to HSTS audit (recommendations from https://github.com/GoogleChrome/lighthouse/pull/16257).)
   expect(results.notApplicable).toBeFalsy();
+  expect(results.details.items[0].severity).toBeDisplayString('Low');
+  expect(results.details.items[0].description)
+      .toBeDisplayString('Invalid syntax');
   expect(results.details.items).toMatchObject([
     {
+<<<<<<< HEAD
 >>>>>>> 287296188 (Add Lighthouse audit to check for presence of the COOP header (origin isolation).)
       severity: {
         i18nId: "core/lib/i18n/i18n.js | itemSeverityLow",
@@ -182,6 +207,9 @@ it('Messed up directive.', async () => {
 >>>>>>> b2851bf51 (Adding changes to COOP audit similar to HSTS audit (recommendations from https://github.com/GoogleChrome/lighthouse/pull/16257).)
 =======
 >>>>>>> 287296188 (Add Lighthouse audit to check for presence of the COOP header (origin isolation).)
+=======
+      directive: 'foodirective',
+>>>>>>> b2851bf51 (Adding changes to COOP audit similar to HSTS audit (recommendations from https://github.com/GoogleChrome/lighthouse/pull/16257).)
     },
   ]);
 });
@@ -210,6 +238,7 @@ describe('getRawCoop', () => {
     };
 <<<<<<< HEAD
 <<<<<<< HEAD
+<<<<<<< HEAD
 <<<<<<< HEAD
     const coopHeaders =
 =======
@@ -221,6 +250,9 @@ describe('getRawCoop', () => {
 =======
     const {coopHeaders} =
 >>>>>>> 287296188 (Add Lighthouse audit to check for presence of the COOP header (origin isolation).)
+=======
+    const coopHeaders =
+>>>>>>> b2851bf51 (Adding changes to COOP audit similar to HSTS audit (recommendations from https://github.com/GoogleChrome/lighthouse/pull/16257).)
       await OriginIsolation.getRawCoop(artifacts, {computedCache: new Map()});
     expect(coopHeaders).toEqual([
       `same-origin`,
@@ -250,6 +282,7 @@ describe('getRawCoop', () => {
     };
 <<<<<<< HEAD
 <<<<<<< HEAD
+<<<<<<< HEAD
 <<<<<<< HEAD
     const coopHeaders =
 =======
@@ -261,6 +294,9 @@ describe('getRawCoop', () => {
 =======
     const {coopHeaders} =
 >>>>>>> 287296188 (Add Lighthouse audit to check for presence of the COOP header (origin isolation).)
+=======
+    const coopHeaders =
+>>>>>>> b2851bf51 (Adding changes to COOP audit similar to HSTS audit (recommendations from https://github.com/GoogleChrome/lighthouse/pull/16257).)
       await OriginIsolation.getRawCoop(artifacts, {computedCache: new Map()});
     expect(coopHeaders).toEqual([
       ``,
@@ -290,6 +326,7 @@ describe('getRawCoop', () => {
     };
 <<<<<<< HEAD
 <<<<<<< HEAD
+<<<<<<< HEAD
 <<<<<<< HEAD
     const coopHeaders =
 =======
@@ -301,6 +338,9 @@ describe('getRawCoop', () => {
 =======
     const {coopHeaders} =
 >>>>>>> 287296188 (Add Lighthouse audit to check for presence of the COOP header (origin isolation).)
+=======
+    const coopHeaders =
+>>>>>>> b2851bf51 (Adding changes to COOP audit similar to HSTS audit (recommendations from https://github.com/GoogleChrome/lighthouse/pull/16257).)
       await OriginIsolation.getRawCoop(artifacts, {computedCache: new Map()});
     expect(coopHeaders).toEqual([
       ``,
@@ -312,6 +352,7 @@ describe('constructResults', () => {
   it('passes with no findings', () => {
 <<<<<<< HEAD
 <<<<<<< HEAD
+<<<<<<< HEAD
 <<<<<<< HEAD
     const {score, results} = OriginIsolation.constructResults(['same-origin']);
 =======
@@ -323,13 +364,17 @@ describe('constructResults', () => {
 =======
     const {score, results} = OriginIsolation.constructResults([ 'same-origin' ]);
 >>>>>>> 287296188 (Add Lighthouse audit to check for presence of the COOP header (origin isolation).)
+=======
+    const {score, results} = OriginIsolation.constructResults(['same-origin']);
+>>>>>>> b2851bf51 (Adding changes to COOP audit similar to HSTS audit (recommendations from https://github.com/GoogleChrome/lighthouse/pull/16257).)
     expect(score).toEqual(1);
     expect(results).toEqual([]);
   });
 
   it('constructs result based on misconfigured COOP header', () => {
 <<<<<<< HEAD
 <<<<<<< HEAD
+<<<<<<< HEAD
 <<<<<<< HEAD
     const {score, results} =
         OriginIsolation.constructResults(['foo-directive']);
@@ -356,15 +401,18 @@ describe('constructResults', () => {
 <<<<<<< HEAD
 =======
     const {score, results} = OriginIsolation.constructResults([ 'foo-directive' ]);
+=======
+    const {score, results} =
+        OriginIsolation.constructResults(['foo-directive']);
+>>>>>>> b2851bf51 (Adding changes to COOP audit similar to HSTS audit (recommendations from https://github.com/GoogleChrome/lighthouse/pull/16257).)
     expect(score).toEqual(1);
+    expect(results[0].severity).toBeDisplayString('Low');
+    expect(results[0].description)
+        .toBeDisplayString('Invalid syntax');
     expect(results).toMatchObject([
       {
-        description: {
-          formattedDefault: 'Invalid syntax',
-          i18nId: 'core/audits/origin-isolation.js | invalidSyntax',
-          values: undefined,
-        },
         directive: 'foo-directive',
+<<<<<<< HEAD
 >>>>>>> 287296188 (Add Lighthouse audit to check for presence of the COOP header (origin isolation).)
         severity: {
           formattedDefault: 'Low',
@@ -377,6 +425,8 @@ describe('constructResults', () => {
 >>>>>>> b2851bf51 (Adding changes to COOP audit similar to HSTS audit (recommendations from https://github.com/GoogleChrome/lighthouse/pull/16257).)
 =======
 >>>>>>> 287296188 (Add Lighthouse audit to check for presence of the COOP header (origin isolation).)
+=======
+>>>>>>> b2851bf51 (Adding changes to COOP audit similar to HSTS audit (recommendations from https://github.com/GoogleChrome/lighthouse/pull/16257).)
       },
     ]);
   });
@@ -386,6 +436,7 @@ describe('constructResults', () => {
     expect(score).toEqual(0);
 <<<<<<< HEAD
 <<<<<<< HEAD
+<<<<<<< HEAD
 <<<<<<< HEAD
     expect(results[0].severity).toBeDisplayString('High');
     expect(results[0].description)
@@ -404,14 +455,15 @@ describe('constructResults', () => {
         directive: undefined,
 <<<<<<< HEAD
 =======
+=======
+    expect(results[0].severity).toBeDisplayString('High');
+    expect(results[0].description)
+        .toBeDisplayString('No COOP header found');
+>>>>>>> b2851bf51 (Adding changes to COOP audit similar to HSTS audit (recommendations from https://github.com/GoogleChrome/lighthouse/pull/16257).)
     expect(results).toMatchObject([
       {
-        description: {
-          formattedDefault: 'No COOP header found',
-          i18nId: 'core/audits/origin-isolation.js | noCoop',
-          values: undefined,
-        },
         directive: undefined,
+<<<<<<< HEAD
 >>>>>>> 287296188 (Add Lighthouse audit to check for presence of the COOP header (origin isolation).)
         severity: {
           formattedDefault: 'High',
@@ -425,6 +477,8 @@ describe('constructResults', () => {
 >>>>>>> b2851bf51 (Adding changes to COOP audit similar to HSTS audit (recommendations from https://github.com/GoogleChrome/lighthouse/pull/16257).)
 =======
 >>>>>>> 287296188 (Add Lighthouse audit to check for presence of the COOP header (origin isolation).)
+=======
+>>>>>>> b2851bf51 (Adding changes to COOP audit similar to HSTS audit (recommendations from https://github.com/GoogleChrome/lighthouse/pull/16257).)
       },
     ]);
   });