diff options
| author | WPT Sync Bot <josh+wptsync@joshmatthews.net> | 2020-03-13 08:20:28 +0000 |
|---|---|---|
| committer | WPT Sync Bot <josh+wptsync@joshmatthews.net> | 2020-03-13 11:25:45 +0000 |
| commit | 168aa56f1855873eaabc193a34c814217bbc94e2 (patch) | |
| tree | 986b2936afcf8db3dd8b26469857e071662105fe | |
| parent | 6ab923c8e8172ce1a4944b85cac549fa99ec9f4d (diff) | |
| download | servo-168aa56f1855873eaabc193a34c814217bbc94e2.tar.gz servo-168aa56f1855873eaabc193a34c814217bbc94e2.zip | |
Update web-platform-tests to revision 72be34c4c6d45039320e271325cad0c99615d0c4
503 files changed, 18717 insertions, 430 deletions
diff --git a/tests/wpt/metadata/MANIFEST.json b/tests/wpt/metadata/MANIFEST.json index f62d6f1bec8..b2f66c235ba 100644 --- a/tests/wpt/metadata/MANIFEST.json +++ b/tests/wpt/metadata/MANIFEST.json @@ -14259,14 +14259,7 @@ ] ], "element-ready-check-containing-iframe-manual.html": [ - "0649549265682b7eb8c0f851603d816e89e1cf47", - [ - null, - {} - ] - ], - "element-ready-check-containing-iframe-manual.tentative.html": [ - "08c420ec0243d67c831124f825e39be492513129", + "8cadbf72cf7907d453a000c3604a4d10e09fe51a", [ null, {} @@ -240497,7 +240490,7 @@ ], "resources": { "common.sub.js": [ - "83b034205a6e7aaabbdd7e8a2da5d3d605a81d85", + "aa6b5ddf23a3ea786ea938744a5da87b313434e0", [] ], "common.sub.js.headers": [ @@ -240525,7 +240518,7 @@ [] ], "worker.py": [ - "bdad52c6a84a054f1e313fdc905af80a9120a44e", + "716bcb8efffb84384dfc5620c1a8f6a0d193a878", [] ] }, @@ -240631,7 +240624,7 @@ [] ], "spec.src.json": [ - "7cf6a06c0f53492b7cb0f54b6db90688b649c1fc", + "0b5d6b7f7a7f8fb06dc512c6459d6b275a7e4aa1", [] ], "spec_validator.py": [ @@ -240657,7 +240650,7 @@ ] }, "util.py": [ - "cb89c96e34095528784fbee3de9353e3f624a2c0", + "88868476e8d3fb95dd1b74644bc14ae9154ba93b", [] ] }, @@ -314215,7 +314208,7 @@ [] ], "generic-sensor-feature-policy-test.sub.js": [ - "2a1fba9f83c39f60beeba12d5e6c086d550dc4da", + "20436be80076abe3cedd22214bd176564af8ee87", [] ], "generic-sensor-iframe-tests.sub.js": [ @@ -315744,6 +315737,10 @@ "6604450991a122e3e241e40b1b9e0516c525389d", [] ], + "fetch-in-dedicated-worker.js": [ + "bd60d07952ccbf2f4c6954ce65083ce0eada13f4", + [] + ], "iframe.html": [ "a6b74ad924aa108e15603544f7b0a80a3e18940b", [] @@ -326478,15 +326475,19 @@ ], "resources": { "child.sub.html": [ - "f52b5eefbc5d0cf0dd88ee9103f851d632268f5d", + "a0d10e13554b6b0928220ba400e53bcbe0e26d57", [] ], "common.js": [ - "f7332a862277d44a70455f6b4edd57be8f10d98f", + "1347c5bdb73cc3280a1270167bfbbac3bc3098ea", [] ], "grandchild.sub.html": [ - "98522e0649e505d66766b9d8c62946a5513aa5a1", + "0f11bce0e025a11aac9b8b6f8df480246a5ab4df", + [] + ], + "redirecting-child.sub.html": [ + "732c54109660fc09f7c04578ce8965b1c5307f9c", [] ] } @@ -328271,6 +328272,144 @@ } } }, + "worker-classic-inherit.http-rp": { + "opt-in": { + "fetch": { + "cross-http.keep-scheme.https.html.headers": [ + "46e2255e388e9e08377d625b55653a007d59c14e", + [] + ], + "cross-http.no-redirect.https.html.headers": [ + "46e2255e388e9e08377d625b55653a007d59c14e", + [] + ], + "cross-http.swap-scheme.https.html.headers": [ + "46e2255e388e9e08377d625b55653a007d59c14e", + [] + ], + "cross-https.swap-scheme.https.html.headers": [ + "46e2255e388e9e08377d625b55653a007d59c14e", + [] + ], + "same-http.keep-scheme.https.html.headers": [ + "46e2255e388e9e08377d625b55653a007d59c14e", + [] + ], + "same-http.no-redirect.https.html.headers": [ + "46e2255e388e9e08377d625b55653a007d59c14e", + [] + ], + "same-http.swap-scheme.https.html.headers": [ + "46e2255e388e9e08377d625b55653a007d59c14e", + [] + ], + "same-https.keep-scheme.https.html.headers": [ + "46e2255e388e9e08377d625b55653a007d59c14e", + [] + ], + "same-https.no-redirect.https.html.headers": [ + "46e2255e388e9e08377d625b55653a007d59c14e", + [] + ], + "same-https.swap-scheme.https.html.headers": [ + "46e2255e388e9e08377d625b55653a007d59c14e", + [] + ] + }, + "websocket": { + "cross-ws.no-redirect.https.html.headers": [ + "46e2255e388e9e08377d625b55653a007d59c14e", + [] + ], + "same-ws.no-redirect.https.html.headers": [ + "46e2255e388e9e08377d625b55653a007d59c14e", + [] + ], + "same-wss.no-redirect.https.html.headers": [ + "46e2255e388e9e08377d625b55653a007d59c14e", + [] + ] + }, + "worker-classic": { + "same-http.keep-scheme.https.html.headers": [ + "46e2255e388e9e08377d625b55653a007d59c14e", + [] + ], + "same-http.no-redirect.https.html.headers": [ + "46e2255e388e9e08377d625b55653a007d59c14e", + [] + ], + "same-https.keep-scheme.https.html.headers": [ + "46e2255e388e9e08377d625b55653a007d59c14e", + [] + ], + "same-https.no-redirect.https.html.headers": [ + "46e2255e388e9e08377d625b55653a007d59c14e", + [] + ] + }, + "worker-module": { + "same-http.keep-scheme.https.html.headers": [ + "46e2255e388e9e08377d625b55653a007d59c14e", + [] + ], + "same-http.no-redirect.https.html.headers": [ + "46e2255e388e9e08377d625b55653a007d59c14e", + [] + ], + "same-https.keep-scheme.https.html.headers": [ + "46e2255e388e9e08377d625b55653a007d59c14e", + [] + ], + "same-https.no-redirect.https.html.headers": [ + "46e2255e388e9e08377d625b55653a007d59c14e", + [] + ] + }, + "xhr": { + "cross-http.keep-scheme.https.html.headers": [ + "46e2255e388e9e08377d625b55653a007d59c14e", + [] + ], + "cross-http.no-redirect.https.html.headers": [ + "46e2255e388e9e08377d625b55653a007d59c14e", + [] + ], + "cross-http.swap-scheme.https.html.headers": [ + "46e2255e388e9e08377d625b55653a007d59c14e", + [] + ], + "cross-https.swap-scheme.https.html.headers": [ + "46e2255e388e9e08377d625b55653a007d59c14e", + [] + ], + "same-http.keep-scheme.https.html.headers": [ + "46e2255e388e9e08377d625b55653a007d59c14e", + [] + ], + "same-http.no-redirect.https.html.headers": [ + "46e2255e388e9e08377d625b55653a007d59c14e", + [] + ], + "same-http.swap-scheme.https.html.headers": [ + "46e2255e388e9e08377d625b55653a007d59c14e", + [] + ], + "same-https.keep-scheme.https.html.headers": [ + "46e2255e388e9e08377d625b55653a007d59c14e", + [] + ], + "same-https.no-redirect.https.html.headers": [ + "46e2255e388e9e08377d625b55653a007d59c14e", + [] + ], + "same-https.swap-scheme.https.html.headers": [ + "46e2255e388e9e08377d625b55653a007d59c14e", + [] + ] + } + } + }, "worker-module-data.http-rp": { "opt-in": { "fetch": { @@ -328372,6 +328511,144 @@ ] } } + }, + "worker-module-inherit.http-rp": { + "opt-in": { + "fetch": { + "cross-http.keep-scheme.https.html.headers": [ + "46e2255e388e9e08377d625b55653a007d59c14e", + [] + ], + "cross-http.no-redirect.https.html.headers": [ + "46e2255e388e9e08377d625b55653a007d59c14e", + [] + ], + "cross-http.swap-scheme.https.html.headers": [ + "46e2255e388e9e08377d625b55653a007d59c14e", + [] + ], + "cross-https.swap-scheme.https.html.headers": [ + "46e2255e388e9e08377d625b55653a007d59c14e", + [] + ], + "same-http.keep-scheme.https.html.headers": [ + "46e2255e388e9e08377d625b55653a007d59c14e", + [] + ], + "same-http.no-redirect.https.html.headers": [ + "46e2255e388e9e08377d625b55653a007d59c14e", + [] + ], + "same-http.swap-scheme.https.html.headers": [ + "46e2255e388e9e08377d625b55653a007d59c14e", + [] + ], + "same-https.keep-scheme.https.html.headers": [ + "46e2255e388e9e08377d625b55653a007d59c14e", + [] + ], + "same-https.no-redirect.https.html.headers": [ + "46e2255e388e9e08377d625b55653a007d59c14e", + [] + ], + "same-https.swap-scheme.https.html.headers": [ + "46e2255e388e9e08377d625b55653a007d59c14e", + [] + ] + }, + "websocket": { + "cross-ws.no-redirect.https.html.headers": [ + "46e2255e388e9e08377d625b55653a007d59c14e", + [] + ], + "same-ws.no-redirect.https.html.headers": [ + "46e2255e388e9e08377d625b55653a007d59c14e", + [] + ], + "same-wss.no-redirect.https.html.headers": [ + "46e2255e388e9e08377d625b55653a007d59c14e", + [] + ] + }, + "worker-classic": { + "same-http.keep-scheme.https.html.headers": [ + "46e2255e388e9e08377d625b55653a007d59c14e", + [] + ], + "same-http.no-redirect.https.html.headers": [ + "46e2255e388e9e08377d625b55653a007d59c14e", + [] + ], + "same-https.keep-scheme.https.html.headers": [ + "46e2255e388e9e08377d625b55653a007d59c14e", + [] + ], + "same-https.no-redirect.https.html.headers": [ + "46e2255e388e9e08377d625b55653a007d59c14e", + [] + ] + }, + "worker-module": { + "same-http.keep-scheme.https.html.headers": [ + "46e2255e388e9e08377d625b55653a007d59c14e", + [] + ], + "same-http.no-redirect.https.html.headers": [ + "46e2255e388e9e08377d625b55653a007d59c14e", + [] + ], + "same-https.keep-scheme.https.html.headers": [ + "46e2255e388e9e08377d625b55653a007d59c14e", + [] + ], + "same-https.no-redirect.https.html.headers": [ + "46e2255e388e9e08377d625b55653a007d59c14e", + [] + ] + }, + "xhr": { + "cross-http.keep-scheme.https.html.headers": [ + "46e2255e388e9e08377d625b55653a007d59c14e", + [] + ], + "cross-http.no-redirect.https.html.headers": [ + "46e2255e388e9e08377d625b55653a007d59c14e", + [] + ], + "cross-http.swap-scheme.https.html.headers": [ + "46e2255e388e9e08377d625b55653a007d59c14e", + [] + ], + "cross-https.swap-scheme.https.html.headers": [ + "46e2255e388e9e08377d625b55653a007d59c14e", + [] + ], + "same-http.keep-scheme.https.html.headers": [ + "46e2255e388e9e08377d625b55653a007d59c14e", + [] + ], + "same-http.no-redirect.https.html.headers": [ + "46e2255e388e9e08377d625b55653a007d59c14e", + [] + ], + "same-http.swap-scheme.https.html.headers": [ + "46e2255e388e9e08377d625b55653a007d59c14e", + [] + ], + "same-https.keep-scheme.https.html.headers": [ + "46e2255e388e9e08377d625b55653a007d59c14e", + [] + ], + "same-https.no-redirect.https.html.headers": [ + "46e2255e388e9e08377d625b55653a007d59c14e", + [] + ], + "same-https.swap-scheme.https.html.headers": [ + "46e2255e388e9e08377d625b55653a007d59c14e", + [] + ] + } + } } }, "generic": { @@ -328380,7 +328657,7 @@ [] ], "spec_json.js": [ - "c36a535f45363654bfd7c8b86f3710995f769f63", + "79bd6664b4e10e2018158a3f40f302988d47978c", [] ], "test-case.sub.js": [ @@ -328389,7 +328666,7 @@ ] }, "spec.src.json": [ - "16843700da8f314638aafaa517797152cab6f02f", + "5d92d77b218dd4477aab4a32c9fd0ad670c6aa85", [] ] }, @@ -337379,7 +337656,7 @@ ] }, "spec.src.json": [ - "9063428647a33acfefb5bd35a74f0f080de09510", + "47055ab7c1c448c25aef6046570ee4be1e13386f", [] ] }, @@ -337397,7 +337674,25 @@ "META.yml": [ "70f3136dd3c022599f81291f348e11c4c7787f44", [] - ] + ], + "path-absolute-endpoint.https.sub.html.sub.headers": [ + "ec25b28944956813654c2a5ccaa63a6969c63a5d", + [] + ], + "resources": { + "fail.png": [ + "b5933803338f770bdb1e6a7d433aeb640be85b08", + [] + ], + "report-helper.js": [ + "a20a9cd3811599540f5dc0a45eff450d17c751ec", + [] + ], + "report.py": [ + "d31b47429eca2d00f19239aecd6beeac3acb8032", + [] + ] + } }, "requestidlecallback": { "META.yml": [ @@ -337898,7 +338193,7 @@ [] ], "webxr-test-math-helper.js": [ - "5eff666b70678e3d04a4b316616e8713a3cc58ea", + "9f10a9d4b7f76dd903034960770c3e9ecfcd5cac", [] ], "webxr-test-math-helper.js.headers": [ @@ -337906,7 +338201,7 @@ [] ], "webxr-test.js": [ - "dee05d08ff8a87e25e30be8ca53105fcc8667db1", + "ddbfd4c83aa00e8cfadd60b9cbe265bab6939b4a", [] ], "webxr-test.js.headers": [ @@ -347850,7 +348145,7 @@ [] ], "requirements_firefox.txt": [ - "d541a49f3c0992c4a456ce4ebb717908683a464e", + "c59351ba1a28c84d3db1b95b560988d119393ad3", [] ], "requirements_ie.txt": [ @@ -348038,7 +348333,7 @@ [] ], "base.py": [ - "fef052dd5ab495dad4342e086491723c761edcfd", + "a027cf32610a49e61f4141bfb5fce5d051385b3e", [] ], "chrome.py": [ @@ -348070,11 +348365,11 @@ [] ], "firefox.py": [ - "62790181d51e84762cbfdf55c3ecae2255a473b9", + "e195fc0cff4aed40fa298e4f01e19a0caa5ce1ac", [] ], "firefox_android.py": [ - "0b4832f858ccaf91938ba23c52f618ce8cad8ef4", + "50f8504f8e022afbbf91c44399441283cdf8ec3f", [] ], "ie.py": [ @@ -348419,7 +348714,7 @@ [] ], "wptcommandline.py": [ - "59a8c55b4ef9847f08a0ccf4b09f268e9f087aae", + "8125700b4bf568fef7065d50b834aa763e22b0ad", [] ], "wptlogging.py": [ @@ -348900,6 +349195,10 @@ "aa00fcc15a30ef1f8968be44abc1a9e934a31979", [] ], + "nonsecure-require-trusted-types-for.tentative.html.headers": [ + "af6596b29a8080e5cd8d688d0d6933caf49a2090", + [] + ], "require-trusted-types-for-report-only.tentative.https.html.headers": [ "c6412f8d472fcfd6022b0ae485f52b3d3dedd820", [] @@ -349486,11 +349785,199 @@ ] } } + }, + "worker-classic-inherit.http-rp": { + "upgrade": { + "fetch": { + "cross-http-downgrade.downgrade.https.html.headers": [ + "602d9dc38d0a5975e8d40c26daae9329de69840c", + [] + ], + "cross-http-downgrade.no-redirect.https.html.headers": [ + "602d9dc38d0a5975e8d40c26daae9329de69840c", + [] + ], + "cross-https.downgrade.https.html.headers": [ + "602d9dc38d0a5975e8d40c26daae9329de69840c", + [] + ], + "same-http-downgrade.downgrade.https.html.headers": [ + "602d9dc38d0a5975e8d40c26daae9329de69840c", + [] + ], + "same-http-downgrade.no-redirect.https.html.headers": [ + "602d9dc38d0a5975e8d40c26daae9329de69840c", + [] + ], + "same-https.downgrade.https.html.headers": [ + "602d9dc38d0a5975e8d40c26daae9329de69840c", + [] + ] + }, + "websocket": { + "cross-ws-downgrade.no-redirect.https.html.headers": [ + "602d9dc38d0a5975e8d40c26daae9329de69840c", + [] + ], + "same-ws-downgrade.no-redirect.https.html.headers": [ + "602d9dc38d0a5975e8d40c26daae9329de69840c", + [] + ] + }, + "worker-classic": { + "same-http-downgrade.downgrade.https.html.headers": [ + "602d9dc38d0a5975e8d40c26daae9329de69840c", + [] + ], + "same-http-downgrade.no-redirect.https.html.headers": [ + "602d9dc38d0a5975e8d40c26daae9329de69840c", + [] + ], + "same-https.downgrade.https.html.headers": [ + "602d9dc38d0a5975e8d40c26daae9329de69840c", + [] + ] + }, + "worker-module": { + "same-http-downgrade.downgrade.https.html.headers": [ + "602d9dc38d0a5975e8d40c26daae9329de69840c", + [] + ], + "same-http-downgrade.no-redirect.https.html.headers": [ + "602d9dc38d0a5975e8d40c26daae9329de69840c", + [] + ], + "same-https.downgrade.https.html.headers": [ + "602d9dc38d0a5975e8d40c26daae9329de69840c", + [] + ] + }, + "xhr": { + "cross-http-downgrade.downgrade.https.html.headers": [ + "602d9dc38d0a5975e8d40c26daae9329de69840c", + [] + ], + "cross-http-downgrade.no-redirect.https.html.headers": [ + "602d9dc38d0a5975e8d40c26daae9329de69840c", + [] + ], + "cross-https.downgrade.https.html.headers": [ + "602d9dc38d0a5975e8d40c26daae9329de69840c", + [] + ], + "same-http-downgrade.downgrade.https.html.headers": [ + "602d9dc38d0a5975e8d40c26daae9329de69840c", + [] + ], + "same-http-downgrade.no-redirect.https.html.headers": [ + "602d9dc38d0a5975e8d40c26daae9329de69840c", + [] + ], + "same-https.downgrade.https.html.headers": [ + "602d9dc38d0a5975e8d40c26daae9329de69840c", + [] + ] + } + } + }, + "worker-module-inherit.http-rp": { + "upgrade": { + "fetch": { + "cross-http-downgrade.downgrade.https.html.headers": [ + "602d9dc38d0a5975e8d40c26daae9329de69840c", + [] + ], + "cross-http-downgrade.no-redirect.https.html.headers": [ + "602d9dc38d0a5975e8d40c26daae9329de69840c", + [] + ], + "cross-https.downgrade.https.html.headers": [ + "602d9dc38d0a5975e8d40c26daae9329de69840c", + [] + ], + "same-http-downgrade.downgrade.https.html.headers": [ + "602d9dc38d0a5975e8d40c26daae9329de69840c", + [] + ], + "same-http-downgrade.no-redirect.https.html.headers": [ + "602d9dc38d0a5975e8d40c26daae9329de69840c", + [] + ], + "same-https.downgrade.https.html.headers": [ + "602d9dc38d0a5975e8d40c26daae9329de69840c", + [] + ] + }, + "websocket": { + "cross-ws-downgrade.no-redirect.https.html.headers": [ + "602d9dc38d0a5975e8d40c26daae9329de69840c", + [] + ], + "same-ws-downgrade.no-redirect.https.html.headers": [ + "602d9dc38d0a5975e8d40c26daae9329de69840c", + [] + ] + }, + "worker-classic": { + "same-http-downgrade.downgrade.https.html.headers": [ + "602d9dc38d0a5975e8d40c26daae9329de69840c", + [] + ], + "same-http-downgrade.no-redirect.https.html.headers": [ + "602d9dc38d0a5975e8d40c26daae9329de69840c", + [] + ], + "same-https.downgrade.https.html.headers": [ + "602d9dc38d0a5975e8d40c26daae9329de69840c", + [] + ] + }, + "worker-module": { + "same-http-downgrade.downgrade.https.html.headers": [ + "602d9dc38d0a5975e8d40c26daae9329de69840c", + [] + ], + "same-http-downgrade.no-redirect.https.html.headers": [ + "602d9dc38d0a5975e8d40c26daae9329de69840c", + [] + ], + "same-https.downgrade.https.html.headers": [ + "602d9dc38d0a5975e8d40c26daae9329de69840c", + [] + ] + }, + "xhr": { + "cross-http-downgrade.downgrade.https.html.headers": [ + "602d9dc38d0a5975e8d40c26daae9329de69840c", + [] + ], + "cross-http-downgrade.no-redirect.https.html.headers": [ + "602d9dc38d0a5975e8d40c26daae9329de69840c", + [] + ], + "cross-https.downgrade.https.html.headers": [ + "602d9dc38d0a5975e8d40c26daae9329de69840c", + [] + ], + "same-http-downgrade.downgrade.https.html.headers": [ + "602d9dc38d0a5975e8d40c26daae9329de69840c", + [] + ], + "same-http-downgrade.no-redirect.https.html.headers": [ + "602d9dc38d0a5975e8d40c26daae9329de69840c", + [] + ], + "same-https.downgrade.https.html.headers": [ + "602d9dc38d0a5975e8d40c26daae9329de69840c", + [] + ] + } + } } }, "generic": { "spec_json.js": [ - "c0ef97148952f32e7c510b8a485f6d2da0e4a177", + "fa9ace46dcbdab0256e41a98b98a86eebf11d0c9", [] ], "test-case.sub.js": [ @@ -349583,7 +350070,7 @@ } }, "spec.src.json": [ - "d64315903aa66dd5c9ffd19bf862e96ac26b3a64", + "f5198c3189727f77ff4a07a6fd9f32c740f095ae", [] ], "support": { @@ -379726,7 +380213,7 @@ {} ] ], - "report-clips-sample.html": [ + "report-clips-sample.https.html": [ "29f6aa409cc5284411bbdb4b5ab88c9a0d806a52", [ null, @@ -431519,7 +432006,7 @@ ] ], "cache-storage-reporting.https.html": [ - "d9a23bed3effa4f3492a31eeb255224df106030e", + "4ef9eb21d69b35429b7a542b1f9c37a2b5042b18", [ null, { @@ -431609,7 +432096,7 @@ ] ], "reporting.https.html": [ - "95fe047ea9fc6c7fe0bf33170d67df3e33a04544", + "f8d8af7a4690d450f3aa098b12bfccde1e928dc6", [ null, { @@ -451157,7 +451644,7 @@ }, "measure-memory": { "measure-memory-cross-origin-iframe.tentative.window.js": [ - "c8dcbb77edd33fd8c29678eeaedd3792dea172bc", + "c65173fe8a0e55143fcb5745f0c456e2aa60da46", [ "measure-memory/measure-memory-cross-origin-iframe.tentative.window.html", { @@ -451179,8 +451666,31 @@ } ] ], + "measure-memory-cross-origin-redirecting-iframe.tentative.window.js": [ + "435477d7f4d758b7d78486f2f001f7ee81767147", + [ + "measure-memory/measure-memory-cross-origin-redirecting-iframe.tentative.window.html", + { + "script_metadata": [ + [ + "script", + "/common/get-host-info.sub.js" + ], + [ + "script", + "./resources/common.js" + ], + [ + "timeout", + "long" + ] + ], + "timeout": "long" + } + ] + ], "measure-memory-same-origin-iframe.tentative.window.js": [ - "24700e51c2439671ae10e6fc5a6e2d725906ca59", + "05a55c7b3136d2c7099c3b13faf039590d9f77c5", [ "measure-memory/measure-memory-same-origin-iframe.tentative.window.html", { @@ -452955,6 +453465,177 @@ } } }, + "sharedworker-classic.http-rp": { + "opt-in": { + "fetch": { + "cross-http.keep-scheme.https.html": [ + "3241aead34c39ac11a152aab9533a9498a813383", + [ + null, + {} + ] + ], + "cross-http.no-redirect.https.html": [ + "22bc15d57a51ff5f14017e986977841b8bca2d11", + [ + null, + {} + ] + ], + "cross-http.swap-scheme.https.html": [ + "b0ba399717be392c0bafe4dfa259e46791878657", + [ + null, + {} + ] + ], + "cross-https.swap-scheme.https.html": [ + "65f6ddbadf3851a1f751045ec18b914e319a882c", + [ + null, + {} + ] + ], + "same-http.keep-scheme.https.html": [ + "f9f1aa62b6037edb43c499fe61d2643e4c601e23", + [ + null, + {} + ] + ], + "same-http.no-redirect.https.html": [ + "b3b51be3ccdf9d1fb826cac531420c964a41955e", + [ + null, + {} + ] + ], + "same-http.swap-scheme.https.html": [ + "da19d07b08656862809b7e1099e38e0699511bf8", + [ + null, + {} + ] + ], + "same-https.keep-scheme.https.html": [ + "f0d5f1a9b0e539661f4c70b31c5d1473b2deff07", + [ + null, + {} + ] + ], + "same-https.no-redirect.https.html": [ + "b976e9caa6299200bf921e27e6c4270141532da6", + [ + null, + {} + ] + ], + "same-https.swap-scheme.https.html": [ + "7710e60bd7ad2878c8cba938f433da23cad402a9", + [ + null, + {} + ] + ] + }, + "websocket": { + "cross-ws.no-redirect.https.html": [ + "76adf429684906b8e2546b0ae1c2d5412b08038f", + [ + null, + {} + ] + ], + "same-ws.no-redirect.https.html": [ + "37e9bb911723599e534d1d85f3a2efd2c82bc991", + [ + null, + {} + ] + ], + "same-wss.no-redirect.https.html": [ + "2d42204648899c480bd9ccd89b2641fcb1fe28fc", + [ + null, + {} + ] + ] + }, + "xhr": { + "cross-http.keep-scheme.https.html": [ + "9d89753d533c230e130fa934dbfd368373438eff", + [ + null, + {} + ] + ], + "cross-http.no-redirect.https.html": [ + "5db7dcd879cd2fdb0ad4c0bc6f665b28d8c95ecc", + [ + null, + {} + ] + ], + "cross-http.swap-scheme.https.html": [ + "9adbb92cbf5ef91bb2c4a5e1d5f95afa6b387640", + [ + null, + {} + ] + ], + "cross-https.swap-scheme.https.html": [ + "7fda4cbc4ab6f5f21361ec705836ffb6280fea07", + [ + null, + {} + ] + ], + "same-http.keep-scheme.https.html": [ + "dc9b7e428de7c38e7cc3ec87ca24bee490787a3b", + [ + null, + {} + ] + ], + "same-http.no-redirect.https.html": [ + "84dd3a173a6782217a2ef79bdf3a0fcb655f4c34", + [ + null, + {} + ] + ], + "same-http.swap-scheme.https.html": [ + "8b00bc6aeb7d75d2bec3d516f4fadebdd5ed1956", + [ + null, + {} + ] + ], + "same-https.keep-scheme.https.html": [ + "62b0927077873c6a7ef8e3bd2623231e9e08e906", + [ + null, + {} + ] + ], + "same-https.no-redirect.https.html": [ + "9a4eef44a1289c754c9ad0c30aabf9c5d39e44f0", + [ + null, + {} + ] + ], + "same-https.swap-scheme.https.html": [ + "a1ef6b69932fb2c5b5304d0e412f5f002f2a5bde", + [ + null, + {} + ] + ] + } + } + }, "sharedworker-module-data.http-rp": { "opt-in": { "fetch": { @@ -453340,6 +454021,177 @@ } } }, + "sharedworker-module.http-rp": { + "opt-in": { + "fetch": { + "cross-http.keep-scheme.https.html": [ + "a6e2e97bccdf2b680561874fd9c67ed9482bf77a", + [ + null, + {} + ] + ], + "cross-http.no-redirect.https.html": [ + "c68737ee235d401bbf4c830090703d480830a228", + [ + null, + {} + ] + ], + "cross-http.swap-scheme.https.html": [ + "cd0457e0071e3dbd48ffabec2f5203a3dd0c26a9", + [ + null, + {} + ] + ], + "cross-https.swap-scheme.https.html": [ + "c9ff17534ba86f33c450ee057ff747b23a0c740c", + [ + null, + {} + ] + ], + "same-http.keep-scheme.https.html": [ + "bf410443d3a58723de1844be2b2cad6d1afbcd28", + [ + null, + {} + ] + ], + "same-http.no-redirect.https.html": [ + "d2595868872edc2a51de04a5f6eed5e967bf03e2", + [ + null, + {} + ] + ], + "same-http.swap-scheme.https.html": [ + "fb5a3c559ac02701f6eb393fb156f6f038be1a67", + [ + null, + {} + ] + ], + "same-https.keep-scheme.https.html": [ + "b5b4d5cf7a25175423385cba78c3181c0722f3eb", + [ + null, + {} + ] + ], + "same-https.no-redirect.https.html": [ + "31a4813a2e957dcd90de442e26030606ffaf69f5", + [ + null, + {} + ] + ], + "same-https.swap-scheme.https.html": [ + "f6a6a888951660a95ecaa8e213b726687f2c00b4", + [ + null, + {} + ] + ] + }, + "websocket": { + "cross-ws.no-redirect.https.html": [ + "44b9ada9c1a21aa3f946e132be87d9031ec8454c", + [ + null, + {} + ] + ], + "same-ws.no-redirect.https.html": [ + "cb2000264f8a1b4e232179899b55d362a8d12bc9", + [ + null, + {} + ] + ], + "same-wss.no-redirect.https.html": [ + "3ae337f1024dd50efefb7b68997dbd41f358f2c9", + [ + null, + {} + ] + ] + }, + "xhr": { + "cross-http.keep-scheme.https.html": [ + "d95d066741a7e7cecb572bb59bb8a5dce37a2988", + [ + null, + {} + ] + ], + "cross-http.no-redirect.https.html": [ + "20b04dcaa64ec5093c7c0274e00a277a6cdc9c24", + [ + null, + {} + ] + ], + "cross-http.swap-scheme.https.html": [ + "bc7bb444e40e99535b65c9077a2117e02c455431", + [ + null, + {} + ] + ], + "cross-https.swap-scheme.https.html": [ + "6b0a8edb16353e2ec37118dc94369e740944437a", + [ + null, + {} + ] + ], + "same-http.keep-scheme.https.html": [ + "25bcd55294b04bf2c1b3daa7d5a06854484a9622", + [ + null, + {} + ] + ], + "same-http.no-redirect.https.html": [ + "3742c6e9070e9f6bc94f919098d5be7767866c9d", + [ + null, + {} + ] + ], + "same-http.swap-scheme.https.html": [ + "890ce32e626dd3e9e0b5428e56888f438e2e8f1e", + [ + null, + {} + ] + ], + "same-https.keep-scheme.https.html": [ + "e9f45431c679be78b663efb52112abd6e03064a4", + [ + null, + {} + ] + ], + "same-https.no-redirect.https.html": [ + "3e4dc50f752297141b68848a2713fb3b96a9020c", + [ + null, + {} + ] + ], + "same-https.swap-scheme.https.html": [ + "b62ddcc94a0637c036a888a85d898dfd80aa8729", + [ + null, + {} + ] + ] + } + } + }, "top.http-rp": { "opt-in": { "audio-tag": { @@ -457321,6 +458173,543 @@ } } }, + "worker-classic-inherit.http-rp": { + "opt-in": { + "fetch": { + "cross-http.keep-scheme.https.html": [ + "167671afeac9199ee2bb7c7a728ffc13d9698f9e", + [ + null, + {} + ] + ], + "cross-http.no-redirect.https.html": [ + "07d0a90e2427a6d56f90fc2bfd9057adbac87e43", + [ + null, + {} + ] + ], + "cross-http.swap-scheme.https.html": [ + "f02532f28e4c1047c048401904062623044aa3a4", + [ + null, + {} + ] + ], + "cross-https.swap-scheme.https.html": [ + "758053974f98113658ef45539b7bed83ccd7fac8", + [ + null, + {} + ] + ], + "same-http.keep-scheme.https.html": [ + "6138b297ef28a7c270c2376a54a1581387fd1aed", + [ + null, + {} + ] + ], + "same-http.no-redirect.https.html": [ + "c819c77a4f3281c877eaa73751a12ce71e77fa2b", + [ + null, + {} + ] + ], + "same-http.swap-scheme.https.html": [ + "aee998f931a74476d929c1e7a8954d4c75e80935", + [ + null, + {} + ] + ], + "same-https.keep-scheme.https.html": [ + "b49db878eac472c65cd572ff9a45d8148b5e49a0", + [ + null, + {} + ] + ], + "same-https.no-redirect.https.html": [ + "4efd03465c9b5fe46ea2a51f4d1f827f5493dd0d", + [ + null, + {} + ] + ], + "same-https.swap-scheme.https.html": [ + "354bfcde1238ca2749e5ea0214a86a4e9797aa7e", + [ + null, + {} + ] + ] + }, + "websocket": { + "cross-ws.no-redirect.https.html": [ + "76ceb7e0c121f81a1170b33e3056824b3b6af1a9", + [ + null, + {} + ] + ], + "same-ws.no-redirect.https.html": [ + "f4c63eb5e56ab92d2b088fe2a05db42910ab97e8", + [ + null, + {} + ] + ], + "same-wss.no-redirect.https.html": [ + "a55efd4897df9cacf564dd28088bc21e6101e3c0", + [ + null, + {} + ] + ] + }, + "worker-classic": { + "same-http.keep-scheme.https.html": [ + "62c37525fd39efd010009eaf08ef0307d587ec08", + [ + null, + {} + ] + ], + "same-http.no-redirect.https.html": [ + "a899122ce93dc0fdd848b7ddd6882f43c0b641f2", + [ + null, + {} + ] + ], + "same-https.keep-scheme.https.html": [ + "1c12bcc6c261f8d3d3c446049c3cf26e07495af9", + [ + null, + {} + ] + ], + "same-https.no-redirect.https.html": [ + "f8b2261c2a3e9c2a99d05085a8c8e6b3862fced8", + [ + null, + {} + ] + ] + }, + "worker-module": { + "same-http.keep-scheme.https.html": [ + "999ce2075da9c7ccd18fbf5e507eeb70d8db31c9", + [ + null, + {} + ] + ], + "same-http.no-redirect.https.html": [ + "147e1661cede93099db7d4a2736536d10d780812", + [ + null, + {} + ] + ], + "same-https.keep-scheme.https.html": [ + "0b03466240af7269234d4f8465ba2b4cb3f5f56b", + [ + null, + {} + ] + ], + "same-https.no-redirect.https.html": [ + "516ddea4f84e694014d28ad9cca9865ca7247bc8", + [ + null, + {} + ] + ] + }, + "xhr": { + "cross-http.keep-scheme.https.html": [ + "26646cc32e2dd17ec2e8cf38541ef37e6dbbf848", + [ + null, + {} + ] + ], + "cross-http.no-redirect.https.html": [ + "6aebcd83f871a7d89f89913a6a1955fe25125f50", + [ + null, + {} + ] + ], + "cross-http.swap-scheme.https.html": [ + "50f17e4df96a1aa8b5993f656374b994f8805f00", + [ + null, + {} + ] + ], + "cross-https.swap-scheme.https.html": [ + "2e9259fc3e55ddc1f234886efb94f5706dab23e0", + [ + null, + {} + ] + ], + "same-http.keep-scheme.https.html": [ + "5784f627a0f8508dd10f6f3707ba51ba41580d62", + [ + null, + {} + ] + ], + "same-http.no-redirect.https.html": [ + "a90e61b8b474cf1d080f67cc7f93014ee5a348fc", + [ + null, + {} + ] + ], + "same-http.swap-scheme.https.html": [ + "894ff3f081a93351b3aa03ccd0e8234b9968d879", + [ + null, + {} + ] + ], + "same-https.keep-scheme.https.html": [ + "e2c4c3ab9c0a000c65768ad260638e47a6305ca9", + [ + null, + {} + ] + ], + "same-https.no-redirect.https.html": [ + "7685f256994c19a0e819f57f20b5f21db1dc067e", + [ + null, + {} + ] + ], + "same-https.swap-scheme.https.html": [ + "4c3d7d18d631f37caa7fadcf013276300b505b28", + [ + null, + {} + ] + ] + } + } + }, + "worker-classic-inherit.meta": { + "opt-in": { + "fetch": { + "cross-http.no-redirect.https.html": [ + "35cbe860ee8627718b961aef1a245fc26aaa7756", + [ + null, + {} + ] + ], + "same-http.no-redirect.https.html": [ + "88b8a7be6da5eb147a100d691e886c78ce9e094c", + [ + null, + {} + ] + ], + "same-https.no-redirect.https.html": [ + "2d278da082630d5d8bee9420bae323044fa571cb", + [ + null, + {} + ] + ] + }, + "websocket": { + "cross-ws.no-redirect.https.html": [ + "d54e737804819a43b320cf8a4815df1fbe1bcc1b", + [ + null, + {} + ] + ], + "same-ws.no-redirect.https.html": [ + "6c2d581f18d353687a51921e6a51c52c5f924443", + [ + null, + {} + ] + ], + "same-wss.no-redirect.https.html": [ + "370d4af762d5e1ac38b4bf4f9eab2f36969cf7c9", + [ + null, + {} + ] + ] + }, + "worker-classic": { + "same-http.no-redirect.https.html": [ + "a76175a1d83e30e7c6d1a4334651a734122ca2c4", + [ + null, + {} + ] + ], + "same-https.no-redirect.https.html": [ + "65d6185970c7e78d65309afa86a40ed0f24802b0", + [ + null, + {} + ] + ] + }, + "worker-module": { + "same-http.no-redirect.https.html": [ + "84b7a60fd3e9b32eeb1c4b57806c26ed6c62653e", + [ + null, + {} + ] + ], + "same-https.no-redirect.https.html": [ + "b72ca111ad8f02a9a5015706821b319c23374173", + [ + null, + {} + ] + ] + }, + "xhr": { + "cross-http.no-redirect.https.html": [ + "35f1a04b66b8f442ccdbc5be73bc5c9b679d9b33", + [ + null, + {} + ] + ], + "same-http.no-redirect.https.html": [ + "ebe959719e99bfb17f456654e0579a782467caa9", + [ + null, + {} + ] + ], + "same-https.no-redirect.https.html": [ + "80841a9c4e505a51cada81497d87dddeddf3adab", + [ + null, + {} + ] + ] + } + }, + "unset": { + "fetch": { + "cross-http.keep-scheme.https.html": [ + "2a0139ab31dc9543c0fe618d93045f6bc71f7442", + [ + null, + {} + ] + ], + "cross-http.no-redirect.https.html": [ + "c8f33e537b7f11310d05ef86827812e89b8b049f", + [ + null, + {} + ] + ], + "cross-http.swap-scheme.https.html": [ + "a6e51b1f64bbcfd65ecd649d2ff20e77de6622dc", + [ + null, + {} + ] + ], + "same-http.keep-scheme.https.html": [ + "41447cee9d8080dabd5b39777de645fe76021ded", + [ + null, + {} + ] + ], + "same-http.no-redirect.https.html": [ + "a7d17f257fbf97db2702700ed9c31a258340c065", + [ + null, + {} + ] + ], + "same-http.swap-scheme.https.html": [ + "1fc527f29c77f278bc36b53f13fccec7b56f3280", + [ + null, + {} + ] + ], + "same-https.keep-scheme.https.html": [ + "8c137b284c1fb00343b6d72bed0139b271e5cee3", + [ + null, + {} + ] + ], + "same-https.no-redirect.https.html": [ + "6ea5b0434b051c635629360d8d49a4684eccd6a7", + [ + null, + {} + ] + ] + }, + "websocket": { + "cross-ws.no-redirect.https.html": [ + "cd89e3874ec587fc287c6720f55e3ea4f0d9476c", + [ + null, + {} + ] + ], + "same-ws.no-redirect.https.html": [ + "bc425d9e508d0d23125cb70fe578f62cb4da88d5", + [ + null, + {} + ] + ], + "same-wss.no-redirect.https.html": [ + "c7208db5f55936edadc93a3e1566a4e2e9777f2e", + [ + null, + {} + ] + ] + }, + "worker-classic": { + "same-http.keep-scheme.https.html": [ + "9f3f5ae67dcdbbab1c95391cf33e48dbb3ef2825", + [ + null, + {} + ] + ], + "same-http.no-redirect.https.html": [ + "71834a370cf1877458778ace7c73f8bdd10acbd3", + [ + null, + {} + ] + ], + "same-https.keep-scheme.https.html": [ + "f883209bb0bc6bb2753dcd76a74ee5cf13dbc21c", + [ + null, + {} + ] + ], + "same-https.no-redirect.https.html": [ + "d6b0d5676c99db4ec08c9e55953933b770d327a7", + [ + null, + {} + ] + ] + }, + "worker-module": { + "same-http.keep-scheme.https.html": [ + "5a3fe3408c5fab5957d0670acf9cbe975014d183", + [ + null, + {} + ] + ], + "same-http.no-redirect.https.html": [ + "43f355c028b7318c397784b0df2efe8870b4d6a8", + [ + null, + {} + ] + ], + "same-https.keep-scheme.https.html": [ + "1710a7239179ad0d6c2f3a3b87530413e82a81fc", + [ + null, + {} + ] + ], + "same-https.no-redirect.https.html": [ + "bc9af1419b421e94c8a7c7d6e0d086687145bc53", + [ + null, + {} + ] + ] + }, + "xhr": { + "cross-http.keep-scheme.https.html": [ + "595dea35e28fc0e03b12f9b6fba59f057e7e0d9d", + [ + null, + {} + ] + ], + "cross-http.no-redirect.https.html": [ + "86bc76d06f6e6972be824a04fc4f075fc43367ab", + [ + null, + {} + ] + ], + "cross-http.swap-scheme.https.html": [ + "58ec420d2bf420318602e80a53b20f1aae93fa67", + [ + null, + {} + ] + ], + "same-http.keep-scheme.https.html": [ + "04e6f11092507e160da4b53ed2a69e7ff9b80c59", + [ + null, + {} + ] + ], + "same-http.no-redirect.https.html": [ + "013fc26c11793828c2d22e39f8ca8383d7e105a5", + [ + null, + {} + ] + ], + "same-http.swap-scheme.https.html": [ + "37e2a3a9c0b748fba327d5708c2198b4c989a5cd", + [ + null, + {} + ] + ], + "same-https.keep-scheme.https.html": [ + "6fdf8df7f5132c33b804dac1174a5b27254c3ef8", + [ + null, + {} + ] + ], + "same-https.no-redirect.https.html": [ + "0db3796d49de363418c3c30be70ab10a8fd7a300", + [ + null, + {} + ] + ] + } + } + }, "worker-module-data.http-rp": { "opt-in": { "fetch": { @@ -457705,6 +459094,543 @@ ] } } + }, + "worker-module-inherit.http-rp": { + "opt-in": { + "fetch": { + "cross-http.keep-scheme.https.html": [ + "ee7f92df5fb617a5d78de280ccac3b058b08631f", + [ + null, + {} + ] + ], + "cross-http.no-redirect.https.html": [ + "11cf0b3139e1f84e81a9f9b836d7f45644d9f2c9", + [ + null, + {} + ] + ], + "cross-http.swap-scheme.https.html": [ + "5d4e1f9e8e9949484776df1bdbd09a511097c360", + [ + null, + {} + ] + ], + "cross-https.swap-scheme.https.html": [ + "716b3e4563b9f35088df270470d8040f5f71e86f", + [ + null, + {} + ] + ], + "same-http.keep-scheme.https.html": [ + "2a89687166133c2102b5e10570461c9f58560c36", + [ + null, + {} + ] + ], + "same-http.no-redirect.https.html": [ + "1c32d7b72617ec89feff310c21dcc5d7e791b0ee", + [ + null, + {} + ] + ], + "same-http.swap-scheme.https.html": [ + "7c30ff0069850fc2efa7e578bec3d5d0fdb28020", + [ + null, + {} + ] + ], + "same-https.keep-scheme.https.html": [ + "cc767423ad485209c52a9dac425d30379e062842", + [ + null, + {} + ] + ], + "same-https.no-redirect.https.html": [ + "b4ce4f5cbcc15c5f85aa639b204a4813550122e7", + [ + null, + {} + ] + ], + "same-https.swap-scheme.https.html": [ + "44c0c28468b5fafee50936b0408e43d4cb3f8336", + [ + null, + {} + ] + ] + }, + "websocket": { + "cross-ws.no-redirect.https.html": [ + "f74621467498af2f7ada20b274beacf3830988fd", + [ + null, + {} + ] + ], + "same-ws.no-redirect.https.html": [ + "a94710476d11216adaab0370019ebae3a47b9d1e", + [ + null, + {} + ] + ], + "same-wss.no-redirect.https.html": [ + "4fa2886472c94fc6291e550eb2029e4848e79305", + [ + null, + {} + ] + ] + }, + "worker-classic": { + "same-http.keep-scheme.https.html": [ + "c4301ea0f9a08062ebfc0644f12cbf69a98069f0", + [ + null, + {} + ] + ], + "same-http.no-redirect.https.html": [ + "842b0a6b42417d7f97b88f162b9c222d86347309", + [ + null, + {} + ] + ], + "same-https.keep-scheme.https.html": [ + "449ab3ea9bff5aace0be4c18c36cf7d9ba90a43e", + [ + null, + {} + ] + ], + "same-https.no-redirect.https.html": [ + "f8a3b43e5c04881e91977785f34fa54d898af164", + [ + null, + {} + ] + ] + }, + "worker-module": { + "same-http.keep-scheme.https.html": [ + "0dd696e36466d1a880842bf8f4de4fe6fa29ffd7", + [ + null, + {} + ] + ], + "same-http.no-redirect.https.html": [ + "09338d42d480af4c36c5091829ef859364a24865", + [ + null, + {} + ] + ], + "same-https.keep-scheme.https.html": [ + "24c3462b9b52b148763baf848da7e5ab5cf64ceb", + [ + null, + {} + ] + ], + "same-https.no-redirect.https.html": [ + "41849c90768d90e84dcdafa35f32173809a1d8bc", + [ + null, + {} + ] + ] + }, + "xhr": { + "cross-http.keep-scheme.https.html": [ + "0e633f7cc36605802efc11392a6bae614b329ef7", + [ + null, + {} + ] + ], + "cross-http.no-redirect.https.html": [ + "5d46b0ac30965203605b3c513012bbd82c288f17", + [ + null, + {} + ] + ], + "cross-http.swap-scheme.https.html": [ + "59bca8b2496fa71347e6f45730450fe14ee3829e", + [ + null, + {} + ] + ], + "cross-https.swap-scheme.https.html": [ + "06e4eacfb79f610bce5761de81ffa98603cf20a1", + [ + null, + {} + ] + ], + "same-http.keep-scheme.https.html": [ + "15dccaccefe8945790357564018fbb6b1289333f", + [ + null, + {} + ] + ], + "same-http.no-redirect.https.html": [ + "6d915751b87dd3174b7b2cd52709ca472cd4c449", + [ + null, + {} + ] + ], + "same-http.swap-scheme.https.html": [ + "5bff5900c6ee2400cf0027b3ed391c6a51c4f1ae", + [ + null, + {} + ] + ], + "same-https.keep-scheme.https.html": [ + "2fbcdfcf4b552b48fec7a4f5a01dcb650a3ebfa9", + [ + null, + {} + ] + ], + "same-https.no-redirect.https.html": [ + "86230051116420dc2d6c1330a5659a1c1384df13", + [ + null, + {} + ] + ], + "same-https.swap-scheme.https.html": [ + "e739804a7e26974c7a9e122f28ab2e586f924978", + [ + null, + {} + ] + ] + } + } + }, + "worker-module-inherit.meta": { + "opt-in": { + "fetch": { + "cross-http.no-redirect.https.html": [ + "a1e27a629fea0148f57826cfe9f44d3cd1a7ee16", + [ + null, + {} + ] + ], + "same-http.no-redirect.https.html": [ + "ecedfa2cf2f90c0f377177d315c6ce3f505c807c", + [ + null, + {} + ] + ], + "same-https.no-redirect.https.html": [ + "cd4f95c16b224f6737b348364026038b53049bc1", + [ + null, + {} + ] + ] + }, + "websocket": { + "cross-ws.no-redirect.https.html": [ + "1dc7867c2a322b1eb68058de928e38bc1283cfec", + [ + null, + {} + ] + ], + "same-ws.no-redirect.https.html": [ + "cf290a4288a1135d022dce6a581c1c130c313073", + [ + null, + {} + ] + ], + "same-wss.no-redirect.https.html": [ + "d04ffa938561c66f51d2a9db711fbb107a95e55e", + [ + null, + {} + ] + ] + }, + "worker-classic": { + "same-http.no-redirect.https.html": [ + "ca6681410a775e98ed1a47ff171ea616ca01b5cf", + [ + null, + {} + ] + ], + "same-https.no-redirect.https.html": [ + "a0d81cd30a78ecd642aa67af4b8bc642be14486e", + [ + null, + {} + ] + ] + }, + "worker-module": { + "same-http.no-redirect.https.html": [ + "9e5e2fc41c604116392f91c2a07970fe56080076", + [ + null, + {} + ] + ], + "same-https.no-redirect.https.html": [ + "35d9495fc8779f5cfff34467695212ce6170bcc4", + [ + null, + {} + ] + ] + }, + "xhr": { + "cross-http.no-redirect.https.html": [ + "1bda93c9bdbe7612e2aa63aaf557c6b233fc4cf6", + [ + null, + {} + ] + ], + "same-http.no-redirect.https.html": [ + "e6f04aa1cf41cad944ab3d2ef1207df4058d753b", + [ + null, + {} + ] + ], + "same-https.no-redirect.https.html": [ + "a4ac04256935c922d68ecf79db49172ee8e97263", + [ + null, + {} + ] + ] + } + }, + "unset": { + "fetch": { + "cross-http.keep-scheme.https.html": [ + "6b09b996faac14618fd7da4768595eadeba3f89a", + [ + null, + {} + ] + ], + "cross-http.no-redirect.https.html": [ + "70b4dac51d2ebb9f4bdb2035d1bd001dcf633710", + [ + null, + {} + ] + ], + "cross-http.swap-scheme.https.html": [ + "06120d2f8363c77a520f9a04f29b17e69b757156", + [ + null, + {} + ] + ], + "same-http.keep-scheme.https.html": [ + "27d657f27bb686d07161a346f53f7095fe2d7443", + [ + null, + {} + ] + ], + "same-http.no-redirect.https.html": [ + "6dbfdd50ecef8710f82da3215a1d490a41de5c2a", + [ + null, + {} + ] + ], + "same-http.swap-scheme.https.html": [ + "7e20764c45292d5b8bff1d9faceeafd5579af3ad", + [ + null, + {} + ] + ], + "same-https.keep-scheme.https.html": [ + "86c2680c919a1979cc62464cf18bc274df3a1993", + [ + null, + {} + ] + ], + "same-https.no-redirect.https.html": [ + "3fae4c64b7bf89bd767cdd46bcb52b6a036e8506", + [ + null, + {} + ] + ] + }, + "websocket": { + "cross-ws.no-redirect.https.html": [ + "899891567985548bcac87151c165f1ea27cde1df", + [ + null, + {} + ] + ], + "same-ws.no-redirect.https.html": [ + "8e909d4214f41fe3c13bdf1d3b02c814f8087783", + [ + null, + {} + ] + ], + "same-wss.no-redirect.https.html": [ + "3fc935113b1b16a1a707775a87ea45b146dbcefb", + [ + null, + {} + ] + ] + }, + "worker-classic": { + "same-http.keep-scheme.https.html": [ + "9e7d811a817643ccbdb14b54dab2f1fc1b826626", + [ + null, + {} + ] + ], + "same-http.no-redirect.https.html": [ + "4e784ea2e3789912407de70e316e505bf7633ce4", + [ + null, + {} + ] + ], + "same-https.keep-scheme.https.html": [ + "e1e1e8fa141ecd0ca0ea0ca44b8a9aeaf022320d", + [ + null, + {} + ] + ], + "same-https.no-redirect.https.html": [ + "b82125ea6bb746f58971a0466cf887127b99d51f", + [ + null, + {} + ] + ] + }, + "worker-module": { + "same-http.keep-scheme.https.html": [ + "3d647f7f0ba094b7119b34cd25d5ac3a03d3fe93", + [ + null, + {} + ] + ], + "same-http.no-redirect.https.html": [ + "731c42554f30680a8fe282b9821bada01da91530", + [ + null, + {} + ] + ], + "same-https.keep-scheme.https.html": [ + "4cec52a276afce0e06fecc647eb564920828a857", + [ + null, + {} + ] + ], + "same-https.no-redirect.https.html": [ + "6656c26b62fc86c041c773a7d23df17c67040386", + [ + null, + {} + ] + ] + }, + "xhr": { + "cross-http.keep-scheme.https.html": [ + "ecb166c9c456d8b3bb29321c61efa202e2c8a12f", + [ + null, + {} + ] + ], + "cross-http.no-redirect.https.html": [ + "4c6dbb0d56eddc7e536875b5592d491706336b1a", + [ + null, + {} + ] + ], + "cross-http.swap-scheme.https.html": [ + "caa9aa15c73043e453c82ebceb811bca22d3d54d", + [ + null, + {} + ] + ], + "same-http.keep-scheme.https.html": [ + "adb8c9e445a098dfec513e05e13c17277b7159e5", + [ + null, + {} + ] + ], + "same-http.no-redirect.https.html": [ + "8f1ebcccc06885d6e4495e9b34d7fb969361b586", + [ + null, + {} + ] + ], + "same-http.swap-scheme.https.html": [ + "8f7caedf15877b3573a0e175d33abe88cb91835c", + [ + null, + {} + ] + ], + "same-https.keep-scheme.https.html": [ + "d7462ed70048840d83d48436fd2da70a464bfef5", + [ + null, + {} + ] + ], + "same-https.no-redirect.https.html": [ + "1b2234af460b2e647000a41b9b9eb40f7a6f20f6", + [ + null, + {} + ] + ] + } + } } }, "imageset.https.sub.html": [ @@ -524180,6 +526106,13 @@ "testdriver": true } ] + ], + "path-absolute-endpoint.https.sub.html": [ + "ec06a368e97bdbad1e1df00a9aff55e807d9dd4d", + [ + null, + {} + ] ] }, "requestidlecallback": { @@ -538360,14 +540293,21 @@ ] ], "no-require-trusted-types-for-report-only.tentative.https.html": [ - "56f6295221355dd0c0900f9932222c461c11eda8", + "651bf0a7199beab43e4f00d3c72462ffda1905f2", [ null, {} ] ], "no-require-trusted-types-for.tentative.https.html": [ - "3630962ada9dbc230c2d6f9375b8273a6358778b", + "651bf0a7199beab43e4f00d3c72462ffda1905f2", + [ + null, + {} + ] + ], + "nonsecure-require-trusted-types-for.tentative.html": [ + "46dae7a966142f4946767ac8ea8784c81f97ce15", [ null, {} @@ -540094,6 +542034,222 @@ } } }, + "sharedworker-classic.http-rp": { + "upgrade": { + "fetch": { + "cross-http-downgrade.downgrade.https.html": [ + "61b877179b549a79d7c7346c0e580d8e76635253", + [ + null, + {} + ] + ], + "cross-http-downgrade.no-redirect.https.html": [ + "cf33de98270eb2a9cec143b971aec204dcef313d", + [ + null, + {} + ] + ], + "cross-https.downgrade.https.html": [ + "d8cb3879821179c54edbfb9bb56758217b46ccf3", + [ + null, + {} + ] + ], + "same-http-downgrade.downgrade.https.html": [ + "f6f20b961c97d094376dbf1e5ce6fb2c1ed037ee", + [ + null, + {} + ] + ], + "same-http-downgrade.no-redirect.https.html": [ + "ed733b37443e8597614c96e8b44a095886d9e2e3", + [ + null, + {} + ] + ], + "same-https.downgrade.https.html": [ + "123082b69d02cc439da25662605e12800c21b5e5", + [ + null, + {} + ] + ] + }, + "websocket": { + "cross-ws-downgrade.no-redirect.https.html": [ + "72bd9333c18d05424677ef3d354f470d6a11d634", + [ + null, + {} + ] + ], + "same-ws-downgrade.no-redirect.https.html": [ + "dcbf07f7ce1ae1de01c280cc5fa5e5bc971481d5", + [ + null, + {} + ] + ] + }, + "xhr": { + "cross-http-downgrade.downgrade.https.html": [ + "bdc7fb2c4593a5aacb30c57741d0b8002b544da6", + [ + null, + {} + ] + ], + "cross-http-downgrade.no-redirect.https.html": [ + "8f18e37f154fafd8cc28ef02538895b7a4078472", + [ + null, + {} + ] + ], + "cross-https.downgrade.https.html": [ + "a43a3168398c8f6dd125bb38186ef924bbd5b4ed", + [ + null, + {} + ] + ], + "same-http-downgrade.downgrade.https.html": [ + "c060ae2f6d3121cc2d3c78cf9802221264126587", + [ + null, + {} + ] + ], + "same-http-downgrade.no-redirect.https.html": [ + "30bea818628c58c4283a0ee3ad5461b6c9797527", + [ + null, + {} + ] + ], + "same-https.downgrade.https.html": [ + "a6d639790b4af3f22851930b7cf553a3a56fee7c", + [ + null, + {} + ] + ] + } + } + }, + "sharedworker-module.http-rp": { + "upgrade": { + "fetch": { + "cross-http-downgrade.downgrade.https.html": [ + "1369927f37e1642f3cdd444e98c25b8acadd9e31", + [ + null, + {} + ] + ], + "cross-http-downgrade.no-redirect.https.html": [ + "f33ac5c4577df81ade238b6e7ce9fabd7b072ec5", + [ + null, + {} + ] + ], + "cross-https.downgrade.https.html": [ + "305446297d5c38c70723a9c3106076d6cd8b8d75", + [ + null, + {} + ] + ], + "same-http-downgrade.downgrade.https.html": [ + "c2db82d541c9cb46f7ba78e5d767a4a97d6ff9f1", + [ + null, + {} + ] + ], + "same-http-downgrade.no-redirect.https.html": [ + "683d3683aeddd07870a1fdd0aca7582acc08f6cb", + [ + null, + {} + ] + ], + "same-https.downgrade.https.html": [ + "9f7061ed66c38e512f1bc72b4bf4a994822822c3", + [ + null, + {} + ] + ] + }, + "websocket": { + "cross-ws-downgrade.no-redirect.https.html": [ + "845eea6de9f8f9d64a8e14849eb02d7875217e9a", + [ + null, + {} + ] + ], + "same-ws-downgrade.no-redirect.https.html": [ + "c982b10aa5e82aabeea7bbd6d079213dfdfaadfa", + [ + null, + {} + ] + ] + }, + "xhr": { + "cross-http-downgrade.downgrade.https.html": [ + "24dc6fcd00c3692941e2c2090cf89f1a0e55f28a", + [ + null, + {} + ] + ], + "cross-http-downgrade.no-redirect.https.html": [ + "1eaa99de10ace990ca71292513c164fe738458ea", + [ + null, + {} + ] + ], + "cross-https.downgrade.https.html": [ + "dd536795ab60b003d5eae2e1a24bafab6ccbba05", + [ + null, + {} + ] + ], + "same-http-downgrade.downgrade.https.html": [ + "1d24f759d316f8301d5331c8923a7b9426375b2e", + [ + null, + {} + ] + ], + "same-http-downgrade.no-redirect.https.html": [ + "0433b4e6f776a43f6dd81fbe16fe2deca94196c1", + [ + null, + {} + ] + ], + "same-https.downgrade.https.html": [ + "854197395dfd1a6039a5bf0d8cf90379616bbe1a", + [ + null, + {} + ] + ] + } + } + }, "srcdoc-inherit.meta": { "unset": { "fetch": { @@ -543943,6 +546099,926 @@ ] } } + }, + "worker-classic-inherit.http-rp": { + "upgrade": { + "fetch": { + "cross-http-downgrade.downgrade.https.html": [ + "6343f36cb31efcce823d24f4951376517037c301", + [ + null, + {} + ] + ], + "cross-http-downgrade.no-redirect.https.html": [ + "577b857caf53e92ae5626948264ed7627c0247d5", + [ + null, + {} + ] + ], + "cross-https.downgrade.https.html": [ + "e05cc38d22fac4e9388ab92319e6938c7fdc6b76", + [ + null, + {} + ] + ], + "same-http-downgrade.downgrade.https.html": [ + "5353e644b5e7e2c06354cf453a5750c00ae2442b", + [ + null, + {} + ] + ], + "same-http-downgrade.no-redirect.https.html": [ + "eddd8cb2d39299c139c2b504cfdf1cbad83f6d88", + [ + null, + {} + ] + ], + "same-https.downgrade.https.html": [ + "0f1e15c0900c38781a39b76f9553df149fda6a44", + [ + null, + {} + ] + ] + }, + "websocket": { + "cross-ws-downgrade.no-redirect.https.html": [ + "2aba803e47e792986ce16f1885e35629f66c6ef0", + [ + null, + {} + ] + ], + "same-ws-downgrade.no-redirect.https.html": [ + "f60d181f433f8f311848d519d9fdf555506f7b47", + [ + null, + {} + ] + ] + }, + "worker-classic": { + "same-http-downgrade.downgrade.https.html": [ + "42ed603827e1affc61aa71f279a090dccfe8f006", + [ + null, + {} + ] + ], + "same-http-downgrade.no-redirect.https.html": [ + "7a20a8e3fd26951b8f58373ea613a47eecd428a6", + [ + null, + {} + ] + ], + "same-https.downgrade.https.html": [ + "5a958a08cb6bda70fae8e1b32548cb7aecb7dfc6", + [ + null, + {} + ] + ] + }, + "worker-module": { + "same-http-downgrade.downgrade.https.html": [ + "2c1fb202a49dceac20947136e1290b585d0b4a32", + [ + null, + {} + ] + ], + "same-http-downgrade.no-redirect.https.html": [ + "9f82d377780cde0856326d7affd670e5d26f9d63", + [ + null, + {} + ] + ], + "same-https.downgrade.https.html": [ + "72efc132acd141aeb51816858b0a5068a9df5aa3", + [ + null, + {} + ] + ] + }, + "xhr": { + "cross-http-downgrade.downgrade.https.html": [ + "ff1bcf3810bfaaf4cfe2f03be05d48b72ddcfad6", + [ + null, + {} + ] + ], + "cross-http-downgrade.no-redirect.https.html": [ + "41ef5301d9dcbe26cbb36ef0ecb64a295cacd5f3", + [ + null, + {} + ] + ], + "cross-https.downgrade.https.html": [ + "88ae7c1ba97cf3a9e6e0e8c090d7ee0282cfed87", + [ + null, + {} + ] + ], + "same-http-downgrade.downgrade.https.html": [ + "4846c1b74bdb6f01cabc41ddf015a0f619436f2d", + [ + null, + {} + ] + ], + "same-http-downgrade.no-redirect.https.html": [ + "5ac1a65b1631a2b67798c5dce76b29a73058d039", + [ + null, + {} + ] + ], + "same-https.downgrade.https.html": [ + "72c31fad4bac19e65bd87a7e4ed3ab4b7e43e6fc", + [ + null, + {} + ] + ] + } + } + }, + "worker-classic-inherit.meta": { + "unset": { + "fetch": { + "cross-http-downgrade.downgrade.https.html": [ + "d9755caa89306fcc77e8331a0fee7183599fe516", + [ + null, + {} + ] + ], + "cross-http-downgrade.no-redirect.https.html": [ + "6b817746c5ef7182e6544c4135f4f0807a244e7a", + [ + null, + {} + ] + ], + "cross-https.downgrade.https.html": [ + "cb5ceb285c07f1f72f0f203b42130785e1f3cefe", + [ + null, + {} + ] + ], + "same-http-downgrade.downgrade.https.html": [ + "a4f8fa016d4b8c0bcdbdb7967f7b6b9f76904a27", + [ + null, + {} + ] + ], + "same-http-downgrade.no-redirect.https.html": [ + "c7bd3df7c33524db169fd6dd253b70c932c73bc5", + [ + null, + {} + ] + ], + "same-https.downgrade.https.html": [ + "e75a0162cdce1bc9e665efee61ef62120a0d3eb8", + [ + null, + {} + ] + ] + }, + "websocket": { + "cross-ws-downgrade.no-redirect.https.html": [ + "3a65178ee2f0264a9b895834a4681471f6b74da0", + [ + null, + {} + ] + ], + "same-ws-downgrade.no-redirect.https.html": [ + "bd36ad5e61db0ce4734964fcedb956e73603ed64", + [ + null, + {} + ] + ] + }, + "worker-classic": { + "same-http-downgrade.downgrade.https.html": [ + "68248b66d281c4bca1bf70a328cb1f0a3d7fcd72", + [ + null, + {} + ] + ], + "same-http-downgrade.no-redirect.https.html": [ + "151e39684079a4401bade2199dac96574af2e203", + [ + null, + {} + ] + ], + "same-https.downgrade.https.html": [ + "6fdc1411389607c443ae54815123014af466a390", + [ + null, + {} + ] + ] + }, + "worker-module": { + "same-http-downgrade.downgrade.https.html": [ + "f168e1ea28b9ec4cbe6d663ba3973724ad5291d8", + [ + null, + {} + ] + ], + "same-http-downgrade.no-redirect.https.html": [ + "3e42f056f580a10c2e2b8b117005fec0cfcd59fb", + [ + null, + {} + ] + ], + "same-https.downgrade.https.html": [ + "02723eae64b265e22ac4f03ea9d0d89f10bb1998", + [ + null, + {} + ] + ] + }, + "xhr": { + "cross-http-downgrade.downgrade.https.html": [ + "8a7fe50d9535789c10231b24cec789af8fb38936", + [ + null, + {} + ] + ], + "cross-http-downgrade.no-redirect.https.html": [ + "36b2828c4ad23749e02edac2775cab408c9a52cf", + [ + null, + {} + ] + ], + "cross-https.downgrade.https.html": [ + "b89fdb905665f1382da40f1cf4c094baa636efd6", + [ + null, + {} + ] + ], + "same-http-downgrade.downgrade.https.html": [ + "f90e276e3386bfa8114577b2fdc230faeca1870f", + [ + null, + {} + ] + ], + "same-http-downgrade.no-redirect.https.html": [ + "7cd85dcb51f861d58fc86cd07ed1d53480a6eecc", + [ + null, + {} + ] + ], + "same-https.downgrade.https.html": [ + "9549a31e854e3487d87b6ef32273c57ea692874e", + [ + null, + {} + ] + ] + } + }, + "upgrade": { + "fetch": { + "cross-http-downgrade.downgrade.https.html": [ + "3a45df5b10b0594db3dbd17d3001f83e2e5ba811", + [ + null, + {} + ] + ], + "cross-http-downgrade.no-redirect.https.html": [ + "b7817aab76c10708e210781983ba9e069f7b6a99", + [ + null, + {} + ] + ], + "cross-https.downgrade.https.html": [ + "bbe8f0556d9d1ae412bfc23b543259b9bbdad7b5", + [ + null, + {} + ] + ], + "same-http-downgrade.downgrade.https.html": [ + "322d17cffc24b950af5e18a3e2d9a749914c53a9", + [ + null, + {} + ] + ], + "same-http-downgrade.no-redirect.https.html": [ + "06149273ccd8659de1fd0a943cad69f965557a6b", + [ + null, + {} + ] + ], + "same-https.downgrade.https.html": [ + "268ceb2a1c3732e424205e5de95411dd2ccf14a4", + [ + null, + {} + ] + ] + }, + "websocket": { + "cross-ws-downgrade.no-redirect.https.html": [ + "43180322e4fda1aa3d44fff3e9756f6bff6a3664", + [ + null, + {} + ] + ], + "same-ws-downgrade.no-redirect.https.html": [ + "22a41d207319cdf316aea7e3d4fbf43f8ccfdde7", + [ + null, + {} + ] + ] + }, + "worker-classic": { + "same-http-downgrade.downgrade.https.html": [ + "91efc3fe62eb0b8980560d4ec2dd102750781c9b", + [ + null, + {} + ] + ], + "same-http-downgrade.no-redirect.https.html": [ + "e33fe74f66fcaebdaf9b5667c703c9a4cb0b13d2", + [ + null, + {} + ] + ], + "same-https.downgrade.https.html": [ + "33ce6b6ec998585faed07c21096d0744f49e17c9", + [ + null, + {} + ] + ] + }, + "worker-module": { + "same-http-downgrade.downgrade.https.html": [ + "33faa24d050bc4884d003804c47f7302aa95c0cc", + [ + null, + {} + ] + ], + "same-http-downgrade.no-redirect.https.html": [ + "cc4c777cebf9e76b29955bcf4f4a5a13c7a2db89", + [ + null, + {} + ] + ], + "same-https.downgrade.https.html": [ + "f955230b051d1ac60ef2789adb7ed2a6e3f7e444", + [ + null, + {} + ] + ] + }, + "xhr": { + "cross-http-downgrade.downgrade.https.html": [ + "ab564874fef2f9316089a85e7c0a08e5b21b1e31", + [ + null, + {} + ] + ], + "cross-http-downgrade.no-redirect.https.html": [ + "71b5ca048aa77fcd99db64473e18de1edd61c078", + [ + null, + {} + ] + ], + "cross-https.downgrade.https.html": [ + "e8a08fc0cd8dbd26f5e0d76cedbd2ccc4a39e17f", + [ + null, + {} + ] + ], + "same-http-downgrade.downgrade.https.html": [ + "6125ad0c8547c26e00437a0cf15472258b2d2b6c", + [ + null, + {} + ] + ], + "same-http-downgrade.no-redirect.https.html": [ + "9cf1a16672de9d91da2538a57f1946135c773740", + [ + null, + {} + ] + ], + "same-https.downgrade.https.html": [ + "b3e64a982b60203b0cdc544baadfd214ab120733", + [ + null, + {} + ] + ] + } + } + }, + "worker-module-inherit.http-rp": { + "upgrade": { + "fetch": { + "cross-http-downgrade.downgrade.https.html": [ + "da211f791b30dfd55fd5fa92984ec5a473fde7bd", + [ + null, + {} + ] + ], + "cross-http-downgrade.no-redirect.https.html": [ + "5168cfed44b95e49e62e9fb2b48582c45f9d5f32", + [ + null, + {} + ] + ], + "cross-https.downgrade.https.html": [ + "4323601eac1a78de91c14ef785825afc698fbfe2", + [ + null, + {} + ] + ], + "same-http-downgrade.downgrade.https.html": [ + "f29fa9df3974ace7dd871e6603560db2ef304b12", + [ + null, + {} + ] + ], + "same-http-downgrade.no-redirect.https.html": [ + "9a7dce98896fc5a8b4c269dffbe7fbe4c0afbd85", + [ + null, + {} + ] + ], + "same-https.downgrade.https.html": [ + "75268315985dbd50331a54918178524f1e672fc6", + [ + null, + {} + ] + ] + }, + "websocket": { + "cross-ws-downgrade.no-redirect.https.html": [ + "be9a3489fa196bd042e0a61ad925baf4540d9b3d", + [ + null, + {} + ] + ], + "same-ws-downgrade.no-redirect.https.html": [ + "0f7e54ed5b8005d523159241ca2c995779494899", + [ + null, + {} + ] + ] + }, + "worker-classic": { + "same-http-downgrade.downgrade.https.html": [ + "707fffa985ce014a47564cd4074510a654f9a02e", + [ + null, + {} + ] + ], + "same-http-downgrade.no-redirect.https.html": [ + "f3e96e7eef8bf6d2f1b5397589946a55b3180d7e", + [ + null, + {} + ] + ], + "same-https.downgrade.https.html": [ + "3bd618a1318afd896fe2bb11fa064a6c4bda000e", + [ + null, + {} + ] + ] + }, + "worker-module": { + "same-http-downgrade.downgrade.https.html": [ + "3b13bd0ffb1641777796ec514d5f35d0dc0d08b8", + [ + null, + {} + ] + ], + "same-http-downgrade.no-redirect.https.html": [ + "f5bd175493f64bbfb3cde44f7321937335e62316", + [ + null, + {} + ] + ], + "same-https.downgrade.https.html": [ + "1a410c337addd7c3f0cb1727f704f8a330953ddc", + [ + null, + {} + ] + ] + }, + "xhr": { + "cross-http-downgrade.downgrade.https.html": [ + "d4c5259281371587d2d9af5558121113ac5343ca", + [ + null, + {} + ] + ], + "cross-http-downgrade.no-redirect.https.html": [ + "4378941e87b9521ac402a367ae0645296c1fd80d", + [ + null, + {} + ] + ], + "cross-https.downgrade.https.html": [ + "b278d26aee134df9bb00da0ef519cdd8f5ee26ca", + [ + null, + {} + ] + ], + "same-http-downgrade.downgrade.https.html": [ + "3220dbc607e707b86742ef0e3ea67f1ac6b2db23", + [ + null, + {} + ] + ], + "same-http-downgrade.no-redirect.https.html": [ + "5b345af1fb8a616e8ed330e4f0464b10beb630e6", + [ + null, + {} + ] + ], + "same-https.downgrade.https.html": [ + "0b0ed68401b4185f28448aadd818c33956330c5b", + [ + null, + {} + ] + ] + } + } + }, + "worker-module-inherit.meta": { + "unset": { + "fetch": { + "cross-http-downgrade.downgrade.https.html": [ + "112fae83b06b1e4439b31f9bd665e86dfb81bac0", + [ + null, + {} + ] + ], + "cross-http-downgrade.no-redirect.https.html": [ + "b3995f332850066805a04857f35e9411a7ee0be8", + [ + null, + {} + ] + ], + "cross-https.downgrade.https.html": [ + "643d7d22451b72712607a14eab14e583048fda8c", + [ + null, + {} + ] + ], + "same-http-downgrade.downgrade.https.html": [ + "5c7db8f999586f9bb69c49f27a876dd4a1652ffa", + [ + null, + {} + ] + ], + "same-http-downgrade.no-redirect.https.html": [ + "fc1f4c44f87c36435624df00294ca285076dda40", + [ + null, + {} + ] + ], + "same-https.downgrade.https.html": [ + "bfad8ce5824c449e96505037257c7b25e4cc2554", + [ + null, + {} + ] + ] + }, + "websocket": { + "cross-ws-downgrade.no-redirect.https.html": [ + "5b286c2c85d80a1e1b1813b9f2f320aed33d5308", + [ + null, + {} + ] + ], + "same-ws-downgrade.no-redirect.https.html": [ + "b257b62b3776522effa335a8ac4693723eaa4b29", + [ + null, + {} + ] + ] + }, + "worker-classic": { + "same-http-downgrade.downgrade.https.html": [ + "41edcee91343cf7331175718fbd3647405dc7ea0", + [ + null, + {} + ] + ], + "same-http-downgrade.no-redirect.https.html": [ + "c8f80ea5f8eb5bdebfffcd93835dbc539bf775b4", + [ + null, + {} + ] + ], + "same-https.downgrade.https.html": [ + "e62b99cfe0ccc9c1c89ccf712c5cd4e9e99cca6d", + [ + null, + {} + ] + ] + }, + "worker-module": { + "same-http-downgrade.downgrade.https.html": [ + "9ae603af9560f8262c1ee6a069b2f36a961a0bf1", + [ + null, + {} + ] + ], + "same-http-downgrade.no-redirect.https.html": [ + "fa6db2386ff0f26b56e90cc61540c48991d70d3b", + [ + null, + {} + ] + ], + "same-https.downgrade.https.html": [ + "67db42fbaf7a6deac6a289c84c1f05073b58bbbf", + [ + null, + {} + ] + ] + }, + "xhr": { + "cross-http-downgrade.downgrade.https.html": [ + "fd8f1d45ccdd7d753b9ef1b1fc98d253746da05f", + [ + null, + {} + ] + ], + "cross-http-downgrade.no-redirect.https.html": [ + "79a1cc703c9d3a2ba778626e594d27a152171afa", + [ + null, + {} + ] + ], + "cross-https.downgrade.https.html": [ + "9d851b1cbe61cdfe5a316890fc1e56c87d9f8e12", + [ + null, + {} + ] + ], + "same-http-downgrade.downgrade.https.html": [ + "c5fd0128ae17e0658b04caa4747e2a9aa0dff011", + [ + null, + {} + ] + ], + "same-http-downgrade.no-redirect.https.html": [ + "f3d4243421419389bf22c684278990e0a1f9518a", + [ + null, + {} + ] + ], + "same-https.downgrade.https.html": [ + "d220e187293e23cc3b533887ca90a96a41a3f614", + [ + null, + {} + ] + ] + } + }, + "upgrade": { + "fetch": { + "cross-http-downgrade.downgrade.https.html": [ + "fe3315e93c54709439240f89cf829eff5bed96a1", + [ + null, + {} + ] + ], + "cross-http-downgrade.no-redirect.https.html": [ + "2b116132a6968ba1ca7474d64f359c0e6b12ffef", + [ + null, + {} + ] + ], + "cross-https.downgrade.https.html": [ + "218fe6ea34c3e68827aa408cfe95b9d389957146", + [ + null, + {} + ] + ], + "same-http-downgrade.downgrade.https.html": [ + "940801d887cfb6cf05fa39939ef7453e17cc3a53", + [ + null, + {} + ] + ], + "same-http-downgrade.no-redirect.https.html": [ + "7cf5065260c218f7a9378f6c8eb89f961e89021a", + [ + null, + {} + ] + ], + "same-https.downgrade.https.html": [ + "4074faa3ef27bea9495f273954c4bb3c5dcb13c4", + [ + null, + {} + ] + ] + }, + "websocket": { + "cross-ws-downgrade.no-redirect.https.html": [ + "10244a37560df6e6c188b94d0f3eab55711035dd", + [ + null, + {} + ] + ], + "same-ws-downgrade.no-redirect.https.html": [ + "87fc5f47dfab31067e341440071cd8e4cd941127", + [ + null, + {} + ] + ] + }, + "worker-classic": { + "same-http-downgrade.downgrade.https.html": [ + "47530942a202111950bf21ff76ecf16ebdb9f9fa", + [ + null, + {} + ] + ], + "same-http-downgrade.no-redirect.https.html": [ + "b663ecb63ef8ad69c18abd84b903e2bf0d2fc3e8", + [ + null, + {} + ] + ], + "same-https.downgrade.https.html": [ + "c9a3b86de328a377db769a380669ffdeabcdb2c7", + [ + null, + {} + ] + ] + }, + "worker-module": { + "same-http-downgrade.downgrade.https.html": [ + "f6845c744759c77c3b57842cc7e051255271fab5", + [ + null, + {} + ] + ], + "same-http-downgrade.no-redirect.https.html": [ + "15b88d596aed5b241586549386239e1795504b51", + [ + null, + {} + ] + ], + "same-https.downgrade.https.html": [ + "ee73df98a2e62afc2023da9b138f9c2cb81ce7f6", + [ + null, + {} + ] + ] + }, + "xhr": { + "cross-http-downgrade.downgrade.https.html": [ + "496e66122cf24771c9f8da1a8449cea4e1904b6a", + [ + null, + {} + ] + ], + "cross-http-downgrade.no-redirect.https.html": [ + "97f713070564743327fadc27d54d0006a322286c", + [ + null, + {} + ] + ], + "cross-https.downgrade.https.html": [ + "3b9fa3d655b7cb8955cfbee7763e1354aeb363a5", + [ + null, + {} + ] + ], + "same-http-downgrade.downgrade.https.html": [ + "3e1d82ab6399664d4cc2d4ff5f39f0ba5d482a98", + [ + null, + {} + ] + ], + "same-http-downgrade.no-redirect.https.html": [ + "8990d9e95157cf3bbf8287ddcde2a2848a5b8c23", + [ + null, + {} + ] + ], + "same-https.downgrade.https.html": [ + "cb7f651df887e2f78eadfe81adeb8677db62cbb8", + [ + null, + {} + ] + ] + } + } } }, "link-upgrade.sub.https.html": [ @@ -547631,7 +550707,7 @@ ] ], "animate.html": [ - "bfe351250ffc28e9681cd2534024eefef33d2fc8", + "00e68b429621f65e68285bda2fa04ccb39f3f8e9", [ null, {} @@ -547890,7 +550966,7 @@ ] ], "target.html": [ - "6951682c4d8af29736e1ec655b65e4147aee9538", + "30b2ee6f0c8a3b5e371fd9996edfb2590c624d17", [ null, {} @@ -552323,13 +555399,6 @@ {} ] ], - "RTCPeerConnection-close.html": [ - "74f816bf3fc0c8970582216e82e9eedc3227def1", - [ - null, - {} - ] - ], "RTCPeerConnection-connectionState.https.html": [ "9e2f3649aec145f3f8787846c0cd3b9ac74a7a81", [ @@ -558702,8 +561771,15 @@ ] ], "hit-test": { + "ar_hittest_subscription_inputSources.https.html": [ + "b13d69a0d8442d63edd6657f4999b2b3c2a74c87", + [ + null, + {} + ] + ], "ar_hittest_subscription_refSpaces.https.html": [ - "d1ce3154e6ce967f0ed8822e4b82dab6aead7dd3", + "ecdfab479c7b1033c36eba6f22a3cf379063f174", [ null, {} diff --git a/tests/wpt/metadata/css/CSS2/floats/hit-test-floats-002.html.ini b/tests/wpt/metadata/css/CSS2/floats/hit-test-floats-002.html.ini new file mode 100644 index 00000000000..f64b45fea6b --- /dev/null +++ b/tests/wpt/metadata/css/CSS2/floats/hit-test-floats-002.html.ini @@ -0,0 +1,4 @@ +[hit-test-floats-002.html] + [Hit test float] + expected: FAIL + diff --git a/tests/wpt/metadata/css/CSS2/floats/hit-test-floats-003.html.ini b/tests/wpt/metadata/css/CSS2/floats/hit-test-floats-003.html.ini deleted file mode 100644 index f29da48a2a0..00000000000 --- a/tests/wpt/metadata/css/CSS2/floats/hit-test-floats-003.html.ini +++ /dev/null @@ -1,4 +0,0 @@ -[hit-test-floats-003.html] - [Miss float below something else] - expected: FAIL - diff --git a/tests/wpt/metadata/css/CSS2/floats/hit-test-floats-004.html.ini b/tests/wpt/metadata/css/CSS2/floats/hit-test-floats-004.html.ini deleted file mode 100644 index 4bfb0c2053a..00000000000 --- a/tests/wpt/metadata/css/CSS2/floats/hit-test-floats-004.html.ini +++ /dev/null @@ -1,4 +0,0 @@ -[hit-test-floats-004.html] - [Miss float below something else] - expected: FAIL - diff --git a/tests/wpt/metadata/css/cssom-view/elementFromPoint-001.html.ini b/tests/wpt/metadata/css/cssom-view/elementFromPoint-001.html.ini new file mode 100644 index 00000000000..e38782d8c85 --- /dev/null +++ b/tests/wpt/metadata/css/cssom-view/elementFromPoint-001.html.ini @@ -0,0 +1,4 @@ +[elementFromPoint-001.html] + [CSSOM View - 5 - extensions to the Document interface] + expected: FAIL + diff --git a/tests/wpt/metadata/css/cssom-view/elementsFromPoint-iframes.html.ini b/tests/wpt/metadata/css/cssom-view/elementsFromPoint-iframes.html.ini index 171592fc08f..6ef8bb1049f 100644 --- a/tests/wpt/metadata/css/cssom-view/elementsFromPoint-iframes.html.ini +++ b/tests/wpt/metadata/css/cssom-view/elementsFromPoint-iframes.html.ini @@ -2,3 +2,6 @@ [elementsFromPoint on the root document for points in iframe elements] expected: FAIL + [elementsFromPoint on inner documents] + expected: FAIL + diff --git a/tests/wpt/metadata/css/cssom-view/elementsFromPoint-invalid-cases.html.ini b/tests/wpt/metadata/css/cssom-view/elementsFromPoint-invalid-cases.html.ini deleted file mode 100644 index e181af5397f..00000000000 --- a/tests/wpt/metadata/css/cssom-view/elementsFromPoint-invalid-cases.html.ini +++ /dev/null @@ -1,4 +0,0 @@ -[elementsFromPoint-invalid-cases.html] - [The root element is the last element returned for otherwise empty queries within the viewport] - expected: FAIL - diff --git a/tests/wpt/metadata/fetch/content-type/response.window.js.ini b/tests/wpt/metadata/fetch/content-type/response.window.js.ini index 0dc412ed582..8fe66411890 100644 --- a/tests/wpt/metadata/fetch/content-type/response.window.js.ini +++ b/tests/wpt/metadata/fetch/content-type/response.window.js.ini @@ -312,9 +312,6 @@ [fetch(): separate response Content-Type: text/plain ] expected: NOTRUN - [<iframe>: combined response Content-Type: */* text/html] - expected: FAIL - [<iframe>: separate response Content-Type: text/html;x=" text/plain] expected: FAIL @@ -324,12 +321,12 @@ [<iframe>: combined response Content-Type: text/html;" \\" text/plain] expected: FAIL - [<iframe>: combined response Content-Type: text/html;charset=gbk text/plain text/html] + [<iframe>: combined response Content-Type: text/html;" text/plain] expected: FAIL - [<iframe>: combined response Content-Type: text/html;x=" text/plain] + [<iframe>: combined response Content-Type: text/html */*] expected: FAIL - [<iframe>: separate response Content-Type: text/plain */*;charset=gbk] + [<iframe>: separate response Content-Type: text/plain */*] expected: FAIL diff --git a/tests/wpt/metadata/fetch/nosniff/parsing-nosniff.window.js.ini b/tests/wpt/metadata/fetch/nosniff/parsing-nosniff.window.js.ini index 30e1b851fd4..369bf4d4fa4 100644 --- a/tests/wpt/metadata/fetch/nosniff/parsing-nosniff.window.js.ini +++ b/tests/wpt/metadata/fetch/nosniff/parsing-nosniff.window.js.ini @@ -11,3 +11,6 @@ [X-Content-Type-Options%3A%20nosniff%2C%2C%40%23%24%23%25%25%26%5E%26%5E*()()11!] expected: FAIL + [Content-Type-Options%3A%20nosniff] + expected: FAIL + diff --git a/tests/wpt/metadata/html/browsers/history/the-history-interface/traverse_the_history_1.html.ini b/tests/wpt/metadata/html/browsers/history/the-history-interface/traverse_the_history_1.html.ini new file mode 100644 index 00000000000..87b07c3e670 --- /dev/null +++ b/tests/wpt/metadata/html/browsers/history/the-history-interface/traverse_the_history_1.html.ini @@ -0,0 +1,4 @@ +[traverse_the_history_1.html] + [Multiple history traversals from the same task] + expected: FAIL + diff --git a/tests/wpt/metadata/html/browsers/history/the-history-interface/traverse_the_history_3.html.ini b/tests/wpt/metadata/html/browsers/history/the-history-interface/traverse_the_history_3.html.ini deleted file mode 100644 index 51f8272a6de..00000000000 --- a/tests/wpt/metadata/html/browsers/history/the-history-interface/traverse_the_history_3.html.ini +++ /dev/null @@ -1,4 +0,0 @@ -[traverse_the_history_3.html] - [Multiple history traversals, last would be aborted] - expected: FAIL - diff --git a/tests/wpt/metadata/html/browsers/history/the-history-interface/traverse_the_history_4.html.ini b/tests/wpt/metadata/html/browsers/history/the-history-interface/traverse_the_history_4.html.ini deleted file mode 100644 index 385376c7321..00000000000 --- a/tests/wpt/metadata/html/browsers/history/the-history-interface/traverse_the_history_4.html.ini +++ /dev/null @@ -1,4 +0,0 @@ -[traverse_the_history_4.html] - [Multiple history traversals, last would be aborted] - expected: FAIL - diff --git a/tests/wpt/metadata/html/interaction/focus/the-autofocus-attribute/supported-elements.html.ini b/tests/wpt/metadata/html/interaction/focus/the-autofocus-attribute/supported-elements.html.ini index 8b743f36e1d..6b68e9094e4 100644 --- a/tests/wpt/metadata/html/interaction/focus/the-autofocus-attribute/supported-elements.html.ini +++ b/tests/wpt/metadata/html/interaction/focus/the-autofocus-attribute/supported-elements.html.ini @@ -1,20 +1,16 @@ [supported-elements.html] - expected: TIMEOUT [Contenteditable element should support autofocus] expected: FAIL [Element with tabindex should support autofocus] - expected: TIMEOUT + expected: FAIL [Host element with delegatesFocus including no focusable descendants should be skipped] - expected: NOTRUN + expected: FAIL [Area element should support autofocus] - expected: NOTRUN + expected: FAIL [Host element with delegatesFocus should support autofocus] - expected: NOTRUN - - [Non-HTMLElement should not support autofocus] - expected: NOTRUN + expected: FAIL diff --git a/tests/wpt/metadata/html/semantics/embedded-content/the-iframe-element/iframe_sandbox_popups_escaping-3.html.ini b/tests/wpt/metadata/html/semantics/embedded-content/the-iframe-element/iframe_sandbox_popups_escaping-3.html.ini index 5f60c78e73c..f6a7aca3306 100644 --- a/tests/wpt/metadata/html/semantics/embedded-content/the-iframe-element/iframe_sandbox_popups_escaping-3.html.ini +++ b/tests/wpt/metadata/html/semantics/embedded-content/the-iframe-element/iframe_sandbox_popups_escaping-3.html.ini @@ -1,6 +1,5 @@ [iframe_sandbox_popups_escaping-3.html] type: testharness - expected: TIMEOUT [Check that popups from a sandboxed iframe escape the sandbox if\n allow-popups-to-escape-sandbox is used] - expected: TIMEOUT + expected: FAIL diff --git a/tests/wpt/metadata/html/semantics/scripting-1/the-script-element/execution-timing/077.html.ini b/tests/wpt/metadata/html/semantics/scripting-1/the-script-element/execution-timing/077.html.ini new file mode 100644 index 00000000000..bcd2fd0eab8 --- /dev/null +++ b/tests/wpt/metadata/html/semantics/scripting-1/the-script-element/execution-timing/077.html.ini @@ -0,0 +1,4 @@ +[077.html] + [ adding several types of scripts through the DOM and removing some of them confuses scheduler ] + expected: FAIL + diff --git a/tests/wpt/metadata/webaudio/the-audio-api/the-audiobuffersourcenode-interface/audiobuffersource-multi-channels.html.ini b/tests/wpt/metadata/webaudio/the-audio-api/the-audiobuffersourcenode-interface/audiobuffersource-multi-channels.html.ini index 47eef97b8c3..398a0440052 100644 --- a/tests/wpt/metadata/webaudio/the-audio-api/the-audiobuffersourcenode-interface/audiobuffersource-multi-channels.html.ini +++ b/tests/wpt/metadata/webaudio/the-audio-api/the-audiobuffersourcenode-interface/audiobuffersource-multi-channels.html.ini @@ -56,3 +56,6 @@ [X Rendered audio for channel 5 does not equal [0,0.0626220703125,0.125030517578125,0.18695068359375,0.24810791015625,0.308319091796875,0.3673095703125,0.42486572265625,0.480743408203125,0.53472900390625,0.58660888671875,0.636199951171875,0.68328857421875,0.727691650390625,0.76922607421875,0.8077392578125...\] with an element-wise tolerance of {"absoluteThreshold":0.000030517578125,"relativeThreshold":0}.\n\tIndex\tActual\t\t\tExpected\t\tAbsError\t\tRelError\t\tTest threshold\n\t[1\]\t3.6732959747314453e-1\t6.2622070312500000e-2\t3.0470752716064453e-1\t4.8658168859649127e+0\t3.0517578125000000e-5\n\t[2\]\t6.8329977989196777e-1\t1.2503051757812500e-1\t5.5826926231384277e-1\t4.4650639949963384e+0\t3.0517578125000000e-5\n\t[3\]\t9.0373212099075317e-1\t1.8695068359375000e-1\t7.1678143739700317e-1\t3.8340669508039502e+0\t3.0517578125000000e-5\n\t[4\]\t9.9780619144439697e-1\t2.4810791015625000e-1\t7.4969828128814697e-1\t3.0216621502152523e+0\t3.0517578125000000e-5\n\t[5\]\t9.5236867666244507e-1\t3.0831909179687500e-1\t6.4404958486557007e-1\t2.0889059484187866e+0\t3.0517578125000000e-5\n\t...and 44049 more errors.\n\tMax AbsError of 1.9985756278038025e+0 at index of 16692.\n\t[16692\]\t9.9997943639755249e-1\t-9.9859619140625000e-1\t1.9985756278038025e+0\t2.0013851895322721e+0\t3.0517578125000000e-5\n\tMax RelError of Infinity at index of 10584.\n\t[10584\]\t-5.8778524398803711e-1\t0.0000000000000000e+0\t5.8778524398803711e-1\tInfinity\t3.0517578125000000e-5\n] expected: FAIL + [X Rendered audio for channel 5 does not equal [0,0.0626220703125,0.125030517578125,0.18695068359375,0.24810791015625,0.308319091796875,0.3673095703125,0.42486572265625,0.480743408203125,0.53472900390625,0.58660888671875,0.636199951171875,0.68328857421875,0.727691650390625,0.76922607421875,0.8077392578125...\] with an element-wise tolerance of {"absoluteThreshold":0.000030517578125,"relativeThreshold":0}.\n\tIndex\tActual\t\t\tExpected\t\tAbsError\t\tRelError\t\tTest threshold\n\t[1\]\t3.6732959747314453e-1\t6.2622070312500000e-2\t3.0470752716064453e-1\t4.8658168859649127e+0\t3.0517578125000000e-5\n\t[2\]\t6.8329977989196777e-1\t1.2503051757812500e-1\t5.5826926231384277e-1\t4.4650639949963384e+0\t3.0517578125000000e-5\n\t[3\]\t9.0373212099075317e-1\t1.8695068359375000e-1\t7.1678143739700317e-1\t3.8340669508039502e+0\t3.0517578125000000e-5\n\t[4\]\t9.9780619144439697e-1\t2.4810791015625000e-1\t7.4969828128814697e-1\t3.0216621502152523e+0\t3.0517578125000000e-5\n\t[5\]\t9.5236867666244507e-1\t3.0831909179687500e-1\t6.4404958486557007e-1\t2.0889059484187866e+0\t3.0517578125000000e-5\n\t...and 35250 more errors.\n\tMax AbsError of 1.9986611604690552e+0 at index of 12875.\n\t[12875\]\t-9.9994289875030518e-1\t9.9871826171875000e-1\t1.9986611604690552e+0\t2.0012262087101997e+0\t3.0517578125000000e-5\n\tMax RelError of Infinity at index of 7056.\n\t[7056\]\t5.8778524398803711e-1\t0.0000000000000000e+0\t5.8778524398803711e-1\tInfinity\t3.0517578125000000e-5\n] + expected: FAIL + diff --git a/tests/wpt/metadata/webaudio/the-audio-api/the-audiobuffersourcenode-interface/sub-sample-buffer-stitching.html.ini b/tests/wpt/metadata/webaudio/the-audio-api/the-audiobuffersourcenode-interface/sub-sample-buffer-stitching.html.ini index c1a19445ebb..e98c3cc2169 100644 --- a/tests/wpt/metadata/webaudio/the-audio-api/the-audiobuffersourcenode-interface/sub-sample-buffer-stitching.html.ini +++ b/tests/wpt/metadata/webaudio/the-audio-api/the-audiobuffersourcenode-interface/sub-sample-buffer-stitching.html.ini @@ -212,3 +212,9 @@ [X Stitched sine-wave buffers at sample rate 44100 does not equal [0,0.06264832615852356,0.12505052983760834,0.18696144223213196,0.24813786149024963,0.308339387178421,0.36732959747314453,0.4248766601085663,0.480754554271698,0.5347436666488647,0.5866320133209229,0.6362156271934509,0.6832997798919678,0.7276994585990906,0.7692402601242065,0.8077589869499207...\] with an element-wise tolerance of {"absoluteThreshold":0.000090957,"relativeThreshold":0}.\n\tIndex\tActual\t\t\tExpected\t\tAbsError\t\tRelError\t\tTest threshold\n\t[31080\]\t2.1915524950344434e-12\t5.6332010030746460e-1\t5.6332010030527302e-1\t9.9999999999610956e-1\t9.0957000000000003e-5\n\t[31081\]\t4.5863097438886938e-41\t6.1397600173950195e-1\t6.1397600173950195e-1\t1.0000000000000000e+0\t9.0957000000000003e-5\n\tMax AbsError of 6.1397600173950195e-1 at index of 31081.\n\tMax RelError of 1.0000000000000000e+0 at index of 31081.\n] expected: FAIL + [X SNR (45.0183797715649 dB) is not greater than or equal to 85.58. Got 45.0183797715649.] + expected: FAIL + + [X Stitched sine-wave buffers at sample rate 44100 does not equal [0,0.06264832615852356,0.12505052983760834,0.18696144223213196,0.24813786149024963,0.308339387178421,0.36732959747314453,0.4248766601085663,0.480754554271698,0.5347436666488647,0.5866320133209229,0.6362156271934509,0.6832997798919678,0.7276994585990906,0.7692402601242065,0.8077589869499207...\] with an element-wise tolerance of {"absoluteThreshold":0.000090957,"relativeThreshold":0}.\n\tIndex\tActual\t\t\tExpected\t\tAbsError\t\tRelError\t\tTest threshold\n\t[31080\]\t-3.6768964491784573e-5\t5.6332010030746460e-1\t5.6335686927195638e-1\t1.0000652718844432e+0\t9.0957000000000003e-5\n\t[31081\]\t4.5721566293990131e-41\t6.1397600173950195e-1\t6.1397600173950195e-1\t1.0000000000000000e+0\t9.0957000000000003e-5\n\tMax AbsError of 6.1397600173950195e-1 at index of 31081.\n\tMax RelError of 1.0000652718844432e+0 at index of 31080.\n] + expected: FAIL + diff --git a/tests/wpt/metadata/webmessaging/with-ports/018.html.ini b/tests/wpt/metadata/webmessaging/with-ports/018.html.ini new file mode 100644 index 00000000000..663a1f8fa30 --- /dev/null +++ b/tests/wpt/metadata/webmessaging/with-ports/018.html.ini @@ -0,0 +1,5 @@ +[018.html] + expected: TIMEOUT + [origin of the script that invoked the method, javascript:] + expected: TIMEOUT + diff --git a/tests/wpt/metadata/webmessaging/without-ports/017.html.ini b/tests/wpt/metadata/webmessaging/without-ports/017.html.ini new file mode 100644 index 00000000000..064cf47545b --- /dev/null +++ b/tests/wpt/metadata/webmessaging/without-ports/017.html.ini @@ -0,0 +1,5 @@ +[017.html] + expected: TIMEOUT + [origin of the script that invoked the method, about:blank] + expected: TIMEOUT + diff --git a/tests/wpt/metadata/webxr/hit-test/ar_hittest_subscription_inputSources.https.html.ini b/tests/wpt/metadata/webxr/hit-test/ar_hittest_subscription_inputSources.https.html.ini new file mode 100644 index 00000000000..670b46927bc --- /dev/null +++ b/tests/wpt/metadata/webxr/hit-test/ar_hittest_subscription_inputSources.https.html.ini @@ -0,0 +1,2 @@ +[ar_hittest_subscription_inputSources.https.html] + expected: ERROR diff --git a/tests/wpt/metadata/workers/shared-worker-in-data-url-context.window.js.ini b/tests/wpt/metadata/workers/shared-worker-in-data-url-context.window.js.ini index 6d92f8835c6..10dda3a6659 100644 --- a/tests/wpt/metadata/workers/shared-worker-in-data-url-context.window.js.ini +++ b/tests/wpt/metadata/workers/shared-worker-in-data-url-context.window.js.ini @@ -1,8 +1,7 @@ [shared-worker-in-data-url-context.window.html] - expected: TIMEOUT [Create a shared worker in a data url frame] - expected: TIMEOUT + expected: FAIL [Create a data url shared worker in a data url frame] - expected: NOTRUN + expected: FAIL diff --git a/tests/wpt/web-platform-tests/common/security-features/resources/common.sub.js b/tests/wpt/web-platform-tests/common/security-features/resources/common.sub.js index 83b034205a6..aa6b5ddf23a 100644 --- a/tests/wpt/web-platform-tests/common/security-features/resources/common.sub.js +++ b/tests/wpt/web-platform-tests/common/security-features/resources/common.sub.js @@ -1111,19 +1111,19 @@ function invokeRequest(subresource, sourceContextList) { invoker: invokeFromWorker.bind(undefined, "worker", true, {type: 'module'}), }, "sharedworker-classic": { - // Classic dedicated worker loaded from same-origin. + // Classic shared worker loaded from same-origin. invoker: invokeFromWorker.bind(undefined, "sharedworker", false, {}), }, "sharedworker-classic-data": { - // Classic dedicated worker loaded from data: URL. + // Classic shared worker loaded from data: URL. invoker: invokeFromWorker.bind(undefined, "sharedworker", true, {}), }, "sharedworker-module": { - // Module dedicated worker loaded from same-origin. + // Module shared worker loaded from same-origin. invoker: invokeFromWorker.bind(undefined, "sharedworker", false, {type: 'module'}), }, "sharedworker-module-data": { - // Module dedicated worker loaded from data: URL. + // Module shared worker loaded from data: URL. invoker: invokeFromWorker.bind(undefined, "sharedworker", true, {type: 'module'}), }, }; @@ -1182,7 +1182,7 @@ function invokeFromWorker(workerType, isDataUrl, workerOptions, if (workerType === "worker") { const worker = new Worker(url, workerOptions); worker.postMessage({subresource: subresource, - sourceContextList: sourceContextList.slice(1)}); + sourceContextList: sourceContextList.slice(1)}); return bindEvents2(worker, "message", worker, "error", window, "error"); } else if (workerType === "sharedworker") { const worker = new SharedWorker(url, workerOptions); diff --git a/tests/wpt/web-platform-tests/common/security-features/scope/worker.py b/tests/wpt/web-platform-tests/common/security-features/scope/worker.py index bdad52c6a84..716bcb8efff 100644 --- a/tests/wpt/web-platform-tests/common/security-features/scope/worker.py +++ b/tests/wpt/web-platform-tests/common/security-features/scope/worker.py @@ -23,6 +23,10 @@ def main(request, response): elif delivery['deliveryType'] == 'http-rp': if delivery['key'] == 'referrerPolicy': maybe_additional_headers['Referrer-Policy'] = delivery['value'] + elif delivery['key'] == 'mixedContent' and delivery['value'] == 'opt-in': + maybe_additional_headers['Content-Security-Policy'] = 'block-all-mixed-content' + elif delivery['key'] == 'upgradeInsecureRequests' and delivery['value'] == 'upgrade': + maybe_additional_headers['Content-Security-Policy'] = 'upgrade-insecure-requests' else: error = 'invalid delivery key for http-rp: %s' % delivery['key'] else: diff --git a/tests/wpt/web-platform-tests/common/security-features/tools/spec.src.json b/tests/wpt/web-platform-tests/common/security-features/tools/spec.src.json index 7cf6a06c0f5..0b5d6b7f7a7 100644 --- a/tests/wpt/web-platform-tests/common/security-features/tools/spec.src.json +++ b/tests/wpt/web-platform-tests/common/security-features/tools/spec.src.json @@ -182,12 +182,6 @@ "source_context_list_schema": { // Warning: Currently, some nested patterns of contexts have different // inheritance rules for different kinds of policies. - // For example, an HTTP(S) dedicated worker inherits parent's CSP but not - // parent's referrer policy, and "worker-classic" source_context_list - // value here reflects the referrer policy spec, not CSP. - // Perhaps we have to introduce separate source_context_list entries, - // e.g. "worker-classic-CSP" to test the same nested contexts with - // different policy inheritance expectations. // The generated tests will be used to test/investigate the policy // inheritance rules, and eventually the policy inheritance rules will // be unified (https://github.com/w3ctag/design-principles/issues/111). @@ -284,8 +278,8 @@ "subresourcePolicyDeliveries": [] }, "worker-classic": { - // Warning: This is incompatible with the current CSP spec, - // so is not applicable to upgrade-insecure-requests and mixed-content tests. + // This is applicable to referrer-policy tests. + // Use "worker-classic-inherit" for CSP (mixed-content, etc.). "description": "dedicated workers shouldn't inherit its parent's policy.", "sourceContextList": [ { @@ -303,6 +297,26 @@ ], "subresourcePolicyDeliveries": [] }, + "worker-classic-inherit": { + // This is applicable to upgrade-insecure-requests and mixed-content tests. + // Use "worker-classic" for referrer-policy. + "description": "dedicated workers should inherit its parent's policy.", + "sourceContextList": [ + { + "sourceContextType": "top", + "policyDeliveries": [ + "policy" + ] + }, + { + "sourceContextType": "worker-classic", + "policyDeliveries": [ + "anotherPolicy" + ] + } + ], + "subresourcePolicyDeliveries": [] + }, "worker-classic-data": { "description": "data: dedicated workers should inherit its parent's policy.", "sourceContextList": [ @@ -320,8 +334,8 @@ "subresourcePolicyDeliveries": [] }, "worker-module": { - // Warning: This is incompatible with the current CSP spec, - // so is not applicable to upgrade-insecure-requests and mixed-content tests. + // This is applicable to referrer-policy tests. + // Use "worker-module-inherit" for CSP (mixed-content, etc.). "description": "dedicated workers shouldn't inherit its parent's policy.", "sourceContextList": [ { @@ -339,6 +353,26 @@ ], "subresourcePolicyDeliveries": [] }, + "worker-module-inherit": { + // This is applicable to upgrade-insecure-requests and mixed-content tests. + // Use "worker-module" for referrer-policy. + "description": "dedicated workers should inherit its parent's policy.", + "sourceContextList": [ + { + "sourceContextType": "top", + "policyDeliveries": [ + "policy" + ] + }, + { + "sourceContextType": "worker-module", + "policyDeliveries": [ + "anotherPolicy" + ] + } + ], + "subresourcePolicyDeliveries": [] + }, "worker-module-data": { "description": "data: dedicated workers should inherit its parent's policy.", "sourceContextList": [ @@ -355,6 +389,24 @@ ], "subresourcePolicyDeliveries": [] }, + "sharedworker-classic": { + "description": "shared workers shouldn't inherit its parent's policy.", + "sourceContextList": [ + { + "sourceContextType": "top", + "policyDeliveries": [ + "anotherPolicy" + ] + }, + { + "sourceContextType": "sharedworker-classic", + "policyDeliveries": [ + "policy" + ] + } + ], + "subresourcePolicyDeliveries": [] + }, "sharedworker-classic-data": { "description": "data: shared workers should inherit its parent's policy.", "sourceContextList": [ @@ -371,6 +423,24 @@ ], "subresourcePolicyDeliveries": [] }, + "sharedworker-module": { + "description": "shared workers shouldn't inherit its parent's policy.", + "sourceContextList": [ + { + "sourceContextType": "top", + "policyDeliveries": [ + "anotherPolicy" + ] + }, + { + "sourceContextType": "sharedworker-module", + "policyDeliveries": [ + "policy" + ] + } + ], + "subresourcePolicyDeliveries": [] + }, "sharedworker-module-data": { "description": "data: shared workers should inherit its parent's policy.", "sourceContextList": [ @@ -405,10 +475,14 @@ "iframe", "iframe-blank-inherit", "worker-classic", + "worker-classic-inherit", "worker-classic-data", "worker-module", + "worker-module-inherit", "worker-module-data", + "sharedworker-classic", "sharedworker-classic-data", + "sharedworker-module", "sharedworker-module-data" ], "redirection": [ diff --git a/tests/wpt/web-platform-tests/common/security-features/tools/util.py b/tests/wpt/web-platform-tests/common/security-features/tools/util.py index cb89c96e340..88868476e8d 100644 --- a/tests/wpt/web-platform-tests/common/security-features/tools/util.py +++ b/tests/wpt/web-platform-tests/common/security-features/tools/util.py @@ -121,7 +121,7 @@ class PolicyDelivery(object): elif obj == "anotherPolicy": policy_delivery = target_policy_delivery.get_another_policy( supported_delivery_types[0]) - elif type(obj) == dict: + elif isinstance(obj, dict): policy_delivery = PolicyDelivery(obj['deliveryType'], obj['key'], obj['value']) else: @@ -148,6 +148,16 @@ class PolicyDelivery(object): return PolicyDelivery(delivery_type, self.key, 'unsafe-url') else: return PolicyDelivery(delivery_type, self.key, 'no-referrer') + elif self.key == 'mixedContent': + if self.value == 'opt-in': + return PolicyDelivery(delivery_type, self.key, None) + else: + return PolicyDelivery(delivery_type, self.key, 'opt-in') + elif self.key == 'upgradeInsecureRequests': + if self.value == 'upgrade': + return PolicyDelivery(delivery_type, self.key, None) + else: + return PolicyDelivery(delivery_type, self.key, 'upgrade') else: raise Exception('delivery key is invalid: ' + self.key) diff --git a/tests/wpt/web-platform-tests/content-security-policy/reporting/report-clips-sample.html b/tests/wpt/web-platform-tests/content-security-policy/reporting/report-clips-sample.https.html index 29f6aa409cc..29f6aa409cc 100644 --- a/tests/wpt/web-platform-tests/content-security-policy/reporting/report-clips-sample.html +++ b/tests/wpt/web-platform-tests/content-security-policy/reporting/report-clips-sample.https.html diff --git a/tests/wpt/web-platform-tests/fullscreen/api/element-ready-check-containing-iframe-manual.html b/tests/wpt/web-platform-tests/fullscreen/api/element-ready-check-containing-iframe-manual.html index 06495492656..8cadbf72cf7 100644 --- a/tests/wpt/web-platform-tests/fullscreen/api/element-ready-check-containing-iframe-manual.html +++ b/tests/wpt/web-platform-tests/fullscreen/api/element-ready-check-containing-iframe-manual.html @@ -11,14 +11,12 @@ window.onload = function() { async_test(function(t) { var iframes = document.getElementsByTagName("iframe"); - trusted_request(t, iframes[0].contentDocument.body, document.body); + trusted_request(t, iframes[0].contentDocument.body, iframes[0].contentDocument.body); iframes[0].contentDocument.onfullscreenchange = t.step_func(function() { assert_equals(document.fullscreenElement, iframes[0]); trusted_request(t, iframes[1].contentDocument.body, iframes[0].contentDocument.body); - iframes[1].contentDocument.onfullscreenchange = t.step_func_done(function() { - assert_equals(document.fullscreenElement, iframes[1]); - }); - iframes[1].contentDocument.onfullscreenerror = t.unreached_func("fullscreenchange error"); + iframes[1].contentDocument.onfullscreenerror = t.unreached_func("fullscreenerror event"); + iframes[1].contentDocument.onfullscreenchange = t.step_func_done(); }); }); }; diff --git a/tests/wpt/web-platform-tests/fullscreen/api/element-ready-check-containing-iframe-manual.tentative.html b/tests/wpt/web-platform-tests/fullscreen/api/element-ready-check-containing-iframe-manual.tentative.html deleted file mode 100644 index 08c420ec024..00000000000 --- a/tests/wpt/web-platform-tests/fullscreen/api/element-ready-check-containing-iframe-manual.tentative.html +++ /dev/null @@ -1,29 +0,0 @@ -<!DOCTYPE html> -<!-- - Tentative, due to: - https://github.com/whatwg/html/issues/1903 - Once the issue is resolved, this test would replace the corresponding - non-tentative test (element-ready-check-containing-iframe-manual.html) ---> -<title>Element ready check for containing iframe</title> -<script src="/resources/testharness.js"></script> -<script src="/resources/testharnessreport.js"></script> -<script src="../trusted-click.js"></script> -<div id="log"></div> -<iframe allowfullscreen></iframe> -<iframe allowfullscreen></iframe> -<script> -// wait for load event to avoid https://bugzil.la/1493878 -window.onload = function() { - async_test(function(t) { - var iframes = document.getElementsByTagName("iframe"); - trusted_request(t, iframes[0].contentDocument.body, iframes[0].contentDocument.body); - iframes[0].contentDocument.onfullscreenchange = t.step_func(function() { - assert_equals(document.fullscreenElement, iframes[0]); - trusted_request(t, iframes[1].contentDocument.body, iframes[0].contentDocument.body); - iframes[1].contentDocument.onfullscreenerror = t.unreached_func("fullscreenerror event"); - iframes[1].contentDocument.onfullscreenchange = t.step_func_done(); - }); - }); -}; -</script> diff --git a/tests/wpt/web-platform-tests/generic-sensor/generic-sensor-feature-policy-test.sub.js b/tests/wpt/web-platform-tests/generic-sensor/generic-sensor-feature-policy-test.sub.js index 2a1fba9f83c..20436be8007 100644 --- a/tests/wpt/web-platform-tests/generic-sensor/generic-sensor-feature-policy-test.sub.js +++ b/tests/wpt/web-platform-tests/generic-sensor/generic-sensor-feature-policy-test.sub.js @@ -54,7 +54,6 @@ function run_fp_tests_disabled(sensorName) { } function run_fp_tests_enabled(sensorName) { - const sensorType = self[sensorName]; const featureNameList = feature_policies[sensorName]; const header = "Feature-Policy header " + featureNameList.join(" *;") + " *"; const desc = "'new " + sensorName + "()'"; @@ -85,7 +84,6 @@ function run_fp_tests_enabled(sensorName) { } function run_fp_tests_enabled_by_attribute(sensorName) { - const sensorType = self[sensorName]; const featureNameList = feature_policies[sensorName]; const header = "Feature-Policy allow='" + featureNameList.join(" ") + "' attribute"; const desc = "'new " + sensorName + "()'"; @@ -114,7 +112,6 @@ function run_fp_tests_enabled_by_attribute(sensorName) { } function run_fp_tests_enabled_by_attribute_redirect_on_load(sensorName) { - const sensorType = self[sensorName]; const featureNameList = feature_policies[sensorName]; const header = "Feature-Policy allow='" + featureNameList.join(" ") + "' attribute"; const desc = "'new " + sensorName + "()'"; @@ -143,7 +140,6 @@ function run_fp_tests_enabled_by_attribute_redirect_on_load(sensorName) { } function run_fp_tests_enabled_on_self_origin(sensorName) { - const sensorType = self[sensorName]; const featureNameList = feature_policies[sensorName]; const header = "Feature-Policy header " + featureNameList.join(" 'self';") + " 'self'"; const desc = "'new " + sensorName + "()'"; diff --git a/tests/wpt/web-platform-tests/html/cross-origin-embedder-policy/cache-storage-reporting.https.html b/tests/wpt/web-platform-tests/html/cross-origin-embedder-policy/cache-storage-reporting.https.html index d9a23bed3ef..4ef9eb21d69 100644 --- a/tests/wpt/web-platform-tests/html/cross-origin-embedder-policy/cache-storage-reporting.https.html +++ b/tests/wpt/web-platform-tests/html/cross-origin-embedder-policy/cache-storage-reporting.https.html @@ -96,11 +96,11 @@ function wait(ms) { async function fetchReport() { const fetch_report_path = resource_path + `/report.py?key=${report_token}`; - for(let i = 0; i<10; ++i) { + for(let i = 0; i<20; ++i) { const response = await fetch(encode(fetch_report_path)); const reports = await response.json(); if (reports.length == 0) { - wait(100); + wait(200); continue; } if (reports.length != 1) diff --git a/tests/wpt/web-platform-tests/html/cross-origin-embedder-policy/reporting.https.html b/tests/wpt/web-platform-tests/html/cross-origin-embedder-policy/reporting.https.html index 95fe047ea9f..f8d8af7a469 100644 --- a/tests/wpt/web-platform-tests/html/cross-origin-embedder-policy/reporting.https.html +++ b/tests/wpt/web-platform-tests/html/cross-origin-embedder-policy/reporting.https.html @@ -318,6 +318,103 @@ async_test(async (t) => { } }, 'COEP violation on nested frame navigation'); +async_test(async (t) => { + try { + const iframe = document.createElement('iframe'); + t.add_cleanup(() => iframe.remove()); + + iframe.src = `resources/reporting-empty-frame.html` + document.body.appendChild(iframe); + await new Promise(resolve => { + iframe.addEventListener('load', resolve, {once: true}); + }); + const worker_url = new URL('resources/fetch-in-dedicated-worker.js', location); + const worker = new iframe.contentWindow.Worker(worker_url); + + function fetchInWorker(url) { + const init = { mode: 'no-cors', cache: 'no-store' }; + worker.postMessage({url, init}); + return new Promise((resolve) => { + worker.addEventListener('message', resolve); + }); + } + + const suffix = 'subresource-corp-from-dedicated-worker'; + const sameOriginUrl = `/common/text-plain.txt?${suffix}`; + const blockedByPureCorp = `${REMOTE_ORIGIN}${BASE}/nothing-same-origin-corp.txt?${suffix}`; + const blockedDueToCoep = `${REMOTE_ORIGIN}/common/text-plain.txt?abc&${suffix}`; + const dest = `${REMOTE_ORIGIN}/common/text-plain.txt?xyz&${suffix}`; + const redirect = `/common/redirect.py?location=${encodeURIComponent(dest)}&${suffix}`; + + fetchInWorker(sameOriginUrl); + fetchInWorker(blockedByPureCorp); + fetchInWorker(blockedDueToCoep); + fetchInWorker(redirect); + + // Wait 1 seconds for reports to settle. + await wait(1000); + + checkReportNonExistence(reports, sameOriginUrl, worker_url.href); + checkReportNonExistence(reports, blockedByPureCorp, worker_url.href); + checkCorpReportExistence(reports, blockedDueToCoep, worker_url.href); + checkCorpReportExistence(reports, redirect, worker_url.href); + checkReportNonExistence(reports, dest, worker_url.href); + t.done(); + } catch (e) { + t.step(() => { throw e }); + } +}, 'subresource requests initiated from DedicatedWorker'); + +promise_test(async (t) => { + const suffix = 'subresource-corp-from-dedicated-worker-via-passthrough-sw'; + const iframe_src = `resources/reporting-empty-frame.html?passthrough&${suffix}`; + // Register a service worker that controls an iframe. + const registration = await service_worker_unregister_and_register( + t, 'resources/sw.js', iframe_src); + t.add_cleanup(() => registration.unregister()); + await wait_for_state(t, registration.installing, 'activated'); + + const iframe = document.createElement('iframe'); + t.add_cleanup(() => iframe.remove()); + + iframe.src = iframe_src; + document.body.appendChild(iframe); + await new Promise(resolve => { + iframe.addEventListener('load', resolve, {once: true}); + }); + + const worker_url = new URL('resources/fetch-in-dedicated-worker.js', location); + const worker = new iframe.contentWindow.Worker(worker_url); + + function fetchInWorker(url) { + const init = { mode: 'no-cors', cache: 'no-store' }; + worker.postMessage({url, init}); + return new Promise((resolve) => { + worker.addEventListener('message', resolve); + }); + } + + const sameOriginUrl = `/common/text-plain.txt?${suffix}`; + const blockedByPureCorp = `${REMOTE_ORIGIN}${BASE}/nothing-same-origin-corp.txt?${suffix}`; + const blockedDueToCoep = `${REMOTE_ORIGIN}/common/text-plain.txt?abc&${suffix}`; + const dest = `${REMOTE_ORIGIN}/common/text-plain.txt?xyz&${suffix}`; + const redirect = `/common/redirect.py?location=${encodeURIComponent(dest)}&${suffix}`; + + fetchInWorker(sameOriginUrl); + fetchInWorker(blockedByPureCorp); + fetchInWorker(blockedDueToCoep); + fetchInWorker(redirect); + + // Wait 1 seconds for reports to settle. + await wait(1000); + + checkReportNonExistence(reports, sameOriginUrl, worker_url.href); + checkReportNonExistence(reports, blockedByPureCorp, worker_url.href); + checkCorpReportExistence(reports, blockedDueToCoep, worker_url.href); + checkCorpReportExistence(reports, redirect, worker_url.href); + checkReportNonExistence(reports, dest, worker_url.href); +}, 'subresource requests initiated from DedicatedWorker controlled by a passthrough service worker'); + promise_test(async (t) => { const iframe_src = `resources/reporting-empty-frame.html?passthrough`; // Register a service worker that controls an iframe. diff --git a/tests/wpt/web-platform-tests/html/cross-origin-embedder-policy/resources/fetch-in-dedicated-worker.js b/tests/wpt/web-platform-tests/html/cross-origin-embedder-policy/resources/fetch-in-dedicated-worker.js new file mode 100644 index 00000000000..bd60d07952c --- /dev/null +++ b/tests/wpt/web-platform-tests/html/cross-origin-embedder-policy/resources/fetch-in-dedicated-worker.js @@ -0,0 +1,6 @@ +self.addEventListener('message', async (e) => { + const param = e.data; + // Ignore network error. + await fetch(param.url, param.init).catch(() => {}); + self.postMessage(param.url); +}); diff --git a/tests/wpt/web-platform-tests/measure-memory/measure-memory-cross-origin-iframe.tentative.window.js b/tests/wpt/web-platform-tests/measure-memory/measure-memory-cross-origin-iframe.tentative.window.js index c8dcbb77edd..c65173fe8a0 100644 --- a/tests/wpt/web-platform-tests/measure-memory/measure-memory-cross-origin-iframe.tentative.window.js +++ b/tests/wpt/web-platform-tests/measure-memory/measure-memory-cross-origin-iframe.tentative.window.js @@ -4,11 +4,18 @@ 'use strict'; promise_test(async testCase => { - const frame = document.createElement("iframe"); - const child = getUrl(CROSS_ORIGIN, "resources/child.sub.html"); - const grandchild = getUrl(CROSS_ORIGIN, "resources/grandchild.sub.html"); + const grandchildLoaded = new Promise(resolve => { + window.onmessage = function(message) { + if (message.data === 'grandchild-loaded') { + resolve(message); + } + } + }); + const frame = document.createElement('iframe'); + const child = getUrl(CROSS_ORIGIN, 'resources/child.sub.html'); frame.src = child; document.body.append(frame); + await grandchildLoaded; try { let result = await performance.measureMemory(); checkMeasureMemory(result, { diff --git a/tests/wpt/web-platform-tests/measure-memory/measure-memory-cross-origin-redirecting-iframe.tentative.window.js b/tests/wpt/web-platform-tests/measure-memory/measure-memory-cross-origin-redirecting-iframe.tentative.window.js new file mode 100644 index 00000000000..435477d7f4d --- /dev/null +++ b/tests/wpt/web-platform-tests/measure-memory/measure-memory-cross-origin-redirecting-iframe.tentative.window.js @@ -0,0 +1,30 @@ +// META: script=/common/get-host-info.sub.js +// META: script=./resources/common.js +// META: timeout=long +'use strict'; + +promise_test(async testCase => { + const grandchildLoaded = new Promise(resolve => { + window.onmessage = function(message) { + if (message.data === 'grandchild-loaded') { + resolve(message); + } + } + }); + const frame = document.createElement('iframe'); + const redirecting_child = getUrl(CROSS_ORIGIN, 'resources/redirecting-child.sub.html'); + frame.src = redirecting_child; + document.body.append(frame); + await grandchildLoaded; + try { + let result = await performance.measureMemory(); + checkMeasureMemory(result, { + allowed: [window.location.href, redirecting_child] + }); + } catch (error) { + if (!(error instanceof DOMException)) { + throw error; + } + assert_equals(error.name, 'SecurityError'); + } +}, 'Well-formed result of performance.measureMemory with cross-origin iframe.'); diff --git a/tests/wpt/web-platform-tests/measure-memory/measure-memory-same-origin-iframe.tentative.window.js b/tests/wpt/web-platform-tests/measure-memory/measure-memory-same-origin-iframe.tentative.window.js index 24700e51c24..05a55c7b313 100644 --- a/tests/wpt/web-platform-tests/measure-memory/measure-memory-same-origin-iframe.tentative.window.js +++ b/tests/wpt/web-platform-tests/measure-memory/measure-memory-same-origin-iframe.tentative.window.js @@ -4,11 +4,19 @@ 'use strict'; promise_test(async testCase => { - const frame = document.createElement("iframe"); - const child = getUrl(SAME_ORIGIN, "resources/child.sub.html"); - const grandchild = getUrl(SAME_ORIGIN, "resources/grandchild.sub.html"); + const grandchildLoaded = new Promise(resolve => { + window.onmessage = function(message) { + if (message.data === 'grandchild-loaded') { + resolve(message); + } + } + }); + const frame = document.createElement('iframe'); + const child = getUrl(SAME_ORIGIN, 'resources/child.sub.html'); + const grandchild = getUrl(SAME_ORIGIN, 'resources/grandchild.sub.html'); frame.src = child; document.body.append(frame); + await grandchildLoaded; try { let result = await performance.measureMemory(); checkMeasureMemory(result, { diff --git a/tests/wpt/web-platform-tests/measure-memory/resources/child.sub.html b/tests/wpt/web-platform-tests/measure-memory/resources/child.sub.html index f52b5eefbc5..a0d10e13554 100644 --- a/tests/wpt/web-platform-tests/measure-memory/resources/child.sub.html +++ b/tests/wpt/web-platform-tests/measure-memory/resources/child.sub.html @@ -1,6 +1,15 @@ <!doctype html> <meta charset=utf-8> <html> +<script> +window.onmessage = function (message) { + // Forward the message to the parent. + window.parent.postMessage(message.data, '*'); +} +window.onload = function () { + window.parent.postMessage('grandchild-loaded', '*'); +} +</script> <body> Hello from child iframe. <iframe src="grandchild.sub.html"></iframe> diff --git a/tests/wpt/web-platform-tests/measure-memory/resources/common.js b/tests/wpt/web-platform-tests/measure-memory/resources/common.js index f7332a86227..1347c5bdb73 100644 --- a/tests/wpt/web-platform-tests/measure-memory/resources/common.js +++ b/tests/wpt/web-platform-tests/measure-memory/resources/common.js @@ -1,5 +1,5 @@ -const SAME_ORIGIN = {origin: get_host_info().HTTPS_ORIGIN, name: "SAME_ORIGIN"}; -const CROSS_ORIGIN = {origin: get_host_info().HTTPS_NOTSAMESITE_ORIGIN, name: "CROSS_ORIGIN"} +const SAME_ORIGIN = {origin: get_host_info().HTTP_ORIGIN, name: "SAME_ORIGIN"}; +const CROSS_ORIGIN = {origin: get_host_info().HTTP_REMOTE_ORIGIN, name: "CROSS_ORIGIN"} function checkMeasureMemoryBreakdown(breakdown, options) { let allowed = new Set(options.allowed); @@ -31,5 +31,5 @@ function checkMeasureMemory(result, options) { function getUrl(host, relativePath) { const path = new URL(relativePath, window.location).pathname; - return `${host.origin}/${path}`; + return `${host.origin}${path}`; }
\ No newline at end of file diff --git a/tests/wpt/web-platform-tests/measure-memory/resources/grandchild.sub.html b/tests/wpt/web-platform-tests/measure-memory/resources/grandchild.sub.html index 98522e0649e..0f11bce0e02 100644 --- a/tests/wpt/web-platform-tests/measure-memory/resources/grandchild.sub.html +++ b/tests/wpt/web-platform-tests/measure-memory/resources/grandchild.sub.html @@ -1,6 +1,11 @@ <!doctype html> <meta charset=utf-8> <html> +<script> +window.onload = function () { + window.parent.postMessage('grandchild-loaded', '*'); +} +</script> <body> Hello from grandchild iframe. </body> diff --git a/tests/wpt/web-platform-tests/measure-memory/resources/redirecting-child.sub.html b/tests/wpt/web-platform-tests/measure-memory/resources/redirecting-child.sub.html new file mode 100644 index 00000000000..732c5410966 --- /dev/null +++ b/tests/wpt/web-platform-tests/measure-memory/resources/redirecting-child.sub.html @@ -0,0 +1,12 @@ +<!doctype html> +<meta charset=utf-8> +<html> +<script> +window.onload = function () { + document.location.href = document.location.href.replace('redirecting-child', 'child'); +} +</script> +<body> + Hello from child iframe. +</body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-classic.http-rp/opt-in/fetch/cross-http.keep-scheme.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-classic.http-rp/opt-in/fetch/cross-http.keep-scheme.https.html new file mode 100644 index 00000000000..3241aead34c --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-classic.http-rp/opt-in/fetch/cross-http.keep-scheme.https.html @@ -0,0 +1,45 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="Mixed-Content: Expects blocked for fetch to cross-http origin and keep-scheme redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "blocked", + "origin": "cross-http", + "redirection": "keep-scheme", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "http-rp", + "key": "mixedContent", + "value": "opt-in" + } + ], + "sourceContextType": "sharedworker-classic" + } + ], + "source_scheme": "https", + "subresource": "fetch", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-classic.http-rp/opt-in/fetch/cross-http.no-redirect.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-classic.http-rp/opt-in/fetch/cross-http.no-redirect.https.html new file mode 100644 index 00000000000..22bc15d57a5 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-classic.http-rp/opt-in/fetch/cross-http.no-redirect.https.html @@ -0,0 +1,45 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="Mixed-Content: Expects blocked for fetch to cross-http origin and no-redirect redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "blocked", + "origin": "cross-http", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "http-rp", + "key": "mixedContent", + "value": "opt-in" + } + ], + "sourceContextType": "sharedworker-classic" + } + ], + "source_scheme": "https", + "subresource": "fetch", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-classic.http-rp/opt-in/fetch/cross-http.swap-scheme.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-classic.http-rp/opt-in/fetch/cross-http.swap-scheme.https.html new file mode 100644 index 00000000000..b0ba399717b --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-classic.http-rp/opt-in/fetch/cross-http.swap-scheme.https.html @@ -0,0 +1,45 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="Mixed-Content: Expects blocked for fetch to cross-http origin and swap-scheme redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "blocked", + "origin": "cross-http", + "redirection": "swap-scheme", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "http-rp", + "key": "mixedContent", + "value": "opt-in" + } + ], + "sourceContextType": "sharedworker-classic" + } + ], + "source_scheme": "https", + "subresource": "fetch", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-classic.http-rp/opt-in/fetch/cross-https.swap-scheme.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-classic.http-rp/opt-in/fetch/cross-https.swap-scheme.https.html new file mode 100644 index 00000000000..65f6ddbadf3 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-classic.http-rp/opt-in/fetch/cross-https.swap-scheme.https.html @@ -0,0 +1,45 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="Mixed-Content: Expects blocked for fetch to cross-https origin and swap-scheme redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "blocked", + "origin": "cross-https", + "redirection": "swap-scheme", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "http-rp", + "key": "mixedContent", + "value": "opt-in" + } + ], + "sourceContextType": "sharedworker-classic" + } + ], + "source_scheme": "https", + "subresource": "fetch", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-classic.http-rp/opt-in/fetch/same-http.keep-scheme.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-classic.http-rp/opt-in/fetch/same-http.keep-scheme.https.html new file mode 100644 index 00000000000..f9f1aa62b60 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-classic.http-rp/opt-in/fetch/same-http.keep-scheme.https.html @@ -0,0 +1,45 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="Mixed-Content: Expects blocked for fetch to same-http origin and keep-scheme redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "blocked", + "origin": "same-http", + "redirection": "keep-scheme", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "http-rp", + "key": "mixedContent", + "value": "opt-in" + } + ], + "sourceContextType": "sharedworker-classic" + } + ], + "source_scheme": "https", + "subresource": "fetch", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-classic.http-rp/opt-in/fetch/same-http.no-redirect.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-classic.http-rp/opt-in/fetch/same-http.no-redirect.https.html new file mode 100644 index 00000000000..b3b51be3ccd --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-classic.http-rp/opt-in/fetch/same-http.no-redirect.https.html @@ -0,0 +1,45 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="Mixed-Content: Expects blocked for fetch to same-http origin and no-redirect redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "blocked", + "origin": "same-http", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "http-rp", + "key": "mixedContent", + "value": "opt-in" + } + ], + "sourceContextType": "sharedworker-classic" + } + ], + "source_scheme": "https", + "subresource": "fetch", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-classic.http-rp/opt-in/fetch/same-http.swap-scheme.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-classic.http-rp/opt-in/fetch/same-http.swap-scheme.https.html new file mode 100644 index 00000000000..da19d07b086 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-classic.http-rp/opt-in/fetch/same-http.swap-scheme.https.html @@ -0,0 +1,45 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="Mixed-Content: Expects blocked for fetch to same-http origin and swap-scheme redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "blocked", + "origin": "same-http", + "redirection": "swap-scheme", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "http-rp", + "key": "mixedContent", + "value": "opt-in" + } + ], + "sourceContextType": "sharedworker-classic" + } + ], + "source_scheme": "https", + "subresource": "fetch", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-classic.http-rp/opt-in/fetch/same-https.keep-scheme.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-classic.http-rp/opt-in/fetch/same-https.keep-scheme.https.html new file mode 100644 index 00000000000..f0d5f1a9b0e --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-classic.http-rp/opt-in/fetch/same-https.keep-scheme.https.html @@ -0,0 +1,45 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` --> +<html> + <head> + <title>Mixed-Content: Allowed content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of allowed content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/"> + <meta name="assert" content="Mixed-Content: Expects allowed for fetch to same-https origin and keep-scheme redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "allowed", + "origin": "same-https", + "redirection": "keep-scheme", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "http-rp", + "key": "mixedContent", + "value": "opt-in" + } + ], + "sourceContextType": "sharedworker-classic" + } + ], + "source_scheme": "https", + "subresource": "fetch", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-classic.http-rp/opt-in/fetch/same-https.no-redirect.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-classic.http-rp/opt-in/fetch/same-https.no-redirect.https.html new file mode 100644 index 00000000000..b976e9caa62 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-classic.http-rp/opt-in/fetch/same-https.no-redirect.https.html @@ -0,0 +1,45 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` --> +<html> + <head> + <title>Mixed-Content: Allowed content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of allowed content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/"> + <meta name="assert" content="Mixed-Content: Expects allowed for fetch to same-https origin and no-redirect redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "allowed", + "origin": "same-https", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "http-rp", + "key": "mixedContent", + "value": "opt-in" + } + ], + "sourceContextType": "sharedworker-classic" + } + ], + "source_scheme": "https", + "subresource": "fetch", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-classic.http-rp/opt-in/fetch/same-https.swap-scheme.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-classic.http-rp/opt-in/fetch/same-https.swap-scheme.https.html new file mode 100644 index 00000000000..7710e60bd7a --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-classic.http-rp/opt-in/fetch/same-https.swap-scheme.https.html @@ -0,0 +1,45 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="Mixed-Content: Expects blocked for fetch to same-https origin and swap-scheme redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "blocked", + "origin": "same-https", + "redirection": "swap-scheme", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "http-rp", + "key": "mixedContent", + "value": "opt-in" + } + ], + "sourceContextType": "sharedworker-classic" + } + ], + "source_scheme": "https", + "subresource": "fetch", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-classic.http-rp/opt-in/websocket/cross-ws.no-redirect.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-classic.http-rp/opt-in/websocket/cross-ws.no-redirect.https.html new file mode 100644 index 00000000000..76adf429684 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-classic.http-rp/opt-in/websocket/cross-ws.no-redirect.https.html @@ -0,0 +1,45 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="Mixed-Content: Expects blocked for websocket to cross-ws origin and no-redirect redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "blocked", + "origin": "cross-ws", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "http-rp", + "key": "mixedContent", + "value": "opt-in" + } + ], + "sourceContextType": "sharedworker-classic" + } + ], + "source_scheme": "https", + "subresource": "websocket", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-classic.http-rp/opt-in/websocket/same-ws.no-redirect.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-classic.http-rp/opt-in/websocket/same-ws.no-redirect.https.html new file mode 100644 index 00000000000..37e9bb91172 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-classic.http-rp/opt-in/websocket/same-ws.no-redirect.https.html @@ -0,0 +1,45 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="Mixed-Content: Expects blocked for websocket to same-ws origin and no-redirect redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "blocked", + "origin": "same-ws", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "http-rp", + "key": "mixedContent", + "value": "opt-in" + } + ], + "sourceContextType": "sharedworker-classic" + } + ], + "source_scheme": "https", + "subresource": "websocket", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-classic.http-rp/opt-in/websocket/same-wss.no-redirect.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-classic.http-rp/opt-in/websocket/same-wss.no-redirect.https.html new file mode 100644 index 00000000000..2d422046488 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-classic.http-rp/opt-in/websocket/same-wss.no-redirect.https.html @@ -0,0 +1,45 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` --> +<html> + <head> + <title>Mixed-Content: Allowed content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of allowed content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/"> + <meta name="assert" content="Mixed-Content: Expects allowed for websocket to same-wss origin and no-redirect redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "allowed", + "origin": "same-wss", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "http-rp", + "key": "mixedContent", + "value": "opt-in" + } + ], + "sourceContextType": "sharedworker-classic" + } + ], + "source_scheme": "https", + "subresource": "websocket", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-classic.http-rp/opt-in/xhr/cross-http.keep-scheme.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-classic.http-rp/opt-in/xhr/cross-http.keep-scheme.https.html new file mode 100644 index 00000000000..9d89753d533 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-classic.http-rp/opt-in/xhr/cross-http.keep-scheme.https.html @@ -0,0 +1,45 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="Mixed-Content: Expects blocked for xhr to cross-http origin and keep-scheme redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "blocked", + "origin": "cross-http", + "redirection": "keep-scheme", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "http-rp", + "key": "mixedContent", + "value": "opt-in" + } + ], + "sourceContextType": "sharedworker-classic" + } + ], + "source_scheme": "https", + "subresource": "xhr", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-classic.http-rp/opt-in/xhr/cross-http.no-redirect.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-classic.http-rp/opt-in/xhr/cross-http.no-redirect.https.html new file mode 100644 index 00000000000..5db7dcd879c --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-classic.http-rp/opt-in/xhr/cross-http.no-redirect.https.html @@ -0,0 +1,45 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="Mixed-Content: Expects blocked for xhr to cross-http origin and no-redirect redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "blocked", + "origin": "cross-http", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "http-rp", + "key": "mixedContent", + "value": "opt-in" + } + ], + "sourceContextType": "sharedworker-classic" + } + ], + "source_scheme": "https", + "subresource": "xhr", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-classic.http-rp/opt-in/xhr/cross-http.swap-scheme.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-classic.http-rp/opt-in/xhr/cross-http.swap-scheme.https.html new file mode 100644 index 00000000000..9adbb92cbf5 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-classic.http-rp/opt-in/xhr/cross-http.swap-scheme.https.html @@ -0,0 +1,45 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="Mixed-Content: Expects blocked for xhr to cross-http origin and swap-scheme redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "blocked", + "origin": "cross-http", + "redirection": "swap-scheme", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "http-rp", + "key": "mixedContent", + "value": "opt-in" + } + ], + "sourceContextType": "sharedworker-classic" + } + ], + "source_scheme": "https", + "subresource": "xhr", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-classic.http-rp/opt-in/xhr/cross-https.swap-scheme.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-classic.http-rp/opt-in/xhr/cross-https.swap-scheme.https.html new file mode 100644 index 00000000000..7fda4cbc4ab --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-classic.http-rp/opt-in/xhr/cross-https.swap-scheme.https.html @@ -0,0 +1,45 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="Mixed-Content: Expects blocked for xhr to cross-https origin and swap-scheme redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "blocked", + "origin": "cross-https", + "redirection": "swap-scheme", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "http-rp", + "key": "mixedContent", + "value": "opt-in" + } + ], + "sourceContextType": "sharedworker-classic" + } + ], + "source_scheme": "https", + "subresource": "xhr", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-classic.http-rp/opt-in/xhr/same-http.keep-scheme.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-classic.http-rp/opt-in/xhr/same-http.keep-scheme.https.html new file mode 100644 index 00000000000..dc9b7e428de --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-classic.http-rp/opt-in/xhr/same-http.keep-scheme.https.html @@ -0,0 +1,45 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="Mixed-Content: Expects blocked for xhr to same-http origin and keep-scheme redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "blocked", + "origin": "same-http", + "redirection": "keep-scheme", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "http-rp", + "key": "mixedContent", + "value": "opt-in" + } + ], + "sourceContextType": "sharedworker-classic" + } + ], + "source_scheme": "https", + "subresource": "xhr", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-classic.http-rp/opt-in/xhr/same-http.no-redirect.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-classic.http-rp/opt-in/xhr/same-http.no-redirect.https.html new file mode 100644 index 00000000000..84dd3a173a6 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-classic.http-rp/opt-in/xhr/same-http.no-redirect.https.html @@ -0,0 +1,45 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="Mixed-Content: Expects blocked for xhr to same-http origin and no-redirect redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "blocked", + "origin": "same-http", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "http-rp", + "key": "mixedContent", + "value": "opt-in" + } + ], + "sourceContextType": "sharedworker-classic" + } + ], + "source_scheme": "https", + "subresource": "xhr", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-classic.http-rp/opt-in/xhr/same-http.swap-scheme.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-classic.http-rp/opt-in/xhr/same-http.swap-scheme.https.html new file mode 100644 index 00000000000..8b00bc6aeb7 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-classic.http-rp/opt-in/xhr/same-http.swap-scheme.https.html @@ -0,0 +1,45 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="Mixed-Content: Expects blocked for xhr to same-http origin and swap-scheme redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "blocked", + "origin": "same-http", + "redirection": "swap-scheme", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "http-rp", + "key": "mixedContent", + "value": "opt-in" + } + ], + "sourceContextType": "sharedworker-classic" + } + ], + "source_scheme": "https", + "subresource": "xhr", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-classic.http-rp/opt-in/xhr/same-https.keep-scheme.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-classic.http-rp/opt-in/xhr/same-https.keep-scheme.https.html new file mode 100644 index 00000000000..62b09270778 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-classic.http-rp/opt-in/xhr/same-https.keep-scheme.https.html @@ -0,0 +1,45 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` --> +<html> + <head> + <title>Mixed-Content: Allowed content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of allowed content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/"> + <meta name="assert" content="Mixed-Content: Expects allowed for xhr to same-https origin and keep-scheme redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "allowed", + "origin": "same-https", + "redirection": "keep-scheme", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "http-rp", + "key": "mixedContent", + "value": "opt-in" + } + ], + "sourceContextType": "sharedworker-classic" + } + ], + "source_scheme": "https", + "subresource": "xhr", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-classic.http-rp/opt-in/xhr/same-https.no-redirect.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-classic.http-rp/opt-in/xhr/same-https.no-redirect.https.html new file mode 100644 index 00000000000..9a4eef44a12 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-classic.http-rp/opt-in/xhr/same-https.no-redirect.https.html @@ -0,0 +1,45 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` --> +<html> + <head> + <title>Mixed-Content: Allowed content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of allowed content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/"> + <meta name="assert" content="Mixed-Content: Expects allowed for xhr to same-https origin and no-redirect redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "allowed", + "origin": "same-https", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "http-rp", + "key": "mixedContent", + "value": "opt-in" + } + ], + "sourceContextType": "sharedworker-classic" + } + ], + "source_scheme": "https", + "subresource": "xhr", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-classic.http-rp/opt-in/xhr/same-https.swap-scheme.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-classic.http-rp/opt-in/xhr/same-https.swap-scheme.https.html new file mode 100644 index 00000000000..a1ef6b69932 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-classic.http-rp/opt-in/xhr/same-https.swap-scheme.https.html @@ -0,0 +1,45 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="Mixed-Content: Expects blocked for xhr to same-https origin and swap-scheme redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "blocked", + "origin": "same-https", + "redirection": "swap-scheme", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "http-rp", + "key": "mixedContent", + "value": "opt-in" + } + ], + "sourceContextType": "sharedworker-classic" + } + ], + "source_scheme": "https", + "subresource": "xhr", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-module.http-rp/opt-in/fetch/cross-http.keep-scheme.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-module.http-rp/opt-in/fetch/cross-http.keep-scheme.https.html new file mode 100644 index 00000000000..a6e2e97bccd --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-module.http-rp/opt-in/fetch/cross-http.keep-scheme.https.html @@ -0,0 +1,45 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="Mixed-Content: Expects blocked for fetch to cross-http origin and keep-scheme redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "blocked", + "origin": "cross-http", + "redirection": "keep-scheme", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "http-rp", + "key": "mixedContent", + "value": "opt-in" + } + ], + "sourceContextType": "sharedworker-module" + } + ], + "source_scheme": "https", + "subresource": "fetch", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-module.http-rp/opt-in/fetch/cross-http.no-redirect.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-module.http-rp/opt-in/fetch/cross-http.no-redirect.https.html new file mode 100644 index 00000000000..c68737ee235 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-module.http-rp/opt-in/fetch/cross-http.no-redirect.https.html @@ -0,0 +1,45 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="Mixed-Content: Expects blocked for fetch to cross-http origin and no-redirect redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "blocked", + "origin": "cross-http", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "http-rp", + "key": "mixedContent", + "value": "opt-in" + } + ], + "sourceContextType": "sharedworker-module" + } + ], + "source_scheme": "https", + "subresource": "fetch", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-module.http-rp/opt-in/fetch/cross-http.swap-scheme.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-module.http-rp/opt-in/fetch/cross-http.swap-scheme.https.html new file mode 100644 index 00000000000..cd0457e0071 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-module.http-rp/opt-in/fetch/cross-http.swap-scheme.https.html @@ -0,0 +1,45 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="Mixed-Content: Expects blocked for fetch to cross-http origin and swap-scheme redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "blocked", + "origin": "cross-http", + "redirection": "swap-scheme", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "http-rp", + "key": "mixedContent", + "value": "opt-in" + } + ], + "sourceContextType": "sharedworker-module" + } + ], + "source_scheme": "https", + "subresource": "fetch", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-module.http-rp/opt-in/fetch/cross-https.swap-scheme.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-module.http-rp/opt-in/fetch/cross-https.swap-scheme.https.html new file mode 100644 index 00000000000..c9ff17534ba --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-module.http-rp/opt-in/fetch/cross-https.swap-scheme.https.html @@ -0,0 +1,45 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="Mixed-Content: Expects blocked for fetch to cross-https origin and swap-scheme redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "blocked", + "origin": "cross-https", + "redirection": "swap-scheme", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "http-rp", + "key": "mixedContent", + "value": "opt-in" + } + ], + "sourceContextType": "sharedworker-module" + } + ], + "source_scheme": "https", + "subresource": "fetch", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-module.http-rp/opt-in/fetch/same-http.keep-scheme.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-module.http-rp/opt-in/fetch/same-http.keep-scheme.https.html new file mode 100644 index 00000000000..bf410443d3a --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-module.http-rp/opt-in/fetch/same-http.keep-scheme.https.html @@ -0,0 +1,45 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="Mixed-Content: Expects blocked for fetch to same-http origin and keep-scheme redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "blocked", + "origin": "same-http", + "redirection": "keep-scheme", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "http-rp", + "key": "mixedContent", + "value": "opt-in" + } + ], + "sourceContextType": "sharedworker-module" + } + ], + "source_scheme": "https", + "subresource": "fetch", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-module.http-rp/opt-in/fetch/same-http.no-redirect.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-module.http-rp/opt-in/fetch/same-http.no-redirect.https.html new file mode 100644 index 00000000000..d2595868872 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-module.http-rp/opt-in/fetch/same-http.no-redirect.https.html @@ -0,0 +1,45 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="Mixed-Content: Expects blocked for fetch to same-http origin and no-redirect redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "blocked", + "origin": "same-http", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "http-rp", + "key": "mixedContent", + "value": "opt-in" + } + ], + "sourceContextType": "sharedworker-module" + } + ], + "source_scheme": "https", + "subresource": "fetch", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-module.http-rp/opt-in/fetch/same-http.swap-scheme.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-module.http-rp/opt-in/fetch/same-http.swap-scheme.https.html new file mode 100644 index 00000000000..fb5a3c559ac --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-module.http-rp/opt-in/fetch/same-http.swap-scheme.https.html @@ -0,0 +1,45 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="Mixed-Content: Expects blocked for fetch to same-http origin and swap-scheme redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "blocked", + "origin": "same-http", + "redirection": "swap-scheme", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "http-rp", + "key": "mixedContent", + "value": "opt-in" + } + ], + "sourceContextType": "sharedworker-module" + } + ], + "source_scheme": "https", + "subresource": "fetch", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-module.http-rp/opt-in/fetch/same-https.keep-scheme.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-module.http-rp/opt-in/fetch/same-https.keep-scheme.https.html new file mode 100644 index 00000000000..b5b4d5cf7a2 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-module.http-rp/opt-in/fetch/same-https.keep-scheme.https.html @@ -0,0 +1,45 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` --> +<html> + <head> + <title>Mixed-Content: Allowed content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of allowed content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/"> + <meta name="assert" content="Mixed-Content: Expects allowed for fetch to same-https origin and keep-scheme redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "allowed", + "origin": "same-https", + "redirection": "keep-scheme", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "http-rp", + "key": "mixedContent", + "value": "opt-in" + } + ], + "sourceContextType": "sharedworker-module" + } + ], + "source_scheme": "https", + "subresource": "fetch", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-module.http-rp/opt-in/fetch/same-https.no-redirect.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-module.http-rp/opt-in/fetch/same-https.no-redirect.https.html new file mode 100644 index 00000000000..31a4813a2e9 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-module.http-rp/opt-in/fetch/same-https.no-redirect.https.html @@ -0,0 +1,45 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` --> +<html> + <head> + <title>Mixed-Content: Allowed content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of allowed content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/"> + <meta name="assert" content="Mixed-Content: Expects allowed for fetch to same-https origin and no-redirect redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "allowed", + "origin": "same-https", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "http-rp", + "key": "mixedContent", + "value": "opt-in" + } + ], + "sourceContextType": "sharedworker-module" + } + ], + "source_scheme": "https", + "subresource": "fetch", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-module.http-rp/opt-in/fetch/same-https.swap-scheme.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-module.http-rp/opt-in/fetch/same-https.swap-scheme.https.html new file mode 100644 index 00000000000..f6a6a888951 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-module.http-rp/opt-in/fetch/same-https.swap-scheme.https.html @@ -0,0 +1,45 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="Mixed-Content: Expects blocked for fetch to same-https origin and swap-scheme redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "blocked", + "origin": "same-https", + "redirection": "swap-scheme", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "http-rp", + "key": "mixedContent", + "value": "opt-in" + } + ], + "sourceContextType": "sharedworker-module" + } + ], + "source_scheme": "https", + "subresource": "fetch", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-module.http-rp/opt-in/websocket/cross-ws.no-redirect.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-module.http-rp/opt-in/websocket/cross-ws.no-redirect.https.html new file mode 100644 index 00000000000..44b9ada9c1a --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-module.http-rp/opt-in/websocket/cross-ws.no-redirect.https.html @@ -0,0 +1,45 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="Mixed-Content: Expects blocked for websocket to cross-ws origin and no-redirect redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "blocked", + "origin": "cross-ws", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "http-rp", + "key": "mixedContent", + "value": "opt-in" + } + ], + "sourceContextType": "sharedworker-module" + } + ], + "source_scheme": "https", + "subresource": "websocket", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-module.http-rp/opt-in/websocket/same-ws.no-redirect.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-module.http-rp/opt-in/websocket/same-ws.no-redirect.https.html new file mode 100644 index 00000000000..cb2000264f8 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-module.http-rp/opt-in/websocket/same-ws.no-redirect.https.html @@ -0,0 +1,45 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="Mixed-Content: Expects blocked for websocket to same-ws origin and no-redirect redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "blocked", + "origin": "same-ws", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "http-rp", + "key": "mixedContent", + "value": "opt-in" + } + ], + "sourceContextType": "sharedworker-module" + } + ], + "source_scheme": "https", + "subresource": "websocket", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-module.http-rp/opt-in/websocket/same-wss.no-redirect.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-module.http-rp/opt-in/websocket/same-wss.no-redirect.https.html new file mode 100644 index 00000000000..3ae337f1024 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-module.http-rp/opt-in/websocket/same-wss.no-redirect.https.html @@ -0,0 +1,45 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` --> +<html> + <head> + <title>Mixed-Content: Allowed content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of allowed content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/"> + <meta name="assert" content="Mixed-Content: Expects allowed for websocket to same-wss origin and no-redirect redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "allowed", + "origin": "same-wss", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "http-rp", + "key": "mixedContent", + "value": "opt-in" + } + ], + "sourceContextType": "sharedworker-module" + } + ], + "source_scheme": "https", + "subresource": "websocket", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-module.http-rp/opt-in/xhr/cross-http.keep-scheme.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-module.http-rp/opt-in/xhr/cross-http.keep-scheme.https.html new file mode 100644 index 00000000000..d95d066741a --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-module.http-rp/opt-in/xhr/cross-http.keep-scheme.https.html @@ -0,0 +1,45 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="Mixed-Content: Expects blocked for xhr to cross-http origin and keep-scheme redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "blocked", + "origin": "cross-http", + "redirection": "keep-scheme", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "http-rp", + "key": "mixedContent", + "value": "opt-in" + } + ], + "sourceContextType": "sharedworker-module" + } + ], + "source_scheme": "https", + "subresource": "xhr", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-module.http-rp/opt-in/xhr/cross-http.no-redirect.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-module.http-rp/opt-in/xhr/cross-http.no-redirect.https.html new file mode 100644 index 00000000000..20b04dcaa64 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-module.http-rp/opt-in/xhr/cross-http.no-redirect.https.html @@ -0,0 +1,45 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="Mixed-Content: Expects blocked for xhr to cross-http origin and no-redirect redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "blocked", + "origin": "cross-http", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "http-rp", + "key": "mixedContent", + "value": "opt-in" + } + ], + "sourceContextType": "sharedworker-module" + } + ], + "source_scheme": "https", + "subresource": "xhr", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-module.http-rp/opt-in/xhr/cross-http.swap-scheme.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-module.http-rp/opt-in/xhr/cross-http.swap-scheme.https.html new file mode 100644 index 00000000000..bc7bb444e40 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-module.http-rp/opt-in/xhr/cross-http.swap-scheme.https.html @@ -0,0 +1,45 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="Mixed-Content: Expects blocked for xhr to cross-http origin and swap-scheme redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "blocked", + "origin": "cross-http", + "redirection": "swap-scheme", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "http-rp", + "key": "mixedContent", + "value": "opt-in" + } + ], + "sourceContextType": "sharedworker-module" + } + ], + "source_scheme": "https", + "subresource": "xhr", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-module.http-rp/opt-in/xhr/cross-https.swap-scheme.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-module.http-rp/opt-in/xhr/cross-https.swap-scheme.https.html new file mode 100644 index 00000000000..6b0a8edb163 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-module.http-rp/opt-in/xhr/cross-https.swap-scheme.https.html @@ -0,0 +1,45 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="Mixed-Content: Expects blocked for xhr to cross-https origin and swap-scheme redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "blocked", + "origin": "cross-https", + "redirection": "swap-scheme", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "http-rp", + "key": "mixedContent", + "value": "opt-in" + } + ], + "sourceContextType": "sharedworker-module" + } + ], + "source_scheme": "https", + "subresource": "xhr", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-module.http-rp/opt-in/xhr/same-http.keep-scheme.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-module.http-rp/opt-in/xhr/same-http.keep-scheme.https.html new file mode 100644 index 00000000000..25bcd55294b --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-module.http-rp/opt-in/xhr/same-http.keep-scheme.https.html @@ -0,0 +1,45 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="Mixed-Content: Expects blocked for xhr to same-http origin and keep-scheme redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "blocked", + "origin": "same-http", + "redirection": "keep-scheme", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "http-rp", + "key": "mixedContent", + "value": "opt-in" + } + ], + "sourceContextType": "sharedworker-module" + } + ], + "source_scheme": "https", + "subresource": "xhr", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-module.http-rp/opt-in/xhr/same-http.no-redirect.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-module.http-rp/opt-in/xhr/same-http.no-redirect.https.html new file mode 100644 index 00000000000..3742c6e9070 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-module.http-rp/opt-in/xhr/same-http.no-redirect.https.html @@ -0,0 +1,45 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="Mixed-Content: Expects blocked for xhr to same-http origin and no-redirect redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "blocked", + "origin": "same-http", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "http-rp", + "key": "mixedContent", + "value": "opt-in" + } + ], + "sourceContextType": "sharedworker-module" + } + ], + "source_scheme": "https", + "subresource": "xhr", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-module.http-rp/opt-in/xhr/same-http.swap-scheme.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-module.http-rp/opt-in/xhr/same-http.swap-scheme.https.html new file mode 100644 index 00000000000..890ce32e626 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-module.http-rp/opt-in/xhr/same-http.swap-scheme.https.html @@ -0,0 +1,45 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="Mixed-Content: Expects blocked for xhr to same-http origin and swap-scheme redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "blocked", + "origin": "same-http", + "redirection": "swap-scheme", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "http-rp", + "key": "mixedContent", + "value": "opt-in" + } + ], + "sourceContextType": "sharedworker-module" + } + ], + "source_scheme": "https", + "subresource": "xhr", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-module.http-rp/opt-in/xhr/same-https.keep-scheme.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-module.http-rp/opt-in/xhr/same-https.keep-scheme.https.html new file mode 100644 index 00000000000..e9f45431c67 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-module.http-rp/opt-in/xhr/same-https.keep-scheme.https.html @@ -0,0 +1,45 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` --> +<html> + <head> + <title>Mixed-Content: Allowed content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of allowed content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/"> + <meta name="assert" content="Mixed-Content: Expects allowed for xhr to same-https origin and keep-scheme redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "allowed", + "origin": "same-https", + "redirection": "keep-scheme", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "http-rp", + "key": "mixedContent", + "value": "opt-in" + } + ], + "sourceContextType": "sharedworker-module" + } + ], + "source_scheme": "https", + "subresource": "xhr", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-module.http-rp/opt-in/xhr/same-https.no-redirect.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-module.http-rp/opt-in/xhr/same-https.no-redirect.https.html new file mode 100644 index 00000000000..3e4dc50f752 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-module.http-rp/opt-in/xhr/same-https.no-redirect.https.html @@ -0,0 +1,45 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` --> +<html> + <head> + <title>Mixed-Content: Allowed content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of allowed content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/"> + <meta name="assert" content="Mixed-Content: Expects allowed for xhr to same-https origin and no-redirect redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "allowed", + "origin": "same-https", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "http-rp", + "key": "mixedContent", + "value": "opt-in" + } + ], + "sourceContextType": "sharedworker-module" + } + ], + "source_scheme": "https", + "subresource": "xhr", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-module.http-rp/opt-in/xhr/same-https.swap-scheme.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-module.http-rp/opt-in/xhr/same-https.swap-scheme.https.html new file mode 100644 index 00000000000..b62ddcc94a0 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-module.http-rp/opt-in/xhr/same-https.swap-scheme.https.html @@ -0,0 +1,45 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="Mixed-Content: Expects blocked for xhr to same-https origin and swap-scheme redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "blocked", + "origin": "same-https", + "redirection": "swap-scheme", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "http-rp", + "key": "mixedContent", + "value": "opt-in" + } + ], + "sourceContextType": "sharedworker-module" + } + ], + "source_scheme": "https", + "subresource": "xhr", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/fetch/cross-http.keep-scheme.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/fetch/cross-http.keep-scheme.https.html new file mode 100644 index 00000000000..167671afeac --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/fetch/cross-http.keep-scheme.https.html @@ -0,0 +1,39 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="Mixed-Content: Expects blocked for fetch to cross-http origin and keep-scheme redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "blocked", + "origin": "cross-http", + "redirection": "keep-scheme", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "worker-classic" + } + ], + "source_scheme": "https", + "subresource": "fetch", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/fetch/cross-http.keep-scheme.https.html.headers b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/fetch/cross-http.keep-scheme.https.html.headers new file mode 100644 index 00000000000..46e2255e388 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/fetch/cross-http.keep-scheme.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/fetch/cross-http.no-redirect.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/fetch/cross-http.no-redirect.https.html new file mode 100644 index 00000000000..07d0a90e242 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/fetch/cross-http.no-redirect.https.html @@ -0,0 +1,39 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="Mixed-Content: Expects blocked for fetch to cross-http origin and no-redirect redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "blocked", + "origin": "cross-http", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "worker-classic" + } + ], + "source_scheme": "https", + "subresource": "fetch", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/fetch/cross-http.no-redirect.https.html.headers b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/fetch/cross-http.no-redirect.https.html.headers new file mode 100644 index 00000000000..46e2255e388 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/fetch/cross-http.no-redirect.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/fetch/cross-http.swap-scheme.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/fetch/cross-http.swap-scheme.https.html new file mode 100644 index 00000000000..f02532f28e4 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/fetch/cross-http.swap-scheme.https.html @@ -0,0 +1,39 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="Mixed-Content: Expects blocked for fetch to cross-http origin and swap-scheme redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "blocked", + "origin": "cross-http", + "redirection": "swap-scheme", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "worker-classic" + } + ], + "source_scheme": "https", + "subresource": "fetch", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/fetch/cross-http.swap-scheme.https.html.headers b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/fetch/cross-http.swap-scheme.https.html.headers new file mode 100644 index 00000000000..46e2255e388 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/fetch/cross-http.swap-scheme.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/fetch/cross-https.swap-scheme.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/fetch/cross-https.swap-scheme.https.html new file mode 100644 index 00000000000..758053974f9 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/fetch/cross-https.swap-scheme.https.html @@ -0,0 +1,39 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="Mixed-Content: Expects blocked for fetch to cross-https origin and swap-scheme redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "blocked", + "origin": "cross-https", + "redirection": "swap-scheme", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "worker-classic" + } + ], + "source_scheme": "https", + "subresource": "fetch", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/fetch/cross-https.swap-scheme.https.html.headers b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/fetch/cross-https.swap-scheme.https.html.headers new file mode 100644 index 00000000000..46e2255e388 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/fetch/cross-https.swap-scheme.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/fetch/same-http.keep-scheme.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/fetch/same-http.keep-scheme.https.html new file mode 100644 index 00000000000..6138b297ef2 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/fetch/same-http.keep-scheme.https.html @@ -0,0 +1,39 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="Mixed-Content: Expects blocked for fetch to same-http origin and keep-scheme redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "blocked", + "origin": "same-http", + "redirection": "keep-scheme", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "worker-classic" + } + ], + "source_scheme": "https", + "subresource": "fetch", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/fetch/same-http.keep-scheme.https.html.headers b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/fetch/same-http.keep-scheme.https.html.headers new file mode 100644 index 00000000000..46e2255e388 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/fetch/same-http.keep-scheme.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/fetch/same-http.no-redirect.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/fetch/same-http.no-redirect.https.html new file mode 100644 index 00000000000..c819c77a4f3 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/fetch/same-http.no-redirect.https.html @@ -0,0 +1,39 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="Mixed-Content: Expects blocked for fetch to same-http origin and no-redirect redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "blocked", + "origin": "same-http", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "worker-classic" + } + ], + "source_scheme": "https", + "subresource": "fetch", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/fetch/same-http.no-redirect.https.html.headers b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/fetch/same-http.no-redirect.https.html.headers new file mode 100644 index 00000000000..46e2255e388 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/fetch/same-http.no-redirect.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/fetch/same-http.swap-scheme.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/fetch/same-http.swap-scheme.https.html new file mode 100644 index 00000000000..aee998f931a --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/fetch/same-http.swap-scheme.https.html @@ -0,0 +1,39 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="Mixed-Content: Expects blocked for fetch to same-http origin and swap-scheme redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "blocked", + "origin": "same-http", + "redirection": "swap-scheme", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "worker-classic" + } + ], + "source_scheme": "https", + "subresource": "fetch", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/fetch/same-http.swap-scheme.https.html.headers b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/fetch/same-http.swap-scheme.https.html.headers new file mode 100644 index 00000000000..46e2255e388 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/fetch/same-http.swap-scheme.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/fetch/same-https.keep-scheme.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/fetch/same-https.keep-scheme.https.html new file mode 100644 index 00000000000..b49db878eac --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/fetch/same-https.keep-scheme.https.html @@ -0,0 +1,39 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` --> +<html> + <head> + <title>Mixed-Content: Allowed content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of allowed content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/"> + <meta name="assert" content="Mixed-Content: Expects allowed for fetch to same-https origin and keep-scheme redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "allowed", + "origin": "same-https", + "redirection": "keep-scheme", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "worker-classic" + } + ], + "source_scheme": "https", + "subresource": "fetch", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/fetch/same-https.keep-scheme.https.html.headers b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/fetch/same-https.keep-scheme.https.html.headers new file mode 100644 index 00000000000..46e2255e388 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/fetch/same-https.keep-scheme.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/fetch/same-https.no-redirect.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/fetch/same-https.no-redirect.https.html new file mode 100644 index 00000000000..4efd03465c9 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/fetch/same-https.no-redirect.https.html @@ -0,0 +1,39 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` --> +<html> + <head> + <title>Mixed-Content: Allowed content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of allowed content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/"> + <meta name="assert" content="Mixed-Content: Expects allowed for fetch to same-https origin and no-redirect redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "allowed", + "origin": "same-https", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "worker-classic" + } + ], + "source_scheme": "https", + "subresource": "fetch", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/fetch/same-https.no-redirect.https.html.headers b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/fetch/same-https.no-redirect.https.html.headers new file mode 100644 index 00000000000..46e2255e388 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/fetch/same-https.no-redirect.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/fetch/same-https.swap-scheme.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/fetch/same-https.swap-scheme.https.html new file mode 100644 index 00000000000..354bfcde123 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/fetch/same-https.swap-scheme.https.html @@ -0,0 +1,39 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="Mixed-Content: Expects blocked for fetch to same-https origin and swap-scheme redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "blocked", + "origin": "same-https", + "redirection": "swap-scheme", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "worker-classic" + } + ], + "source_scheme": "https", + "subresource": "fetch", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/fetch/same-https.swap-scheme.https.html.headers b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/fetch/same-https.swap-scheme.https.html.headers new file mode 100644 index 00000000000..46e2255e388 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/fetch/same-https.swap-scheme.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/websocket/cross-ws.no-redirect.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/websocket/cross-ws.no-redirect.https.html new file mode 100644 index 00000000000..76ceb7e0c12 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/websocket/cross-ws.no-redirect.https.html @@ -0,0 +1,39 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="Mixed-Content: Expects blocked for websocket to cross-ws origin and no-redirect redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "blocked", + "origin": "cross-ws", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "worker-classic" + } + ], + "source_scheme": "https", + "subresource": "websocket", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/websocket/cross-ws.no-redirect.https.html.headers b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/websocket/cross-ws.no-redirect.https.html.headers new file mode 100644 index 00000000000..46e2255e388 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/websocket/cross-ws.no-redirect.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/websocket/same-ws.no-redirect.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/websocket/same-ws.no-redirect.https.html new file mode 100644 index 00000000000..f4c63eb5e56 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/websocket/same-ws.no-redirect.https.html @@ -0,0 +1,39 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="Mixed-Content: Expects blocked for websocket to same-ws origin and no-redirect redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "blocked", + "origin": "same-ws", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "worker-classic" + } + ], + "source_scheme": "https", + "subresource": "websocket", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/websocket/same-ws.no-redirect.https.html.headers b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/websocket/same-ws.no-redirect.https.html.headers new file mode 100644 index 00000000000..46e2255e388 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/websocket/same-ws.no-redirect.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/websocket/same-wss.no-redirect.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/websocket/same-wss.no-redirect.https.html new file mode 100644 index 00000000000..a55efd4897d --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/websocket/same-wss.no-redirect.https.html @@ -0,0 +1,39 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` --> +<html> + <head> + <title>Mixed-Content: Allowed content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of allowed content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/"> + <meta name="assert" content="Mixed-Content: Expects allowed for websocket to same-wss origin and no-redirect redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "allowed", + "origin": "same-wss", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "worker-classic" + } + ], + "source_scheme": "https", + "subresource": "websocket", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/websocket/same-wss.no-redirect.https.html.headers b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/websocket/same-wss.no-redirect.https.html.headers new file mode 100644 index 00000000000..46e2255e388 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/websocket/same-wss.no-redirect.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/worker-classic/same-http.keep-scheme.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/worker-classic/same-http.keep-scheme.https.html new file mode 100644 index 00000000000..62c37525fd3 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/worker-classic/same-http.keep-scheme.https.html @@ -0,0 +1,39 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="Mixed-Content: Expects blocked for worker-classic to same-http origin and keep-scheme redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "blocked", + "origin": "same-http", + "redirection": "keep-scheme", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "worker-classic" + } + ], + "source_scheme": "https", + "subresource": "worker-classic", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/worker-classic/same-http.keep-scheme.https.html.headers b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/worker-classic/same-http.keep-scheme.https.html.headers new file mode 100644 index 00000000000..46e2255e388 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/worker-classic/same-http.keep-scheme.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/worker-classic/same-http.no-redirect.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/worker-classic/same-http.no-redirect.https.html new file mode 100644 index 00000000000..a899122ce93 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/worker-classic/same-http.no-redirect.https.html @@ -0,0 +1,39 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="Mixed-Content: Expects blocked for worker-classic to same-http origin and no-redirect redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "blocked", + "origin": "same-http", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "worker-classic" + } + ], + "source_scheme": "https", + "subresource": "worker-classic", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/worker-classic/same-http.no-redirect.https.html.headers b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/worker-classic/same-http.no-redirect.https.html.headers new file mode 100644 index 00000000000..46e2255e388 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/worker-classic/same-http.no-redirect.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/worker-classic/same-https.keep-scheme.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/worker-classic/same-https.keep-scheme.https.html new file mode 100644 index 00000000000..1c12bcc6c26 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/worker-classic/same-https.keep-scheme.https.html @@ -0,0 +1,39 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` --> +<html> + <head> + <title>Mixed-Content: Allowed content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of allowed content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/"> + <meta name="assert" content="Mixed-Content: Expects allowed for worker-classic to same-https origin and keep-scheme redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "allowed", + "origin": "same-https", + "redirection": "keep-scheme", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "worker-classic" + } + ], + "source_scheme": "https", + "subresource": "worker-classic", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/worker-classic/same-https.keep-scheme.https.html.headers b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/worker-classic/same-https.keep-scheme.https.html.headers new file mode 100644 index 00000000000..46e2255e388 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/worker-classic/same-https.keep-scheme.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/worker-classic/same-https.no-redirect.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/worker-classic/same-https.no-redirect.https.html new file mode 100644 index 00000000000..f8b2261c2a3 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/worker-classic/same-https.no-redirect.https.html @@ -0,0 +1,39 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` --> +<html> + <head> + <title>Mixed-Content: Allowed content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of allowed content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/"> + <meta name="assert" content="Mixed-Content: Expects allowed for worker-classic to same-https origin and no-redirect redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "allowed", + "origin": "same-https", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "worker-classic" + } + ], + "source_scheme": "https", + "subresource": "worker-classic", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/worker-classic/same-https.no-redirect.https.html.headers b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/worker-classic/same-https.no-redirect.https.html.headers new file mode 100644 index 00000000000..46e2255e388 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/worker-classic/same-https.no-redirect.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/worker-module/same-http.keep-scheme.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/worker-module/same-http.keep-scheme.https.html new file mode 100644 index 00000000000..999ce2075da --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/worker-module/same-http.keep-scheme.https.html @@ -0,0 +1,39 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="Mixed-Content: Expects blocked for worker-module to same-http origin and keep-scheme redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "blocked", + "origin": "same-http", + "redirection": "keep-scheme", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "worker-classic" + } + ], + "source_scheme": "https", + "subresource": "worker-module", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/worker-module/same-http.keep-scheme.https.html.headers b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/worker-module/same-http.keep-scheme.https.html.headers new file mode 100644 index 00000000000..46e2255e388 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/worker-module/same-http.keep-scheme.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/worker-module/same-http.no-redirect.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/worker-module/same-http.no-redirect.https.html new file mode 100644 index 00000000000..147e1661ced --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/worker-module/same-http.no-redirect.https.html @@ -0,0 +1,39 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="Mixed-Content: Expects blocked for worker-module to same-http origin and no-redirect redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "blocked", + "origin": "same-http", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "worker-classic" + } + ], + "source_scheme": "https", + "subresource": "worker-module", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/worker-module/same-http.no-redirect.https.html.headers b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/worker-module/same-http.no-redirect.https.html.headers new file mode 100644 index 00000000000..46e2255e388 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/worker-module/same-http.no-redirect.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/worker-module/same-https.keep-scheme.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/worker-module/same-https.keep-scheme.https.html new file mode 100644 index 00000000000..0b03466240a --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/worker-module/same-https.keep-scheme.https.html @@ -0,0 +1,39 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` --> +<html> + <head> + <title>Mixed-Content: Allowed content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of allowed content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/"> + <meta name="assert" content="Mixed-Content: Expects allowed for worker-module to same-https origin and keep-scheme redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "allowed", + "origin": "same-https", + "redirection": "keep-scheme", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "worker-classic" + } + ], + "source_scheme": "https", + "subresource": "worker-module", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/worker-module/same-https.keep-scheme.https.html.headers b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/worker-module/same-https.keep-scheme.https.html.headers new file mode 100644 index 00000000000..46e2255e388 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/worker-module/same-https.keep-scheme.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/worker-module/same-https.no-redirect.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/worker-module/same-https.no-redirect.https.html new file mode 100644 index 00000000000..516ddea4f84 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/worker-module/same-https.no-redirect.https.html @@ -0,0 +1,39 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` --> +<html> + <head> + <title>Mixed-Content: Allowed content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of allowed content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/"> + <meta name="assert" content="Mixed-Content: Expects allowed for worker-module to same-https origin and no-redirect redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "allowed", + "origin": "same-https", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "worker-classic" + } + ], + "source_scheme": "https", + "subresource": "worker-module", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/worker-module/same-https.no-redirect.https.html.headers b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/worker-module/same-https.no-redirect.https.html.headers new file mode 100644 index 00000000000..46e2255e388 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/worker-module/same-https.no-redirect.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/xhr/cross-http.keep-scheme.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/xhr/cross-http.keep-scheme.https.html new file mode 100644 index 00000000000..26646cc32e2 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/xhr/cross-http.keep-scheme.https.html @@ -0,0 +1,39 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="Mixed-Content: Expects blocked for xhr to cross-http origin and keep-scheme redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "blocked", + "origin": "cross-http", + "redirection": "keep-scheme", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "worker-classic" + } + ], + "source_scheme": "https", + "subresource": "xhr", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/xhr/cross-http.keep-scheme.https.html.headers b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/xhr/cross-http.keep-scheme.https.html.headers new file mode 100644 index 00000000000..46e2255e388 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/xhr/cross-http.keep-scheme.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/xhr/cross-http.no-redirect.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/xhr/cross-http.no-redirect.https.html new file mode 100644 index 00000000000..6aebcd83f87 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/xhr/cross-http.no-redirect.https.html @@ -0,0 +1,39 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="Mixed-Content: Expects blocked for xhr to cross-http origin and no-redirect redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "blocked", + "origin": "cross-http", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "worker-classic" + } + ], + "source_scheme": "https", + "subresource": "xhr", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/xhr/cross-http.no-redirect.https.html.headers b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/xhr/cross-http.no-redirect.https.html.headers new file mode 100644 index 00000000000..46e2255e388 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/xhr/cross-http.no-redirect.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/xhr/cross-http.swap-scheme.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/xhr/cross-http.swap-scheme.https.html new file mode 100644 index 00000000000..50f17e4df96 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/xhr/cross-http.swap-scheme.https.html @@ -0,0 +1,39 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="Mixed-Content: Expects blocked for xhr to cross-http origin and swap-scheme redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "blocked", + "origin": "cross-http", + "redirection": "swap-scheme", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "worker-classic" + } + ], + "source_scheme": "https", + "subresource": "xhr", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/xhr/cross-http.swap-scheme.https.html.headers b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/xhr/cross-http.swap-scheme.https.html.headers new file mode 100644 index 00000000000..46e2255e388 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/xhr/cross-http.swap-scheme.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/xhr/cross-https.swap-scheme.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/xhr/cross-https.swap-scheme.https.html new file mode 100644 index 00000000000..2e9259fc3e5 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/xhr/cross-https.swap-scheme.https.html @@ -0,0 +1,39 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="Mixed-Content: Expects blocked for xhr to cross-https origin and swap-scheme redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "blocked", + "origin": "cross-https", + "redirection": "swap-scheme", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "worker-classic" + } + ], + "source_scheme": "https", + "subresource": "xhr", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/xhr/cross-https.swap-scheme.https.html.headers b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/xhr/cross-https.swap-scheme.https.html.headers new file mode 100644 index 00000000000..46e2255e388 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/xhr/cross-https.swap-scheme.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/xhr/same-http.keep-scheme.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/xhr/same-http.keep-scheme.https.html new file mode 100644 index 00000000000..5784f627a0f --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/xhr/same-http.keep-scheme.https.html @@ -0,0 +1,39 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="Mixed-Content: Expects blocked for xhr to same-http origin and keep-scheme redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "blocked", + "origin": "same-http", + "redirection": "keep-scheme", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "worker-classic" + } + ], + "source_scheme": "https", + "subresource": "xhr", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/xhr/same-http.keep-scheme.https.html.headers b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/xhr/same-http.keep-scheme.https.html.headers new file mode 100644 index 00000000000..46e2255e388 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/xhr/same-http.keep-scheme.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/xhr/same-http.no-redirect.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/xhr/same-http.no-redirect.https.html new file mode 100644 index 00000000000..a90e61b8b47 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/xhr/same-http.no-redirect.https.html @@ -0,0 +1,39 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="Mixed-Content: Expects blocked for xhr to same-http origin and no-redirect redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "blocked", + "origin": "same-http", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "worker-classic" + } + ], + "source_scheme": "https", + "subresource": "xhr", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/xhr/same-http.no-redirect.https.html.headers b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/xhr/same-http.no-redirect.https.html.headers new file mode 100644 index 00000000000..46e2255e388 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/xhr/same-http.no-redirect.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/xhr/same-http.swap-scheme.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/xhr/same-http.swap-scheme.https.html new file mode 100644 index 00000000000..894ff3f081a --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/xhr/same-http.swap-scheme.https.html @@ -0,0 +1,39 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="Mixed-Content: Expects blocked for xhr to same-http origin and swap-scheme redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "blocked", + "origin": "same-http", + "redirection": "swap-scheme", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "worker-classic" + } + ], + "source_scheme": "https", + "subresource": "xhr", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/xhr/same-http.swap-scheme.https.html.headers b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/xhr/same-http.swap-scheme.https.html.headers new file mode 100644 index 00000000000..46e2255e388 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/xhr/same-http.swap-scheme.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/xhr/same-https.keep-scheme.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/xhr/same-https.keep-scheme.https.html new file mode 100644 index 00000000000..e2c4c3ab9c0 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/xhr/same-https.keep-scheme.https.html @@ -0,0 +1,39 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` --> +<html> + <head> + <title>Mixed-Content: Allowed content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of allowed content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/"> + <meta name="assert" content="Mixed-Content: Expects allowed for xhr to same-https origin and keep-scheme redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "allowed", + "origin": "same-https", + "redirection": "keep-scheme", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "worker-classic" + } + ], + "source_scheme": "https", + "subresource": "xhr", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/xhr/same-https.keep-scheme.https.html.headers b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/xhr/same-https.keep-scheme.https.html.headers new file mode 100644 index 00000000000..46e2255e388 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/xhr/same-https.keep-scheme.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/xhr/same-https.no-redirect.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/xhr/same-https.no-redirect.https.html new file mode 100644 index 00000000000..7685f256994 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/xhr/same-https.no-redirect.https.html @@ -0,0 +1,39 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` --> +<html> + <head> + <title>Mixed-Content: Allowed content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of allowed content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/"> + <meta name="assert" content="Mixed-Content: Expects allowed for xhr to same-https origin and no-redirect redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "allowed", + "origin": "same-https", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "worker-classic" + } + ], + "source_scheme": "https", + "subresource": "xhr", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/xhr/same-https.no-redirect.https.html.headers b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/xhr/same-https.no-redirect.https.html.headers new file mode 100644 index 00000000000..46e2255e388 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/xhr/same-https.no-redirect.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/xhr/same-https.swap-scheme.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/xhr/same-https.swap-scheme.https.html new file mode 100644 index 00000000000..4c3d7d18d63 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/xhr/same-https.swap-scheme.https.html @@ -0,0 +1,39 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="Mixed-Content: Expects blocked for xhr to same-https origin and swap-scheme redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "blocked", + "origin": "same-https", + "redirection": "swap-scheme", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "worker-classic" + } + ], + "source_scheme": "https", + "subresource": "xhr", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/xhr/same-https.swap-scheme.https.html.headers b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/xhr/same-https.swap-scheme.https.html.headers new file mode 100644 index 00000000000..46e2255e388 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/xhr/same-https.swap-scheme.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/opt-in/fetch/cross-http.no-redirect.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/opt-in/fetch/cross-http.no-redirect.https.html new file mode 100644 index 00000000000..35cbe860ee8 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/opt-in/fetch/cross-http.no-redirect.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="Mixed-Content: Expects blocked for fetch to cross-http origin and no-redirect redirection from https context."> + <meta http-equiv="Content-Security-Policy" content="block-all-mixed-content"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "blocked", + "origin": "cross-http", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "worker-classic" + } + ], + "source_scheme": "https", + "subresource": "fetch", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/opt-in/fetch/same-http.no-redirect.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/opt-in/fetch/same-http.no-redirect.https.html new file mode 100644 index 00000000000..88b8a7be6da --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/opt-in/fetch/same-http.no-redirect.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="Mixed-Content: Expects blocked for fetch to same-http origin and no-redirect redirection from https context."> + <meta http-equiv="Content-Security-Policy" content="block-all-mixed-content"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "blocked", + "origin": "same-http", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "worker-classic" + } + ], + "source_scheme": "https", + "subresource": "fetch", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/opt-in/fetch/same-https.no-redirect.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/opt-in/fetch/same-https.no-redirect.https.html new file mode 100644 index 00000000000..2d278da0826 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/opt-in/fetch/same-https.no-redirect.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` --> +<html> + <head> + <title>Mixed-Content: Allowed content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of allowed content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/"> + <meta name="assert" content="Mixed-Content: Expects allowed for fetch to same-https origin and no-redirect redirection from https context."> + <meta http-equiv="Content-Security-Policy" content="block-all-mixed-content"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "allowed", + "origin": "same-https", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "worker-classic" + } + ], + "source_scheme": "https", + "subresource": "fetch", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/opt-in/websocket/cross-ws.no-redirect.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/opt-in/websocket/cross-ws.no-redirect.https.html new file mode 100644 index 00000000000..d54e7378048 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/opt-in/websocket/cross-ws.no-redirect.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="Mixed-Content: Expects blocked for websocket to cross-ws origin and no-redirect redirection from https context."> + <meta http-equiv="Content-Security-Policy" content="block-all-mixed-content"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "blocked", + "origin": "cross-ws", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "worker-classic" + } + ], + "source_scheme": "https", + "subresource": "websocket", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/opt-in/websocket/same-ws.no-redirect.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/opt-in/websocket/same-ws.no-redirect.https.html new file mode 100644 index 00000000000..6c2d581f18d --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/opt-in/websocket/same-ws.no-redirect.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="Mixed-Content: Expects blocked for websocket to same-ws origin and no-redirect redirection from https context."> + <meta http-equiv="Content-Security-Policy" content="block-all-mixed-content"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "blocked", + "origin": "same-ws", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "worker-classic" + } + ], + "source_scheme": "https", + "subresource": "websocket", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/opt-in/websocket/same-wss.no-redirect.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/opt-in/websocket/same-wss.no-redirect.https.html new file mode 100644 index 00000000000..370d4af762d --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/opt-in/websocket/same-wss.no-redirect.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` --> +<html> + <head> + <title>Mixed-Content: Allowed content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of allowed content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/"> + <meta name="assert" content="Mixed-Content: Expects allowed for websocket to same-wss origin and no-redirect redirection from https context."> + <meta http-equiv="Content-Security-Policy" content="block-all-mixed-content"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "allowed", + "origin": "same-wss", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "worker-classic" + } + ], + "source_scheme": "https", + "subresource": "websocket", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/opt-in/worker-classic/same-http.no-redirect.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/opt-in/worker-classic/same-http.no-redirect.https.html new file mode 100644 index 00000000000..a76175a1d83 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/opt-in/worker-classic/same-http.no-redirect.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="Mixed-Content: Expects blocked for worker-classic to same-http origin and no-redirect redirection from https context."> + <meta http-equiv="Content-Security-Policy" content="block-all-mixed-content"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "blocked", + "origin": "same-http", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "worker-classic" + } + ], + "source_scheme": "https", + "subresource": "worker-classic", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/opt-in/worker-classic/same-https.no-redirect.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/opt-in/worker-classic/same-https.no-redirect.https.html new file mode 100644 index 00000000000..65d6185970c --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/opt-in/worker-classic/same-https.no-redirect.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` --> +<html> + <head> + <title>Mixed-Content: Allowed content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of allowed content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/"> + <meta name="assert" content="Mixed-Content: Expects allowed for worker-classic to same-https origin and no-redirect redirection from https context."> + <meta http-equiv="Content-Security-Policy" content="block-all-mixed-content"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "allowed", + "origin": "same-https", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "worker-classic" + } + ], + "source_scheme": "https", + "subresource": "worker-classic", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/opt-in/worker-module/same-http.no-redirect.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/opt-in/worker-module/same-http.no-redirect.https.html new file mode 100644 index 00000000000..84b7a60fd3e --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/opt-in/worker-module/same-http.no-redirect.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="Mixed-Content: Expects blocked for worker-module to same-http origin and no-redirect redirection from https context."> + <meta http-equiv="Content-Security-Policy" content="block-all-mixed-content"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "blocked", + "origin": "same-http", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "worker-classic" + } + ], + "source_scheme": "https", + "subresource": "worker-module", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/opt-in/worker-module/same-https.no-redirect.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/opt-in/worker-module/same-https.no-redirect.https.html new file mode 100644 index 00000000000..b72ca111ad8 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/opt-in/worker-module/same-https.no-redirect.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` --> +<html> + <head> + <title>Mixed-Content: Allowed content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of allowed content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/"> + <meta name="assert" content="Mixed-Content: Expects allowed for worker-module to same-https origin and no-redirect redirection from https context."> + <meta http-equiv="Content-Security-Policy" content="block-all-mixed-content"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "allowed", + "origin": "same-https", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "worker-classic" + } + ], + "source_scheme": "https", + "subresource": "worker-module", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/opt-in/xhr/cross-http.no-redirect.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/opt-in/xhr/cross-http.no-redirect.https.html new file mode 100644 index 00000000000..35f1a04b66b --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/opt-in/xhr/cross-http.no-redirect.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="Mixed-Content: Expects blocked for xhr to cross-http origin and no-redirect redirection from https context."> + <meta http-equiv="Content-Security-Policy" content="block-all-mixed-content"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "blocked", + "origin": "cross-http", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "worker-classic" + } + ], + "source_scheme": "https", + "subresource": "xhr", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/opt-in/xhr/same-http.no-redirect.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/opt-in/xhr/same-http.no-redirect.https.html new file mode 100644 index 00000000000..ebe959719e9 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/opt-in/xhr/same-http.no-redirect.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="Mixed-Content: Expects blocked for xhr to same-http origin and no-redirect redirection from https context."> + <meta http-equiv="Content-Security-Policy" content="block-all-mixed-content"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "blocked", + "origin": "same-http", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "worker-classic" + } + ], + "source_scheme": "https", + "subresource": "xhr", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/opt-in/xhr/same-https.no-redirect.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/opt-in/xhr/same-https.no-redirect.https.html new file mode 100644 index 00000000000..80841a9c4e5 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/opt-in/xhr/same-https.no-redirect.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` --> +<html> + <head> + <title>Mixed-Content: Allowed content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of allowed content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/"> + <meta name="assert" content="Mixed-Content: Expects allowed for xhr to same-https origin and no-redirect redirection from https context."> + <meta http-equiv="Content-Security-Policy" content="block-all-mixed-content"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "allowed", + "origin": "same-https", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "worker-classic" + } + ], + "source_scheme": "https", + "subresource": "xhr", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/unset/fetch/cross-http.keep-scheme.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/unset/fetch/cross-http.keep-scheme.https.html new file mode 100644 index 00000000000..2a0139ab31d --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/unset/fetch/cross-http.keep-scheme.https.html @@ -0,0 +1,45 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="Mixed-Content: Expects blocked for fetch to cross-http origin and keep-scheme redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "blocked", + "origin": "cross-http", + "redirection": "keep-scheme", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "http-rp", + "key": "mixedContent", + "value": "opt-in" + } + ], + "sourceContextType": "worker-classic" + } + ], + "source_scheme": "https", + "subresource": "fetch", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/unset/fetch/cross-http.no-redirect.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/unset/fetch/cross-http.no-redirect.https.html new file mode 100644 index 00000000000..c8f33e537b7 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/unset/fetch/cross-http.no-redirect.https.html @@ -0,0 +1,45 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="Mixed-Content: Expects blocked for fetch to cross-http origin and no-redirect redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "blocked", + "origin": "cross-http", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "http-rp", + "key": "mixedContent", + "value": "opt-in" + } + ], + "sourceContextType": "worker-classic" + } + ], + "source_scheme": "https", + "subresource": "fetch", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/unset/fetch/cross-http.swap-scheme.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/unset/fetch/cross-http.swap-scheme.https.html new file mode 100644 index 00000000000..a6e51b1f64b --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/unset/fetch/cross-http.swap-scheme.https.html @@ -0,0 +1,45 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="Mixed-Content: Expects blocked for fetch to cross-http origin and swap-scheme redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "blocked", + "origin": "cross-http", + "redirection": "swap-scheme", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "http-rp", + "key": "mixedContent", + "value": "opt-in" + } + ], + "sourceContextType": "worker-classic" + } + ], + "source_scheme": "https", + "subresource": "fetch", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/unset/fetch/same-http.keep-scheme.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/unset/fetch/same-http.keep-scheme.https.html new file mode 100644 index 00000000000..41447cee9d8 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/unset/fetch/same-http.keep-scheme.https.html @@ -0,0 +1,45 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="Mixed-Content: Expects blocked for fetch to same-http origin and keep-scheme redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "blocked", + "origin": "same-http", + "redirection": "keep-scheme", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "http-rp", + "key": "mixedContent", + "value": "opt-in" + } + ], + "sourceContextType": "worker-classic" + } + ], + "source_scheme": "https", + "subresource": "fetch", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/unset/fetch/same-http.no-redirect.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/unset/fetch/same-http.no-redirect.https.html new file mode 100644 index 00000000000..a7d17f257fb --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/unset/fetch/same-http.no-redirect.https.html @@ -0,0 +1,45 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="Mixed-Content: Expects blocked for fetch to same-http origin and no-redirect redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "blocked", + "origin": "same-http", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "http-rp", + "key": "mixedContent", + "value": "opt-in" + } + ], + "sourceContextType": "worker-classic" + } + ], + "source_scheme": "https", + "subresource": "fetch", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/unset/fetch/same-http.swap-scheme.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/unset/fetch/same-http.swap-scheme.https.html new file mode 100644 index 00000000000..1fc527f29c7 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/unset/fetch/same-http.swap-scheme.https.html @@ -0,0 +1,45 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="Mixed-Content: Expects blocked for fetch to same-http origin and swap-scheme redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "blocked", + "origin": "same-http", + "redirection": "swap-scheme", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "http-rp", + "key": "mixedContent", + "value": "opt-in" + } + ], + "sourceContextType": "worker-classic" + } + ], + "source_scheme": "https", + "subresource": "fetch", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/unset/fetch/same-https.keep-scheme.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/unset/fetch/same-https.keep-scheme.https.html new file mode 100644 index 00000000000..8c137b284c1 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/unset/fetch/same-https.keep-scheme.https.html @@ -0,0 +1,45 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` --> +<html> + <head> + <title>Mixed-Content: Allowed content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of allowed content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/"> + <meta name="assert" content="Mixed-Content: Expects allowed for fetch to same-https origin and keep-scheme redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "allowed", + "origin": "same-https", + "redirection": "keep-scheme", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "http-rp", + "key": "mixedContent", + "value": "opt-in" + } + ], + "sourceContextType": "worker-classic" + } + ], + "source_scheme": "https", + "subresource": "fetch", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/unset/fetch/same-https.no-redirect.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/unset/fetch/same-https.no-redirect.https.html new file mode 100644 index 00000000000..6ea5b0434b0 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/unset/fetch/same-https.no-redirect.https.html @@ -0,0 +1,45 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` --> +<html> + <head> + <title>Mixed-Content: Allowed content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of allowed content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/"> + <meta name="assert" content="Mixed-Content: Expects allowed for fetch to same-https origin and no-redirect redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "allowed", + "origin": "same-https", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "http-rp", + "key": "mixedContent", + "value": "opt-in" + } + ], + "sourceContextType": "worker-classic" + } + ], + "source_scheme": "https", + "subresource": "fetch", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/unset/websocket/cross-ws.no-redirect.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/unset/websocket/cross-ws.no-redirect.https.html new file mode 100644 index 00000000000..cd89e3874ec --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/unset/websocket/cross-ws.no-redirect.https.html @@ -0,0 +1,45 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="Mixed-Content: Expects blocked for websocket to cross-ws origin and no-redirect redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "blocked", + "origin": "cross-ws", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "http-rp", + "key": "mixedContent", + "value": "opt-in" + } + ], + "sourceContextType": "worker-classic" + } + ], + "source_scheme": "https", + "subresource": "websocket", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/unset/websocket/same-ws.no-redirect.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/unset/websocket/same-ws.no-redirect.https.html new file mode 100644 index 00000000000..bc425d9e508 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/unset/websocket/same-ws.no-redirect.https.html @@ -0,0 +1,45 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="Mixed-Content: Expects blocked for websocket to same-ws origin and no-redirect redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "blocked", + "origin": "same-ws", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "http-rp", + "key": "mixedContent", + "value": "opt-in" + } + ], + "sourceContextType": "worker-classic" + } + ], + "source_scheme": "https", + "subresource": "websocket", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/unset/websocket/same-wss.no-redirect.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/unset/websocket/same-wss.no-redirect.https.html new file mode 100644 index 00000000000..c7208db5f55 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/unset/websocket/same-wss.no-redirect.https.html @@ -0,0 +1,45 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` --> +<html> + <head> + <title>Mixed-Content: Allowed content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of allowed content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/"> + <meta name="assert" content="Mixed-Content: Expects allowed for websocket to same-wss origin and no-redirect redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "allowed", + "origin": "same-wss", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "http-rp", + "key": "mixedContent", + "value": "opt-in" + } + ], + "sourceContextType": "worker-classic" + } + ], + "source_scheme": "https", + "subresource": "websocket", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/unset/worker-classic/same-http.keep-scheme.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/unset/worker-classic/same-http.keep-scheme.https.html new file mode 100644 index 00000000000..9f3f5ae67dc --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/unset/worker-classic/same-http.keep-scheme.https.html @@ -0,0 +1,45 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="Mixed-Content: Expects blocked for worker-classic to same-http origin and keep-scheme redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "blocked", + "origin": "same-http", + "redirection": "keep-scheme", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "http-rp", + "key": "mixedContent", + "value": "opt-in" + } + ], + "sourceContextType": "worker-classic" + } + ], + "source_scheme": "https", + "subresource": "worker-classic", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/unset/worker-classic/same-http.no-redirect.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/unset/worker-classic/same-http.no-redirect.https.html new file mode 100644 index 00000000000..71834a370cf --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/unset/worker-classic/same-http.no-redirect.https.html @@ -0,0 +1,45 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="Mixed-Content: Expects blocked for worker-classic to same-http origin and no-redirect redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "blocked", + "origin": "same-http", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "http-rp", + "key": "mixedContent", + "value": "opt-in" + } + ], + "sourceContextType": "worker-classic" + } + ], + "source_scheme": "https", + "subresource": "worker-classic", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/unset/worker-classic/same-https.keep-scheme.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/unset/worker-classic/same-https.keep-scheme.https.html new file mode 100644 index 00000000000..f883209bb0b --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/unset/worker-classic/same-https.keep-scheme.https.html @@ -0,0 +1,45 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` --> +<html> + <head> + <title>Mixed-Content: Allowed content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of allowed content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/"> + <meta name="assert" content="Mixed-Content: Expects allowed for worker-classic to same-https origin and keep-scheme redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "allowed", + "origin": "same-https", + "redirection": "keep-scheme", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "http-rp", + "key": "mixedContent", + "value": "opt-in" + } + ], + "sourceContextType": "worker-classic" + } + ], + "source_scheme": "https", + "subresource": "worker-classic", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/unset/worker-classic/same-https.no-redirect.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/unset/worker-classic/same-https.no-redirect.https.html new file mode 100644 index 00000000000..d6b0d5676c9 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/unset/worker-classic/same-https.no-redirect.https.html @@ -0,0 +1,45 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` --> +<html> + <head> + <title>Mixed-Content: Allowed content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of allowed content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/"> + <meta name="assert" content="Mixed-Content: Expects allowed for worker-classic to same-https origin and no-redirect redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "allowed", + "origin": "same-https", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "http-rp", + "key": "mixedContent", + "value": "opt-in" + } + ], + "sourceContextType": "worker-classic" + } + ], + "source_scheme": "https", + "subresource": "worker-classic", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/unset/worker-module/same-http.keep-scheme.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/unset/worker-module/same-http.keep-scheme.https.html new file mode 100644 index 00000000000..5a3fe3408c5 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/unset/worker-module/same-http.keep-scheme.https.html @@ -0,0 +1,45 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="Mixed-Content: Expects blocked for worker-module to same-http origin and keep-scheme redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "blocked", + "origin": "same-http", + "redirection": "keep-scheme", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "http-rp", + "key": "mixedContent", + "value": "opt-in" + } + ], + "sourceContextType": "worker-classic" + } + ], + "source_scheme": "https", + "subresource": "worker-module", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/unset/worker-module/same-http.no-redirect.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/unset/worker-module/same-http.no-redirect.https.html new file mode 100644 index 00000000000..43f355c028b --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/unset/worker-module/same-http.no-redirect.https.html @@ -0,0 +1,45 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="Mixed-Content: Expects blocked for worker-module to same-http origin and no-redirect redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "blocked", + "origin": "same-http", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "http-rp", + "key": "mixedContent", + "value": "opt-in" + } + ], + "sourceContextType": "worker-classic" + } + ], + "source_scheme": "https", + "subresource": "worker-module", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/unset/worker-module/same-https.keep-scheme.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/unset/worker-module/same-https.keep-scheme.https.html new file mode 100644 index 00000000000..1710a723917 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/unset/worker-module/same-https.keep-scheme.https.html @@ -0,0 +1,45 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` --> +<html> + <head> + <title>Mixed-Content: Allowed content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of allowed content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/"> + <meta name="assert" content="Mixed-Content: Expects allowed for worker-module to same-https origin and keep-scheme redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "allowed", + "origin": "same-https", + "redirection": "keep-scheme", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "http-rp", + "key": "mixedContent", + "value": "opt-in" + } + ], + "sourceContextType": "worker-classic" + } + ], + "source_scheme": "https", + "subresource": "worker-module", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/unset/worker-module/same-https.no-redirect.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/unset/worker-module/same-https.no-redirect.https.html new file mode 100644 index 00000000000..bc9af1419b4 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/unset/worker-module/same-https.no-redirect.https.html @@ -0,0 +1,45 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` --> +<html> + <head> + <title>Mixed-Content: Allowed content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of allowed content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/"> + <meta name="assert" content="Mixed-Content: Expects allowed for worker-module to same-https origin and no-redirect redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "allowed", + "origin": "same-https", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "http-rp", + "key": "mixedContent", + "value": "opt-in" + } + ], + "sourceContextType": "worker-classic" + } + ], + "source_scheme": "https", + "subresource": "worker-module", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/unset/xhr/cross-http.keep-scheme.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/unset/xhr/cross-http.keep-scheme.https.html new file mode 100644 index 00000000000..595dea35e28 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/unset/xhr/cross-http.keep-scheme.https.html @@ -0,0 +1,45 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="Mixed-Content: Expects blocked for xhr to cross-http origin and keep-scheme redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "blocked", + "origin": "cross-http", + "redirection": "keep-scheme", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "http-rp", + "key": "mixedContent", + "value": "opt-in" + } + ], + "sourceContextType": "worker-classic" + } + ], + "source_scheme": "https", + "subresource": "xhr", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/unset/xhr/cross-http.no-redirect.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/unset/xhr/cross-http.no-redirect.https.html new file mode 100644 index 00000000000..86bc76d06f6 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/unset/xhr/cross-http.no-redirect.https.html @@ -0,0 +1,45 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="Mixed-Content: Expects blocked for xhr to cross-http origin and no-redirect redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "blocked", + "origin": "cross-http", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "http-rp", + "key": "mixedContent", + "value": "opt-in" + } + ], + "sourceContextType": "worker-classic" + } + ], + "source_scheme": "https", + "subresource": "xhr", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/unset/xhr/cross-http.swap-scheme.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/unset/xhr/cross-http.swap-scheme.https.html new file mode 100644 index 00000000000..58ec420d2bf --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/unset/xhr/cross-http.swap-scheme.https.html @@ -0,0 +1,45 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="Mixed-Content: Expects blocked for xhr to cross-http origin and swap-scheme redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "blocked", + "origin": "cross-http", + "redirection": "swap-scheme", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "http-rp", + "key": "mixedContent", + "value": "opt-in" + } + ], + "sourceContextType": "worker-classic" + } + ], + "source_scheme": "https", + "subresource": "xhr", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/unset/xhr/same-http.keep-scheme.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/unset/xhr/same-http.keep-scheme.https.html new file mode 100644 index 00000000000..04e6f110925 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/unset/xhr/same-http.keep-scheme.https.html @@ -0,0 +1,45 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="Mixed-Content: Expects blocked for xhr to same-http origin and keep-scheme redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "blocked", + "origin": "same-http", + "redirection": "keep-scheme", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "http-rp", + "key": "mixedContent", + "value": "opt-in" + } + ], + "sourceContextType": "worker-classic" + } + ], + "source_scheme": "https", + "subresource": "xhr", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/unset/xhr/same-http.no-redirect.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/unset/xhr/same-http.no-redirect.https.html new file mode 100644 index 00000000000..013fc26c117 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/unset/xhr/same-http.no-redirect.https.html @@ -0,0 +1,45 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="Mixed-Content: Expects blocked for xhr to same-http origin and no-redirect redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "blocked", + "origin": "same-http", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "http-rp", + "key": "mixedContent", + "value": "opt-in" + } + ], + "sourceContextType": "worker-classic" + } + ], + "source_scheme": "https", + "subresource": "xhr", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/unset/xhr/same-http.swap-scheme.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/unset/xhr/same-http.swap-scheme.https.html new file mode 100644 index 00000000000..37e2a3a9c0b --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/unset/xhr/same-http.swap-scheme.https.html @@ -0,0 +1,45 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="Mixed-Content: Expects blocked for xhr to same-http origin and swap-scheme redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "blocked", + "origin": "same-http", + "redirection": "swap-scheme", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "http-rp", + "key": "mixedContent", + "value": "opt-in" + } + ], + "sourceContextType": "worker-classic" + } + ], + "source_scheme": "https", + "subresource": "xhr", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/unset/xhr/same-https.keep-scheme.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/unset/xhr/same-https.keep-scheme.https.html new file mode 100644 index 00000000000..6fdf8df7f51 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/unset/xhr/same-https.keep-scheme.https.html @@ -0,0 +1,45 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` --> +<html> + <head> + <title>Mixed-Content: Allowed content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of allowed content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/"> + <meta name="assert" content="Mixed-Content: Expects allowed for xhr to same-https origin and keep-scheme redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "allowed", + "origin": "same-https", + "redirection": "keep-scheme", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "http-rp", + "key": "mixedContent", + "value": "opt-in" + } + ], + "sourceContextType": "worker-classic" + } + ], + "source_scheme": "https", + "subresource": "xhr", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/unset/xhr/same-https.no-redirect.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/unset/xhr/same-https.no-redirect.https.html new file mode 100644 index 00000000000..0db3796d49d --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/unset/xhr/same-https.no-redirect.https.html @@ -0,0 +1,45 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` --> +<html> + <head> + <title>Mixed-Content: Allowed content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of allowed content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/"> + <meta name="assert" content="Mixed-Content: Expects allowed for xhr to same-https origin and no-redirect redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "allowed", + "origin": "same-https", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "http-rp", + "key": "mixedContent", + "value": "opt-in" + } + ], + "sourceContextType": "worker-classic" + } + ], + "source_scheme": "https", + "subresource": "xhr", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/fetch/cross-http.keep-scheme.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/fetch/cross-http.keep-scheme.https.html new file mode 100644 index 00000000000..ee7f92df5fb --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/fetch/cross-http.keep-scheme.https.html @@ -0,0 +1,39 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="Mixed-Content: Expects blocked for fetch to cross-http origin and keep-scheme redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "blocked", + "origin": "cross-http", + "redirection": "keep-scheme", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "worker-module" + } + ], + "source_scheme": "https", + "subresource": "fetch", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/fetch/cross-http.keep-scheme.https.html.headers b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/fetch/cross-http.keep-scheme.https.html.headers new file mode 100644 index 00000000000..46e2255e388 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/fetch/cross-http.keep-scheme.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/fetch/cross-http.no-redirect.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/fetch/cross-http.no-redirect.https.html new file mode 100644 index 00000000000..11cf0b3139e --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/fetch/cross-http.no-redirect.https.html @@ -0,0 +1,39 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="Mixed-Content: Expects blocked for fetch to cross-http origin and no-redirect redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "blocked", + "origin": "cross-http", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "worker-module" + } + ], + "source_scheme": "https", + "subresource": "fetch", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/fetch/cross-http.no-redirect.https.html.headers b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/fetch/cross-http.no-redirect.https.html.headers new file mode 100644 index 00000000000..46e2255e388 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/fetch/cross-http.no-redirect.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/fetch/cross-http.swap-scheme.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/fetch/cross-http.swap-scheme.https.html new file mode 100644 index 00000000000..5d4e1f9e8e9 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/fetch/cross-http.swap-scheme.https.html @@ -0,0 +1,39 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="Mixed-Content: Expects blocked for fetch to cross-http origin and swap-scheme redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "blocked", + "origin": "cross-http", + "redirection": "swap-scheme", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "worker-module" + } + ], + "source_scheme": "https", + "subresource": "fetch", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/fetch/cross-http.swap-scheme.https.html.headers b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/fetch/cross-http.swap-scheme.https.html.headers new file mode 100644 index 00000000000..46e2255e388 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/fetch/cross-http.swap-scheme.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/fetch/cross-https.swap-scheme.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/fetch/cross-https.swap-scheme.https.html new file mode 100644 index 00000000000..716b3e4563b --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/fetch/cross-https.swap-scheme.https.html @@ -0,0 +1,39 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="Mixed-Content: Expects blocked for fetch to cross-https origin and swap-scheme redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "blocked", + "origin": "cross-https", + "redirection": "swap-scheme", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "worker-module" + } + ], + "source_scheme": "https", + "subresource": "fetch", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/fetch/cross-https.swap-scheme.https.html.headers b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/fetch/cross-https.swap-scheme.https.html.headers new file mode 100644 index 00000000000..46e2255e388 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/fetch/cross-https.swap-scheme.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/fetch/same-http.keep-scheme.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/fetch/same-http.keep-scheme.https.html new file mode 100644 index 00000000000..2a896871661 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/fetch/same-http.keep-scheme.https.html @@ -0,0 +1,39 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="Mixed-Content: Expects blocked for fetch to same-http origin and keep-scheme redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "blocked", + "origin": "same-http", + "redirection": "keep-scheme", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "worker-module" + } + ], + "source_scheme": "https", + "subresource": "fetch", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/fetch/same-http.keep-scheme.https.html.headers b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/fetch/same-http.keep-scheme.https.html.headers new file mode 100644 index 00000000000..46e2255e388 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/fetch/same-http.keep-scheme.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/fetch/same-http.no-redirect.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/fetch/same-http.no-redirect.https.html new file mode 100644 index 00000000000..1c32d7b7261 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/fetch/same-http.no-redirect.https.html @@ -0,0 +1,39 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="Mixed-Content: Expects blocked for fetch to same-http origin and no-redirect redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "blocked", + "origin": "same-http", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "worker-module" + } + ], + "source_scheme": "https", + "subresource": "fetch", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/fetch/same-http.no-redirect.https.html.headers b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/fetch/same-http.no-redirect.https.html.headers new file mode 100644 index 00000000000..46e2255e388 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/fetch/same-http.no-redirect.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/fetch/same-http.swap-scheme.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/fetch/same-http.swap-scheme.https.html new file mode 100644 index 00000000000..7c30ff00698 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/fetch/same-http.swap-scheme.https.html @@ -0,0 +1,39 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="Mixed-Content: Expects blocked for fetch to same-http origin and swap-scheme redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "blocked", + "origin": "same-http", + "redirection": "swap-scheme", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "worker-module" + } + ], + "source_scheme": "https", + "subresource": "fetch", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/fetch/same-http.swap-scheme.https.html.headers b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/fetch/same-http.swap-scheme.https.html.headers new file mode 100644 index 00000000000..46e2255e388 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/fetch/same-http.swap-scheme.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/fetch/same-https.keep-scheme.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/fetch/same-https.keep-scheme.https.html new file mode 100644 index 00000000000..cc767423ad4 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/fetch/same-https.keep-scheme.https.html @@ -0,0 +1,39 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` --> +<html> + <head> + <title>Mixed-Content: Allowed content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of allowed content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/"> + <meta name="assert" content="Mixed-Content: Expects allowed for fetch to same-https origin and keep-scheme redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "allowed", + "origin": "same-https", + "redirection": "keep-scheme", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "worker-module" + } + ], + "source_scheme": "https", + "subresource": "fetch", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/fetch/same-https.keep-scheme.https.html.headers b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/fetch/same-https.keep-scheme.https.html.headers new file mode 100644 index 00000000000..46e2255e388 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/fetch/same-https.keep-scheme.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/fetch/same-https.no-redirect.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/fetch/same-https.no-redirect.https.html new file mode 100644 index 00000000000..b4ce4f5cbcc --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/fetch/same-https.no-redirect.https.html @@ -0,0 +1,39 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` --> +<html> + <head> + <title>Mixed-Content: Allowed content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of allowed content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/"> + <meta name="assert" content="Mixed-Content: Expects allowed for fetch to same-https origin and no-redirect redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "allowed", + "origin": "same-https", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "worker-module" + } + ], + "source_scheme": "https", + "subresource": "fetch", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/fetch/same-https.no-redirect.https.html.headers b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/fetch/same-https.no-redirect.https.html.headers new file mode 100644 index 00000000000..46e2255e388 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/fetch/same-https.no-redirect.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/fetch/same-https.swap-scheme.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/fetch/same-https.swap-scheme.https.html new file mode 100644 index 00000000000..44c0c28468b --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/fetch/same-https.swap-scheme.https.html @@ -0,0 +1,39 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="Mixed-Content: Expects blocked for fetch to same-https origin and swap-scheme redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "blocked", + "origin": "same-https", + "redirection": "swap-scheme", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "worker-module" + } + ], + "source_scheme": "https", + "subresource": "fetch", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/fetch/same-https.swap-scheme.https.html.headers b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/fetch/same-https.swap-scheme.https.html.headers new file mode 100644 index 00000000000..46e2255e388 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/fetch/same-https.swap-scheme.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/websocket/cross-ws.no-redirect.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/websocket/cross-ws.no-redirect.https.html new file mode 100644 index 00000000000..f7462146749 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/websocket/cross-ws.no-redirect.https.html @@ -0,0 +1,39 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="Mixed-Content: Expects blocked for websocket to cross-ws origin and no-redirect redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "blocked", + "origin": "cross-ws", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "worker-module" + } + ], + "source_scheme": "https", + "subresource": "websocket", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/websocket/cross-ws.no-redirect.https.html.headers b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/websocket/cross-ws.no-redirect.https.html.headers new file mode 100644 index 00000000000..46e2255e388 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/websocket/cross-ws.no-redirect.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/websocket/same-ws.no-redirect.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/websocket/same-ws.no-redirect.https.html new file mode 100644 index 00000000000..a94710476d1 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/websocket/same-ws.no-redirect.https.html @@ -0,0 +1,39 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="Mixed-Content: Expects blocked for websocket to same-ws origin and no-redirect redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "blocked", + "origin": "same-ws", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "worker-module" + } + ], + "source_scheme": "https", + "subresource": "websocket", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/websocket/same-ws.no-redirect.https.html.headers b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/websocket/same-ws.no-redirect.https.html.headers new file mode 100644 index 00000000000..46e2255e388 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/websocket/same-ws.no-redirect.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/websocket/same-wss.no-redirect.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/websocket/same-wss.no-redirect.https.html new file mode 100644 index 00000000000..4fa2886472c --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/websocket/same-wss.no-redirect.https.html @@ -0,0 +1,39 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` --> +<html> + <head> + <title>Mixed-Content: Allowed content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of allowed content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/"> + <meta name="assert" content="Mixed-Content: Expects allowed for websocket to same-wss origin and no-redirect redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "allowed", + "origin": "same-wss", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "worker-module" + } + ], + "source_scheme": "https", + "subresource": "websocket", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/websocket/same-wss.no-redirect.https.html.headers b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/websocket/same-wss.no-redirect.https.html.headers new file mode 100644 index 00000000000..46e2255e388 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/websocket/same-wss.no-redirect.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/worker-classic/same-http.keep-scheme.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/worker-classic/same-http.keep-scheme.https.html new file mode 100644 index 00000000000..c4301ea0f9a --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/worker-classic/same-http.keep-scheme.https.html @@ -0,0 +1,39 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="Mixed-Content: Expects blocked for worker-classic to same-http origin and keep-scheme redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "blocked", + "origin": "same-http", + "redirection": "keep-scheme", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "worker-module" + } + ], + "source_scheme": "https", + "subresource": "worker-classic", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/worker-classic/same-http.keep-scheme.https.html.headers b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/worker-classic/same-http.keep-scheme.https.html.headers new file mode 100644 index 00000000000..46e2255e388 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/worker-classic/same-http.keep-scheme.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/worker-classic/same-http.no-redirect.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/worker-classic/same-http.no-redirect.https.html new file mode 100644 index 00000000000..842b0a6b424 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/worker-classic/same-http.no-redirect.https.html @@ -0,0 +1,39 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="Mixed-Content: Expects blocked for worker-classic to same-http origin and no-redirect redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "blocked", + "origin": "same-http", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "worker-module" + } + ], + "source_scheme": "https", + "subresource": "worker-classic", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/worker-classic/same-http.no-redirect.https.html.headers b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/worker-classic/same-http.no-redirect.https.html.headers new file mode 100644 index 00000000000..46e2255e388 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/worker-classic/same-http.no-redirect.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/worker-classic/same-https.keep-scheme.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/worker-classic/same-https.keep-scheme.https.html new file mode 100644 index 00000000000..449ab3ea9bf --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/worker-classic/same-https.keep-scheme.https.html @@ -0,0 +1,39 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` --> +<html> + <head> + <title>Mixed-Content: Allowed content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of allowed content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/"> + <meta name="assert" content="Mixed-Content: Expects allowed for worker-classic to same-https origin and keep-scheme redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "allowed", + "origin": "same-https", + "redirection": "keep-scheme", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "worker-module" + } + ], + "source_scheme": "https", + "subresource": "worker-classic", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/worker-classic/same-https.keep-scheme.https.html.headers b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/worker-classic/same-https.keep-scheme.https.html.headers new file mode 100644 index 00000000000..46e2255e388 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/worker-classic/same-https.keep-scheme.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/worker-classic/same-https.no-redirect.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/worker-classic/same-https.no-redirect.https.html new file mode 100644 index 00000000000..f8a3b43e5c0 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/worker-classic/same-https.no-redirect.https.html @@ -0,0 +1,39 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` --> +<html> + <head> + <title>Mixed-Content: Allowed content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of allowed content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/"> + <meta name="assert" content="Mixed-Content: Expects allowed for worker-classic to same-https origin and no-redirect redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "allowed", + "origin": "same-https", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "worker-module" + } + ], + "source_scheme": "https", + "subresource": "worker-classic", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/worker-classic/same-https.no-redirect.https.html.headers b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/worker-classic/same-https.no-redirect.https.html.headers new file mode 100644 index 00000000000..46e2255e388 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/worker-classic/same-https.no-redirect.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/worker-module/same-http.keep-scheme.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/worker-module/same-http.keep-scheme.https.html new file mode 100644 index 00000000000..0dd696e3646 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/worker-module/same-http.keep-scheme.https.html @@ -0,0 +1,39 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="Mixed-Content: Expects blocked for worker-module to same-http origin and keep-scheme redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "blocked", + "origin": "same-http", + "redirection": "keep-scheme", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "worker-module" + } + ], + "source_scheme": "https", + "subresource": "worker-module", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/worker-module/same-http.keep-scheme.https.html.headers b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/worker-module/same-http.keep-scheme.https.html.headers new file mode 100644 index 00000000000..46e2255e388 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/worker-module/same-http.keep-scheme.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/worker-module/same-http.no-redirect.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/worker-module/same-http.no-redirect.https.html new file mode 100644 index 00000000000..09338d42d48 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/worker-module/same-http.no-redirect.https.html @@ -0,0 +1,39 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="Mixed-Content: Expects blocked for worker-module to same-http origin and no-redirect redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "blocked", + "origin": "same-http", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "worker-module" + } + ], + "source_scheme": "https", + "subresource": "worker-module", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/worker-module/same-http.no-redirect.https.html.headers b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/worker-module/same-http.no-redirect.https.html.headers new file mode 100644 index 00000000000..46e2255e388 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/worker-module/same-http.no-redirect.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/worker-module/same-https.keep-scheme.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/worker-module/same-https.keep-scheme.https.html new file mode 100644 index 00000000000..24c3462b9b5 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/worker-module/same-https.keep-scheme.https.html @@ -0,0 +1,39 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` --> +<html> + <head> + <title>Mixed-Content: Allowed content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of allowed content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/"> + <meta name="assert" content="Mixed-Content: Expects allowed for worker-module to same-https origin and keep-scheme redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "allowed", + "origin": "same-https", + "redirection": "keep-scheme", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "worker-module" + } + ], + "source_scheme": "https", + "subresource": "worker-module", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/worker-module/same-https.keep-scheme.https.html.headers b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/worker-module/same-https.keep-scheme.https.html.headers new file mode 100644 index 00000000000..46e2255e388 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/worker-module/same-https.keep-scheme.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/worker-module/same-https.no-redirect.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/worker-module/same-https.no-redirect.https.html new file mode 100644 index 00000000000..41849c90768 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/worker-module/same-https.no-redirect.https.html @@ -0,0 +1,39 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` --> +<html> + <head> + <title>Mixed-Content: Allowed content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of allowed content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/"> + <meta name="assert" content="Mixed-Content: Expects allowed for worker-module to same-https origin and no-redirect redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "allowed", + "origin": "same-https", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "worker-module" + } + ], + "source_scheme": "https", + "subresource": "worker-module", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/worker-module/same-https.no-redirect.https.html.headers b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/worker-module/same-https.no-redirect.https.html.headers new file mode 100644 index 00000000000..46e2255e388 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/worker-module/same-https.no-redirect.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/xhr/cross-http.keep-scheme.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/xhr/cross-http.keep-scheme.https.html new file mode 100644 index 00000000000..0e633f7cc36 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/xhr/cross-http.keep-scheme.https.html @@ -0,0 +1,39 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="Mixed-Content: Expects blocked for xhr to cross-http origin and keep-scheme redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "blocked", + "origin": "cross-http", + "redirection": "keep-scheme", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "worker-module" + } + ], + "source_scheme": "https", + "subresource": "xhr", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/xhr/cross-http.keep-scheme.https.html.headers b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/xhr/cross-http.keep-scheme.https.html.headers new file mode 100644 index 00000000000..46e2255e388 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/xhr/cross-http.keep-scheme.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/xhr/cross-http.no-redirect.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/xhr/cross-http.no-redirect.https.html new file mode 100644 index 00000000000..5d46b0ac309 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/xhr/cross-http.no-redirect.https.html @@ -0,0 +1,39 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="Mixed-Content: Expects blocked for xhr to cross-http origin and no-redirect redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "blocked", + "origin": "cross-http", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "worker-module" + } + ], + "source_scheme": "https", + "subresource": "xhr", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/xhr/cross-http.no-redirect.https.html.headers b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/xhr/cross-http.no-redirect.https.html.headers new file mode 100644 index 00000000000..46e2255e388 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/xhr/cross-http.no-redirect.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/xhr/cross-http.swap-scheme.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/xhr/cross-http.swap-scheme.https.html new file mode 100644 index 00000000000..59bca8b2496 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/xhr/cross-http.swap-scheme.https.html @@ -0,0 +1,39 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="Mixed-Content: Expects blocked for xhr to cross-http origin and swap-scheme redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "blocked", + "origin": "cross-http", + "redirection": "swap-scheme", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "worker-module" + } + ], + "source_scheme": "https", + "subresource": "xhr", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/xhr/cross-http.swap-scheme.https.html.headers b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/xhr/cross-http.swap-scheme.https.html.headers new file mode 100644 index 00000000000..46e2255e388 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/xhr/cross-http.swap-scheme.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/xhr/cross-https.swap-scheme.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/xhr/cross-https.swap-scheme.https.html new file mode 100644 index 00000000000..06e4eacfb79 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/xhr/cross-https.swap-scheme.https.html @@ -0,0 +1,39 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="Mixed-Content: Expects blocked for xhr to cross-https origin and swap-scheme redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "blocked", + "origin": "cross-https", + "redirection": "swap-scheme", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "worker-module" + } + ], + "source_scheme": "https", + "subresource": "xhr", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/xhr/cross-https.swap-scheme.https.html.headers b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/xhr/cross-https.swap-scheme.https.html.headers new file mode 100644 index 00000000000..46e2255e388 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/xhr/cross-https.swap-scheme.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/xhr/same-http.keep-scheme.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/xhr/same-http.keep-scheme.https.html new file mode 100644 index 00000000000..15dccaccefe --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/xhr/same-http.keep-scheme.https.html @@ -0,0 +1,39 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="Mixed-Content: Expects blocked for xhr to same-http origin and keep-scheme redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "blocked", + "origin": "same-http", + "redirection": "keep-scheme", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "worker-module" + } + ], + "source_scheme": "https", + "subresource": "xhr", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/xhr/same-http.keep-scheme.https.html.headers b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/xhr/same-http.keep-scheme.https.html.headers new file mode 100644 index 00000000000..46e2255e388 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/xhr/same-http.keep-scheme.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/xhr/same-http.no-redirect.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/xhr/same-http.no-redirect.https.html new file mode 100644 index 00000000000..6d915751b87 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/xhr/same-http.no-redirect.https.html @@ -0,0 +1,39 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="Mixed-Content: Expects blocked for xhr to same-http origin and no-redirect redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "blocked", + "origin": "same-http", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "worker-module" + } + ], + "source_scheme": "https", + "subresource": "xhr", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/xhr/same-http.no-redirect.https.html.headers b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/xhr/same-http.no-redirect.https.html.headers new file mode 100644 index 00000000000..46e2255e388 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/xhr/same-http.no-redirect.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/xhr/same-http.swap-scheme.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/xhr/same-http.swap-scheme.https.html new file mode 100644 index 00000000000..5bff5900c6e --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/xhr/same-http.swap-scheme.https.html @@ -0,0 +1,39 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="Mixed-Content: Expects blocked for xhr to same-http origin and swap-scheme redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "blocked", + "origin": "same-http", + "redirection": "swap-scheme", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "worker-module" + } + ], + "source_scheme": "https", + "subresource": "xhr", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/xhr/same-http.swap-scheme.https.html.headers b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/xhr/same-http.swap-scheme.https.html.headers new file mode 100644 index 00000000000..46e2255e388 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/xhr/same-http.swap-scheme.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/xhr/same-https.keep-scheme.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/xhr/same-https.keep-scheme.https.html new file mode 100644 index 00000000000..2fbcdfcf4b5 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/xhr/same-https.keep-scheme.https.html @@ -0,0 +1,39 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` --> +<html> + <head> + <title>Mixed-Content: Allowed content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of allowed content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/"> + <meta name="assert" content="Mixed-Content: Expects allowed for xhr to same-https origin and keep-scheme redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "allowed", + "origin": "same-https", + "redirection": "keep-scheme", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "worker-module" + } + ], + "source_scheme": "https", + "subresource": "xhr", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/xhr/same-https.keep-scheme.https.html.headers b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/xhr/same-https.keep-scheme.https.html.headers new file mode 100644 index 00000000000..46e2255e388 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/xhr/same-https.keep-scheme.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/xhr/same-https.no-redirect.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/xhr/same-https.no-redirect.https.html new file mode 100644 index 00000000000..86230051116 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/xhr/same-https.no-redirect.https.html @@ -0,0 +1,39 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` --> +<html> + <head> + <title>Mixed-Content: Allowed content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of allowed content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/"> + <meta name="assert" content="Mixed-Content: Expects allowed for xhr to same-https origin and no-redirect redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "allowed", + "origin": "same-https", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "worker-module" + } + ], + "source_scheme": "https", + "subresource": "xhr", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/xhr/same-https.no-redirect.https.html.headers b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/xhr/same-https.no-redirect.https.html.headers new file mode 100644 index 00000000000..46e2255e388 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/xhr/same-https.no-redirect.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/xhr/same-https.swap-scheme.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/xhr/same-https.swap-scheme.https.html new file mode 100644 index 00000000000..e739804a7e2 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/xhr/same-https.swap-scheme.https.html @@ -0,0 +1,39 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="Mixed-Content: Expects blocked for xhr to same-https origin and swap-scheme redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "blocked", + "origin": "same-https", + "redirection": "swap-scheme", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "worker-module" + } + ], + "source_scheme": "https", + "subresource": "xhr", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/xhr/same-https.swap-scheme.https.html.headers b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/xhr/same-https.swap-scheme.https.html.headers new file mode 100644 index 00000000000..46e2255e388 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/xhr/same-https.swap-scheme.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/opt-in/fetch/cross-http.no-redirect.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/opt-in/fetch/cross-http.no-redirect.https.html new file mode 100644 index 00000000000..a1e27a629fe --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/opt-in/fetch/cross-http.no-redirect.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="Mixed-Content: Expects blocked for fetch to cross-http origin and no-redirect redirection from https context."> + <meta http-equiv="Content-Security-Policy" content="block-all-mixed-content"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "blocked", + "origin": "cross-http", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "worker-module" + } + ], + "source_scheme": "https", + "subresource": "fetch", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/opt-in/fetch/same-http.no-redirect.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/opt-in/fetch/same-http.no-redirect.https.html new file mode 100644 index 00000000000..ecedfa2cf2f --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/opt-in/fetch/same-http.no-redirect.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="Mixed-Content: Expects blocked for fetch to same-http origin and no-redirect redirection from https context."> + <meta http-equiv="Content-Security-Policy" content="block-all-mixed-content"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "blocked", + "origin": "same-http", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "worker-module" + } + ], + "source_scheme": "https", + "subresource": "fetch", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/opt-in/fetch/same-https.no-redirect.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/opt-in/fetch/same-https.no-redirect.https.html new file mode 100644 index 00000000000..cd4f95c16b2 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/opt-in/fetch/same-https.no-redirect.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` --> +<html> + <head> + <title>Mixed-Content: Allowed content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of allowed content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/"> + <meta name="assert" content="Mixed-Content: Expects allowed for fetch to same-https origin and no-redirect redirection from https context."> + <meta http-equiv="Content-Security-Policy" content="block-all-mixed-content"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "allowed", + "origin": "same-https", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "worker-module" + } + ], + "source_scheme": "https", + "subresource": "fetch", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/opt-in/websocket/cross-ws.no-redirect.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/opt-in/websocket/cross-ws.no-redirect.https.html new file mode 100644 index 00000000000..1dc7867c2a3 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/opt-in/websocket/cross-ws.no-redirect.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="Mixed-Content: Expects blocked for websocket to cross-ws origin and no-redirect redirection from https context."> + <meta http-equiv="Content-Security-Policy" content="block-all-mixed-content"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "blocked", + "origin": "cross-ws", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "worker-module" + } + ], + "source_scheme": "https", + "subresource": "websocket", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/opt-in/websocket/same-ws.no-redirect.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/opt-in/websocket/same-ws.no-redirect.https.html new file mode 100644 index 00000000000..cf290a4288a --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/opt-in/websocket/same-ws.no-redirect.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="Mixed-Content: Expects blocked for websocket to same-ws origin and no-redirect redirection from https context."> + <meta http-equiv="Content-Security-Policy" content="block-all-mixed-content"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "blocked", + "origin": "same-ws", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "worker-module" + } + ], + "source_scheme": "https", + "subresource": "websocket", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/opt-in/websocket/same-wss.no-redirect.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/opt-in/websocket/same-wss.no-redirect.https.html new file mode 100644 index 00000000000..d04ffa93856 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/opt-in/websocket/same-wss.no-redirect.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` --> +<html> + <head> + <title>Mixed-Content: Allowed content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of allowed content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/"> + <meta name="assert" content="Mixed-Content: Expects allowed for websocket to same-wss origin and no-redirect redirection from https context."> + <meta http-equiv="Content-Security-Policy" content="block-all-mixed-content"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "allowed", + "origin": "same-wss", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "worker-module" + } + ], + "source_scheme": "https", + "subresource": "websocket", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/opt-in/worker-classic/same-http.no-redirect.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/opt-in/worker-classic/same-http.no-redirect.https.html new file mode 100644 index 00000000000..ca6681410a7 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/opt-in/worker-classic/same-http.no-redirect.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="Mixed-Content: Expects blocked for worker-classic to same-http origin and no-redirect redirection from https context."> + <meta http-equiv="Content-Security-Policy" content="block-all-mixed-content"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "blocked", + "origin": "same-http", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "worker-module" + } + ], + "source_scheme": "https", + "subresource": "worker-classic", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/opt-in/worker-classic/same-https.no-redirect.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/opt-in/worker-classic/same-https.no-redirect.https.html new file mode 100644 index 00000000000..a0d81cd30a7 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/opt-in/worker-classic/same-https.no-redirect.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` --> +<html> + <head> + <title>Mixed-Content: Allowed content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of allowed content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/"> + <meta name="assert" content="Mixed-Content: Expects allowed for worker-classic to same-https origin and no-redirect redirection from https context."> + <meta http-equiv="Content-Security-Policy" content="block-all-mixed-content"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "allowed", + "origin": "same-https", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "worker-module" + } + ], + "source_scheme": "https", + "subresource": "worker-classic", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/opt-in/worker-module/same-http.no-redirect.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/opt-in/worker-module/same-http.no-redirect.https.html new file mode 100644 index 00000000000..9e5e2fc41c6 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/opt-in/worker-module/same-http.no-redirect.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="Mixed-Content: Expects blocked for worker-module to same-http origin and no-redirect redirection from https context."> + <meta http-equiv="Content-Security-Policy" content="block-all-mixed-content"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "blocked", + "origin": "same-http", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "worker-module" + } + ], + "source_scheme": "https", + "subresource": "worker-module", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/opt-in/worker-module/same-https.no-redirect.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/opt-in/worker-module/same-https.no-redirect.https.html new file mode 100644 index 00000000000..35d9495fc87 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/opt-in/worker-module/same-https.no-redirect.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` --> +<html> + <head> + <title>Mixed-Content: Allowed content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of allowed content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/"> + <meta name="assert" content="Mixed-Content: Expects allowed for worker-module to same-https origin and no-redirect redirection from https context."> + <meta http-equiv="Content-Security-Policy" content="block-all-mixed-content"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "allowed", + "origin": "same-https", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "worker-module" + } + ], + "source_scheme": "https", + "subresource": "worker-module", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/opt-in/xhr/cross-http.no-redirect.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/opt-in/xhr/cross-http.no-redirect.https.html new file mode 100644 index 00000000000..1bda93c9bdb --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/opt-in/xhr/cross-http.no-redirect.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="Mixed-Content: Expects blocked for xhr to cross-http origin and no-redirect redirection from https context."> + <meta http-equiv="Content-Security-Policy" content="block-all-mixed-content"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "blocked", + "origin": "cross-http", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "worker-module" + } + ], + "source_scheme": "https", + "subresource": "xhr", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/opt-in/xhr/same-http.no-redirect.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/opt-in/xhr/same-http.no-redirect.https.html new file mode 100644 index 00000000000..e6f04aa1cf4 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/opt-in/xhr/same-http.no-redirect.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="Mixed-Content: Expects blocked for xhr to same-http origin and no-redirect redirection from https context."> + <meta http-equiv="Content-Security-Policy" content="block-all-mixed-content"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "blocked", + "origin": "same-http", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "worker-module" + } + ], + "source_scheme": "https", + "subresource": "xhr", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/opt-in/xhr/same-https.no-redirect.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/opt-in/xhr/same-https.no-redirect.https.html new file mode 100644 index 00000000000..a4ac0425693 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/opt-in/xhr/same-https.no-redirect.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` --> +<html> + <head> + <title>Mixed-Content: Allowed content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of allowed content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/"> + <meta name="assert" content="Mixed-Content: Expects allowed for xhr to same-https origin and no-redirect redirection from https context."> + <meta http-equiv="Content-Security-Policy" content="block-all-mixed-content"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "allowed", + "origin": "same-https", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "worker-module" + } + ], + "source_scheme": "https", + "subresource": "xhr", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/unset/fetch/cross-http.keep-scheme.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/unset/fetch/cross-http.keep-scheme.https.html new file mode 100644 index 00000000000..6b09b996faa --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/unset/fetch/cross-http.keep-scheme.https.html @@ -0,0 +1,45 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="Mixed-Content: Expects blocked for fetch to cross-http origin and keep-scheme redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "blocked", + "origin": "cross-http", + "redirection": "keep-scheme", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "http-rp", + "key": "mixedContent", + "value": "opt-in" + } + ], + "sourceContextType": "worker-module" + } + ], + "source_scheme": "https", + "subresource": "fetch", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/unset/fetch/cross-http.no-redirect.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/unset/fetch/cross-http.no-redirect.https.html new file mode 100644 index 00000000000..70b4dac51d2 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/unset/fetch/cross-http.no-redirect.https.html @@ -0,0 +1,45 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="Mixed-Content: Expects blocked for fetch to cross-http origin and no-redirect redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "blocked", + "origin": "cross-http", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "http-rp", + "key": "mixedContent", + "value": "opt-in" + } + ], + "sourceContextType": "worker-module" + } + ], + "source_scheme": "https", + "subresource": "fetch", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/unset/fetch/cross-http.swap-scheme.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/unset/fetch/cross-http.swap-scheme.https.html new file mode 100644 index 00000000000..06120d2f836 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/unset/fetch/cross-http.swap-scheme.https.html @@ -0,0 +1,45 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="Mixed-Content: Expects blocked for fetch to cross-http origin and swap-scheme redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "blocked", + "origin": "cross-http", + "redirection": "swap-scheme", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "http-rp", + "key": "mixedContent", + "value": "opt-in" + } + ], + "sourceContextType": "worker-module" + } + ], + "source_scheme": "https", + "subresource": "fetch", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/unset/fetch/same-http.keep-scheme.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/unset/fetch/same-http.keep-scheme.https.html new file mode 100644 index 00000000000..27d657f27bb --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/unset/fetch/same-http.keep-scheme.https.html @@ -0,0 +1,45 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="Mixed-Content: Expects blocked for fetch to same-http origin and keep-scheme redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "blocked", + "origin": "same-http", + "redirection": "keep-scheme", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "http-rp", + "key": "mixedContent", + "value": "opt-in" + } + ], + "sourceContextType": "worker-module" + } + ], + "source_scheme": "https", + "subresource": "fetch", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/unset/fetch/same-http.no-redirect.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/unset/fetch/same-http.no-redirect.https.html new file mode 100644 index 00000000000..6dbfdd50ece --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/unset/fetch/same-http.no-redirect.https.html @@ -0,0 +1,45 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="Mixed-Content: Expects blocked for fetch to same-http origin and no-redirect redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "blocked", + "origin": "same-http", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "http-rp", + "key": "mixedContent", + "value": "opt-in" + } + ], + "sourceContextType": "worker-module" + } + ], + "source_scheme": "https", + "subresource": "fetch", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/unset/fetch/same-http.swap-scheme.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/unset/fetch/same-http.swap-scheme.https.html new file mode 100644 index 00000000000..7e20764c452 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/unset/fetch/same-http.swap-scheme.https.html @@ -0,0 +1,45 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="Mixed-Content: Expects blocked for fetch to same-http origin and swap-scheme redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "blocked", + "origin": "same-http", + "redirection": "swap-scheme", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "http-rp", + "key": "mixedContent", + "value": "opt-in" + } + ], + "sourceContextType": "worker-module" + } + ], + "source_scheme": "https", + "subresource": "fetch", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/unset/fetch/same-https.keep-scheme.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/unset/fetch/same-https.keep-scheme.https.html new file mode 100644 index 00000000000..86c2680c919 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/unset/fetch/same-https.keep-scheme.https.html @@ -0,0 +1,45 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` --> +<html> + <head> + <title>Mixed-Content: Allowed content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of allowed content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/"> + <meta name="assert" content="Mixed-Content: Expects allowed for fetch to same-https origin and keep-scheme redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "allowed", + "origin": "same-https", + "redirection": "keep-scheme", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "http-rp", + "key": "mixedContent", + "value": "opt-in" + } + ], + "sourceContextType": "worker-module" + } + ], + "source_scheme": "https", + "subresource": "fetch", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/unset/fetch/same-https.no-redirect.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/unset/fetch/same-https.no-redirect.https.html new file mode 100644 index 00000000000..3fae4c64b7b --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/unset/fetch/same-https.no-redirect.https.html @@ -0,0 +1,45 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` --> +<html> + <head> + <title>Mixed-Content: Allowed content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of allowed content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/"> + <meta name="assert" content="Mixed-Content: Expects allowed for fetch to same-https origin and no-redirect redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "allowed", + "origin": "same-https", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "http-rp", + "key": "mixedContent", + "value": "opt-in" + } + ], + "sourceContextType": "worker-module" + } + ], + "source_scheme": "https", + "subresource": "fetch", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/unset/websocket/cross-ws.no-redirect.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/unset/websocket/cross-ws.no-redirect.https.html new file mode 100644 index 00000000000..89989156798 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/unset/websocket/cross-ws.no-redirect.https.html @@ -0,0 +1,45 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="Mixed-Content: Expects blocked for websocket to cross-ws origin and no-redirect redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "blocked", + "origin": "cross-ws", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "http-rp", + "key": "mixedContent", + "value": "opt-in" + } + ], + "sourceContextType": "worker-module" + } + ], + "source_scheme": "https", + "subresource": "websocket", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/unset/websocket/same-ws.no-redirect.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/unset/websocket/same-ws.no-redirect.https.html new file mode 100644 index 00000000000..8e909d4214f --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/unset/websocket/same-ws.no-redirect.https.html @@ -0,0 +1,45 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="Mixed-Content: Expects blocked for websocket to same-ws origin and no-redirect redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "blocked", + "origin": "same-ws", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "http-rp", + "key": "mixedContent", + "value": "opt-in" + } + ], + "sourceContextType": "worker-module" + } + ], + "source_scheme": "https", + "subresource": "websocket", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/unset/websocket/same-wss.no-redirect.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/unset/websocket/same-wss.no-redirect.https.html new file mode 100644 index 00000000000..3fc935113b1 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/unset/websocket/same-wss.no-redirect.https.html @@ -0,0 +1,45 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` --> +<html> + <head> + <title>Mixed-Content: Allowed content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of allowed content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/"> + <meta name="assert" content="Mixed-Content: Expects allowed for websocket to same-wss origin and no-redirect redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "allowed", + "origin": "same-wss", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "http-rp", + "key": "mixedContent", + "value": "opt-in" + } + ], + "sourceContextType": "worker-module" + } + ], + "source_scheme": "https", + "subresource": "websocket", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/unset/worker-classic/same-http.keep-scheme.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/unset/worker-classic/same-http.keep-scheme.https.html new file mode 100644 index 00000000000..9e7d811a817 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/unset/worker-classic/same-http.keep-scheme.https.html @@ -0,0 +1,45 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="Mixed-Content: Expects blocked for worker-classic to same-http origin and keep-scheme redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "blocked", + "origin": "same-http", + "redirection": "keep-scheme", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "http-rp", + "key": "mixedContent", + "value": "opt-in" + } + ], + "sourceContextType": "worker-module" + } + ], + "source_scheme": "https", + "subresource": "worker-classic", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/unset/worker-classic/same-http.no-redirect.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/unset/worker-classic/same-http.no-redirect.https.html new file mode 100644 index 00000000000..4e784ea2e37 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/unset/worker-classic/same-http.no-redirect.https.html @@ -0,0 +1,45 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="Mixed-Content: Expects blocked for worker-classic to same-http origin and no-redirect redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "blocked", + "origin": "same-http", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "http-rp", + "key": "mixedContent", + "value": "opt-in" + } + ], + "sourceContextType": "worker-module" + } + ], + "source_scheme": "https", + "subresource": "worker-classic", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/unset/worker-classic/same-https.keep-scheme.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/unset/worker-classic/same-https.keep-scheme.https.html new file mode 100644 index 00000000000..e1e1e8fa141 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/unset/worker-classic/same-https.keep-scheme.https.html @@ -0,0 +1,45 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` --> +<html> + <head> + <title>Mixed-Content: Allowed content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of allowed content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/"> + <meta name="assert" content="Mixed-Content: Expects allowed for worker-classic to same-https origin and keep-scheme redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "allowed", + "origin": "same-https", + "redirection": "keep-scheme", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "http-rp", + "key": "mixedContent", + "value": "opt-in" + } + ], + "sourceContextType": "worker-module" + } + ], + "source_scheme": "https", + "subresource": "worker-classic", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/unset/worker-classic/same-https.no-redirect.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/unset/worker-classic/same-https.no-redirect.https.html new file mode 100644 index 00000000000..b82125ea6bb --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/unset/worker-classic/same-https.no-redirect.https.html @@ -0,0 +1,45 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` --> +<html> + <head> + <title>Mixed-Content: Allowed content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of allowed content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/"> + <meta name="assert" content="Mixed-Content: Expects allowed for worker-classic to same-https origin and no-redirect redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "allowed", + "origin": "same-https", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "http-rp", + "key": "mixedContent", + "value": "opt-in" + } + ], + "sourceContextType": "worker-module" + } + ], + "source_scheme": "https", + "subresource": "worker-classic", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/unset/worker-module/same-http.keep-scheme.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/unset/worker-module/same-http.keep-scheme.https.html new file mode 100644 index 00000000000..3d647f7f0ba --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/unset/worker-module/same-http.keep-scheme.https.html @@ -0,0 +1,45 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="Mixed-Content: Expects blocked for worker-module to same-http origin and keep-scheme redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "blocked", + "origin": "same-http", + "redirection": "keep-scheme", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "http-rp", + "key": "mixedContent", + "value": "opt-in" + } + ], + "sourceContextType": "worker-module" + } + ], + "source_scheme": "https", + "subresource": "worker-module", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/unset/worker-module/same-http.no-redirect.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/unset/worker-module/same-http.no-redirect.https.html new file mode 100644 index 00000000000..731c42554f3 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/unset/worker-module/same-http.no-redirect.https.html @@ -0,0 +1,45 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="Mixed-Content: Expects blocked for worker-module to same-http origin and no-redirect redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "blocked", + "origin": "same-http", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "http-rp", + "key": "mixedContent", + "value": "opt-in" + } + ], + "sourceContextType": "worker-module" + } + ], + "source_scheme": "https", + "subresource": "worker-module", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/unset/worker-module/same-https.keep-scheme.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/unset/worker-module/same-https.keep-scheme.https.html new file mode 100644 index 00000000000..4cec52a276a --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/unset/worker-module/same-https.keep-scheme.https.html @@ -0,0 +1,45 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` --> +<html> + <head> + <title>Mixed-Content: Allowed content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of allowed content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/"> + <meta name="assert" content="Mixed-Content: Expects allowed for worker-module to same-https origin and keep-scheme redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "allowed", + "origin": "same-https", + "redirection": "keep-scheme", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "http-rp", + "key": "mixedContent", + "value": "opt-in" + } + ], + "sourceContextType": "worker-module" + } + ], + "source_scheme": "https", + "subresource": "worker-module", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/unset/worker-module/same-https.no-redirect.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/unset/worker-module/same-https.no-redirect.https.html new file mode 100644 index 00000000000..6656c26b62f --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/unset/worker-module/same-https.no-redirect.https.html @@ -0,0 +1,45 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` --> +<html> + <head> + <title>Mixed-Content: Allowed content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of allowed content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/"> + <meta name="assert" content="Mixed-Content: Expects allowed for worker-module to same-https origin and no-redirect redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "allowed", + "origin": "same-https", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "http-rp", + "key": "mixedContent", + "value": "opt-in" + } + ], + "sourceContextType": "worker-module" + } + ], + "source_scheme": "https", + "subresource": "worker-module", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/unset/xhr/cross-http.keep-scheme.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/unset/xhr/cross-http.keep-scheme.https.html new file mode 100644 index 00000000000..ecb166c9c45 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/unset/xhr/cross-http.keep-scheme.https.html @@ -0,0 +1,45 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="Mixed-Content: Expects blocked for xhr to cross-http origin and keep-scheme redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "blocked", + "origin": "cross-http", + "redirection": "keep-scheme", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "http-rp", + "key": "mixedContent", + "value": "opt-in" + } + ], + "sourceContextType": "worker-module" + } + ], + "source_scheme": "https", + "subresource": "xhr", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/unset/xhr/cross-http.no-redirect.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/unset/xhr/cross-http.no-redirect.https.html new file mode 100644 index 00000000000..4c6dbb0d56e --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/unset/xhr/cross-http.no-redirect.https.html @@ -0,0 +1,45 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="Mixed-Content: Expects blocked for xhr to cross-http origin and no-redirect redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "blocked", + "origin": "cross-http", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "http-rp", + "key": "mixedContent", + "value": "opt-in" + } + ], + "sourceContextType": "worker-module" + } + ], + "source_scheme": "https", + "subresource": "xhr", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/unset/xhr/cross-http.swap-scheme.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/unset/xhr/cross-http.swap-scheme.https.html new file mode 100644 index 00000000000..caa9aa15c73 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/unset/xhr/cross-http.swap-scheme.https.html @@ -0,0 +1,45 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="Mixed-Content: Expects blocked for xhr to cross-http origin and swap-scheme redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "blocked", + "origin": "cross-http", + "redirection": "swap-scheme", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "http-rp", + "key": "mixedContent", + "value": "opt-in" + } + ], + "sourceContextType": "worker-module" + } + ], + "source_scheme": "https", + "subresource": "xhr", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/unset/xhr/same-http.keep-scheme.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/unset/xhr/same-http.keep-scheme.https.html new file mode 100644 index 00000000000..adb8c9e445a --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/unset/xhr/same-http.keep-scheme.https.html @@ -0,0 +1,45 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="Mixed-Content: Expects blocked for xhr to same-http origin and keep-scheme redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "blocked", + "origin": "same-http", + "redirection": "keep-scheme", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "http-rp", + "key": "mixedContent", + "value": "opt-in" + } + ], + "sourceContextType": "worker-module" + } + ], + "source_scheme": "https", + "subresource": "xhr", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/unset/xhr/same-http.no-redirect.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/unset/xhr/same-http.no-redirect.https.html new file mode 100644 index 00000000000..8f1ebcccc06 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/unset/xhr/same-http.no-redirect.https.html @@ -0,0 +1,45 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="Mixed-Content: Expects blocked for xhr to same-http origin and no-redirect redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "blocked", + "origin": "same-http", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "http-rp", + "key": "mixedContent", + "value": "opt-in" + } + ], + "sourceContextType": "worker-module" + } + ], + "source_scheme": "https", + "subresource": "xhr", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/unset/xhr/same-http.swap-scheme.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/unset/xhr/same-http.swap-scheme.https.html new file mode 100644 index 00000000000..8f7caedf158 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/unset/xhr/same-http.swap-scheme.https.html @@ -0,0 +1,45 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="Mixed-Content: Expects blocked for xhr to same-http origin and swap-scheme redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "blocked", + "origin": "same-http", + "redirection": "swap-scheme", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "http-rp", + "key": "mixedContent", + "value": "opt-in" + } + ], + "sourceContextType": "worker-module" + } + ], + "source_scheme": "https", + "subresource": "xhr", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/unset/xhr/same-https.keep-scheme.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/unset/xhr/same-https.keep-scheme.https.html new file mode 100644 index 00000000000..d7462ed7004 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/unset/xhr/same-https.keep-scheme.https.html @@ -0,0 +1,45 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` --> +<html> + <head> + <title>Mixed-Content: Allowed content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of allowed content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/"> + <meta name="assert" content="Mixed-Content: Expects allowed for xhr to same-https origin and keep-scheme redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "allowed", + "origin": "same-https", + "redirection": "keep-scheme", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "http-rp", + "key": "mixedContent", + "value": "opt-in" + } + ], + "sourceContextType": "worker-module" + } + ], + "source_scheme": "https", + "subresource": "xhr", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/unset/xhr/same-https.no-redirect.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/unset/xhr/same-https.no-redirect.https.html new file mode 100644 index 00000000000..1b2234af460 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/unset/xhr/same-https.no-redirect.https.html @@ -0,0 +1,45 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` --> +<html> + <head> + <title>Mixed-Content: Allowed content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of allowed content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/"> + <meta name="assert" content="Mixed-Content: Expects allowed for xhr to same-https origin and no-redirect redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "allowed", + "origin": "same-https", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "http-rp", + "key": "mixedContent", + "value": "opt-in" + } + ], + "sourceContextType": "worker-module" + } + ], + "source_scheme": "https", + "subresource": "xhr", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/generic/spec_json.js b/tests/wpt/web-platform-tests/mixed-content/generic/spec_json.js index c36a535f453..79bd6664b4e 100644 --- a/tests/wpt/web-platform-tests/mixed-content/generic/spec_json.js +++ b/tests/wpt/web-platform-tests/mixed-content/generic/spec_json.js @@ -1 +1 @@ -var SPEC_JSON = {"selection_pattern": "%(source_context_list)s.%(delivery_type)s/%(delivery_value)s/%(subresource)s/%(origin)s.%(redirection)s.%(source_scheme)s", "test_file_path_pattern": "gen/%(source_context_list)s.%(delivery_type)s/%(delivery_value)s/%(subresource)s/%(origin)s.%(redirection)s.%(source_scheme)s.html", "excluded_tests": [{"name": "Workers are same-origin only", "expansion": "*", "source_scheme": "*", "source_context_list": "*", "delivery_type": "*", "delivery_value": "*", "redirection": "*", "subresource": ["worker-classic", "worker-module", "sharedworker-classic", "sharedworker-module"], "origin": ["cross-https", "cross-http", "cross-http-downgrade", "cross-wss", "cross-ws", "cross-ws-downgrade"], "expectation": "*"}, {"name": "Workers are same-origin only (redirects)", "expansion": "*", "source_scheme": "*", "source_context_list": "*", "delivery_type": "*", "delivery_value": "*", "redirection": ["swap-origin", "swap-scheme"], "subresource": ["worker-classic", "worker-module", "sharedworker-classic", "sharedworker-module"], "origin": "*", "expectation": "*"}, {"name": "Websockets are ws/wss-only", "expansion": "*", "source_scheme": "*", "source_context_list": "*", "delivery_type": "*", "delivery_value": "*", "redirection": "*", "subresource": "websocket", "origin": ["same-https", "same-http", "same-http-downgrade", "cross-https", "cross-http", "cross-http-downgrade"], "expectation": "*"}, {"name": "Websockets are no-redirect only", "expansion": "*", "source_scheme": "*", "source_context_list": "*", "delivery_type": "*", "delivery_value": "*", "redirection": ["keep-origin", "swap-origin", "keep-scheme", "swap-scheme", "downgrade"], "subresource": "websocket", "origin": "*", "expectation": "*"}, {"name": "ws/wss are websocket-only", "expansion": "*", "source_scheme": "*", "source_context_list": "*", "delivery_type": "*", "delivery_value": "*", "redirection": "*", "subresource": ["area-tag", "a-tag", "fetch", "iframe-tag", "img-tag", "script-tag", "sharedworker-classic", "sharedworker-import-data", "sharedworker-module", "worker-classic", "worker-import-data", "worker-module", "worklet-animation", "worklet-animation-import-data", "worklet-audio", "worklet-audio-import-data", "worklet-layout", "worklet-layout-import-data", "worklet-paint", "worklet-paint-import-data", "xhr"], "origin": ["same-wss", "same-ws", "same-ws-downgrade", "cross-wss", "cross-ws", "cross-ws-downgrade"], "expectation": "*"}, {"name": "Skip-redundant-no-opt-in", "expansion": "*", "source_scheme": "*", "source_context_list": "*", "delivery_type": "http-rp", "delivery_value": null, "redirection": "*", "subresource": "*", "origin": "*", "expectation": "*"}, {"name": "Skip-redundant-for-opt-in-method", "expansion": "*", "source_scheme": "*", "source_context_list": "*", "delivery_type": "meta", "delivery_value": "opt-in", "redirection": ["keep-scheme", "swap-scheme"], "subresource": "*", "origin": "*", "expectation": "*"}, {"name": "source_context_list values not yet tested", "expansion": "*", "source_scheme": "*", "source_context_list": ["req", "srcdoc-inherit", "srcdoc", "iframe", "iframe-blank-inherit", "worker-classic", "worker-module"], "delivery_type": "*", "delivery_value": "*", "redirection": "*", "subresource": "*", "origin": "*", "expectation": "*"}, {"name": "subresource values not yet tested", "expansion": "*", "source_scheme": "*", "source_context_list": "*", "delivery_type": "*", "delivery_value": "*", "redirection": "*", "subresource": ["a-tag", "area-tag", "iframe-tag"], "origin": "*", "expectation": "*"}, {"name": "redirections that mixed-content tests don't care", "expansion": "*", "source_scheme": "*", "source_context_list": "*", "delivery_type": "*", "delivery_value": "*", "redirection": ["keep-origin", "swap-origin", "downgrade"], "origin": "*", "subresource": "*", "expectation": "*"}], "source_context_schema": {"supported_subresource": {"top": "*", "iframe": "*", "iframe-blank": "*", "srcdoc": "*", "worker-classic": ["xhr", "fetch", "websocket", "worker-classic", "worker-module"], "worker-module": ["xhr", "fetch", "websocket", "worker-classic", "worker-module"], "worker-classic-data": ["xhr", "fetch", "websocket"], "worker-module-data": ["xhr", "fetch", "websocket"], "sharedworker-classic": ["xhr", "fetch", "websocket"], "sharedworker-module": ["xhr", "fetch", "websocket"], "sharedworker-classic-data": ["xhr", "fetch", "websocket"], "sharedworker-module-data": ["xhr", "fetch", "websocket"]}, "supported_delivery_type": {"top": ["http-rp", "meta"], "iframe": ["http-rp", "meta"], "iframe-blank": ["meta"], "srcdoc": ["meta"], "worker-classic": ["http-rp"], "worker-module": ["http-rp"], "worker-classic-data": [], "worker-module-data": [], "sharedworker-classic": ["http-rp"], "sharedworker-module": ["http-rp"], "sharedworker-classic-data": [], "sharedworker-module-data": []}}, "source_context_list_schema": {"top": {"description": "Policy set by the top-level Document", "sourceContextList": [{"sourceContextType": "top", "policyDeliveries": ["policy"]}], "subresourcePolicyDeliveries": []}, "req": {"description": "Subresource request's policy should override Document's policy", "sourceContextList": [{"sourceContextType": "top", "policyDeliveries": ["anotherPolicy"]}], "subresourcePolicyDeliveries": ["nonNullPolicy"]}, "srcdoc-inherit": {"description": "srcdoc iframe without its own policy should inherit parent Document's policy", "sourceContextList": [{"sourceContextType": "top", "policyDeliveries": ["policy"]}, {"sourceContextType": "srcdoc"}], "subresourcePolicyDeliveries": []}, "srcdoc": {"description": "srcdoc iframe's policy should override parent Document's policy", "sourceContextList": [{"sourceContextType": "top", "policyDeliveries": ["anotherPolicy"]}, {"sourceContextType": "srcdoc", "policyDeliveries": ["nonNullPolicy"]}], "subresourcePolicyDeliveries": []}, "iframe": {"description": "external iframe's policy should override parent Document's policy", "sourceContextList": [{"sourceContextType": "top", "policyDeliveries": ["anotherPolicy"]}, {"sourceContextType": "iframe", "policyDeliveries": ["policy"]}], "subresourcePolicyDeliveries": []}, "iframe-blank-inherit": {"description": "blank iframe should inherit parent Document's policy", "sourceContextList": [{"sourceContextType": "top", "policyDeliveries": ["policy"]}, {"sourceContextType": "iframe-blank"}], "subresourcePolicyDeliveries": []}, "worker-classic": {"description": "dedicated workers shouldn't inherit its parent's policy.", "sourceContextList": [{"sourceContextType": "top", "policyDeliveries": ["anotherPolicy"]}, {"sourceContextType": "worker-classic", "policyDeliveries": ["policy"]}], "subresourcePolicyDeliveries": []}, "worker-classic-data": {"description": "data: dedicated workers should inherit its parent's policy.", "sourceContextList": [{"sourceContextType": "top", "policyDeliveries": ["policy"]}, {"sourceContextType": "worker-classic-data", "policyDeliveries": []}], "subresourcePolicyDeliveries": []}, "worker-module": {"description": "dedicated workers shouldn't inherit its parent's policy.", "sourceContextList": [{"sourceContextType": "top", "policyDeliveries": ["anotherPolicy"]}, {"sourceContextType": "worker-module", "policyDeliveries": ["policy"]}], "subresourcePolicyDeliveries": []}, "worker-module-data": {"description": "data: dedicated workers should inherit its parent's policy.", "sourceContextList": [{"sourceContextType": "top", "policyDeliveries": ["policy"]}, {"sourceContextType": "worker-module-data", "policyDeliveries": []}], "subresourcePolicyDeliveries": []}, "sharedworker-classic-data": {"description": "data: shared workers should inherit its parent's policy.", "sourceContextList": [{"sourceContextType": "top", "policyDeliveries": ["policy"]}, {"sourceContextType": "sharedworker-classic-data", "policyDeliveries": []}], "subresourcePolicyDeliveries": []}, "sharedworker-module-data": {"description": "data: shared workers should inherit its parent's policy.", "sourceContextList": [{"sourceContextType": "top", "policyDeliveries": ["policy"]}, {"sourceContextType": "sharedworker-module-data", "policyDeliveries": []}], "subresourcePolicyDeliveries": []}}, "test_expansion_schema": {"expansion": ["default", "override"], "source_scheme": ["http", "https"], "source_context_list": ["top", "req", "srcdoc-inherit", "srcdoc", "iframe", "iframe-blank-inherit", "worker-classic", "worker-classic-data", "worker-module", "worker-module-data", "sharedworker-classic-data", "sharedworker-module-data"], "redirection": ["no-redirect", "keep-origin", "swap-origin", "keep-scheme", "swap-scheme", "downgrade"], "origin": ["same-https", "same-http", "same-http-downgrade", "cross-https", "cross-http", "cross-http-downgrade", "same-wss", "same-ws", "same-ws-downgrade", "cross-wss", "cross-ws", "cross-ws-downgrade"], "subresource": ["a-tag", "area-tag", "audio-tag", "beacon", "fetch", "iframe-tag", "img-tag", "link-css-tag", "link-prefetch-tag", "object-tag", "picture-tag", "script-tag", "sharedworker-classic", "sharedworker-import-data", "sharedworker-module", "video-tag", "websocket", "worker-classic", "worker-import-data", "worker-module", "worklet-animation", "worklet-animation-import-data", "worklet-audio", "worklet-audio-import-data", "worklet-layout", "worklet-layout-import-data", "worklet-paint", "worklet-paint-import-data", "xhr"], "delivery_type": ["http-rp", "meta"], "delivery_value": [null, "opt-in"], "expectation": ["allowed", "blocked"]}, "test_description_template": "Mixed-Content: Expects %(expectation)s for %(subresource)s to %(origin)s origin and %(redirection)s redirection from %(source_scheme)s context.", "test_page_title_template": "Mixed-Content: %(title)s", "specification": [{"name": "optionally-blockable", "title": "Optionally-blockable content", "description": "Test behavior of optionally-blockable content", "specification_url": "http://www.w3.org/TR/mixed-content/#category-optionally-blockable", "test_expansion": [{"name": "opt-in-blocks", "expansion": "default", "source_scheme": "https", "source_context_list": "*", "delivery_type": "*", "delivery_value": "opt-in", "redirection": "*", "subresource": ["audio-tag", "img-tag", "video-tag"], "origin": ["cross-http", "same-http"], "expectation": "blocked"}, {"name": "opt-in-blocks-redirects", "expansion": "default", "source_scheme": "https", "source_context_list": "*", "delivery_type": "*", "delivery_value": "opt-in", "redirection": "swap-scheme", "subresource": ["audio-tag", "img-tag", "video-tag"], "origin": ["same-https", "cross-https"], "expectation": "blocked"}, {"name": "no-opt-in-allows", "expansion": "default", "source_scheme": "https", "source_context_list": "*", "delivery_type": "*", "delivery_value": null, "redirection": "*", "subresource": ["audio-tag", "img-tag", "video-tag"], "origin": ["cross-http", "same-http"], "expectation": "allowed"}]}, {"name": "blockable", "title": "Blockable content", "description": "Test behavior of blockable content.", "specification_url": "http://www.w3.org/TR/mixed-content/#category-blockable", "test_expansion": [{"name": "opt-in-blocks", "expansion": "default", "source_scheme": "https", "source_context_list": "*", "delivery_type": "*", "delivery_value": "opt-in", "redirection": "*", "subresource": ["a-tag", "beacon", "fetch", "link-css-tag", "link-prefetch-tag", "object-tag", "picture-tag", "script-tag", "sharedworker-classic", "sharedworker-import-data", "sharedworker-module", "websocket", "worker-classic", "worker-import-data", "worker-module", "worklet-animation", "worklet-animation-import-data", "worklet-audio", "worklet-audio-import-data", "worklet-layout", "worklet-layout-import-data", "worklet-paint", "worklet-paint-import-data", "xhr"], "origin": ["cross-http", "same-http"], "expectation": "blocked"}, {"name": "opt-in-blocks-redirects", "expansion": "default", "source_scheme": "https", "source_context_list": "*", "delivery_type": "*", "delivery_value": "opt-in", "redirection": "swap-scheme", "subresource": ["a-tag", "beacon", "fetch", "link-css-tag", "link-prefetch-tag", "object-tag", "picture-tag", "script-tag", "sharedworker-classic", "sharedworker-import-data", "sharedworker-module", "websocket", "worker-classic", "worker-import-data", "worker-module", "worklet-animation", "worklet-animation-import-data", "worklet-audio", "worklet-audio-import-data", "worklet-layout", "worklet-layout-import-data", "worklet-paint", "worklet-paint-import-data", "xhr"], "origin": ["same-https", "cross-https"], "expectation": "blocked"}, {"name": "no-opt-in-blocks", "expansion": "default", "source_scheme": "https", "source_context_list": "*", "delivery_type": "*", "delivery_value": null, "redirection": "*", "subresource": ["a-tag", "beacon", "fetch", "link-css-tag", "link-prefetch-tag", "object-tag", "picture-tag", "script-tag", "sharedworker-classic", "sharedworker-import-data", "sharedworker-module", "websocket", "worker-classic", "worker-import-data", "worker-module", "worklet-animation", "worklet-animation-import-data", "worklet-audio", "worklet-audio-import-data", "worklet-layout", "worklet-layout-import-data", "worklet-paint", "worklet-paint-import-data", "xhr"], "origin": ["cross-http", "same-http"], "expectation": "blocked"}, {"name": "ws-downgrade-blocks", "expansion": "default", "source_scheme": "https", "source_context_list": "*", "delivery_type": "*", "delivery_value": "*", "redirection": "*", "subresource": "websocket", "origin": ["cross-ws", "same-ws"], "expectation": "blocked"}]}, {"name": "allowed", "title": "Allowed content", "description": "Test behavior of allowed content.", "specification_url": "http://www.w3.org/TR/mixed-content/", "test_expansion": [{"name": "allowed", "expansion": "default", "source_scheme": "https", "source_context_list": "*", "delivery_type": "*", "delivery_value": "*", "redirection": ["no-redirect", "keep-scheme"], "subresource": "*", "origin": ["same-https"], "expectation": "allowed"}, {"name": "websocket-allowed", "expansion": "default", "source_scheme": "https", "source_context_list": "*", "delivery_type": "*", "delivery_value": "*", "redirection": ["no-redirect", "keep-scheme"], "subresource": "websocket", "origin": ["same-wss"], "expectation": "allowed"}]}], "delivery_key": "mixedContent", "subresource_schema": {"supported_delivery_type": {"a-tag": [], "area-tag": [], "audio-tag": [], "beacon": [], "fetch": [], "iframe-tag": [], "img-tag": [], "link-css-tag": [], "link-prefetch-tag": [], "object-tag": [], "picture-tag": [], "script-tag": [], "sharedworker-classic": [], "sharedworker-import-data": [], "sharedworker-module": [], "video-tag": [], "websocket": [], "worker-classic": [], "worker-import-data": [], "worker-module": [], "worklet-animation": [], "worklet-animation-import-data": [], "worklet-audio": [], "worklet-audio-import-data": [], "worklet-layout": [], "worklet-layout-import-data": [], "worklet-paint": [], "worklet-paint-import-data": [], "xhr": []}}}; +var SPEC_JSON = {"selection_pattern": "%(source_context_list)s.%(delivery_type)s/%(delivery_value)s/%(subresource)s/%(origin)s.%(redirection)s.%(source_scheme)s", "test_file_path_pattern": "gen/%(source_context_list)s.%(delivery_type)s/%(delivery_value)s/%(subresource)s/%(origin)s.%(redirection)s.%(source_scheme)s.html", "excluded_tests": [{"name": "Workers are same-origin only", "expansion": "*", "source_scheme": "*", "source_context_list": "*", "delivery_type": "*", "delivery_value": "*", "redirection": "*", "subresource": ["worker-classic", "worker-module", "sharedworker-classic", "sharedworker-module"], "origin": ["cross-https", "cross-http", "cross-http-downgrade", "cross-wss", "cross-ws", "cross-ws-downgrade"], "expectation": "*"}, {"name": "Workers are same-origin only (redirects)", "expansion": "*", "source_scheme": "*", "source_context_list": "*", "delivery_type": "*", "delivery_value": "*", "redirection": ["swap-origin", "swap-scheme"], "subresource": ["worker-classic", "worker-module", "sharedworker-classic", "sharedworker-module"], "origin": "*", "expectation": "*"}, {"name": "Websockets are ws/wss-only", "expansion": "*", "source_scheme": "*", "source_context_list": "*", "delivery_type": "*", "delivery_value": "*", "redirection": "*", "subresource": "websocket", "origin": ["same-https", "same-http", "same-http-downgrade", "cross-https", "cross-http", "cross-http-downgrade"], "expectation": "*"}, {"name": "Websockets are no-redirect only", "expansion": "*", "source_scheme": "*", "source_context_list": "*", "delivery_type": "*", "delivery_value": "*", "redirection": ["keep-origin", "swap-origin", "keep-scheme", "swap-scheme", "downgrade"], "subresource": "websocket", "origin": "*", "expectation": "*"}, {"name": "ws/wss are websocket-only", "expansion": "*", "source_scheme": "*", "source_context_list": "*", "delivery_type": "*", "delivery_value": "*", "redirection": "*", "subresource": ["area-tag", "a-tag", "fetch", "iframe-tag", "img-tag", "script-tag", "sharedworker-classic", "sharedworker-import-data", "sharedworker-module", "worker-classic", "worker-import-data", "worker-module", "worklet-animation", "worklet-animation-import-data", "worklet-audio", "worklet-audio-import-data", "worklet-layout", "worklet-layout-import-data", "worklet-paint", "worklet-paint-import-data", "xhr"], "origin": ["same-wss", "same-ws", "same-ws-downgrade", "cross-wss", "cross-ws", "cross-ws-downgrade"], "expectation": "*"}, {"name": "Skip-redundant-no-opt-in", "expansion": "*", "source_scheme": "*", "source_context_list": "*", "delivery_type": "http-rp", "delivery_value": null, "redirection": "*", "subresource": "*", "origin": "*", "expectation": "*"}, {"name": "Skip-redundant-for-opt-in-method", "expansion": "*", "source_scheme": "*", "source_context_list": "*", "delivery_type": "meta", "delivery_value": "opt-in", "redirection": ["keep-scheme", "swap-scheme"], "subresource": "*", "origin": "*", "expectation": "*"}, {"name": "source_context_list values not yet tested", "expansion": "*", "source_scheme": "*", "source_context_list": ["req", "srcdoc-inherit", "srcdoc", "iframe", "iframe-blank-inherit"], "delivery_type": "*", "delivery_value": "*", "redirection": "*", "subresource": "*", "origin": "*", "expectation": "*"}, {"name": "source_context_list values not for CSP tests", "expansion": "*", "source_scheme": "*", "source_context_list": ["worker-classic", "worker-module"], "delivery_type": "*", "delivery_value": "*", "redirection": "*", "subresource": "*", "origin": "*", "expectation": "*"}, {"name": "subresource values not yet tested", "expansion": "*", "source_scheme": "*", "source_context_list": "*", "delivery_type": "*", "delivery_value": "*", "redirection": "*", "subresource": ["a-tag", "area-tag", "iframe-tag"], "origin": "*", "expectation": "*"}, {"name": "redirections that mixed-content tests don't care", "expansion": "*", "source_scheme": "*", "source_context_list": "*", "delivery_type": "*", "delivery_value": "*", "redirection": ["keep-origin", "swap-origin", "downgrade"], "origin": "*", "subresource": "*", "expectation": "*"}], "source_context_schema": {"supported_subresource": {"top": "*", "iframe": "*", "iframe-blank": "*", "srcdoc": "*", "worker-classic": ["xhr", "fetch", "websocket", "worker-classic", "worker-module"], "worker-module": ["xhr", "fetch", "websocket", "worker-classic", "worker-module"], "worker-classic-data": ["xhr", "fetch", "websocket"], "worker-module-data": ["xhr", "fetch", "websocket"], "sharedworker-classic": ["xhr", "fetch", "websocket"], "sharedworker-module": ["xhr", "fetch", "websocket"], "sharedworker-classic-data": ["xhr", "fetch", "websocket"], "sharedworker-module-data": ["xhr", "fetch", "websocket"]}, "supported_delivery_type": {"top": ["http-rp", "meta"], "iframe": ["http-rp", "meta"], "iframe-blank": ["meta"], "srcdoc": ["meta"], "worker-classic": ["http-rp"], "worker-module": ["http-rp"], "worker-classic-data": [], "worker-module-data": [], "sharedworker-classic": ["http-rp"], "sharedworker-module": ["http-rp"], "sharedworker-classic-data": [], "sharedworker-module-data": []}}, "source_context_list_schema": {"top": {"description": "Policy set by the top-level Document", "sourceContextList": [{"sourceContextType": "top", "policyDeliveries": ["policy"]}], "subresourcePolicyDeliveries": []}, "req": {"description": "Subresource request's policy should override Document's policy", "sourceContextList": [{"sourceContextType": "top", "policyDeliveries": ["anotherPolicy"]}], "subresourcePolicyDeliveries": ["nonNullPolicy"]}, "srcdoc-inherit": {"description": "srcdoc iframe without its own policy should inherit parent Document's policy", "sourceContextList": [{"sourceContextType": "top", "policyDeliveries": ["policy"]}, {"sourceContextType": "srcdoc"}], "subresourcePolicyDeliveries": []}, "srcdoc": {"description": "srcdoc iframe's policy should override parent Document's policy", "sourceContextList": [{"sourceContextType": "top", "policyDeliveries": ["anotherPolicy"]}, {"sourceContextType": "srcdoc", "policyDeliveries": ["nonNullPolicy"]}], "subresourcePolicyDeliveries": []}, "iframe": {"description": "external iframe's policy should override parent Document's policy", "sourceContextList": [{"sourceContextType": "top", "policyDeliveries": ["anotherPolicy"]}, {"sourceContextType": "iframe", "policyDeliveries": ["policy"]}], "subresourcePolicyDeliveries": []}, "iframe-blank-inherit": {"description": "blank iframe should inherit parent Document's policy", "sourceContextList": [{"sourceContextType": "top", "policyDeliveries": ["policy"]}, {"sourceContextType": "iframe-blank"}], "subresourcePolicyDeliveries": []}, "worker-classic": {"description": "dedicated workers shouldn't inherit its parent's policy.", "sourceContextList": [{"sourceContextType": "top", "policyDeliveries": ["anotherPolicy"]}, {"sourceContextType": "worker-classic", "policyDeliveries": ["policy"]}], "subresourcePolicyDeliveries": []}, "worker-classic-inherit": {"description": "dedicated workers should inherit its parent's policy.", "sourceContextList": [{"sourceContextType": "top", "policyDeliveries": ["policy"]}, {"sourceContextType": "worker-classic", "policyDeliveries": ["anotherPolicy"]}], "subresourcePolicyDeliveries": []}, "worker-classic-data": {"description": "data: dedicated workers should inherit its parent's policy.", "sourceContextList": [{"sourceContextType": "top", "policyDeliveries": ["policy"]}, {"sourceContextType": "worker-classic-data", "policyDeliveries": []}], "subresourcePolicyDeliveries": []}, "worker-module": {"description": "dedicated workers shouldn't inherit its parent's policy.", "sourceContextList": [{"sourceContextType": "top", "policyDeliveries": ["anotherPolicy"]}, {"sourceContextType": "worker-module", "policyDeliveries": ["policy"]}], "subresourcePolicyDeliveries": []}, "worker-module-inherit": {"description": "dedicated workers should inherit its parent's policy.", "sourceContextList": [{"sourceContextType": "top", "policyDeliveries": ["policy"]}, {"sourceContextType": "worker-module", "policyDeliveries": ["anotherPolicy"]}], "subresourcePolicyDeliveries": []}, "worker-module-data": {"description": "data: dedicated workers should inherit its parent's policy.", "sourceContextList": [{"sourceContextType": "top", "policyDeliveries": ["policy"]}, {"sourceContextType": "worker-module-data", "policyDeliveries": []}], "subresourcePolicyDeliveries": []}, "sharedworker-classic": {"description": "shared workers shouldn't inherit its parent's policy.", "sourceContextList": [{"sourceContextType": "top", "policyDeliveries": ["anotherPolicy"]}, {"sourceContextType": "sharedworker-classic", "policyDeliveries": ["policy"]}], "subresourcePolicyDeliveries": []}, "sharedworker-classic-data": {"description": "data: shared workers should inherit its parent's policy.", "sourceContextList": [{"sourceContextType": "top", "policyDeliveries": ["policy"]}, {"sourceContextType": "sharedworker-classic-data", "policyDeliveries": []}], "subresourcePolicyDeliveries": []}, "sharedworker-module": {"description": "shared workers shouldn't inherit its parent's policy.", "sourceContextList": [{"sourceContextType": "top", "policyDeliveries": ["anotherPolicy"]}, {"sourceContextType": "sharedworker-module", "policyDeliveries": ["policy"]}], "subresourcePolicyDeliveries": []}, "sharedworker-module-data": {"description": "data: shared workers should inherit its parent's policy.", "sourceContextList": [{"sourceContextType": "top", "policyDeliveries": ["policy"]}, {"sourceContextType": "sharedworker-module-data", "policyDeliveries": []}], "subresourcePolicyDeliveries": []}}, "test_expansion_schema": {"expansion": ["default", "override"], "source_scheme": ["http", "https"], "source_context_list": ["top", "req", "srcdoc-inherit", "srcdoc", "iframe", "iframe-blank-inherit", "worker-classic", "worker-classic-inherit", "worker-classic-data", "worker-module", "worker-module-inherit", "worker-module-data", "sharedworker-classic", "sharedworker-classic-data", "sharedworker-module", "sharedworker-module-data"], "redirection": ["no-redirect", "keep-origin", "swap-origin", "keep-scheme", "swap-scheme", "downgrade"], "origin": ["same-https", "same-http", "same-http-downgrade", "cross-https", "cross-http", "cross-http-downgrade", "same-wss", "same-ws", "same-ws-downgrade", "cross-wss", "cross-ws", "cross-ws-downgrade"], "subresource": ["a-tag", "area-tag", "audio-tag", "beacon", "fetch", "iframe-tag", "img-tag", "link-css-tag", "link-prefetch-tag", "object-tag", "picture-tag", "script-tag", "sharedworker-classic", "sharedworker-import-data", "sharedworker-module", "video-tag", "websocket", "worker-classic", "worker-import-data", "worker-module", "worklet-animation", "worklet-animation-import-data", "worklet-audio", "worklet-audio-import-data", "worklet-layout", "worklet-layout-import-data", "worklet-paint", "worklet-paint-import-data", "xhr"], "delivery_type": ["http-rp", "meta"], "delivery_value": [null, "opt-in"], "expectation": ["allowed", "blocked"]}, "test_description_template": "Mixed-Content: Expects %(expectation)s for %(subresource)s to %(origin)s origin and %(redirection)s redirection from %(source_scheme)s context.", "test_page_title_template": "Mixed-Content: %(title)s", "specification": [{"name": "optionally-blockable", "title": "Optionally-blockable content", "description": "Test behavior of optionally-blockable content", "specification_url": "http://www.w3.org/TR/mixed-content/#category-optionally-blockable", "test_expansion": [{"name": "opt-in-blocks", "expansion": "default", "source_scheme": "https", "source_context_list": "*", "delivery_type": "*", "delivery_value": "opt-in", "redirection": "*", "subresource": ["audio-tag", "img-tag", "video-tag"], "origin": ["cross-http", "same-http"], "expectation": "blocked"}, {"name": "opt-in-blocks-redirects", "expansion": "default", "source_scheme": "https", "source_context_list": "*", "delivery_type": "*", "delivery_value": "opt-in", "redirection": "swap-scheme", "subresource": ["audio-tag", "img-tag", "video-tag"], "origin": ["same-https", "cross-https"], "expectation": "blocked"}, {"name": "no-opt-in-allows", "expansion": "default", "source_scheme": "https", "source_context_list": "*", "delivery_type": "*", "delivery_value": null, "redirection": "*", "subresource": ["audio-tag", "img-tag", "video-tag"], "origin": ["cross-http", "same-http"], "expectation": "allowed"}]}, {"name": "blockable", "title": "Blockable content", "description": "Test behavior of blockable content.", "specification_url": "http://www.w3.org/TR/mixed-content/#category-blockable", "test_expansion": [{"name": "opt-in-blocks", "expansion": "default", "source_scheme": "https", "source_context_list": "*", "delivery_type": "*", "delivery_value": "opt-in", "redirection": "*", "subresource": ["a-tag", "beacon", "fetch", "link-css-tag", "link-prefetch-tag", "object-tag", "picture-tag", "script-tag", "sharedworker-classic", "sharedworker-import-data", "sharedworker-module", "websocket", "worker-classic", "worker-import-data", "worker-module", "worklet-animation", "worklet-animation-import-data", "worklet-audio", "worklet-audio-import-data", "worklet-layout", "worklet-layout-import-data", "worklet-paint", "worklet-paint-import-data", "xhr"], "origin": ["cross-http", "same-http"], "expectation": "blocked"}, {"name": "opt-in-blocks-redirects", "expansion": "default", "source_scheme": "https", "source_context_list": "*", "delivery_type": "*", "delivery_value": "opt-in", "redirection": "swap-scheme", "subresource": ["a-tag", "beacon", "fetch", "link-css-tag", "link-prefetch-tag", "object-tag", "picture-tag", "script-tag", "sharedworker-classic", "sharedworker-import-data", "sharedworker-module", "websocket", "worker-classic", "worker-import-data", "worker-module", "worklet-animation", "worklet-animation-import-data", "worklet-audio", "worklet-audio-import-data", "worklet-layout", "worklet-layout-import-data", "worklet-paint", "worklet-paint-import-data", "xhr"], "origin": ["same-https", "cross-https"], "expectation": "blocked"}, {"name": "no-opt-in-blocks", "expansion": "default", "source_scheme": "https", "source_context_list": "*", "delivery_type": "*", "delivery_value": null, "redirection": "*", "subresource": ["a-tag", "beacon", "fetch", "link-css-tag", "link-prefetch-tag", "object-tag", "picture-tag", "script-tag", "sharedworker-classic", "sharedworker-import-data", "sharedworker-module", "websocket", "worker-classic", "worker-import-data", "worker-module", "worklet-animation", "worklet-animation-import-data", "worklet-audio", "worklet-audio-import-data", "worklet-layout", "worklet-layout-import-data", "worklet-paint", "worklet-paint-import-data", "xhr"], "origin": ["cross-http", "same-http"], "expectation": "blocked"}, {"name": "ws-downgrade-blocks", "expansion": "default", "source_scheme": "https", "source_context_list": "*", "delivery_type": "*", "delivery_value": "*", "redirection": "*", "subresource": "websocket", "origin": ["cross-ws", "same-ws"], "expectation": "blocked"}]}, {"name": "allowed", "title": "Allowed content", "description": "Test behavior of allowed content.", "specification_url": "http://www.w3.org/TR/mixed-content/", "test_expansion": [{"name": "allowed", "expansion": "default", "source_scheme": "https", "source_context_list": "*", "delivery_type": "*", "delivery_value": "*", "redirection": ["no-redirect", "keep-scheme"], "subresource": "*", "origin": ["same-https"], "expectation": "allowed"}, {"name": "websocket-allowed", "expansion": "default", "source_scheme": "https", "source_context_list": "*", "delivery_type": "*", "delivery_value": "*", "redirection": ["no-redirect", "keep-scheme"], "subresource": "websocket", "origin": ["same-wss"], "expectation": "allowed"}]}], "delivery_key": "mixedContent", "subresource_schema": {"supported_delivery_type": {"a-tag": [], "area-tag": [], "audio-tag": [], "beacon": [], "fetch": [], "iframe-tag": [], "img-tag": [], "link-css-tag": [], "link-prefetch-tag": [], "object-tag": [], "picture-tag": [], "script-tag": [], "sharedworker-classic": [], "sharedworker-import-data": [], "sharedworker-module": [], "video-tag": [], "websocket": [], "worker-classic": [], "worker-import-data": [], "worker-module": [], "worklet-animation": [], "worklet-animation-import-data": [], "worklet-audio": [], "worklet-audio-import-data": [], "worklet-layout": [], "worklet-layout-import-data": [], "worklet-paint": [], "worklet-paint-import-data": [], "xhr": []}}}; diff --git a/tests/wpt/web-platform-tests/mixed-content/spec.src.json b/tests/wpt/web-platform-tests/mixed-content/spec.src.json index 16843700da8..5d92d77b218 100644 --- a/tests/wpt/web-platform-tests/mixed-content/spec.src.json +++ b/tests/wpt/web-platform-tests/mixed-content/spec.src.json @@ -291,9 +291,22 @@ "srcdoc-inherit", "srcdoc", "iframe", - "iframe-blank-inherit", + "iframe-blank-inherit" + ], + "delivery_type": "*", + "delivery_value": "*", + "redirection": "*", + "subresource": "*", + "origin": "*", + "expectation": "*" + }, + { + "name": "source_context_list values not for CSP tests", + "expansion": "*", + "source_scheme": "*", + "source_context_list": [ "worker-classic", - "worker-module", + "worker-module" ], "delivery_type": "*", "delivery_value": "*", diff --git a/tests/wpt/web-platform-tests/referrer-policy/spec.src.json b/tests/wpt/web-platform-tests/referrer-policy/spec.src.json index 9063428647a..47055ab7c1c 100644 --- a/tests/wpt/web-platform-tests/referrer-policy/spec.src.json +++ b/tests/wpt/web-platform-tests/referrer-policy/spec.src.json @@ -690,7 +690,9 @@ "source_scheme": "*", "source_context_list": [ "iframe-blank-inherit", + "sharedworker-classic", "sharedworker-classic-data", + "sharedworker-module", "sharedworker-module-data", "worker-classic-data", "worker-module-data" @@ -702,6 +704,21 @@ "origin": "*", "expectation": "*" }, + { + "name": "source_context_list values not for referrer-policy tests", + "expansion": "*", + "source_scheme": "*", + "source_context_list": [ + "worker-classic-inherit", + "worker-module-inherit" + ], + "delivery_type": "*", + "delivery_value": "*", + "redirection": "*", + "subresource": "*", + "origin": "*", + "expectation": "*" + } ], "source_context_schema": { "supported_delivery_type": { diff --git a/tests/wpt/web-platform-tests/reporting/path-absolute-endpoint.https.sub.html b/tests/wpt/web-platform-tests/reporting/path-absolute-endpoint.https.sub.html new file mode 100644 index 00000000000..ec06a368e97 --- /dev/null +++ b/tests/wpt/web-platform-tests/reporting/path-absolute-endpoint.https.sub.html @@ -0,0 +1,69 @@ +<!DOCTYPE HTML> +<html> +<head> + <title>Test that reports are sent when report-endpoint points to path-absolute-url</title> + <script src='/resources/testharness.js'></script> + <script src='/resources/testharnessreport.js'></script> + <script src='resources/report-helper.js'></script> +</head> +<body> + <script> + var t = async_test("Test that image does not load"); + const base_url = `${location.protocol}//${location.host}`; + async_test(function(t) { + window.addEventListener("securitypolicyviolation", t.step_func(function(e) { + assert_equals(e.blockedURI, `${base_url}/reporting/resources/fail.png`); + assert_equals(e.violatedDirective, "img-src"); + t.done(); + })); + }, "Event is fired"); + + async_test(function(t) { + var observer = new ReportingObserver(function(reports, observer) { + t.step(function() { + assert_equals(reports.length, 1); + + // Ensure that the contents of the report are valid. + + assert_equals(reports[0].type, "csp-violation"); + assert_equals(reports[0].url, location.href); + assert_equals(reports[0].body.documentURL, location.href); + assert_equals(reports[0].body.referrer, null); + assert_equals(reports[0].body.blockedURL, + `${base_url}/reporting/resources/fail.png`); + assert_equals(reports[0].body.effectiveDirective, "img-src"); + assert_equals(reports[0].body.originalPolicy, + "script-src 'self' 'unsafe-inline'; img-src 'none'; report-to csp-group"); + assert_equals(reports[0].body.sourceFile, location.href); + assert_equals(reports[0].body.sample, null); + assert_equals(reports[0].body.disposition, "enforce"); + assert_equals(reports[0].body.statusCode, 0); + assert_equals(reports[0].body.lineNumber, 66); + assert_equals(reports[0].body.columnNumber, 0); + }); + + t.done(); + }); + observer.observe(); + }, "Report is observable to ReportingObserver"); + </script> + <img src='/reporting/resources/fail.png' + onload='t.unreached_func("The image should not have loaded");' + onerror='t.done();'> + <script> + async_test(async (t) => { + try { + const endpoint = `${base_url}/reporting/resources/report.py`; + const id = 'd0d517bf-891b-457a-b970-8b2b2c81a0bf'; + await wait(3000); + const reports = await pollReports(endpoint, id); + checkReportExists(reports, 'csp-violation', location.href); + t.done(); + } catch (e) { + t.step(() => { throw e; }); + } + }, "Reporting endpoints received reports."); + </script> + +</body> +</html> diff --git a/tests/wpt/web-platform-tests/reporting/path-absolute-endpoint.https.sub.html.sub.headers b/tests/wpt/web-platform-tests/reporting/path-absolute-endpoint.https.sub.html.sub.headers new file mode 100644 index 00000000000..ec25b289449 --- /dev/null +++ b/tests/wpt/web-platform-tests/reporting/path-absolute-endpoint.https.sub.html.sub.headers @@ -0,0 +1,2 @@ +Report-To: { "group": "csp-group", "max_age": 10886400, "endpoints": [{ "url": "/reporting/resources/report.py?id=d0d517bf-891b-457a-b970-8b2b2c81a0bf" }] } +Content-Security-Policy: script-src 'self' 'unsafe-inline'; img-src 'none'; report-to csp-group diff --git a/tests/wpt/web-platform-tests/reporting/resources/fail.png b/tests/wpt/web-platform-tests/reporting/resources/fail.png Binary files differnew file mode 100644 index 00000000000..b5933803338 --- /dev/null +++ b/tests/wpt/web-platform-tests/reporting/resources/fail.png diff --git a/tests/wpt/web-platform-tests/reporting/resources/report-helper.js b/tests/wpt/web-platform-tests/reporting/resources/report-helper.js new file mode 100644 index 00000000000..a20a9cd3811 --- /dev/null +++ b/tests/wpt/web-platform-tests/reporting/resources/report-helper.js @@ -0,0 +1,22 @@ +function wait(ms) { + return new Promise(resolve => step_timeout(resolve, ms)); +} + +async function pollReports(endpoint, id) { + const res = await fetch(`${endpoint}?id=${id}`, {cache: 'no-store'}); + const reports = []; + if (res.status === 200) { + for (const report of await res.json()) { + reports.push(report); + } + } + return reports; +} + +function checkReportExists(reports, type, url) { + for (const report of reports) { + if (report.type !== type) continue; + if (report.body.sourceFile === url) return true; + } + assert_unreached(`A report of ${type} from ${url} is not found.`); +} diff --git a/tests/wpt/web-platform-tests/reporting/resources/report.py b/tests/wpt/web-platform-tests/reporting/resources/report.py new file mode 100644 index 00000000000..d31b47429ec --- /dev/null +++ b/tests/wpt/web-platform-tests/reporting/resources/report.py @@ -0,0 +1,17 @@ +import json + +def main(request, response): + key = request.GET.first('id') + + # No CORS support for cross-origin reporting endpoints + if request.method == 'POST': + reports = request.server.stash.take(key) or [] + for report in json.loads(request.body): + reports.append(report) + request.server.stash.put(key, reports) + return 'done' + if request.method == 'GET': + return json.dumps(request.server.stash.take(key) or []) + + response.status = 400 + return 'invalid method'
\ No newline at end of file diff --git a/tests/wpt/web-platform-tests/resources/chromium/webxr-test-math-helper.js b/tests/wpt/web-platform-tests/resources/chromium/webxr-test-math-helper.js index 5eff666b706..9f10a9d4b7f 100644 --- a/tests/wpt/web-platform-tests/resources/chromium/webxr-test-math-helper.js +++ b/tests/wpt/web-platform-tests/resources/chromium/webxr-test-math-helper.js @@ -219,4 +219,25 @@ class XRMathHelper { // Actual inverse is `1/det * transposed(comatrix)`: return XRMathHelper.transpose(result2); } + + static mul4x4(m1, m2) { + if (m1 == null || m2 == null) { + return null; + } + + const result = Array(16); + + for (let row = 0; row < 4; row++) { + for (let col = 0; col < 4; col++) { + result[4 * col + row] = 0; + for(let i = 0; i < 4; i++) { + result[4 * col + row] += m1[4 * i + row] * m2[4 * col + i]; + } + } + } + + return result; + } } + +XRMathHelper.EPSILON = 0.001; diff --git a/tests/wpt/web-platform-tests/resources/chromium/webxr-test.js b/tests/wpt/web-platform-tests/resources/chromium/webxr-test.js index dee05d08ff8..ddbfd4c83aa 100644 --- a/tests/wpt/web-platform-tests/resources/chromium/webxr-test.js +++ b/tests/wpt/web-platform-tests/resources/chromium/webxr-test.js @@ -859,7 +859,7 @@ class MockRuntime { const numerator = dot(sub(point_A, origin), normal); const denominator = dot(direction, normal); - if (Math.abs(denominator) < 0.0001) { + if (Math.abs(denominator) < XRMathHelper.EPSILON) { // Planes are nearly parallel - there's either infinitely many intersection points or 0. // Both cases signify a "no hit" for us. return null; @@ -878,13 +878,13 @@ class MockRuntime { let z_axis = null; const cos_direction_and_y_axis = dot(direction, y_axis); - if (Math.abs(cos_direction_and_y_axis) > 0.9999) { + if (Math.abs(cos_direction_and_y_axis) > (1 - XRMathHelper.EPSILON)) { // Ray and the hit test normal are co-linear - try using the 'up' or 'right' vector's projection on the face plane as the Z axis. // Note: this edge case is currently not covered by the spec. const up = {x: 0.0, y: 1.0, z: 0.0, w: 0.0}; - const right = {x:1.0, y: 0.0, z: 0.0, w: 0.0}; + const right = {x: 1.0, y: 0.0, z: 0.0, w: 0.0}; - z_axis = Math.abs(dot(up, y_axis)) > 0.9999 + z_axis = Math.abs(dot(up, y_axis)) > (1 - XRMathHelper.EPSILON) ? sub(up, mul(dot(right, y_axis), y_axis)) // `up is also co-linear with hit test normal, use `right` : sub(up, mul(dot(up, y_axis), y_axis)); // `up` is not co-linear with hit test normal, use it } else { @@ -932,6 +932,29 @@ class MockRuntime { } } + _getMojoFromInputSource(mojo_from_viewer, input_source) { + if(input_source.target_ray_mode_ === 'gaze') { // XRTargetRayMode::GAZING + // If the pointer origin is gaze, then the result is + // just mojo_from_viewer. + return mojo_from_viewer; + } else if(input_source.target_ray_mode_ === 'tracked-pointer') { // XRTargetRayMode:::POINTING + // If the pointer origin is tracked-pointer, the result is just + // mojo_from_input*input_from_pointer. + return XRMathHelper.mul4x4( + input_source.mojo_from_input_.matrix, + input_source.input_from_pointer_.matrix); + } else if(input_source.target_ray_mode_ === 'screen') { // XRTargetRayMode::TAPPING + // If the pointer origin is screen, the input_from_pointer is + // equivalent to viewer_from_pointer and the result is + // mojo_from_viewer*viewer_from_pointer. + return XRMathHelper.mul4x4( + mojo_from_viewer, + input_source.input_from_pointer_.matrix); + } else { + return null + } + } + _getMojoFromNativeOrigin(nativeOriginInformation) { const identity = function() { return [ @@ -942,12 +965,26 @@ class MockRuntime { ]; }; + const transform = { + position: [ + this.pose_.position.x, + this.pose_.position.y, + this.pose_.position.z], + orientation: [ + this.pose_.orientation.x, + this.pose_.orientation.y, + this.pose_.orientation.z, + this.pose_.orientation.w], + }; + + const mojo_from_viewer = getMatrixFromTransform(transform) + if (nativeOriginInformation.$tag == device.mojom.XRNativeOriginInformation.Tags.inputSourceId) { if (!this.input_sources_.has(nativeOriginInformation.inputSourceId)) { return null; } else { const inputSource = this.input_sources_.get(nativeOriginInformation.inputSourceId); - return inputSource.mojo_from_input_.matrix; + return this._getMojoFromInputSource(mojo_from_viewer, inputSource); } } else if (nativeOriginInformation.$tag == device.mojom.XRNativeOriginInformation.Tags.referenceSpaceCategory) { switch (nativeOriginInformation.referenceSpaceCategory) { @@ -961,18 +998,7 @@ class MockRuntime { // this.stageParameters_.standingTransform = floor_from_mojo aka native_origin_from_mojo return XRMathHelper.inverse(this.stageParameters_.standingTransform.matrix); case device.mojom.XRReferenceSpaceCategory.VIEWER: - const transform = { - position: [ - this.pose_.position.x, - this.pose_.position.y, - this.pose_.position.z], - orientation: [ - this.pose_.orientation.x, - this.pose_.orientation.y, - this.pose_.orientation.z, - this.pose_.orientation.w], - }; - return getMatrixFromTransform(transform); // this.pose_ = mojo_from_viewer + return mojo_from_viewer; case device.mojom.XRReferenceSpaceCategory.BOUNDED_FLOOR: return null; case device.mojom.XRReferenceSpaceCategory.UNBOUNDED: @@ -999,6 +1025,11 @@ class MockXRInputSource { this.pairedDevice_ = pairedDevice; this.handedness_ = fakeInputSourceInit.handedness; this.target_ray_mode_ = fakeInputSourceInit.targetRayMode; + + if(fakeInputSourceInit.pointerOrigin == null) { + throw new TypeError("FakeXRInputSourceInit.pointerOrigin is required."); + } + this.setPointerOrigin(fakeInputSourceInit.pointerOrigin); this.setProfiles(fakeInputSourceInit.profiles); diff --git a/tests/wpt/web-platform-tests/tools/wptrunner/requirements_firefox.txt b/tests/wpt/web-platform-tests/tools/wptrunner/requirements_firefox.txt index d541a49f3c0..c59351ba1a2 100644 --- a/tests/wpt/web-platform-tests/tools/wptrunner/requirements_firefox.txt +++ b/tests/wpt/web-platform-tests/tools/wptrunner/requirements_firefox.txt @@ -6,6 +6,6 @@ mozleak==0.2 moznetwork==1.1.0 mozprocess==1.0.0 mozprofile==2.5.0 -mozrunner==7.7.0 +mozrunner==7.8.0 mozversion==2.3.0 psutil==5.7.0 diff --git a/tests/wpt/web-platform-tests/tools/wptrunner/wptrunner/browsers/base.py b/tests/wpt/web-platform-tests/tools/wptrunner/wptrunner/browsers/base.py index fef052dd5ab..a027cf32610 100644 --- a/tests/wpt/web-platform-tests/tools/wptrunner/wptrunner/browsers/base.py +++ b/tests/wpt/web-platform-tests/tools/wptrunner/wptrunner/browsers/base.py @@ -148,10 +148,6 @@ class Browser(object): """Boolean indicating whether the browser process is still running""" pass - def setup_ssl(self, hosts): - """Return a certificate to use for tests requiring ssl that will be trusted by the browser""" - raise NotImplementedError("ssl testing not supported") - def cleanup(self): """Browser-specific cleanup that is run after the testrun is finished""" pass diff --git a/tests/wpt/web-platform-tests/tools/wptrunner/wptrunner/browsers/firefox.py b/tests/wpt/web-platform-tests/tools/wptrunner/wptrunner/browsers/firefox.py index 62790181d51..e195fc0cff4 100644 --- a/tests/wpt/web-platform-tests/tools/wptrunner/wptrunner/browsers/firefox.py +++ b/tests/wpt/web-platform-tests/tools/wptrunner/wptrunner/browsers/firefox.py @@ -4,6 +4,7 @@ import platform import signal import subprocess import sys +from abc import ABCMeta, abstractmethod import mozinfo import mozleak @@ -96,7 +97,8 @@ def browser_kwargs(test_type, run_info_data, config, **kwargs): "chaos_mode_flags": kwargs["chaos_mode_flags"], "config": config, "browser_channel": kwargs["browser_channel"], - "headless": kwargs["headless"]} + "headless": kwargs["headless"], + "preload_browser": kwargs["preload_browser"]} def executor_kwargs(test_type, server_config, cache_manager, run_info_data, @@ -202,79 +204,60 @@ def update_properties(): {"os": ["version"], "processor": ["bits"]}) -class FirefoxBrowser(Browser): - init_timeout = 70 - shutdown_timeout = 70 +class FirefoxInstanceManager(object): + __metaclass__ = ABCMeta - def __init__(self, logger, binary, prefs_root, test_type, extra_prefs=None, debug_info=None, - symbols_path=None, stackwalk_binary=None, certutil_binary=None, - ca_certificate_path=None, e10s=False, enable_webrender=False, stackfix_dir=None, - binary_args=None, timeout_multiplier=None, leak_check=False, asan=False, - stylo_threads=1, chaos_mode_flags=None, config=None, browser_channel="nightly", headless=None, **kwargs): - Browser.__init__(self, logger) + def __init__(self, logger, binary, binary_args, profile_creator, debug_info, + chaos_mode_flags, headless, enable_webrender, stylo_threads, + leak_check, stackfix_dir, symbols_path, asan): + """Object that manages starting and stopping instances of Firefox.""" + self.logger = logger self.binary = binary - self.prefs_root = prefs_root - self.test_type = test_type - self.extra_prefs = extra_prefs - self.marionette_port = None - self.runner = None + self.binary_args = binary_args + self.base_profile = profile_creator.create() self.debug_info = debug_info - self.profile = None - self.symbols_path = symbols_path - self.stackwalk_binary = stackwalk_binary - self.ca_certificate_path = ca_certificate_path - self.certutil_binary = certutil_binary - self.e10s = e10s + self.chaos_mode_flags = chaos_mode_flags + self.headless = headless self.enable_webrender = enable_webrender - self.binary_args = binary_args - self.config = config - if stackfix_dir: - self.stack_fixer = get_stack_fixer_function(stackfix_dir, - self.symbols_path) - else: - self.stack_fixer = None + self.stylo_threads = stylo_threads + self.leak_check = leak_check + self.stackfix_dir = stackfix_dir + self.symbols_path = symbols_path + self.asan = asan - if timeout_multiplier: - self.init_timeout = self.init_timeout * timeout_multiplier + self.previous = None + self.current = None - self.asan = asan - self.lsan_allowed = None - self.lsan_max_stack_depth = None - self.mozleak_allowed = None - self.mozleak_thresholds = None - self.leak_check = leak_check - self.leak_report_file = None - self.lsan_handler = None - self.stylo_threads = stylo_threads - self.chaos_mode_flags = chaos_mode_flags - self.browser_channel = browser_channel - self.headless = headless + @abstractmethod + def teardown(self, force=False): + pass - def settings(self, test): - return {"check_leaks": self.leak_check and not test.leaks, - "lsan_allowed": test.lsan_allowed, - "lsan_max_stack_depth": test.lsan_max_stack_depth, - "mozleak_allowed": self.leak_check and test.mozleak_allowed, - "mozleak_thresholds": self.leak_check and test.mozleak_threshold} + @abstractmethod + def get(self): + """Get a BrowserInstance for a running Firefox. - def start(self, group_metadata=None, **kwargs): - if group_metadata is None: - group_metadata = {} + This can only be called once per instance, and between calls stop_current() + must be called.""" + pass - self.group_metadata = group_metadata - self.lsan_allowed = kwargs.get("lsan_allowed") - self.lsan_max_stack_depth = kwargs.get("lsan_max_stack_depth") - self.mozleak_allowed = kwargs.get("mozleak_allowed") - self.mozleak_thresholds = kwargs.get("mozleak_thresholds") + def stop_current(self, force=False): + """Shutdown the current instance of Firefox. - if self.marionette_port is None: - self.marionette_port = get_free_port() + The BrowserInstance remains available through self.previous, since some + operations happen after shutdown.""" + if not self.current: + return - if self.asan: - self.lsan_handler = mozleak.LSANLeaks(self.logger, - scope=group_metadata.get("scope", "/"), - allowed=self.lsan_allowed, - maxNumRecordedFrames=self.lsan_max_stack_depth) + self.current.stop(force) + self.previous = self.current + self.current = None + + def start(self): + """Start an instance of Firefox, returning a BrowserInstance handle""" + profile = self.base_profile.clone(self.base_profile.profile) + + marionette_port = get_free_port() + profile.set_preferences({"marionette.port": marionette_port}) env = test_environment(xrePath=os.path.dirname(self.binary), debugger=self.debug_info is not None, @@ -291,40 +274,6 @@ class FirefoxBrowser(Browser): else: env["MOZ_WEBRENDER"] = "0" - preferences = self.load_prefs() - - self.profile = FirefoxProfile(preferences=preferences) - self.profile.set_preferences({ - "marionette.port": self.marionette_port, - "network.dns.localDomains": ",".join(self.config.domains_set), - "dom.file.createInChild": True, - # TODO: Remove preferences once Firefox 64 is stable (Bug 905404) - "network.proxy.type": 0, - "places.history.enabled": False, - "network.preload": True, - }) - if self.e10s: - self.profile.set_preferences({"browser.tabs.remote.autostart": True}) - - if self.test_type == "reftest": - self.profile.set_preferences({"layout.interruptible-reflow.enabled": False}) - - if self.leak_check: - self.leak_report_file = os.path.join(self.profile.profile, "runtests_leaks_%s.log" % os.getpid()) - if os.path.exists(self.leak_report_file): - os.remove(self.leak_report_file) - env["XPCOM_MEM_BLOAT_LOG"] = self.leak_report_file - else: - self.leak_report_file = None - - # Bug 1262954: winxp + e10s, disable hwaccel - if (self.e10s and platform.system() in ("Windows", "Microsoft") and - '5.1' in platform.version()): - self.profile.set_preferences({"layers.acceleration.disabled": True}) - - if self.ca_certificate_path is not None: - self.setup_ssl() - args = self.binary_args[:] if self.binary_args else [] args += [cmd_arg("marionette"), "about:blank"] @@ -332,60 +281,98 @@ class FirefoxBrowser(Browser): args, self.debug_info) - self.runner = FirefoxRunner(profile=self.profile, - binary=cmd[0], - cmdargs=cmd[1:], - env=cast_env(env), - process_class=ProcessHandler, - process_args={"processOutputLine": [self.on_output]}) + if self.leak_check: + leak_report_file = os.path.join(profile.profile, "runtests_leaks_%s.log" % os.getpid()) + if os.path.exists(leak_report_file): + os.remove(leak_report_file) + env["XPCOM_MEM_BLOAT_LOG"] = leak_report_file + else: + leak_report_file = None + + output_handler = OutputHandler(self.logger, self.stackfix_dir, self.symbols_path, self.asan) + runner = FirefoxRunner(profile=profile, + binary=cmd[0], + cmdargs=cmd[1:], + env=cast_env(env), + process_class=ProcessHandler, + process_args={"processOutputLine": [output_handler]}) + instance = BrowserInstance(self.logger, runner, marionette_port, + output_handler, leak_report_file) self.logger.debug("Starting Firefox") - - self.runner.start(debug_args=debug_args, interactive=self.debug_info and self.debug_info.interactive) + runner.start(debug_args=debug_args, interactive=self.debug_info and self.debug_info.interactive) self.logger.debug("Firefox Started") - def load_prefs(self): - prefs = Preferences() - - pref_paths = [] - - profiles = os.path.join(self.prefs_root, 'profiles.json') - if os.path.isfile(profiles): - with open(profiles, 'r') as fh: - for name in json.load(fh)['web-platform-tests']: - if self.browser_channel in (None, 'nightly'): - pref_paths.append(os.path.join(self.prefs_root, name, 'user.js')) - elif name != 'unittest-features': - pref_paths.append(os.path.join(self.prefs_root, name, 'user.js')) - else: - # Old preference files used before the creation of profiles.json (remove when no longer supported) - legacy_pref_paths = ( - os.path.join(self.prefs_root, 'prefs_general.js'), # Used in Firefox 60 and below - os.path.join(self.prefs_root, 'common', 'user.js'), # Used in Firefox 61 - ) - for path in legacy_pref_paths: - if os.path.isfile(path): - pref_paths.append(path) - - for path in pref_paths: - if os.path.exists(path): - prefs.add(Preferences.read_prefs(path)) - else: - self.logger.warning("Failed to find base prefs file in %s" % path) - - # Add any custom preferences - prefs.add(self.extra_prefs, cast=True) + return instance + + +class SingleInstanceManager(FirefoxInstanceManager): + """FirefoxInstanceManager that manages a single Firefox instance""" + def get(self): + assert not self.current, ("Tried to call get() on InstanceManager that has " + "an existing instance") + if self.previous: + self.previous.cleanup() + self.previous = None + self.current = self.start() + return self.current + + def teardown(self, force=False): + for instance, skip_marionette in [self.previous, self.current]: + if instance: + instance.stop(force) + instance.cleanup() + + +class PreloadInstanceManager(FirefoxInstanceManager): + def __init__(self, *args, **kwargs): + """FirefoxInstanceManager that keeps once Firefox instance preloaded + to allow rapid resumption after an instance shuts down.""" + super(PreloadInstanceManager, self).__init__(*args, **kwargs) + self.pending = None + + def get(self): + assert not self.current, ("Tried to call get() on InstanceManager that has " + "an existing instance") + if self.previous: + self.previous.cleanup() + self.previous = None + if not self.pending: + self.pending = self.start() + self.current = self.pending + self.pending = self.start() + return self.current + + def teardown(self, force=False): + for instance, skip_marionette in [(self.previous, False), (self.current, False), (self.pending, True)]: + if instance: + instance.stop(force, skip_marionette=skip_marionette) + instance.cleanup() + +class BrowserInstance(object): + shutdown_timeout = 70 - return prefs() + def __init__(self, logger, runner, marionette_port, output_handler, leak_report_file): + """Handle to a running Firefox instance""" + self.logger = logger + self.runner = runner + self.marionette_port = marionette_port + self.output_handler = output_handler + self.leak_report_file = leak_report_file - def stop(self, force=False): + def stop(self, force=False, skip_marionette=False): + """Stop Firefox""" if self.runner is not None and self.runner.is_running(): + self.logger.debug("Stopping Firefox %s" % self.pid()) + shutdown_methods = [(True, lambda: self.runner.wait(self.shutdown_timeout)), + (False, lambda: self.runner.stop(signal.SIGTERM)), + (False, lambda: self.runner.stop(signal.SIGKILL))] + if skip_marionette: + shutdown_methods = shutdown_methods[1:] try: # For Firefox we assume that stopping the runner prompts the # browser to shut down. This allows the leak log to be written - for clean, stop_f in [(True, lambda: self.runner.wait(self.shutdown_timeout)), - (False, lambda: self.runner.stop(signal.SIGTERM)), - (False, lambda: self.runner.stop(signal.SIGKILL))]: + for clean, stop_f in shutdown_methods: if not force or not clean: retcode = stop_f() if retcode is not None: @@ -394,23 +381,8 @@ class FirefoxBrowser(Browser): except OSError: # This can happen on Windows if the process is already dead pass - self.process_leaks() - self.logger.debug("stopped") - - def process_leaks(self): - self.logger.info("PROCESS LEAKS %s" % self.leak_report_file) - if self.lsan_handler: - self.lsan_handler.process() - if self.leak_report_file is not None: - mozleak.process_leak_log( - self.leak_report_file, - leak_thresholds=self.mozleak_thresholds, - ignore_missing_leaks=["gmplugin"], - log=self.logger, - stack_fixer=self.stack_fixer, - scope=self.group_metadata.get("scope"), - allowed=self.mozleak_allowed - ) + if not skip_marionette: + self.output_handler.after_stop() def pid(self): if self.runner.process_handler is None: @@ -421,44 +393,200 @@ class FirefoxBrowser(Browser): except AttributeError: return None - def on_output(self, line): + def is_alive(self): + if self.runner: + return self.runner.is_running() + return False + + def cleanup(self): + # mozprofile handles deleting the profile when the refcount reaches 0 + self.runner = None + + +class OutputHandler(object): + def __init__(self, logger, stackfix_dir, symbols_path, asan): + """Filter for handling Firefox process output. + + This receives Firefox process output in the __call__ function, does + any additional processing that's required, and decides whether to log + the output. Because the Firefox process can be started before we know + which filters are going to be required, we buffer all output until + setup() is called. This is responsible for doing the final configuration + of the output handlers. + """ + + self.logger = logger + # These are filled in after setup() is called + self.instance = None + + self.symbols_path = symbols_path + if stackfix_dir: + self.stack_fixer = get_stack_fixer_function(stackfix_dir, + self.symbols_path) + else: + self.stack_fixer = None + self.asan = asan + + self.lsan_handler = None + self.mozleak_allowed = None + self.mozleak_thresholds = None + self.group_metadata = {} + + self.line_buffer = [] + self.setup_ran = False + + def setup(self, instance=None, group_metadata=None, lsan_allowed=None, + lsan_max_stack_depth=None, mozleak_allowed=None, + mozleak_thresholds=None, **kwargs): + """Configure the output handler""" + self.instance = instance + + if group_metadata is None: + group_metadata = {} + self.group_metadata = group_metadata + + self.mozleak_allowed = mozleak_allowed + self.mozleak_thresholds = mozleak_thresholds + + if self.asan: + self.lsan_handler = mozleak.LSANLeaks(self.logger, + scope=group_metadata.get("scope", "/"), + allowed=lsan_allowed, + maxNumRecordedFrames=lsan_max_stack_depth) + else: + self.lsan_handler = None + + self.setup_ran = True + + for line in self.line_buffer: + self.__call__(line) + self.line_buffer = [] + + def after_stop(self): + self.logger.info("PROCESS LEAKS %s" % self.instance.leak_report_file) + if self.lsan_handler: + self.lsan_handler.process() + if self.instance.leak_report_file is not None: + # We have to ignore missing leaks in the tab because it can happen that the + # content process crashed and in that case we don't want the test to fail. + # Ideally we would record which content process crashed and just skip those. + mozleak.process_leak_log( + self.instance.leak_report_file, + leak_thresholds=self.mozleak_thresholds, + ignore_missing_leaks=["tab", "gmplugin"], + log=self.logger, + stack_fixer=self.stack_fixer, + scope=self.group_metadata.get("scope"), + allowed=self.mozleak_allowed) + + def __call__(self, line): """Write a line of output from the firefox process to the log""" if "GLib-GObject-CRITICAL" in line: return if line: + if not self.setup_ran: + self.line_buffer.append(line) + return data = line.decode("utf8", "replace") if self.stack_fixer: data = self.stack_fixer(data) if self.lsan_handler: data = self.lsan_handler.log(data) if data is not None: - self.logger.process_output(self.pid(), + self.logger.process_output(self.instance and + self.instance.runner.process_handler and + self.instance.runner.process_handler.pid, data, - command=" ".join(self.runner.command)) + command=" ".join(self.instance.runner.command)) - def is_alive(self): - if self.runner: - return self.runner.is_running() - return False - def cleanup(self, force=False): - self.stop(force) +class ProfileCreator(object): + def __init__(self, logger, prefs_root, config, test_type, extra_prefs, e10s, + browser_channel, binary, certutil_binary, ca_certificate_path): + self.logger = logger + self.prefs_root = prefs_root + self.config = config + self.test_type = test_type + self.extra_prefs = extra_prefs + self.e10s = e10s + self.browser_channel = browser_channel + self.ca_certificate_path = ca_certificate_path + self.binary = binary + self.certutil_binary = certutil_binary + self.ca_certificate_path = ca_certificate_path - def executor_browser(self): - assert self.marionette_port is not None - return ExecutorBrowser, {"marionette_port": self.marionette_port} + def create(self): + """Create a Firefox profile and return the mozprofile Profile object pointing at that + profile""" + preferences = self._load_prefs() - def check_crash(self, process, test): - dump_dir = os.path.join(self.profile.profile, "minidumps") + profile = FirefoxProfile(preferences=preferences) + self._set_required_prefs(profile) + if self.ca_certificate_path is not None: + self._setup_ssl(profile) + + return profile + + def _load_prefs(self): + prefs = Preferences() + + pref_paths = [] + + profiles = os.path.join(self.prefs_root, 'profiles.json') + if os.path.isfile(profiles): + with open(profiles, 'r') as fh: + for name in json.load(fh)['web-platform-tests']: + if self.browser_channel in (None, 'nightly'): + pref_paths.append(os.path.join(self.prefs_root, name, 'user.js')) + elif name != 'unittest-features': + pref_paths.append(os.path.join(self.prefs_root, name, 'user.js')) + else: + # Old preference files used before the creation of profiles.json (remove when no longer supported) + legacy_pref_paths = ( + os.path.join(self.prefs_root, 'prefs_general.js'), # Used in Firefox 60 and below + os.path.join(self.prefs_root, 'common', 'user.js'), # Used in Firefox 61 + ) + for path in legacy_pref_paths: + if os.path.isfile(path): + pref_paths.append(path) - return bool(mozcrash.log_crashes(self.logger, - dump_dir, - symbols_path=self.symbols_path, - stackwalk_binary=self.stackwalk_binary, - process=process, - test=test)) + for path in pref_paths: + if os.path.exists(path): + prefs.add(Preferences.read_prefs(path)) + else: + self.logger.warning("Failed to find base prefs file in %s" % path) - def setup_ssl(self): + # Add any custom preferences + prefs.add(self.extra_prefs, cast=True) + + return prefs() + + def _set_required_prefs(self, profile): + """Set preferences required for wptrunner to function. + + Note that this doesn't set the marionette port, since we don't always + know that at profile creation time. So the caller is responisble for + setting that once it's available.""" + profile.set_preferences({ + "network.dns.localDomains": ",".join(self.config.domains_set), + "dom.file.createInChild": True, + # TODO: Remove preferences once Firefox 64 is stable (Bug 905404) + "network.proxy.type": 0, + "places.history.enabled": False, + "network.preload": True, + }) + if self.e10s: + profile.set_preferences({"browser.tabs.remote.autostart": True}) + + if self.test_type == "reftest": + profile.set_preferences({"layout.interruptible-reflow.enabled": False}) + + # Bug 1262954: winxp + e10s, disable hwaccel + if (self.e10s and platform.system() in ("Windows", "Microsoft") and + "5.1" in platform.version()): + self.profile.set_preferences({"layers.acceleration.disabled": True}) + + def _setup_ssl(self, profile): """Create a certificate database to use in the test profile. This is configured to trust the CA Certificate that has signed the web-platform.test server certificate.""" @@ -493,12 +621,12 @@ class FirefoxBrowser(Browser): stderr=subprocess.STDOUT), " ".join(cmd)) - pw_path = os.path.join(self.profile.profile, ".crtdbpw") + pw_path = os.path.join(profile.profile, ".crtdbpw") with open(pw_path, "w") as f: # Use empty password for certificate db f.write("\n") - cert_db_path = self.profile.profile + cert_db_path = profile.profile # Create a new certificate db certutil("-N", "-d", cert_db_path, "-f", pw_path) @@ -509,3 +637,104 @@ class FirefoxBrowser(Browser): # List all certs in the database certutil("-L", "-d", cert_db_path) + + + +class FirefoxBrowser(Browser): + init_timeout = 70 + + def __init__(self, logger, binary, prefs_root, test_type, extra_prefs=None, debug_info=None, + symbols_path=None, stackwalk_binary=None, certutil_binary=None, + ca_certificate_path=None, e10s=False, enable_webrender=False, stackfix_dir=None, + binary_args=None, timeout_multiplier=None, leak_check=False, asan=False, + stylo_threads=1, chaos_mode_flags=None, config=None, browser_channel="nightly", + headless=None, preload_browser=False, **kwargs): + Browser.__init__(self, logger) + + self.logger = logger + + if timeout_multiplier: + self.init_timeout = self.init_timeout * timeout_multiplier + + self.instance = None + + self.stackfix_dir = stackfix_dir + self.symbols_path = symbols_path + self.stackwalk_binary = stackwalk_binary + + self.asan = asan + self.leak_check = leak_check + + profile_creator = ProfileCreator(logger, + prefs_root, + config, + test_type, + extra_prefs, + e10s, + browser_channel, + binary, + certutil_binary, + ca_certificate_path) + + if preload_browser: + instance_manager_cls = PreloadInstanceManager + else: + instance_manager_cls = SingleInstanceManager + self.instance_manager = instance_manager_cls(logger, + binary, + binary_args, + profile_creator, + debug_info, + chaos_mode_flags, + headless, + enable_webrender, + stylo_threads, + leak_check, + stackfix_dir, + symbols_path, + asan) + + + def settings(self, test): + return {"check_leaks": self.leak_check and not test.leaks, + "lsan_allowed": test.lsan_allowed, + "lsan_max_stack_depth": test.lsan_max_stack_depth, + "mozleak_allowed": self.leak_check and test.mozleak_allowed, + "mozleak_thresholds": self.leak_check and test.mozleak_threshold} + + def start(self, group_metadata=None, **kwargs): + self.instance = self.instance_manager.get() + self.instance.output_handler.setup(self.instance, + group_metadata, + **kwargs) + + def stop(self, force=False): + self.instance_manager.stop_current(force) + self.logger.debug("stopped") + + def pid(self): + return self.instance.pid() + + def is_alive(self): + return self.instance and self.instance.is_alive() + + def cleanup(self, force=False): + self.instance_manager.teardown(force) + + def executor_browser(self): + assert self.instance is not None + return ExecutorBrowser, {"marionette_port": self.instance.marionette_port} + + def check_crash(self, process, test): + dump_dir = os.path.join(self.instance.runner.profile.profile, "minidumps") + + try: + return bool(mozcrash.log_crashes(self.logger, + dump_dir, + symbols_path=self.symbols_path, + stackwalk_binary=self.stackwalk_binary, + process=process, + test=test)) + except IOError: + self.logger.warning("Looking for crash dump files failed") + return False diff --git a/tests/wpt/web-platform-tests/tools/wptrunner/wptrunner/browsers/firefox_android.py b/tests/wpt/web-platform-tests/tools/wptrunner/wptrunner/browsers/firefox_android.py index 0b4832f858c..50f8504f8e0 100644 --- a/tests/wpt/web-platform-tests/tools/wptrunner/wptrunner/browsers/firefox_android.py +++ b/tests/wpt/web-platform-tests/tools/wptrunner/wptrunner/browsers/firefox_android.py @@ -1,7 +1,6 @@ import os import moznetwork -from mozprofile import FirefoxProfile from mozrunner import FennecEmulatorRunner from .base import (get_free_port, @@ -11,11 +10,13 @@ from ..executors.executormarionette import (MarionetteTestharnessExecutor, # no MarionetteRefTestExecutor, # noqa: F401 MarionetteCrashtestExecutor) # noqa: F401 from ..process import cast_env +from .base import (Browser, + ExecutorBrowser) from .firefox import (get_timeout_multiplier, # noqa: F401 run_info_extras as fx_run_info_extras, update_properties, # noqa: F401 executor_kwargs, # noqa: F401 - FirefoxBrowser) # noqa: F401 + ProfileCreator as FirefoxProfileCreator) __wptrunner__ = {"product": "firefox_android", @@ -84,40 +85,15 @@ def env_options(): "supports_debugger": True} -class FirefoxAndroidBrowser(FirefoxBrowser): - init_timeout = 300 - shutdown_timeout = 60 - - def __init__(self, logger, prefs_root, test_type, package_name="org.mozilla.geckoview.test", - device_serial="emulator-5444", **kwargs): - FirefoxBrowser.__init__(self, logger, None, prefs_root, test_type, **kwargs) - self.package_name = package_name - self.device_serial = device_serial - self.tests_root = kwargs["tests_root"] - self.install_fonts = kwargs["install_fonts"] - self.stackwalk_binary = kwargs["stackwalk_binary"] - - def start(self, **kwargs): - if self.marionette_port is None: - self.marionette_port = get_free_port() - - env = {} - env["MOZ_CRASHREPORTER"] = "1" - env["MOZ_CRASHREPORTER_SHUTDOWN"] = "1" - env["MOZ_DISABLE_NONLOCAL_CONNECTIONS"] = "1" - env["STYLO_THREADS"] = str(self.stylo_threads) - if self.chaos_mode_flags is not None: - env["MOZ_CHAOSMODE"] = str(self.chaos_mode_flags) - if self.enable_webrender: - env["MOZ_WEBRENDER"] = "1" - else: - env["MOZ_WEBRENDER"] = "0" - - preferences = self.load_prefs() +class ProfileCreator(FirefoxProfileCreator): + def __init__(self, logger, prefs_root, config, test_type, extra_prefs, e10s, + browser_channel, certutil_binary, ca_certificate_path): + super(ProfileCreator, self).__init__(logger, prefs_root, config, test_type, extra_prefs, + e10s, browser_channel, None, certutil_binary, + ca_certificate_path) - self.profile = FirefoxProfile(preferences=preferences) - self.profile.set_preferences({ - "marionette.port": self.marionette_port, + def _set_required_prefs(self, profile): + profile.set_preferences({ "network.dns.localDomains": ",".join(self.config.domains_set), "dom.disable_open_during_load": False, "places.history.enabled": False, @@ -126,11 +102,11 @@ class FirefoxAndroidBrowser(FirefoxBrowser): }) if self.e10s: - self.profile.set_preferences({"browser.tabs.remote.autostart": True}) + profile.set_preferences({"browser.tabs.remote.autostart": True}) if self.test_type == "reftest": self.logger.info("Setting android reftest preferences") - self.profile.set_preferences({ + profile.set_preferences({ "browser.viewport.desktopWidth": 800, # Disable high DPI "layout.css.devPixelsPerPx": "1.0", @@ -142,6 +118,72 @@ class FirefoxAndroidBrowser(FirefoxBrowser): "layout.testing.overlay-scrollbars.always-visible": True, }) + + +class FirefoxAndroidBrowser(Browser): + init_timeout = 300 + shutdown_timeout = 60 + + def __init__(self, logger, prefs_root, test_type, package_name="org.mozilla.geckoview.test", + device_serial="emulator-5444", extra_prefs=None, debug_info=None, + symbols_path=None, stackwalk_binary=None, certutil_binary=None, + ca_certificate_path=None, e10s=False, enable_webrender=False, stackfix_dir=None, + binary_args=None, timeout_multiplier=None, leak_check=False, asan=False, + stylo_threads=1, chaos_mode_flags=None, config=None, browser_channel="nightly", + install_fonts=False, tests_root=None, **kwargs): + + super(FirefoxAndroidBrowser, self).__init__(logger) + self.prefs_root = prefs_root + self.test_type = test_type + self.package_name = package_name + self.device_serial = device_serial + self.debug_info = debug_info + self.symbols_path = symbols_path + self.stackwalk_binary = stackwalk_binary + self.certutil_binary = certutil_binary + self.ca_certificate_path = ca_certificate_path + self.e10s = e10s + self.enable_webrender = enable_webrender + self.stackfix_dir = stackfix_dir + self.binary_args = binary_args + self.timeout_multiplier = timeout_multiplier + self.leak_check = leak_check + self.asan = asan + self.stylo_threads = stylo_threads + self.chaos_mode_flags = chaos_mode_flags + self.config = config + self.browser_channel = browser_channel + self.install_fonts = install_fonts + self.tests_root = tests_root + + self.profile_creator = ProfileCreator(logger, + prefs_root, + config, + test_type, + extra_prefs, + e10s, + browser_channel, + certutil_binary, + ca_certificate_path) + + self.marionette_port = None + self.profile = None + self.runner = None + + def settings(self, test): + return {"check_leaks": self.leak_check and not test.leaks, + "lsan_allowed": test.lsan_allowed, + "lsan_max_stack_depth": test.lsan_max_stack_depth, + "mozleak_allowed": self.leak_check and test.mozleak_allowed, + "mozleak_thresholds": self.leak_check and test.mozleak_threshold} + + def start(self, **kwargs): + if self.marionette_port is None: + self.marionette_port = get_free_port() + + self.profile = self.profile_creator.create() + self.profile.set_preferences({"marionette.port": self.marionette_port}) + if self.install_fonts: self.logger.debug("Copying Ahem font to profile") font_dir = os.path.join(self.profile.profile, "fonts") @@ -153,14 +195,23 @@ class FirefoxAndroidBrowser(FirefoxBrowser): self.leak_report_file = None - if self.ca_certificate_path is not None: - self.setup_ssl() - debug_args, cmd = browser_command(self.package_name, self.binary_args if self.binary_args else [] + [cmd_arg("marionette"), "about:blank"], self.debug_info) + env = {} + env["MOZ_CRASHREPORTER"] = "1" + env["MOZ_CRASHREPORTER_SHUTDOWN"] = "1" + env["MOZ_DISABLE_NONLOCAL_CONNECTIONS"] = "1" + env["STYLO_THREADS"] = str(self.stylo_threads) + if self.chaos_mode_flags is not None: + env["MOZ_CHAOSMODE"] = str(self.chaos_mode_flags) + if self.enable_webrender: + env["MOZ_WEBRENDER"] = "1" + else: + env["MOZ_WEBRENDER"] = "0" + self.runner = FennecEmulatorRunner(app=self.package_name, profile=self.profile, cmdargs=cmd[1:], @@ -203,6 +254,26 @@ class FirefoxAndroidBrowser(FirefoxBrowser): self.runner.stop() self.logger.debug("stopped") + def pid(self): + if self.runner.process_handler is None: + return None + + try: + return self.runner.process_handler.pid + except AttributeError: + return None + + def is_alive(self): + if self.runner: + return self.runner.is_running() + return False + + def cleanup(self, force=False): + self.stop(force) + + def executor_browser(self): + return ExecutorBrowser, {"marionette_port": self.marionette_port} + def check_crash(self, process, test): if not os.environ.get("MINIDUMP_STACKWALK", "") and self.stackwalk_binary: os.environ["MINIDUMP_STACKWALK"] = self.stackwalk_binary diff --git a/tests/wpt/web-platform-tests/tools/wptrunner/wptrunner/wptcommandline.py b/tests/wpt/web-platform-tests/tools/wptrunner/wptrunner/wptcommandline.py index 59a8c55b4ef..8125700b4bf 100644 --- a/tests/wpt/web-platform-tests/tools/wptrunner/wptrunner/wptcommandline.py +++ b/tests/wpt/web-platform-tests/tools/wptrunner/wptrunner/wptcommandline.py @@ -263,6 +263,10 @@ scheme host and port.""") gecko_group = parser.add_argument_group("Gecko-specific") gecko_group.add_argument("--prefs-root", dest="prefs_root", action="store", type=abs_path, help="Path to the folder containing browser prefs") + gecko_group.add_argument("--preload-browser", dest="preload_browser", action="store_true", + default=None, help="Preload a gecko instance for faster restarts") + gecko_group.add_argument("--no-preload-browser", dest="preload_browser", action="store_false", + default=None, help="Don't preload a gecko instance for faster restarts") gecko_group.add_argument("--disable-e10s", dest="gecko_e10s", action="store_false", default=True, help="Run tests without electrolysis preferences") gecko_group.add_argument("--enable-webrender", dest="enable_webrender", action="store_true", default=None, @@ -558,6 +562,10 @@ def check_args(kwargs): if kwargs["enable_webrender"] is None: kwargs["enable_webrender"] = False + if kwargs["preload_browser"] is None: + # Default to preloading a gecko instance if we're only running a single process + kwargs["preload_browser"] = kwargs["processes"] == 1 + return kwargs diff --git a/tests/wpt/web-platform-tests/trusted-types/no-require-trusted-types-for-report-only.tentative.https.html b/tests/wpt/web-platform-tests/trusted-types/no-require-trusted-types-for-report-only.tentative.https.html index 56f62952213..651bf0a7199 100644 --- a/tests/wpt/web-platform-tests/trusted-types/no-require-trusted-types-for-report-only.tentative.https.html +++ b/tests/wpt/web-platform-tests/trusted-types/no-require-trusted-types-for-report-only.tentative.https.html @@ -14,9 +14,9 @@ testCases.forEach(c => { const name = `${c[0]}.${c[1]} `; test(t => { - s = document.createElement("script"); - s.innerText = "1"; - assert_equals("1", s.innerText.toString()); + s = document.createElement(c[0]); + s[c[1]] = "https://example.com/"; + assert_equals("https://example.com/", s[c[1]].toString()); }, name + "without trusted types"); }); @@ -41,4 +41,4 @@ assert_equals(s.innerText.toString(), "1"); }, name + "empty default"); }); -</script>
\ No newline at end of file +</script> diff --git a/tests/wpt/web-platform-tests/trusted-types/no-require-trusted-types-for.tentative.https.html b/tests/wpt/web-platform-tests/trusted-types/no-require-trusted-types-for.tentative.https.html index 3630962ada9..651bf0a7199 100644 --- a/tests/wpt/web-platform-tests/trusted-types/no-require-trusted-types-for.tentative.https.html +++ b/tests/wpt/web-platform-tests/trusted-types/no-require-trusted-types-for.tentative.https.html @@ -14,9 +14,9 @@ testCases.forEach(c => { const name = `${c[0]}.${c[1]} `; test(t => { - s = document.createElement("script"); - s.innerText = "1"; - assert_equals("1", s.innerText.toString()); + s = document.createElement(c[0]); + s[c[1]] = "https://example.com/"; + assert_equals("https://example.com/", s[c[1]].toString()); }, name + "without trusted types"); }); diff --git a/tests/wpt/web-platform-tests/trusted-types/nonsecure-require-trusted-types-for.tentative.html b/tests/wpt/web-platform-tests/trusted-types/nonsecure-require-trusted-types-for.tentative.html new file mode 100644 index 00000000000..46dae7a9661 --- /dev/null +++ b/tests/wpt/web-platform-tests/trusted-types/nonsecure-require-trusted-types-for.tentative.html @@ -0,0 +1,24 @@ +<!DOCTYPE html> +<head> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <meta http-equiv="Content-Security-Policy" content="require-trusted-types-for 'script'"> +</head> +<body> +<script> + const testCases = [ + ["script", "src"], + ["div", "innerHTML"], + ["script", "text"], + ]; + + testCases.forEach(c => { + const name = `${c[0]}.${c[1]} `; + test(t => { + s = document.createElement(c[0]); + s[c[1]] = "https://example.com/"; + assert_equals("https://example.com/", s[c[1]].toString()); + }, name + "without trusted types is not blocked by require-trusted-types-for on non-secure pages"); + }); +</script> +</body> diff --git a/tests/wpt/web-platform-tests/trusted-types/nonsecure-require-trusted-types-for.tentative.html.headers b/tests/wpt/web-platform-tests/trusted-types/nonsecure-require-trusted-types-for.tentative.html.headers new file mode 100644 index 00000000000..af6596b29a8 --- /dev/null +++ b/tests/wpt/web-platform-tests/trusted-types/nonsecure-require-trusted-types-for.tentative.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: require-trusted-types-for 'script' diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/sharedworker-classic.http-rp/upgrade/fetch/cross-http-downgrade.downgrade.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/sharedworker-classic.http-rp/upgrade/fetch/cross-http-downgrade.downgrade.https.html new file mode 100644 index 00000000000..61b877179b5 --- /dev/null +++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/sharedworker-classic.http-rp/upgrade/fetch/cross-http-downgrade.downgrade.https.html @@ -0,0 +1,45 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` --> +<html> + <head> + <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title> + <meta charset='utf-8'> + <meta name="description" content="With upgrade-insecure-request"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/"> + <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for fetch to cross-http-downgrade origin and downgrade redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "allowed", + "origin": "cross-http-downgrade", + "redirection": "downgrade", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "http-rp", + "key": "upgradeInsecureRequests", + "value": "upgrade" + } + ], + "sourceContextType": "sharedworker-classic" + } + ], + "source_scheme": "https", + "subresource": "fetch", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/sharedworker-classic.http-rp/upgrade/fetch/cross-http-downgrade.no-redirect.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/sharedworker-classic.http-rp/upgrade/fetch/cross-http-downgrade.no-redirect.https.html new file mode 100644 index 00000000000..cf33de98270 --- /dev/null +++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/sharedworker-classic.http-rp/upgrade/fetch/cross-http-downgrade.no-redirect.https.html @@ -0,0 +1,45 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` --> +<html> + <head> + <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title> + <meta charset='utf-8'> + <meta name="description" content="With upgrade-insecure-request"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/"> + <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for fetch to cross-http-downgrade origin and no-redirect redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "allowed", + "origin": "cross-http-downgrade", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "http-rp", + "key": "upgradeInsecureRequests", + "value": "upgrade" + } + ], + "sourceContextType": "sharedworker-classic" + } + ], + "source_scheme": "https", + "subresource": "fetch", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/sharedworker-classic.http-rp/upgrade/fetch/cross-https.downgrade.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/sharedworker-classic.http-rp/upgrade/fetch/cross-https.downgrade.https.html new file mode 100644 index 00000000000..d8cb3879821 --- /dev/null +++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/sharedworker-classic.http-rp/upgrade/fetch/cross-https.downgrade.https.html @@ -0,0 +1,45 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` --> +<html> + <head> + <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title> + <meta charset='utf-8'> + <meta name="description" content="With upgrade-insecure-request"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/"> + <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for fetch to cross-https origin and downgrade redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "allowed", + "origin": "cross-https", + "redirection": "downgrade", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "http-rp", + "key": "upgradeInsecureRequests", + "value": "upgrade" + } + ], + "sourceContextType": "sharedworker-classic" + } + ], + "source_scheme": "https", + "subresource": "fetch", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/sharedworker-classic.http-rp/upgrade/fetch/same-http-downgrade.downgrade.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/sharedworker-classic.http-rp/upgrade/fetch/same-http-downgrade.downgrade.https.html new file mode 100644 index 00000000000..f6f20b961c9 --- /dev/null +++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/sharedworker-classic.http-rp/upgrade/fetch/same-http-downgrade.downgrade.https.html @@ -0,0 +1,45 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` --> +<html> + <head> + <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title> + <meta charset='utf-8'> + <meta name="description" content="With upgrade-insecure-request"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/"> + <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for fetch to same-http-downgrade origin and downgrade redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "allowed", + "origin": "same-http-downgrade", + "redirection": "downgrade", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "http-rp", + "key": "upgradeInsecureRequests", + "value": "upgrade" + } + ], + "sourceContextType": "sharedworker-classic" + } + ], + "source_scheme": "https", + "subresource": "fetch", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/sharedworker-classic.http-rp/upgrade/fetch/same-http-downgrade.no-redirect.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/sharedworker-classic.http-rp/upgrade/fetch/same-http-downgrade.no-redirect.https.html new file mode 100644 index 00000000000..ed733b37443 --- /dev/null +++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/sharedworker-classic.http-rp/upgrade/fetch/same-http-downgrade.no-redirect.https.html @@ -0,0 +1,45 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` --> +<html> + <head> + <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title> + <meta charset='utf-8'> + <meta name="description" content="With upgrade-insecure-request"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/"> + <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for fetch to same-http-downgrade origin and no-redirect redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "allowed", + "origin": "same-http-downgrade", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "http-rp", + "key": "upgradeInsecureRequests", + "value": "upgrade" + } + ], + "sourceContextType": "sharedworker-classic" + } + ], + "source_scheme": "https", + "subresource": "fetch", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/sharedworker-classic.http-rp/upgrade/fetch/same-https.downgrade.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/sharedworker-classic.http-rp/upgrade/fetch/same-https.downgrade.https.html new file mode 100644 index 00000000000..123082b69d0 --- /dev/null +++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/sharedworker-classic.http-rp/upgrade/fetch/same-https.downgrade.https.html @@ -0,0 +1,45 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` --> +<html> + <head> + <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title> + <meta charset='utf-8'> + <meta name="description" content="With upgrade-insecure-request"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/"> + <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for fetch to same-https origin and downgrade redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "allowed", + "origin": "same-https", + "redirection": "downgrade", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "http-rp", + "key": "upgradeInsecureRequests", + "value": "upgrade" + } + ], + "sourceContextType": "sharedworker-classic" + } + ], + "source_scheme": "https", + "subresource": "fetch", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/sharedworker-classic.http-rp/upgrade/websocket/cross-ws-downgrade.no-redirect.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/sharedworker-classic.http-rp/upgrade/websocket/cross-ws-downgrade.no-redirect.https.html new file mode 100644 index 00000000000..72bd9333c18 --- /dev/null +++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/sharedworker-classic.http-rp/upgrade/websocket/cross-ws-downgrade.no-redirect.https.html @@ -0,0 +1,45 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` --> +<html> + <head> + <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title> + <meta charset='utf-8'> + <meta name="description" content="With upgrade-insecure-request"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/"> + <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for websocket to cross-ws-downgrade origin and no-redirect redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "allowed", + "origin": "cross-ws-downgrade", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "http-rp", + "key": "upgradeInsecureRequests", + "value": "upgrade" + } + ], + "sourceContextType": "sharedworker-classic" + } + ], + "source_scheme": "https", + "subresource": "websocket", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/sharedworker-classic.http-rp/upgrade/websocket/same-ws-downgrade.no-redirect.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/sharedworker-classic.http-rp/upgrade/websocket/same-ws-downgrade.no-redirect.https.html new file mode 100644 index 00000000000..dcbf07f7ce1 --- /dev/null +++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/sharedworker-classic.http-rp/upgrade/websocket/same-ws-downgrade.no-redirect.https.html @@ -0,0 +1,45 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` --> +<html> + <head> + <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title> + <meta charset='utf-8'> + <meta name="description" content="With upgrade-insecure-request"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/"> + <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for websocket to same-ws-downgrade origin and no-redirect redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "allowed", + "origin": "same-ws-downgrade", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "http-rp", + "key": "upgradeInsecureRequests", + "value": "upgrade" + } + ], + "sourceContextType": "sharedworker-classic" + } + ], + "source_scheme": "https", + "subresource": "websocket", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/sharedworker-classic.http-rp/upgrade/xhr/cross-http-downgrade.downgrade.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/sharedworker-classic.http-rp/upgrade/xhr/cross-http-downgrade.downgrade.https.html new file mode 100644 index 00000000000..bdc7fb2c459 --- /dev/null +++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/sharedworker-classic.http-rp/upgrade/xhr/cross-http-downgrade.downgrade.https.html @@ -0,0 +1,45 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` --> +<html> + <head> + <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title> + <meta charset='utf-8'> + <meta name="description" content="With upgrade-insecure-request"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/"> + <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for xhr to cross-http-downgrade origin and downgrade redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "allowed", + "origin": "cross-http-downgrade", + "redirection": "downgrade", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "http-rp", + "key": "upgradeInsecureRequests", + "value": "upgrade" + } + ], + "sourceContextType": "sharedworker-classic" + } + ], + "source_scheme": "https", + "subresource": "xhr", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/sharedworker-classic.http-rp/upgrade/xhr/cross-http-downgrade.no-redirect.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/sharedworker-classic.http-rp/upgrade/xhr/cross-http-downgrade.no-redirect.https.html new file mode 100644 index 00000000000..8f18e37f154 --- /dev/null +++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/sharedworker-classic.http-rp/upgrade/xhr/cross-http-downgrade.no-redirect.https.html @@ -0,0 +1,45 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` --> +<html> + <head> + <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title> + <meta charset='utf-8'> + <meta name="description" content="With upgrade-insecure-request"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/"> + <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for xhr to cross-http-downgrade origin and no-redirect redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "allowed", + "origin": "cross-http-downgrade", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "http-rp", + "key": "upgradeInsecureRequests", + "value": "upgrade" + } + ], + "sourceContextType": "sharedworker-classic" + } + ], + "source_scheme": "https", + "subresource": "xhr", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/sharedworker-classic.http-rp/upgrade/xhr/cross-https.downgrade.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/sharedworker-classic.http-rp/upgrade/xhr/cross-https.downgrade.https.html new file mode 100644 index 00000000000..a43a3168398 --- /dev/null +++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/sharedworker-classic.http-rp/upgrade/xhr/cross-https.downgrade.https.html @@ -0,0 +1,45 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` --> +<html> + <head> + <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title> + <meta charset='utf-8'> + <meta name="description" content="With upgrade-insecure-request"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/"> + <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for xhr to cross-https origin and downgrade redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "allowed", + "origin": "cross-https", + "redirection": "downgrade", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "http-rp", + "key": "upgradeInsecureRequests", + "value": "upgrade" + } + ], + "sourceContextType": "sharedworker-classic" + } + ], + "source_scheme": "https", + "subresource": "xhr", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/sharedworker-classic.http-rp/upgrade/xhr/same-http-downgrade.downgrade.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/sharedworker-classic.http-rp/upgrade/xhr/same-http-downgrade.downgrade.https.html new file mode 100644 index 00000000000..c060ae2f6d3 --- /dev/null +++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/sharedworker-classic.http-rp/upgrade/xhr/same-http-downgrade.downgrade.https.html @@ -0,0 +1,45 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` --> +<html> + <head> + <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title> + <meta charset='utf-8'> + <meta name="description" content="With upgrade-insecure-request"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/"> + <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for xhr to same-http-downgrade origin and downgrade redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "allowed", + "origin": "same-http-downgrade", + "redirection": "downgrade", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "http-rp", + "key": "upgradeInsecureRequests", + "value": "upgrade" + } + ], + "sourceContextType": "sharedworker-classic" + } + ], + "source_scheme": "https", + "subresource": "xhr", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/sharedworker-classic.http-rp/upgrade/xhr/same-http-downgrade.no-redirect.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/sharedworker-classic.http-rp/upgrade/xhr/same-http-downgrade.no-redirect.https.html new file mode 100644 index 00000000000..30bea818628 --- /dev/null +++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/sharedworker-classic.http-rp/upgrade/xhr/same-http-downgrade.no-redirect.https.html @@ -0,0 +1,45 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` --> +<html> + <head> + <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title> + <meta charset='utf-8'> + <meta name="description" content="With upgrade-insecure-request"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/"> + <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for xhr to same-http-downgrade origin and no-redirect redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "allowed", + "origin": "same-http-downgrade", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "http-rp", + "key": "upgradeInsecureRequests", + "value": "upgrade" + } + ], + "sourceContextType": "sharedworker-classic" + } + ], + "source_scheme": "https", + "subresource": "xhr", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/sharedworker-classic.http-rp/upgrade/xhr/same-https.downgrade.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/sharedworker-classic.http-rp/upgrade/xhr/same-https.downgrade.https.html new file mode 100644 index 00000000000..a6d639790b4 --- /dev/null +++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/sharedworker-classic.http-rp/upgrade/xhr/same-https.downgrade.https.html @@ -0,0 +1,45 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` --> +<html> + <head> + <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title> + <meta charset='utf-8'> + <meta name="description" content="With upgrade-insecure-request"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/"> + <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for xhr to same-https origin and downgrade redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "allowed", + "origin": "same-https", + "redirection": "downgrade", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "http-rp", + "key": "upgradeInsecureRequests", + "value": "upgrade" + } + ], + "sourceContextType": "sharedworker-classic" + } + ], + "source_scheme": "https", + "subresource": "xhr", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/sharedworker-module.http-rp/upgrade/fetch/cross-http-downgrade.downgrade.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/sharedworker-module.http-rp/upgrade/fetch/cross-http-downgrade.downgrade.https.html new file mode 100644 index 00000000000..1369927f37e --- /dev/null +++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/sharedworker-module.http-rp/upgrade/fetch/cross-http-downgrade.downgrade.https.html @@ -0,0 +1,45 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` --> +<html> + <head> + <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title> + <meta charset='utf-8'> + <meta name="description" content="With upgrade-insecure-request"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/"> + <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for fetch to cross-http-downgrade origin and downgrade redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "allowed", + "origin": "cross-http-downgrade", + "redirection": "downgrade", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "http-rp", + "key": "upgradeInsecureRequests", + "value": "upgrade" + } + ], + "sourceContextType": "sharedworker-module" + } + ], + "source_scheme": "https", + "subresource": "fetch", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/sharedworker-module.http-rp/upgrade/fetch/cross-http-downgrade.no-redirect.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/sharedworker-module.http-rp/upgrade/fetch/cross-http-downgrade.no-redirect.https.html new file mode 100644 index 00000000000..f33ac5c4577 --- /dev/null +++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/sharedworker-module.http-rp/upgrade/fetch/cross-http-downgrade.no-redirect.https.html @@ -0,0 +1,45 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` --> +<html> + <head> + <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title> + <meta charset='utf-8'> + <meta name="description" content="With upgrade-insecure-request"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/"> + <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for fetch to cross-http-downgrade origin and no-redirect redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "allowed", + "origin": "cross-http-downgrade", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "http-rp", + "key": "upgradeInsecureRequests", + "value": "upgrade" + } + ], + "sourceContextType": "sharedworker-module" + } + ], + "source_scheme": "https", + "subresource": "fetch", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/sharedworker-module.http-rp/upgrade/fetch/cross-https.downgrade.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/sharedworker-module.http-rp/upgrade/fetch/cross-https.downgrade.https.html new file mode 100644 index 00000000000..305446297d5 --- /dev/null +++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/sharedworker-module.http-rp/upgrade/fetch/cross-https.downgrade.https.html @@ -0,0 +1,45 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` --> +<html> + <head> + <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title> + <meta charset='utf-8'> + <meta name="description" content="With upgrade-insecure-request"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/"> + <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for fetch to cross-https origin and downgrade redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "allowed", + "origin": "cross-https", + "redirection": "downgrade", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "http-rp", + "key": "upgradeInsecureRequests", + "value": "upgrade" + } + ], + "sourceContextType": "sharedworker-module" + } + ], + "source_scheme": "https", + "subresource": "fetch", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/sharedworker-module.http-rp/upgrade/fetch/same-http-downgrade.downgrade.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/sharedworker-module.http-rp/upgrade/fetch/same-http-downgrade.downgrade.https.html new file mode 100644 index 00000000000..c2db82d541c --- /dev/null +++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/sharedworker-module.http-rp/upgrade/fetch/same-http-downgrade.downgrade.https.html @@ -0,0 +1,45 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` --> +<html> + <head> + <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title> + <meta charset='utf-8'> + <meta name="description" content="With upgrade-insecure-request"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/"> + <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for fetch to same-http-downgrade origin and downgrade redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "allowed", + "origin": "same-http-downgrade", + "redirection": "downgrade", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "http-rp", + "key": "upgradeInsecureRequests", + "value": "upgrade" + } + ], + "sourceContextType": "sharedworker-module" + } + ], + "source_scheme": "https", + "subresource": "fetch", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/sharedworker-module.http-rp/upgrade/fetch/same-http-downgrade.no-redirect.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/sharedworker-module.http-rp/upgrade/fetch/same-http-downgrade.no-redirect.https.html new file mode 100644 index 00000000000..683d3683aed --- /dev/null +++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/sharedworker-module.http-rp/upgrade/fetch/same-http-downgrade.no-redirect.https.html @@ -0,0 +1,45 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` --> +<html> + <head> + <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title> + <meta charset='utf-8'> + <meta name="description" content="With upgrade-insecure-request"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/"> + <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for fetch to same-http-downgrade origin and no-redirect redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "allowed", + "origin": "same-http-downgrade", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "http-rp", + "key": "upgradeInsecureRequests", + "value": "upgrade" + } + ], + "sourceContextType": "sharedworker-module" + } + ], + "source_scheme": "https", + "subresource": "fetch", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/sharedworker-module.http-rp/upgrade/fetch/same-https.downgrade.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/sharedworker-module.http-rp/upgrade/fetch/same-https.downgrade.https.html new file mode 100644 index 00000000000..9f7061ed66c --- /dev/null +++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/sharedworker-module.http-rp/upgrade/fetch/same-https.downgrade.https.html @@ -0,0 +1,45 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` --> +<html> + <head> + <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title> + <meta charset='utf-8'> + <meta name="description" content="With upgrade-insecure-request"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/"> + <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for fetch to same-https origin and downgrade redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "allowed", + "origin": "same-https", + "redirection": "downgrade", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "http-rp", + "key": "upgradeInsecureRequests", + "value": "upgrade" + } + ], + "sourceContextType": "sharedworker-module" + } + ], + "source_scheme": "https", + "subresource": "fetch", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/sharedworker-module.http-rp/upgrade/websocket/cross-ws-downgrade.no-redirect.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/sharedworker-module.http-rp/upgrade/websocket/cross-ws-downgrade.no-redirect.https.html new file mode 100644 index 00000000000..845eea6de9f --- /dev/null +++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/sharedworker-module.http-rp/upgrade/websocket/cross-ws-downgrade.no-redirect.https.html @@ -0,0 +1,45 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` --> +<html> + <head> + <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title> + <meta charset='utf-8'> + <meta name="description" content="With upgrade-insecure-request"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/"> + <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for websocket to cross-ws-downgrade origin and no-redirect redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "allowed", + "origin": "cross-ws-downgrade", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "http-rp", + "key": "upgradeInsecureRequests", + "value": "upgrade" + } + ], + "sourceContextType": "sharedworker-module" + } + ], + "source_scheme": "https", + "subresource": "websocket", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/sharedworker-module.http-rp/upgrade/websocket/same-ws-downgrade.no-redirect.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/sharedworker-module.http-rp/upgrade/websocket/same-ws-downgrade.no-redirect.https.html new file mode 100644 index 00000000000..c982b10aa5e --- /dev/null +++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/sharedworker-module.http-rp/upgrade/websocket/same-ws-downgrade.no-redirect.https.html @@ -0,0 +1,45 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` --> +<html> + <head> + <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title> + <meta charset='utf-8'> + <meta name="description" content="With upgrade-insecure-request"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/"> + <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for websocket to same-ws-downgrade origin and no-redirect redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "allowed", + "origin": "same-ws-downgrade", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "http-rp", + "key": "upgradeInsecureRequests", + "value": "upgrade" + } + ], + "sourceContextType": "sharedworker-module" + } + ], + "source_scheme": "https", + "subresource": "websocket", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/sharedworker-module.http-rp/upgrade/xhr/cross-http-downgrade.downgrade.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/sharedworker-module.http-rp/upgrade/xhr/cross-http-downgrade.downgrade.https.html new file mode 100644 index 00000000000..24dc6fcd00c --- /dev/null +++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/sharedworker-module.http-rp/upgrade/xhr/cross-http-downgrade.downgrade.https.html @@ -0,0 +1,45 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` --> +<html> + <head> + <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title> + <meta charset='utf-8'> + <meta name="description" content="With upgrade-insecure-request"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/"> + <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for xhr to cross-http-downgrade origin and downgrade redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "allowed", + "origin": "cross-http-downgrade", + "redirection": "downgrade", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "http-rp", + "key": "upgradeInsecureRequests", + "value": "upgrade" + } + ], + "sourceContextType": "sharedworker-module" + } + ], + "source_scheme": "https", + "subresource": "xhr", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/sharedworker-module.http-rp/upgrade/xhr/cross-http-downgrade.no-redirect.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/sharedworker-module.http-rp/upgrade/xhr/cross-http-downgrade.no-redirect.https.html new file mode 100644 index 00000000000..1eaa99de10a --- /dev/null +++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/sharedworker-module.http-rp/upgrade/xhr/cross-http-downgrade.no-redirect.https.html @@ -0,0 +1,45 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` --> +<html> + <head> + <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title> + <meta charset='utf-8'> + <meta name="description" content="With upgrade-insecure-request"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/"> + <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for xhr to cross-http-downgrade origin and no-redirect redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "allowed", + "origin": "cross-http-downgrade", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "http-rp", + "key": "upgradeInsecureRequests", + "value": "upgrade" + } + ], + "sourceContextType": "sharedworker-module" + } + ], + "source_scheme": "https", + "subresource": "xhr", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/sharedworker-module.http-rp/upgrade/xhr/cross-https.downgrade.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/sharedworker-module.http-rp/upgrade/xhr/cross-https.downgrade.https.html new file mode 100644 index 00000000000..dd536795ab6 --- /dev/null +++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/sharedworker-module.http-rp/upgrade/xhr/cross-https.downgrade.https.html @@ -0,0 +1,45 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` --> +<html> + <head> + <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title> + <meta charset='utf-8'> + <meta name="description" content="With upgrade-insecure-request"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/"> + <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for xhr to cross-https origin and downgrade redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "allowed", + "origin": "cross-https", + "redirection": "downgrade", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "http-rp", + "key": "upgradeInsecureRequests", + "value": "upgrade" + } + ], + "sourceContextType": "sharedworker-module" + } + ], + "source_scheme": "https", + "subresource": "xhr", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/sharedworker-module.http-rp/upgrade/xhr/same-http-downgrade.downgrade.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/sharedworker-module.http-rp/upgrade/xhr/same-http-downgrade.downgrade.https.html new file mode 100644 index 00000000000..1d24f759d31 --- /dev/null +++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/sharedworker-module.http-rp/upgrade/xhr/same-http-downgrade.downgrade.https.html @@ -0,0 +1,45 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` --> +<html> + <head> + <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title> + <meta charset='utf-8'> + <meta name="description" content="With upgrade-insecure-request"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/"> + <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for xhr to same-http-downgrade origin and downgrade redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "allowed", + "origin": "same-http-downgrade", + "redirection": "downgrade", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "http-rp", + "key": "upgradeInsecureRequests", + "value": "upgrade" + } + ], + "sourceContextType": "sharedworker-module" + } + ], + "source_scheme": "https", + "subresource": "xhr", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/sharedworker-module.http-rp/upgrade/xhr/same-http-downgrade.no-redirect.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/sharedworker-module.http-rp/upgrade/xhr/same-http-downgrade.no-redirect.https.html new file mode 100644 index 00000000000..0433b4e6f77 --- /dev/null +++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/sharedworker-module.http-rp/upgrade/xhr/same-http-downgrade.no-redirect.https.html @@ -0,0 +1,45 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` --> +<html> + <head> + <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title> + <meta charset='utf-8'> + <meta name="description" content="With upgrade-insecure-request"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/"> + <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for xhr to same-http-downgrade origin and no-redirect redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "allowed", + "origin": "same-http-downgrade", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "http-rp", + "key": "upgradeInsecureRequests", + "value": "upgrade" + } + ], + "sourceContextType": "sharedworker-module" + } + ], + "source_scheme": "https", + "subresource": "xhr", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/sharedworker-module.http-rp/upgrade/xhr/same-https.downgrade.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/sharedworker-module.http-rp/upgrade/xhr/same-https.downgrade.https.html new file mode 100644 index 00000000000..854197395df --- /dev/null +++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/sharedworker-module.http-rp/upgrade/xhr/same-https.downgrade.https.html @@ -0,0 +1,45 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` --> +<html> + <head> + <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title> + <meta charset='utf-8'> + <meta name="description" content="With upgrade-insecure-request"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/"> + <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for xhr to same-https origin and downgrade redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "allowed", + "origin": "same-https", + "redirection": "downgrade", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "http-rp", + "key": "upgradeInsecureRequests", + "value": "upgrade" + } + ], + "sourceContextType": "sharedworker-module" + } + ], + "source_scheme": "https", + "subresource": "xhr", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/fetch/cross-http-downgrade.downgrade.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/fetch/cross-http-downgrade.downgrade.https.html new file mode 100644 index 00000000000..6343f36cb31 --- /dev/null +++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/fetch/cross-http-downgrade.downgrade.https.html @@ -0,0 +1,39 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` --> +<html> + <head> + <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title> + <meta charset='utf-8'> + <meta name="description" content="With upgrade-insecure-request"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/"> + <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for fetch to cross-http-downgrade origin and downgrade redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "allowed", + "origin": "cross-http-downgrade", + "redirection": "downgrade", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "worker-classic" + } + ], + "source_scheme": "https", + "subresource": "fetch", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/fetch/cross-http-downgrade.downgrade.https.html.headers b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/fetch/cross-http-downgrade.downgrade.https.html.headers new file mode 100644 index 00000000000..602d9dc38d0 --- /dev/null +++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/fetch/cross-http-downgrade.downgrade.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: upgrade-insecure-requests diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/fetch/cross-http-downgrade.no-redirect.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/fetch/cross-http-downgrade.no-redirect.https.html new file mode 100644 index 00000000000..577b857caf5 --- /dev/null +++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/fetch/cross-http-downgrade.no-redirect.https.html @@ -0,0 +1,39 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` --> +<html> + <head> + <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title> + <meta charset='utf-8'> + <meta name="description" content="With upgrade-insecure-request"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/"> + <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for fetch to cross-http-downgrade origin and no-redirect redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "allowed", + "origin": "cross-http-downgrade", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "worker-classic" + } + ], + "source_scheme": "https", + "subresource": "fetch", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/fetch/cross-http-downgrade.no-redirect.https.html.headers b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/fetch/cross-http-downgrade.no-redirect.https.html.headers new file mode 100644 index 00000000000..602d9dc38d0 --- /dev/null +++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/fetch/cross-http-downgrade.no-redirect.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: upgrade-insecure-requests diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/fetch/cross-https.downgrade.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/fetch/cross-https.downgrade.https.html new file mode 100644 index 00000000000..e05cc38d22f --- /dev/null +++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/fetch/cross-https.downgrade.https.html @@ -0,0 +1,39 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` --> +<html> + <head> + <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title> + <meta charset='utf-8'> + <meta name="description" content="With upgrade-insecure-request"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/"> + <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for fetch to cross-https origin and downgrade redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "allowed", + "origin": "cross-https", + "redirection": "downgrade", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "worker-classic" + } + ], + "source_scheme": "https", + "subresource": "fetch", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/fetch/cross-https.downgrade.https.html.headers b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/fetch/cross-https.downgrade.https.html.headers new file mode 100644 index 00000000000..602d9dc38d0 --- /dev/null +++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/fetch/cross-https.downgrade.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: upgrade-insecure-requests diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/fetch/same-http-downgrade.downgrade.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/fetch/same-http-downgrade.downgrade.https.html new file mode 100644 index 00000000000..5353e644b5e --- /dev/null +++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/fetch/same-http-downgrade.downgrade.https.html @@ -0,0 +1,39 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` --> +<html> + <head> + <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title> + <meta charset='utf-8'> + <meta name="description" content="With upgrade-insecure-request"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/"> + <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for fetch to same-http-downgrade origin and downgrade redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "allowed", + "origin": "same-http-downgrade", + "redirection": "downgrade", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "worker-classic" + } + ], + "source_scheme": "https", + "subresource": "fetch", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/fetch/same-http-downgrade.downgrade.https.html.headers b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/fetch/same-http-downgrade.downgrade.https.html.headers new file mode 100644 index 00000000000..602d9dc38d0 --- /dev/null +++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/fetch/same-http-downgrade.downgrade.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: upgrade-insecure-requests diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/fetch/same-http-downgrade.no-redirect.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/fetch/same-http-downgrade.no-redirect.https.html new file mode 100644 index 00000000000..eddd8cb2d39 --- /dev/null +++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/fetch/same-http-downgrade.no-redirect.https.html @@ -0,0 +1,39 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` --> +<html> + <head> + <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title> + <meta charset='utf-8'> + <meta name="description" content="With upgrade-insecure-request"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/"> + <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for fetch to same-http-downgrade origin and no-redirect redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "allowed", + "origin": "same-http-downgrade", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "worker-classic" + } + ], + "source_scheme": "https", + "subresource": "fetch", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/fetch/same-http-downgrade.no-redirect.https.html.headers b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/fetch/same-http-downgrade.no-redirect.https.html.headers new file mode 100644 index 00000000000..602d9dc38d0 --- /dev/null +++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/fetch/same-http-downgrade.no-redirect.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: upgrade-insecure-requests diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/fetch/same-https.downgrade.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/fetch/same-https.downgrade.https.html new file mode 100644 index 00000000000..0f1e15c0900 --- /dev/null +++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/fetch/same-https.downgrade.https.html @@ -0,0 +1,39 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` --> +<html> + <head> + <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title> + <meta charset='utf-8'> + <meta name="description" content="With upgrade-insecure-request"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/"> + <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for fetch to same-https origin and downgrade redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "allowed", + "origin": "same-https", + "redirection": "downgrade", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "worker-classic" + } + ], + "source_scheme": "https", + "subresource": "fetch", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/fetch/same-https.downgrade.https.html.headers b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/fetch/same-https.downgrade.https.html.headers new file mode 100644 index 00000000000..602d9dc38d0 --- /dev/null +++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/fetch/same-https.downgrade.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: upgrade-insecure-requests diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/websocket/cross-ws-downgrade.no-redirect.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/websocket/cross-ws-downgrade.no-redirect.https.html new file mode 100644 index 00000000000..2aba803e47e --- /dev/null +++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/websocket/cross-ws-downgrade.no-redirect.https.html @@ -0,0 +1,39 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` --> +<html> + <head> + <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title> + <meta charset='utf-8'> + <meta name="description" content="With upgrade-insecure-request"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/"> + <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for websocket to cross-ws-downgrade origin and no-redirect redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "allowed", + "origin": "cross-ws-downgrade", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "worker-classic" + } + ], + "source_scheme": "https", + "subresource": "websocket", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/websocket/cross-ws-downgrade.no-redirect.https.html.headers b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/websocket/cross-ws-downgrade.no-redirect.https.html.headers new file mode 100644 index 00000000000..602d9dc38d0 --- /dev/null +++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/websocket/cross-ws-downgrade.no-redirect.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: upgrade-insecure-requests diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/websocket/same-ws-downgrade.no-redirect.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/websocket/same-ws-downgrade.no-redirect.https.html new file mode 100644 index 00000000000..f60d181f433 --- /dev/null +++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/websocket/same-ws-downgrade.no-redirect.https.html @@ -0,0 +1,39 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` --> +<html> + <head> + <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title> + <meta charset='utf-8'> + <meta name="description" content="With upgrade-insecure-request"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/"> + <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for websocket to same-ws-downgrade origin and no-redirect redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "allowed", + "origin": "same-ws-downgrade", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "worker-classic" + } + ], + "source_scheme": "https", + "subresource": "websocket", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/websocket/same-ws-downgrade.no-redirect.https.html.headers b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/websocket/same-ws-downgrade.no-redirect.https.html.headers new file mode 100644 index 00000000000..602d9dc38d0 --- /dev/null +++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/websocket/same-ws-downgrade.no-redirect.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: upgrade-insecure-requests diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/worker-classic/same-http-downgrade.downgrade.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/worker-classic/same-http-downgrade.downgrade.https.html new file mode 100644 index 00000000000..42ed603827e --- /dev/null +++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/worker-classic/same-http-downgrade.downgrade.https.html @@ -0,0 +1,39 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` --> +<html> + <head> + <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title> + <meta charset='utf-8'> + <meta name="description" content="With upgrade-insecure-request"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/"> + <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for worker-classic to same-http-downgrade origin and downgrade redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "allowed", + "origin": "same-http-downgrade", + "redirection": "downgrade", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "worker-classic" + } + ], + "source_scheme": "https", + "subresource": "worker-classic", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/worker-classic/same-http-downgrade.downgrade.https.html.headers b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/worker-classic/same-http-downgrade.downgrade.https.html.headers new file mode 100644 index 00000000000..602d9dc38d0 --- /dev/null +++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/worker-classic/same-http-downgrade.downgrade.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: upgrade-insecure-requests diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/worker-classic/same-http-downgrade.no-redirect.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/worker-classic/same-http-downgrade.no-redirect.https.html new file mode 100644 index 00000000000..7a20a8e3fd2 --- /dev/null +++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/worker-classic/same-http-downgrade.no-redirect.https.html @@ -0,0 +1,39 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` --> +<html> + <head> + <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title> + <meta charset='utf-8'> + <meta name="description" content="With upgrade-insecure-request"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/"> + <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for worker-classic to same-http-downgrade origin and no-redirect redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "allowed", + "origin": "same-http-downgrade", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "worker-classic" + } + ], + "source_scheme": "https", + "subresource": "worker-classic", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/worker-classic/same-http-downgrade.no-redirect.https.html.headers b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/worker-classic/same-http-downgrade.no-redirect.https.html.headers new file mode 100644 index 00000000000..602d9dc38d0 --- /dev/null +++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/worker-classic/same-http-downgrade.no-redirect.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: upgrade-insecure-requests diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/worker-classic/same-https.downgrade.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/worker-classic/same-https.downgrade.https.html new file mode 100644 index 00000000000..5a958a08cb6 --- /dev/null +++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/worker-classic/same-https.downgrade.https.html @@ -0,0 +1,39 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` --> +<html> + <head> + <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title> + <meta charset='utf-8'> + <meta name="description" content="With upgrade-insecure-request"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/"> + <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for worker-classic to same-https origin and downgrade redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "allowed", + "origin": "same-https", + "redirection": "downgrade", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "worker-classic" + } + ], + "source_scheme": "https", + "subresource": "worker-classic", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/worker-classic/same-https.downgrade.https.html.headers b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/worker-classic/same-https.downgrade.https.html.headers new file mode 100644 index 00000000000..602d9dc38d0 --- /dev/null +++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/worker-classic/same-https.downgrade.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: upgrade-insecure-requests diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/worker-module/same-http-downgrade.downgrade.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/worker-module/same-http-downgrade.downgrade.https.html new file mode 100644 index 00000000000..2c1fb202a49 --- /dev/null +++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/worker-module/same-http-downgrade.downgrade.https.html @@ -0,0 +1,39 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` --> +<html> + <head> + <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title> + <meta charset='utf-8'> + <meta name="description" content="With upgrade-insecure-request"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/"> + <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for worker-module to same-http-downgrade origin and downgrade redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "allowed", + "origin": "same-http-downgrade", + "redirection": "downgrade", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "worker-classic" + } + ], + "source_scheme": "https", + "subresource": "worker-module", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/worker-module/same-http-downgrade.downgrade.https.html.headers b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/worker-module/same-http-downgrade.downgrade.https.html.headers new file mode 100644 index 00000000000..602d9dc38d0 --- /dev/null +++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/worker-module/same-http-downgrade.downgrade.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: upgrade-insecure-requests diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/worker-module/same-http-downgrade.no-redirect.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/worker-module/same-http-downgrade.no-redirect.https.html new file mode 100644 index 00000000000..9f82d377780 --- /dev/null +++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/worker-module/same-http-downgrade.no-redirect.https.html @@ -0,0 +1,39 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` --> +<html> + <head> + <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title> + <meta charset='utf-8'> + <meta name="description" content="With upgrade-insecure-request"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/"> + <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for worker-module to same-http-downgrade origin and no-redirect redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "allowed", + "origin": "same-http-downgrade", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "worker-classic" + } + ], + "source_scheme": "https", + "subresource": "worker-module", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/worker-module/same-http-downgrade.no-redirect.https.html.headers b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/worker-module/same-http-downgrade.no-redirect.https.html.headers new file mode 100644 index 00000000000..602d9dc38d0 --- /dev/null +++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/worker-module/same-http-downgrade.no-redirect.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: upgrade-insecure-requests diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/worker-module/same-https.downgrade.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/worker-module/same-https.downgrade.https.html new file mode 100644 index 00000000000..72efc132acd --- /dev/null +++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/worker-module/same-https.downgrade.https.html @@ -0,0 +1,39 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` --> +<html> + <head> + <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title> + <meta charset='utf-8'> + <meta name="description" content="With upgrade-insecure-request"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/"> + <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for worker-module to same-https origin and downgrade redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "allowed", + "origin": "same-https", + "redirection": "downgrade", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "worker-classic" + } + ], + "source_scheme": "https", + "subresource": "worker-module", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/worker-module/same-https.downgrade.https.html.headers b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/worker-module/same-https.downgrade.https.html.headers new file mode 100644 index 00000000000..602d9dc38d0 --- /dev/null +++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/worker-module/same-https.downgrade.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: upgrade-insecure-requests diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/xhr/cross-http-downgrade.downgrade.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/xhr/cross-http-downgrade.downgrade.https.html new file mode 100644 index 00000000000..ff1bcf3810b --- /dev/null +++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/xhr/cross-http-downgrade.downgrade.https.html @@ -0,0 +1,39 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` --> +<html> + <head> + <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title> + <meta charset='utf-8'> + <meta name="description" content="With upgrade-insecure-request"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/"> + <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for xhr to cross-http-downgrade origin and downgrade redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "allowed", + "origin": "cross-http-downgrade", + "redirection": "downgrade", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "worker-classic" + } + ], + "source_scheme": "https", + "subresource": "xhr", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/xhr/cross-http-downgrade.downgrade.https.html.headers b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/xhr/cross-http-downgrade.downgrade.https.html.headers new file mode 100644 index 00000000000..602d9dc38d0 --- /dev/null +++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/xhr/cross-http-downgrade.downgrade.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: upgrade-insecure-requests diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/xhr/cross-http-downgrade.no-redirect.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/xhr/cross-http-downgrade.no-redirect.https.html new file mode 100644 index 00000000000..41ef5301d9d --- /dev/null +++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/xhr/cross-http-downgrade.no-redirect.https.html @@ -0,0 +1,39 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` --> +<html> + <head> + <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title> + <meta charset='utf-8'> + <meta name="description" content="With upgrade-insecure-request"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/"> + <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for xhr to cross-http-downgrade origin and no-redirect redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "allowed", + "origin": "cross-http-downgrade", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "worker-classic" + } + ], + "source_scheme": "https", + "subresource": "xhr", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/xhr/cross-http-downgrade.no-redirect.https.html.headers b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/xhr/cross-http-downgrade.no-redirect.https.html.headers new file mode 100644 index 00000000000..602d9dc38d0 --- /dev/null +++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/xhr/cross-http-downgrade.no-redirect.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: upgrade-insecure-requests diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/xhr/cross-https.downgrade.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/xhr/cross-https.downgrade.https.html new file mode 100644 index 00000000000..88ae7c1ba97 --- /dev/null +++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/xhr/cross-https.downgrade.https.html @@ -0,0 +1,39 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` --> +<html> + <head> + <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title> + <meta charset='utf-8'> + <meta name="description" content="With upgrade-insecure-request"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/"> + <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for xhr to cross-https origin and downgrade redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "allowed", + "origin": "cross-https", + "redirection": "downgrade", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "worker-classic" + } + ], + "source_scheme": "https", + "subresource": "xhr", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/xhr/cross-https.downgrade.https.html.headers b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/xhr/cross-https.downgrade.https.html.headers new file mode 100644 index 00000000000..602d9dc38d0 --- /dev/null +++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/xhr/cross-https.downgrade.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: upgrade-insecure-requests diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/xhr/same-http-downgrade.downgrade.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/xhr/same-http-downgrade.downgrade.https.html new file mode 100644 index 00000000000..4846c1b74bd --- /dev/null +++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/xhr/same-http-downgrade.downgrade.https.html @@ -0,0 +1,39 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` --> +<html> + <head> + <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title> + <meta charset='utf-8'> + <meta name="description" content="With upgrade-insecure-request"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/"> + <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for xhr to same-http-downgrade origin and downgrade redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "allowed", + "origin": "same-http-downgrade", + "redirection": "downgrade", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "worker-classic" + } + ], + "source_scheme": "https", + "subresource": "xhr", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/xhr/same-http-downgrade.downgrade.https.html.headers b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/xhr/same-http-downgrade.downgrade.https.html.headers new file mode 100644 index 00000000000..602d9dc38d0 --- /dev/null +++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/xhr/same-http-downgrade.downgrade.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: upgrade-insecure-requests diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/xhr/same-http-downgrade.no-redirect.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/xhr/same-http-downgrade.no-redirect.https.html new file mode 100644 index 00000000000..5ac1a65b163 --- /dev/null +++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/xhr/same-http-downgrade.no-redirect.https.html @@ -0,0 +1,39 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` --> +<html> + <head> + <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title> + <meta charset='utf-8'> + <meta name="description" content="With upgrade-insecure-request"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/"> + <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for xhr to same-http-downgrade origin and no-redirect redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "allowed", + "origin": "same-http-downgrade", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "worker-classic" + } + ], + "source_scheme": "https", + "subresource": "xhr", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/xhr/same-http-downgrade.no-redirect.https.html.headers b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/xhr/same-http-downgrade.no-redirect.https.html.headers new file mode 100644 index 00000000000..602d9dc38d0 --- /dev/null +++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/xhr/same-http-downgrade.no-redirect.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: upgrade-insecure-requests diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/xhr/same-https.downgrade.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/xhr/same-https.downgrade.https.html new file mode 100644 index 00000000000..72c31fad4ba --- /dev/null +++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/xhr/same-https.downgrade.https.html @@ -0,0 +1,39 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` --> +<html> + <head> + <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title> + <meta charset='utf-8'> + <meta name="description" content="With upgrade-insecure-request"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/"> + <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for xhr to same-https origin and downgrade redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "allowed", + "origin": "same-https", + "redirection": "downgrade", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "worker-classic" + } + ], + "source_scheme": "https", + "subresource": "xhr", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/xhr/same-https.downgrade.https.html.headers b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/xhr/same-https.downgrade.https.html.headers new file mode 100644 index 00000000000..602d9dc38d0 --- /dev/null +++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/xhr/same-https.downgrade.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: upgrade-insecure-requests diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/unset/fetch/cross-http-downgrade.downgrade.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/unset/fetch/cross-http-downgrade.downgrade.https.html new file mode 100644 index 00000000000..d9755caa893 --- /dev/null +++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/unset/fetch/cross-http-downgrade.downgrade.https.html @@ -0,0 +1,45 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` --> +<html> + <head> + <title>Upgrade-Insecure-Requests: No upgrade-insecure-request</title> + <meta charset='utf-8'> + <meta name="description" content="No upgrade-insecure-request"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/"> + <meta name="assert" content="Upgrade-Insecure-Requests: Expects blocked for fetch to cross-http-downgrade origin and downgrade redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "blocked", + "origin": "cross-http-downgrade", + "redirection": "downgrade", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "http-rp", + "key": "upgradeInsecureRequests", + "value": "upgrade" + } + ], + "sourceContextType": "worker-classic" + } + ], + "source_scheme": "https", + "subresource": "fetch", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/unset/fetch/cross-http-downgrade.no-redirect.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/unset/fetch/cross-http-downgrade.no-redirect.https.html new file mode 100644 index 00000000000..6b817746c5e --- /dev/null +++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/unset/fetch/cross-http-downgrade.no-redirect.https.html @@ -0,0 +1,45 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` --> +<html> + <head> + <title>Upgrade-Insecure-Requests: No upgrade-insecure-request</title> + <meta charset='utf-8'> + <meta name="description" content="No upgrade-insecure-request"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/"> + <meta name="assert" content="Upgrade-Insecure-Requests: Expects blocked for fetch to cross-http-downgrade origin and no-redirect redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "blocked", + "origin": "cross-http-downgrade", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "http-rp", + "key": "upgradeInsecureRequests", + "value": "upgrade" + } + ], + "sourceContextType": "worker-classic" + } + ], + "source_scheme": "https", + "subresource": "fetch", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/unset/fetch/cross-https.downgrade.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/unset/fetch/cross-https.downgrade.https.html new file mode 100644 index 00000000000..cb5ceb285c0 --- /dev/null +++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/unset/fetch/cross-https.downgrade.https.html @@ -0,0 +1,45 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` --> +<html> + <head> + <title>Upgrade-Insecure-Requests: No upgrade-insecure-request</title> + <meta charset='utf-8'> + <meta name="description" content="No upgrade-insecure-request"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/"> + <meta name="assert" content="Upgrade-Insecure-Requests: Expects blocked for fetch to cross-https origin and downgrade redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "blocked", + "origin": "cross-https", + "redirection": "downgrade", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "http-rp", + "key": "upgradeInsecureRequests", + "value": "upgrade" + } + ], + "sourceContextType": "worker-classic" + } + ], + "source_scheme": "https", + "subresource": "fetch", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/unset/fetch/same-http-downgrade.downgrade.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/unset/fetch/same-http-downgrade.downgrade.https.html new file mode 100644 index 00000000000..a4f8fa016d4 --- /dev/null +++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/unset/fetch/same-http-downgrade.downgrade.https.html @@ -0,0 +1,45 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` --> +<html> + <head> + <title>Upgrade-Insecure-Requests: No upgrade-insecure-request</title> + <meta charset='utf-8'> + <meta name="description" content="No upgrade-insecure-request"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/"> + <meta name="assert" content="Upgrade-Insecure-Requests: Expects blocked for fetch to same-http-downgrade origin and downgrade redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "blocked", + "origin": "same-http-downgrade", + "redirection": "downgrade", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "http-rp", + "key": "upgradeInsecureRequests", + "value": "upgrade" + } + ], + "sourceContextType": "worker-classic" + } + ], + "source_scheme": "https", + "subresource": "fetch", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/unset/fetch/same-http-downgrade.no-redirect.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/unset/fetch/same-http-downgrade.no-redirect.https.html new file mode 100644 index 00000000000..c7bd3df7c33 --- /dev/null +++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/unset/fetch/same-http-downgrade.no-redirect.https.html @@ -0,0 +1,45 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` --> +<html> + <head> + <title>Upgrade-Insecure-Requests: No upgrade-insecure-request</title> + <meta charset='utf-8'> + <meta name="description" content="No upgrade-insecure-request"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/"> + <meta name="assert" content="Upgrade-Insecure-Requests: Expects blocked for fetch to same-http-downgrade origin and no-redirect redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "blocked", + "origin": "same-http-downgrade", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "http-rp", + "key": "upgradeInsecureRequests", + "value": "upgrade" + } + ], + "sourceContextType": "worker-classic" + } + ], + "source_scheme": "https", + "subresource": "fetch", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/unset/fetch/same-https.downgrade.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/unset/fetch/same-https.downgrade.https.html new file mode 100644 index 00000000000..e75a0162cdc --- /dev/null +++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/unset/fetch/same-https.downgrade.https.html @@ -0,0 +1,45 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` --> +<html> + <head> + <title>Upgrade-Insecure-Requests: No upgrade-insecure-request</title> + <meta charset='utf-8'> + <meta name="description" content="No upgrade-insecure-request"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/"> + <meta name="assert" content="Upgrade-Insecure-Requests: Expects blocked for fetch to same-https origin and downgrade redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "blocked", + "origin": "same-https", + "redirection": "downgrade", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "http-rp", + "key": "upgradeInsecureRequests", + "value": "upgrade" + } + ], + "sourceContextType": "worker-classic" + } + ], + "source_scheme": "https", + "subresource": "fetch", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/unset/websocket/cross-ws-downgrade.no-redirect.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/unset/websocket/cross-ws-downgrade.no-redirect.https.html new file mode 100644 index 00000000000..3a65178ee2f --- /dev/null +++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/unset/websocket/cross-ws-downgrade.no-redirect.https.html @@ -0,0 +1,45 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` --> +<html> + <head> + <title>Upgrade-Insecure-Requests: No upgrade-insecure-request</title> + <meta charset='utf-8'> + <meta name="description" content="No upgrade-insecure-request"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/"> + <meta name="assert" content="Upgrade-Insecure-Requests: Expects blocked for websocket to cross-ws-downgrade origin and no-redirect redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "blocked", + "origin": "cross-ws-downgrade", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "http-rp", + "key": "upgradeInsecureRequests", + "value": "upgrade" + } + ], + "sourceContextType": "worker-classic" + } + ], + "source_scheme": "https", + "subresource": "websocket", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/unset/websocket/same-ws-downgrade.no-redirect.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/unset/websocket/same-ws-downgrade.no-redirect.https.html new file mode 100644 index 00000000000..bd36ad5e61d --- /dev/null +++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/unset/websocket/same-ws-downgrade.no-redirect.https.html @@ -0,0 +1,45 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` --> +<html> + <head> + <title>Upgrade-Insecure-Requests: No upgrade-insecure-request</title> + <meta charset='utf-8'> + <meta name="description" content="No upgrade-insecure-request"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/"> + <meta name="assert" content="Upgrade-Insecure-Requests: Expects blocked for websocket to same-ws-downgrade origin and no-redirect redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "blocked", + "origin": "same-ws-downgrade", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "http-rp", + "key": "upgradeInsecureRequests", + "value": "upgrade" + } + ], + "sourceContextType": "worker-classic" + } + ], + "source_scheme": "https", + "subresource": "websocket", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/unset/worker-classic/same-http-downgrade.downgrade.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/unset/worker-classic/same-http-downgrade.downgrade.https.html new file mode 100644 index 00000000000..68248b66d28 --- /dev/null +++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/unset/worker-classic/same-http-downgrade.downgrade.https.html @@ -0,0 +1,45 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` --> +<html> + <head> + <title>Upgrade-Insecure-Requests: No upgrade-insecure-request</title> + <meta charset='utf-8'> + <meta name="description" content="No upgrade-insecure-request"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/"> + <meta name="assert" content="Upgrade-Insecure-Requests: Expects blocked for worker-classic to same-http-downgrade origin and downgrade redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "blocked", + "origin": "same-http-downgrade", + "redirection": "downgrade", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "http-rp", + "key": "upgradeInsecureRequests", + "value": "upgrade" + } + ], + "sourceContextType": "worker-classic" + } + ], + "source_scheme": "https", + "subresource": "worker-classic", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/unset/worker-classic/same-http-downgrade.no-redirect.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/unset/worker-classic/same-http-downgrade.no-redirect.https.html new file mode 100644 index 00000000000..151e3968407 --- /dev/null +++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/unset/worker-classic/same-http-downgrade.no-redirect.https.html @@ -0,0 +1,45 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` --> +<html> + <head> + <title>Upgrade-Insecure-Requests: No upgrade-insecure-request</title> + <meta charset='utf-8'> + <meta name="description" content="No upgrade-insecure-request"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/"> + <meta name="assert" content="Upgrade-Insecure-Requests: Expects blocked for worker-classic to same-http-downgrade origin and no-redirect redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "blocked", + "origin": "same-http-downgrade", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "http-rp", + "key": "upgradeInsecureRequests", + "value": "upgrade" + } + ], + "sourceContextType": "worker-classic" + } + ], + "source_scheme": "https", + "subresource": "worker-classic", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/unset/worker-classic/same-https.downgrade.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/unset/worker-classic/same-https.downgrade.https.html new file mode 100644 index 00000000000..6fdc1411389 --- /dev/null +++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/unset/worker-classic/same-https.downgrade.https.html @@ -0,0 +1,45 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` --> +<html> + <head> + <title>Upgrade-Insecure-Requests: No upgrade-insecure-request</title> + <meta charset='utf-8'> + <meta name="description" content="No upgrade-insecure-request"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/"> + <meta name="assert" content="Upgrade-Insecure-Requests: Expects blocked for worker-classic to same-https origin and downgrade redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "blocked", + "origin": "same-https", + "redirection": "downgrade", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "http-rp", + "key": "upgradeInsecureRequests", + "value": "upgrade" + } + ], + "sourceContextType": "worker-classic" + } + ], + "source_scheme": "https", + "subresource": "worker-classic", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/unset/worker-module/same-http-downgrade.downgrade.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/unset/worker-module/same-http-downgrade.downgrade.https.html new file mode 100644 index 00000000000..f168e1ea28b --- /dev/null +++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/unset/worker-module/same-http-downgrade.downgrade.https.html @@ -0,0 +1,45 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` --> +<html> + <head> + <title>Upgrade-Insecure-Requests: No upgrade-insecure-request</title> + <meta charset='utf-8'> + <meta name="description" content="No upgrade-insecure-request"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/"> + <meta name="assert" content="Upgrade-Insecure-Requests: Expects blocked for worker-module to same-http-downgrade origin and downgrade redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "blocked", + "origin": "same-http-downgrade", + "redirection": "downgrade", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "http-rp", + "key": "upgradeInsecureRequests", + "value": "upgrade" + } + ], + "sourceContextType": "worker-classic" + } + ], + "source_scheme": "https", + "subresource": "worker-module", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/unset/worker-module/same-http-downgrade.no-redirect.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/unset/worker-module/same-http-downgrade.no-redirect.https.html new file mode 100644 index 00000000000..3e42f056f58 --- /dev/null +++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/unset/worker-module/same-http-downgrade.no-redirect.https.html @@ -0,0 +1,45 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` --> +<html> + <head> + <title>Upgrade-Insecure-Requests: No upgrade-insecure-request</title> + <meta charset='utf-8'> + <meta name="description" content="No upgrade-insecure-request"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/"> + <meta name="assert" content="Upgrade-Insecure-Requests: Expects blocked for worker-module to same-http-downgrade origin and no-redirect redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "blocked", + "origin": "same-http-downgrade", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "http-rp", + "key": "upgradeInsecureRequests", + "value": "upgrade" + } + ], + "sourceContextType": "worker-classic" + } + ], + "source_scheme": "https", + "subresource": "worker-module", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/unset/worker-module/same-https.downgrade.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/unset/worker-module/same-https.downgrade.https.html new file mode 100644 index 00000000000..02723eae64b --- /dev/null +++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/unset/worker-module/same-https.downgrade.https.html @@ -0,0 +1,45 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` --> +<html> + <head> + <title>Upgrade-Insecure-Requests: No upgrade-insecure-request</title> + <meta charset='utf-8'> + <meta name="description" content="No upgrade-insecure-request"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/"> + <meta name="assert" content="Upgrade-Insecure-Requests: Expects blocked for worker-module to same-https origin and downgrade redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "blocked", + "origin": "same-https", + "redirection": "downgrade", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "http-rp", + "key": "upgradeInsecureRequests", + "value": "upgrade" + } + ], + "sourceContextType": "worker-classic" + } + ], + "source_scheme": "https", + "subresource": "worker-module", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/unset/xhr/cross-http-downgrade.downgrade.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/unset/xhr/cross-http-downgrade.downgrade.https.html new file mode 100644 index 00000000000..8a7fe50d953 --- /dev/null +++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/unset/xhr/cross-http-downgrade.downgrade.https.html @@ -0,0 +1,45 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` --> +<html> + <head> + <title>Upgrade-Insecure-Requests: No upgrade-insecure-request</title> + <meta charset='utf-8'> + <meta name="description" content="No upgrade-insecure-request"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/"> + <meta name="assert" content="Upgrade-Insecure-Requests: Expects blocked for xhr to cross-http-downgrade origin and downgrade redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "blocked", + "origin": "cross-http-downgrade", + "redirection": "downgrade", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "http-rp", + "key": "upgradeInsecureRequests", + "value": "upgrade" + } + ], + "sourceContextType": "worker-classic" + } + ], + "source_scheme": "https", + "subresource": "xhr", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/unset/xhr/cross-http-downgrade.no-redirect.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/unset/xhr/cross-http-downgrade.no-redirect.https.html new file mode 100644 index 00000000000..36b2828c4ad --- /dev/null +++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/unset/xhr/cross-http-downgrade.no-redirect.https.html @@ -0,0 +1,45 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` --> +<html> + <head> + <title>Upgrade-Insecure-Requests: No upgrade-insecure-request</title> + <meta charset='utf-8'> + <meta name="description" content="No upgrade-insecure-request"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/"> + <meta name="assert" content="Upgrade-Insecure-Requests: Expects blocked for xhr to cross-http-downgrade origin and no-redirect redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "blocked", + "origin": "cross-http-downgrade", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "http-rp", + "key": "upgradeInsecureRequests", + "value": "upgrade" + } + ], + "sourceContextType": "worker-classic" + } + ], + "source_scheme": "https", + "subresource": "xhr", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/unset/xhr/cross-https.downgrade.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/unset/xhr/cross-https.downgrade.https.html new file mode 100644 index 00000000000..b89fdb90566 --- /dev/null +++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/unset/xhr/cross-https.downgrade.https.html @@ -0,0 +1,45 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` --> +<html> + <head> + <title>Upgrade-Insecure-Requests: No upgrade-insecure-request</title> + <meta charset='utf-8'> + <meta name="description" content="No upgrade-insecure-request"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/"> + <meta name="assert" content="Upgrade-Insecure-Requests: Expects blocked for xhr to cross-https origin and downgrade redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "blocked", + "origin": "cross-https", + "redirection": "downgrade", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "http-rp", + "key": "upgradeInsecureRequests", + "value": "upgrade" + } + ], + "sourceContextType": "worker-classic" + } + ], + "source_scheme": "https", + "subresource": "xhr", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/unset/xhr/same-http-downgrade.downgrade.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/unset/xhr/same-http-downgrade.downgrade.https.html new file mode 100644 index 00000000000..f90e276e338 --- /dev/null +++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/unset/xhr/same-http-downgrade.downgrade.https.html @@ -0,0 +1,45 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` --> +<html> + <head> + <title>Upgrade-Insecure-Requests: No upgrade-insecure-request</title> + <meta charset='utf-8'> + <meta name="description" content="No upgrade-insecure-request"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/"> + <meta name="assert" content="Upgrade-Insecure-Requests: Expects blocked for xhr to same-http-downgrade origin and downgrade redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "blocked", + "origin": "same-http-downgrade", + "redirection": "downgrade", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "http-rp", + "key": "upgradeInsecureRequests", + "value": "upgrade" + } + ], + "sourceContextType": "worker-classic" + } + ], + "source_scheme": "https", + "subresource": "xhr", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/unset/xhr/same-http-downgrade.no-redirect.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/unset/xhr/same-http-downgrade.no-redirect.https.html new file mode 100644 index 00000000000..7cd85dcb51f --- /dev/null +++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/unset/xhr/same-http-downgrade.no-redirect.https.html @@ -0,0 +1,45 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` --> +<html> + <head> + <title>Upgrade-Insecure-Requests: No upgrade-insecure-request</title> + <meta charset='utf-8'> + <meta name="description" content="No upgrade-insecure-request"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/"> + <meta name="assert" content="Upgrade-Insecure-Requests: Expects blocked for xhr to same-http-downgrade origin and no-redirect redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "blocked", + "origin": "same-http-downgrade", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "http-rp", + "key": "upgradeInsecureRequests", + "value": "upgrade" + } + ], + "sourceContextType": "worker-classic" + } + ], + "source_scheme": "https", + "subresource": "xhr", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/unset/xhr/same-https.downgrade.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/unset/xhr/same-https.downgrade.https.html new file mode 100644 index 00000000000..9549a31e854 --- /dev/null +++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/unset/xhr/same-https.downgrade.https.html @@ -0,0 +1,45 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` --> +<html> + <head> + <title>Upgrade-Insecure-Requests: No upgrade-insecure-request</title> + <meta charset='utf-8'> + <meta name="description" content="No upgrade-insecure-request"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/"> + <meta name="assert" content="Upgrade-Insecure-Requests: Expects blocked for xhr to same-https origin and downgrade redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "blocked", + "origin": "same-https", + "redirection": "downgrade", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "http-rp", + "key": "upgradeInsecureRequests", + "value": "upgrade" + } + ], + "sourceContextType": "worker-classic" + } + ], + "source_scheme": "https", + "subresource": "xhr", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/upgrade/fetch/cross-http-downgrade.downgrade.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/upgrade/fetch/cross-http-downgrade.downgrade.https.html new file mode 100644 index 00000000000..3a45df5b10b --- /dev/null +++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/upgrade/fetch/cross-http-downgrade.downgrade.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` --> +<html> + <head> + <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title> + <meta charset='utf-8'> + <meta name="description" content="With upgrade-insecure-request"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/"> + <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for fetch to cross-http-downgrade origin and downgrade redirection from https context."> + <meta http-equiv="Content-Security-Policy" content="upgrade-insecure-requests"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "allowed", + "origin": "cross-http-downgrade", + "redirection": "downgrade", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "worker-classic" + } + ], + "source_scheme": "https", + "subresource": "fetch", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/upgrade/fetch/cross-http-downgrade.no-redirect.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/upgrade/fetch/cross-http-downgrade.no-redirect.https.html new file mode 100644 index 00000000000..b7817aab76c --- /dev/null +++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/upgrade/fetch/cross-http-downgrade.no-redirect.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` --> +<html> + <head> + <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title> + <meta charset='utf-8'> + <meta name="description" content="With upgrade-insecure-request"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/"> + <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for fetch to cross-http-downgrade origin and no-redirect redirection from https context."> + <meta http-equiv="Content-Security-Policy" content="upgrade-insecure-requests"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "allowed", + "origin": "cross-http-downgrade", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "worker-classic" + } + ], + "source_scheme": "https", + "subresource": "fetch", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/upgrade/fetch/cross-https.downgrade.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/upgrade/fetch/cross-https.downgrade.https.html new file mode 100644 index 00000000000..bbe8f0556d9 --- /dev/null +++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/upgrade/fetch/cross-https.downgrade.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` --> +<html> + <head> + <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title> + <meta charset='utf-8'> + <meta name="description" content="With upgrade-insecure-request"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/"> + <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for fetch to cross-https origin and downgrade redirection from https context."> + <meta http-equiv="Content-Security-Policy" content="upgrade-insecure-requests"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "allowed", + "origin": "cross-https", + "redirection": "downgrade", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "worker-classic" + } + ], + "source_scheme": "https", + "subresource": "fetch", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/upgrade/fetch/same-http-downgrade.downgrade.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/upgrade/fetch/same-http-downgrade.downgrade.https.html new file mode 100644 index 00000000000..322d17cffc2 --- /dev/null +++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/upgrade/fetch/same-http-downgrade.downgrade.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` --> +<html> + <head> + <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title> + <meta charset='utf-8'> + <meta name="description" content="With upgrade-insecure-request"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/"> + <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for fetch to same-http-downgrade origin and downgrade redirection from https context."> + <meta http-equiv="Content-Security-Policy" content="upgrade-insecure-requests"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "allowed", + "origin": "same-http-downgrade", + "redirection": "downgrade", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "worker-classic" + } + ], + "source_scheme": "https", + "subresource": "fetch", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/upgrade/fetch/same-http-downgrade.no-redirect.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/upgrade/fetch/same-http-downgrade.no-redirect.https.html new file mode 100644 index 00000000000..06149273ccd --- /dev/null +++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/upgrade/fetch/same-http-downgrade.no-redirect.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` --> +<html> + <head> + <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title> + <meta charset='utf-8'> + <meta name="description" content="With upgrade-insecure-request"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/"> + <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for fetch to same-http-downgrade origin and no-redirect redirection from https context."> + <meta http-equiv="Content-Security-Policy" content="upgrade-insecure-requests"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "allowed", + "origin": "same-http-downgrade", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "worker-classic" + } + ], + "source_scheme": "https", + "subresource": "fetch", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/upgrade/fetch/same-https.downgrade.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/upgrade/fetch/same-https.downgrade.https.html new file mode 100644 index 00000000000..268ceb2a1c3 --- /dev/null +++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/upgrade/fetch/same-https.downgrade.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` --> +<html> + <head> + <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title> + <meta charset='utf-8'> + <meta name="description" content="With upgrade-insecure-request"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/"> + <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for fetch to same-https origin and downgrade redirection from https context."> + <meta http-equiv="Content-Security-Policy" content="upgrade-insecure-requests"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "allowed", + "origin": "same-https", + "redirection": "downgrade", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "worker-classic" + } + ], + "source_scheme": "https", + "subresource": "fetch", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/upgrade/websocket/cross-ws-downgrade.no-redirect.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/upgrade/websocket/cross-ws-downgrade.no-redirect.https.html new file mode 100644 index 00000000000..43180322e4f --- /dev/null +++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/upgrade/websocket/cross-ws-downgrade.no-redirect.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` --> +<html> + <head> + <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title> + <meta charset='utf-8'> + <meta name="description" content="With upgrade-insecure-request"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/"> + <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for websocket to cross-ws-downgrade origin and no-redirect redirection from https context."> + <meta http-equiv="Content-Security-Policy" content="upgrade-insecure-requests"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "allowed", + "origin": "cross-ws-downgrade", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "worker-classic" + } + ], + "source_scheme": "https", + "subresource": "websocket", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/upgrade/websocket/same-ws-downgrade.no-redirect.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/upgrade/websocket/same-ws-downgrade.no-redirect.https.html new file mode 100644 index 00000000000..22a41d20731 --- /dev/null +++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/upgrade/websocket/same-ws-downgrade.no-redirect.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` --> +<html> + <head> + <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title> + <meta charset='utf-8'> + <meta name="description" content="With upgrade-insecure-request"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/"> + <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for websocket to same-ws-downgrade origin and no-redirect redirection from https context."> + <meta http-equiv="Content-Security-Policy" content="upgrade-insecure-requests"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "allowed", + "origin": "same-ws-downgrade", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "worker-classic" + } + ], + "source_scheme": "https", + "subresource": "websocket", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/upgrade/worker-classic/same-http-downgrade.downgrade.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/upgrade/worker-classic/same-http-downgrade.downgrade.https.html new file mode 100644 index 00000000000..91efc3fe62e --- /dev/null +++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/upgrade/worker-classic/same-http-downgrade.downgrade.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` --> +<html> + <head> + <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title> + <meta charset='utf-8'> + <meta name="description" content="With upgrade-insecure-request"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/"> + <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for worker-classic to same-http-downgrade origin and downgrade redirection from https context."> + <meta http-equiv="Content-Security-Policy" content="upgrade-insecure-requests"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "allowed", + "origin": "same-http-downgrade", + "redirection": "downgrade", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "worker-classic" + } + ], + "source_scheme": "https", + "subresource": "worker-classic", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/upgrade/worker-classic/same-http-downgrade.no-redirect.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/upgrade/worker-classic/same-http-downgrade.no-redirect.https.html new file mode 100644 index 00000000000..e33fe74f66f --- /dev/null +++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/upgrade/worker-classic/same-http-downgrade.no-redirect.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` --> +<html> + <head> + <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title> + <meta charset='utf-8'> + <meta name="description" content="With upgrade-insecure-request"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/"> + <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for worker-classic to same-http-downgrade origin and no-redirect redirection from https context."> + <meta http-equiv="Content-Security-Policy" content="upgrade-insecure-requests"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "allowed", + "origin": "same-http-downgrade", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "worker-classic" + } + ], + "source_scheme": "https", + "subresource": "worker-classic", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/upgrade/worker-classic/same-https.downgrade.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/upgrade/worker-classic/same-https.downgrade.https.html new file mode 100644 index 00000000000..33ce6b6ec99 --- /dev/null +++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/upgrade/worker-classic/same-https.downgrade.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` --> +<html> + <head> + <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title> + <meta charset='utf-8'> + <meta name="description" content="With upgrade-insecure-request"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/"> + <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for worker-classic to same-https origin and downgrade redirection from https context."> + <meta http-equiv="Content-Security-Policy" content="upgrade-insecure-requests"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "allowed", + "origin": "same-https", + "redirection": "downgrade", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "worker-classic" + } + ], + "source_scheme": "https", + "subresource": "worker-classic", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/upgrade/worker-module/same-http-downgrade.downgrade.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/upgrade/worker-module/same-http-downgrade.downgrade.https.html new file mode 100644 index 00000000000..33faa24d050 --- /dev/null +++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/upgrade/worker-module/same-http-downgrade.downgrade.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` --> +<html> + <head> + <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title> + <meta charset='utf-8'> + <meta name="description" content="With upgrade-insecure-request"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/"> + <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for worker-module to same-http-downgrade origin and downgrade redirection from https context."> + <meta http-equiv="Content-Security-Policy" content="upgrade-insecure-requests"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "allowed", + "origin": "same-http-downgrade", + "redirection": "downgrade", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "worker-classic" + } + ], + "source_scheme": "https", + "subresource": "worker-module", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/upgrade/worker-module/same-http-downgrade.no-redirect.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/upgrade/worker-module/same-http-downgrade.no-redirect.https.html new file mode 100644 index 00000000000..cc4c777cebf --- /dev/null +++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/upgrade/worker-module/same-http-downgrade.no-redirect.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` --> +<html> + <head> + <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title> + <meta charset='utf-8'> + <meta name="description" content="With upgrade-insecure-request"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/"> + <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for worker-module to same-http-downgrade origin and no-redirect redirection from https context."> + <meta http-equiv="Content-Security-Policy" content="upgrade-insecure-requests"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "allowed", + "origin": "same-http-downgrade", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "worker-classic" + } + ], + "source_scheme": "https", + "subresource": "worker-module", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/upgrade/worker-module/same-https.downgrade.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/upgrade/worker-module/same-https.downgrade.https.html new file mode 100644 index 00000000000..f955230b051 --- /dev/null +++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/upgrade/worker-module/same-https.downgrade.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` --> +<html> + <head> + <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title> + <meta charset='utf-8'> + <meta name="description" content="With upgrade-insecure-request"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/"> + <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for worker-module to same-https origin and downgrade redirection from https context."> + <meta http-equiv="Content-Security-Policy" content="upgrade-insecure-requests"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "allowed", + "origin": "same-https", + "redirection": "downgrade", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "worker-classic" + } + ], + "source_scheme": "https", + "subresource": "worker-module", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/upgrade/xhr/cross-http-downgrade.downgrade.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/upgrade/xhr/cross-http-downgrade.downgrade.https.html new file mode 100644 index 00000000000..ab564874fef --- /dev/null +++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/upgrade/xhr/cross-http-downgrade.downgrade.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` --> +<html> + <head> + <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title> + <meta charset='utf-8'> + <meta name="description" content="With upgrade-insecure-request"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/"> + <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for xhr to cross-http-downgrade origin and downgrade redirection from https context."> + <meta http-equiv="Content-Security-Policy" content="upgrade-insecure-requests"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "allowed", + "origin": "cross-http-downgrade", + "redirection": "downgrade", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "worker-classic" + } + ], + "source_scheme": "https", + "subresource": "xhr", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/upgrade/xhr/cross-http-downgrade.no-redirect.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/upgrade/xhr/cross-http-downgrade.no-redirect.https.html new file mode 100644 index 00000000000..71b5ca048aa --- /dev/null +++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/upgrade/xhr/cross-http-downgrade.no-redirect.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` --> +<html> + <head> + <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title> + <meta charset='utf-8'> + <meta name="description" content="With upgrade-insecure-request"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/"> + <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for xhr to cross-http-downgrade origin and no-redirect redirection from https context."> + <meta http-equiv="Content-Security-Policy" content="upgrade-insecure-requests"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "allowed", + "origin": "cross-http-downgrade", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "worker-classic" + } + ], + "source_scheme": "https", + "subresource": "xhr", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/upgrade/xhr/cross-https.downgrade.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/upgrade/xhr/cross-https.downgrade.https.html new file mode 100644 index 00000000000..e8a08fc0cd8 --- /dev/null +++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/upgrade/xhr/cross-https.downgrade.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` --> +<html> + <head> + <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title> + <meta charset='utf-8'> + <meta name="description" content="With upgrade-insecure-request"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/"> + <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for xhr to cross-https origin and downgrade redirection from https context."> + <meta http-equiv="Content-Security-Policy" content="upgrade-insecure-requests"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "allowed", + "origin": "cross-https", + "redirection": "downgrade", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "worker-classic" + } + ], + "source_scheme": "https", + "subresource": "xhr", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/upgrade/xhr/same-http-downgrade.downgrade.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/upgrade/xhr/same-http-downgrade.downgrade.https.html new file mode 100644 index 00000000000..6125ad0c854 --- /dev/null +++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/upgrade/xhr/same-http-downgrade.downgrade.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` --> +<html> + <head> + <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title> + <meta charset='utf-8'> + <meta name="description" content="With upgrade-insecure-request"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/"> + <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for xhr to same-http-downgrade origin and downgrade redirection from https context."> + <meta http-equiv="Content-Security-Policy" content="upgrade-insecure-requests"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "allowed", + "origin": "same-http-downgrade", + "redirection": "downgrade", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "worker-classic" + } + ], + "source_scheme": "https", + "subresource": "xhr", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/upgrade/xhr/same-http-downgrade.no-redirect.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/upgrade/xhr/same-http-downgrade.no-redirect.https.html new file mode 100644 index 00000000000..9cf1a16672d --- /dev/null +++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/upgrade/xhr/same-http-downgrade.no-redirect.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` --> +<html> + <head> + <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title> + <meta charset='utf-8'> + <meta name="description" content="With upgrade-insecure-request"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/"> + <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for xhr to same-http-downgrade origin and no-redirect redirection from https context."> + <meta http-equiv="Content-Security-Policy" content="upgrade-insecure-requests"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "allowed", + "origin": "same-http-downgrade", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "worker-classic" + } + ], + "source_scheme": "https", + "subresource": "xhr", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/upgrade/xhr/same-https.downgrade.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/upgrade/xhr/same-https.downgrade.https.html new file mode 100644 index 00000000000..b3e64a982b6 --- /dev/null +++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/upgrade/xhr/same-https.downgrade.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` --> +<html> + <head> + <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title> + <meta charset='utf-8'> + <meta name="description" content="With upgrade-insecure-request"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/"> + <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for xhr to same-https origin and downgrade redirection from https context."> + <meta http-equiv="Content-Security-Policy" content="upgrade-insecure-requests"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "allowed", + "origin": "same-https", + "redirection": "downgrade", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "worker-classic" + } + ], + "source_scheme": "https", + "subresource": "xhr", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/fetch/cross-http-downgrade.downgrade.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/fetch/cross-http-downgrade.downgrade.https.html new file mode 100644 index 00000000000..da211f791b3 --- /dev/null +++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/fetch/cross-http-downgrade.downgrade.https.html @@ -0,0 +1,39 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` --> +<html> + <head> + <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title> + <meta charset='utf-8'> + <meta name="description" content="With upgrade-insecure-request"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/"> + <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for fetch to cross-http-downgrade origin and downgrade redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "allowed", + "origin": "cross-http-downgrade", + "redirection": "downgrade", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "worker-module" + } + ], + "source_scheme": "https", + "subresource": "fetch", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/fetch/cross-http-downgrade.downgrade.https.html.headers b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/fetch/cross-http-downgrade.downgrade.https.html.headers new file mode 100644 index 00000000000..602d9dc38d0 --- /dev/null +++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/fetch/cross-http-downgrade.downgrade.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: upgrade-insecure-requests diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/fetch/cross-http-downgrade.no-redirect.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/fetch/cross-http-downgrade.no-redirect.https.html new file mode 100644 index 00000000000..5168cfed44b --- /dev/null +++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/fetch/cross-http-downgrade.no-redirect.https.html @@ -0,0 +1,39 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` --> +<html> + <head> + <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title> + <meta charset='utf-8'> + <meta name="description" content="With upgrade-insecure-request"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/"> + <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for fetch to cross-http-downgrade origin and no-redirect redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "allowed", + "origin": "cross-http-downgrade", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "worker-module" + } + ], + "source_scheme": "https", + "subresource": "fetch", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/fetch/cross-http-downgrade.no-redirect.https.html.headers b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/fetch/cross-http-downgrade.no-redirect.https.html.headers new file mode 100644 index 00000000000..602d9dc38d0 --- /dev/null +++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/fetch/cross-http-downgrade.no-redirect.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: upgrade-insecure-requests diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/fetch/cross-https.downgrade.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/fetch/cross-https.downgrade.https.html new file mode 100644 index 00000000000..4323601eac1 --- /dev/null +++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/fetch/cross-https.downgrade.https.html @@ -0,0 +1,39 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` --> +<html> + <head> + <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title> + <meta charset='utf-8'> + <meta name="description" content="With upgrade-insecure-request"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/"> + <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for fetch to cross-https origin and downgrade redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "allowed", + "origin": "cross-https", + "redirection": "downgrade", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "worker-module" + } + ], + "source_scheme": "https", + "subresource": "fetch", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/fetch/cross-https.downgrade.https.html.headers b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/fetch/cross-https.downgrade.https.html.headers new file mode 100644 index 00000000000..602d9dc38d0 --- /dev/null +++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/fetch/cross-https.downgrade.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: upgrade-insecure-requests diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/fetch/same-http-downgrade.downgrade.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/fetch/same-http-downgrade.downgrade.https.html new file mode 100644 index 00000000000..f29fa9df397 --- /dev/null +++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/fetch/same-http-downgrade.downgrade.https.html @@ -0,0 +1,39 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` --> +<html> + <head> + <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title> + <meta charset='utf-8'> + <meta name="description" content="With upgrade-insecure-request"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/"> + <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for fetch to same-http-downgrade origin and downgrade redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "allowed", + "origin": "same-http-downgrade", + "redirection": "downgrade", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "worker-module" + } + ], + "source_scheme": "https", + "subresource": "fetch", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/fetch/same-http-downgrade.downgrade.https.html.headers b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/fetch/same-http-downgrade.downgrade.https.html.headers new file mode 100644 index 00000000000..602d9dc38d0 --- /dev/null +++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/fetch/same-http-downgrade.downgrade.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: upgrade-insecure-requests diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/fetch/same-http-downgrade.no-redirect.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/fetch/same-http-downgrade.no-redirect.https.html new file mode 100644 index 00000000000..9a7dce98896 --- /dev/null +++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/fetch/same-http-downgrade.no-redirect.https.html @@ -0,0 +1,39 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` --> +<html> + <head> + <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title> + <meta charset='utf-8'> + <meta name="description" content="With upgrade-insecure-request"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/"> + <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for fetch to same-http-downgrade origin and no-redirect redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "allowed", + "origin": "same-http-downgrade", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "worker-module" + } + ], + "source_scheme": "https", + "subresource": "fetch", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/fetch/same-http-downgrade.no-redirect.https.html.headers b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/fetch/same-http-downgrade.no-redirect.https.html.headers new file mode 100644 index 00000000000..602d9dc38d0 --- /dev/null +++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/fetch/same-http-downgrade.no-redirect.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: upgrade-insecure-requests diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/fetch/same-https.downgrade.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/fetch/same-https.downgrade.https.html new file mode 100644 index 00000000000..75268315985 --- /dev/null +++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/fetch/same-https.downgrade.https.html @@ -0,0 +1,39 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` --> +<html> + <head> + <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title> + <meta charset='utf-8'> + <meta name="description" content="With upgrade-insecure-request"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/"> + <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for fetch to same-https origin and downgrade redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "allowed", + "origin": "same-https", + "redirection": "downgrade", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "worker-module" + } + ], + "source_scheme": "https", + "subresource": "fetch", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/fetch/same-https.downgrade.https.html.headers b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/fetch/same-https.downgrade.https.html.headers new file mode 100644 index 00000000000..602d9dc38d0 --- /dev/null +++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/fetch/same-https.downgrade.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: upgrade-insecure-requests diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/websocket/cross-ws-downgrade.no-redirect.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/websocket/cross-ws-downgrade.no-redirect.https.html new file mode 100644 index 00000000000..be9a3489fa1 --- /dev/null +++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/websocket/cross-ws-downgrade.no-redirect.https.html @@ -0,0 +1,39 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` --> +<html> + <head> + <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title> + <meta charset='utf-8'> + <meta name="description" content="With upgrade-insecure-request"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/"> + <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for websocket to cross-ws-downgrade origin and no-redirect redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "allowed", + "origin": "cross-ws-downgrade", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "worker-module" + } + ], + "source_scheme": "https", + "subresource": "websocket", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/websocket/cross-ws-downgrade.no-redirect.https.html.headers b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/websocket/cross-ws-downgrade.no-redirect.https.html.headers new file mode 100644 index 00000000000..602d9dc38d0 --- /dev/null +++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/websocket/cross-ws-downgrade.no-redirect.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: upgrade-insecure-requests diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/websocket/same-ws-downgrade.no-redirect.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/websocket/same-ws-downgrade.no-redirect.https.html new file mode 100644 index 00000000000..0f7e54ed5b8 --- /dev/null +++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/websocket/same-ws-downgrade.no-redirect.https.html @@ -0,0 +1,39 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` --> +<html> + <head> + <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title> + <meta charset='utf-8'> + <meta name="description" content="With upgrade-insecure-request"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/"> + <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for websocket to same-ws-downgrade origin and no-redirect redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "allowed", + "origin": "same-ws-downgrade", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "worker-module" + } + ], + "source_scheme": "https", + "subresource": "websocket", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/websocket/same-ws-downgrade.no-redirect.https.html.headers b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/websocket/same-ws-downgrade.no-redirect.https.html.headers new file mode 100644 index 00000000000..602d9dc38d0 --- /dev/null +++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/websocket/same-ws-downgrade.no-redirect.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: upgrade-insecure-requests diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/worker-classic/same-http-downgrade.downgrade.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/worker-classic/same-http-downgrade.downgrade.https.html new file mode 100644 index 00000000000..707fffa985c --- /dev/null +++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/worker-classic/same-http-downgrade.downgrade.https.html @@ -0,0 +1,39 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` --> +<html> + <head> + <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title> + <meta charset='utf-8'> + <meta name="description" content="With upgrade-insecure-request"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/"> + <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for worker-classic to same-http-downgrade origin and downgrade redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "allowed", + "origin": "same-http-downgrade", + "redirection": "downgrade", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "worker-module" + } + ], + "source_scheme": "https", + "subresource": "worker-classic", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/worker-classic/same-http-downgrade.downgrade.https.html.headers b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/worker-classic/same-http-downgrade.downgrade.https.html.headers new file mode 100644 index 00000000000..602d9dc38d0 --- /dev/null +++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/worker-classic/same-http-downgrade.downgrade.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: upgrade-insecure-requests diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/worker-classic/same-http-downgrade.no-redirect.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/worker-classic/same-http-downgrade.no-redirect.https.html new file mode 100644 index 00000000000..f3e96e7eef8 --- /dev/null +++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/worker-classic/same-http-downgrade.no-redirect.https.html @@ -0,0 +1,39 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` --> +<html> + <head> + <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title> + <meta charset='utf-8'> + <meta name="description" content="With upgrade-insecure-request"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/"> + <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for worker-classic to same-http-downgrade origin and no-redirect redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "allowed", + "origin": "same-http-downgrade", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "worker-module" + } + ], + "source_scheme": "https", + "subresource": "worker-classic", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/worker-classic/same-http-downgrade.no-redirect.https.html.headers b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/worker-classic/same-http-downgrade.no-redirect.https.html.headers new file mode 100644 index 00000000000..602d9dc38d0 --- /dev/null +++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/worker-classic/same-http-downgrade.no-redirect.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: upgrade-insecure-requests diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/worker-classic/same-https.downgrade.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/worker-classic/same-https.downgrade.https.html new file mode 100644 index 00000000000..3bd618a1318 --- /dev/null +++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/worker-classic/same-https.downgrade.https.html @@ -0,0 +1,39 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` --> +<html> + <head> + <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title> + <meta charset='utf-8'> + <meta name="description" content="With upgrade-insecure-request"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/"> + <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for worker-classic to same-https origin and downgrade redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "allowed", + "origin": "same-https", + "redirection": "downgrade", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "worker-module" + } + ], + "source_scheme": "https", + "subresource": "worker-classic", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/worker-classic/same-https.downgrade.https.html.headers b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/worker-classic/same-https.downgrade.https.html.headers new file mode 100644 index 00000000000..602d9dc38d0 --- /dev/null +++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/worker-classic/same-https.downgrade.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: upgrade-insecure-requests diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/worker-module/same-http-downgrade.downgrade.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/worker-module/same-http-downgrade.downgrade.https.html new file mode 100644 index 00000000000..3b13bd0ffb1 --- /dev/null +++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/worker-module/same-http-downgrade.downgrade.https.html @@ -0,0 +1,39 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` --> +<html> + <head> + <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title> + <meta charset='utf-8'> + <meta name="description" content="With upgrade-insecure-request"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/"> + <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for worker-module to same-http-downgrade origin and downgrade redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "allowed", + "origin": "same-http-downgrade", + "redirection": "downgrade", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "worker-module" + } + ], + "source_scheme": "https", + "subresource": "worker-module", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/worker-module/same-http-downgrade.downgrade.https.html.headers b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/worker-module/same-http-downgrade.downgrade.https.html.headers new file mode 100644 index 00000000000..602d9dc38d0 --- /dev/null +++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/worker-module/same-http-downgrade.downgrade.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: upgrade-insecure-requests diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/worker-module/same-http-downgrade.no-redirect.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/worker-module/same-http-downgrade.no-redirect.https.html new file mode 100644 index 00000000000..f5bd175493f --- /dev/null +++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/worker-module/same-http-downgrade.no-redirect.https.html @@ -0,0 +1,39 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` --> +<html> + <head> + <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title> + <meta charset='utf-8'> + <meta name="description" content="With upgrade-insecure-request"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/"> + <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for worker-module to same-http-downgrade origin and no-redirect redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "allowed", + "origin": "same-http-downgrade", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "worker-module" + } + ], + "source_scheme": "https", + "subresource": "worker-module", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/worker-module/same-http-downgrade.no-redirect.https.html.headers b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/worker-module/same-http-downgrade.no-redirect.https.html.headers new file mode 100644 index 00000000000..602d9dc38d0 --- /dev/null +++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/worker-module/same-http-downgrade.no-redirect.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: upgrade-insecure-requests diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/worker-module/same-https.downgrade.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/worker-module/same-https.downgrade.https.html new file mode 100644 index 00000000000..1a410c337ad --- /dev/null +++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/worker-module/same-https.downgrade.https.html @@ -0,0 +1,39 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` --> +<html> + <head> + <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title> + <meta charset='utf-8'> + <meta name="description" content="With upgrade-insecure-request"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/"> + <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for worker-module to same-https origin and downgrade redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "allowed", + "origin": "same-https", + "redirection": "downgrade", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "worker-module" + } + ], + "source_scheme": "https", + "subresource": "worker-module", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/worker-module/same-https.downgrade.https.html.headers b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/worker-module/same-https.downgrade.https.html.headers new file mode 100644 index 00000000000..602d9dc38d0 --- /dev/null +++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/worker-module/same-https.downgrade.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: upgrade-insecure-requests diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/xhr/cross-http-downgrade.downgrade.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/xhr/cross-http-downgrade.downgrade.https.html new file mode 100644 index 00000000000..d4c52592813 --- /dev/null +++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/xhr/cross-http-downgrade.downgrade.https.html @@ -0,0 +1,39 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` --> +<html> + <head> + <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title> + <meta charset='utf-8'> + <meta name="description" content="With upgrade-insecure-request"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/"> + <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for xhr to cross-http-downgrade origin and downgrade redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "allowed", + "origin": "cross-http-downgrade", + "redirection": "downgrade", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "worker-module" + } + ], + "source_scheme": "https", + "subresource": "xhr", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/xhr/cross-http-downgrade.downgrade.https.html.headers b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/xhr/cross-http-downgrade.downgrade.https.html.headers new file mode 100644 index 00000000000..602d9dc38d0 --- /dev/null +++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/xhr/cross-http-downgrade.downgrade.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: upgrade-insecure-requests diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/xhr/cross-http-downgrade.no-redirect.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/xhr/cross-http-downgrade.no-redirect.https.html new file mode 100644 index 00000000000..4378941e87b --- /dev/null +++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/xhr/cross-http-downgrade.no-redirect.https.html @@ -0,0 +1,39 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` --> +<html> + <head> + <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title> + <meta charset='utf-8'> + <meta name="description" content="With upgrade-insecure-request"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/"> + <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for xhr to cross-http-downgrade origin and no-redirect redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "allowed", + "origin": "cross-http-downgrade", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "worker-module" + } + ], + "source_scheme": "https", + "subresource": "xhr", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/xhr/cross-http-downgrade.no-redirect.https.html.headers b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/xhr/cross-http-downgrade.no-redirect.https.html.headers new file mode 100644 index 00000000000..602d9dc38d0 --- /dev/null +++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/xhr/cross-http-downgrade.no-redirect.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: upgrade-insecure-requests diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/xhr/cross-https.downgrade.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/xhr/cross-https.downgrade.https.html new file mode 100644 index 00000000000..b278d26aee1 --- /dev/null +++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/xhr/cross-https.downgrade.https.html @@ -0,0 +1,39 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` --> +<html> + <head> + <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title> + <meta charset='utf-8'> + <meta name="description" content="With upgrade-insecure-request"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/"> + <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for xhr to cross-https origin and downgrade redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "allowed", + "origin": "cross-https", + "redirection": "downgrade", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "worker-module" + } + ], + "source_scheme": "https", + "subresource": "xhr", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/xhr/cross-https.downgrade.https.html.headers b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/xhr/cross-https.downgrade.https.html.headers new file mode 100644 index 00000000000..602d9dc38d0 --- /dev/null +++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/xhr/cross-https.downgrade.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: upgrade-insecure-requests diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/xhr/same-http-downgrade.downgrade.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/xhr/same-http-downgrade.downgrade.https.html new file mode 100644 index 00000000000..3220dbc607e --- /dev/null +++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/xhr/same-http-downgrade.downgrade.https.html @@ -0,0 +1,39 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` --> +<html> + <head> + <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title> + <meta charset='utf-8'> + <meta name="description" content="With upgrade-insecure-request"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/"> + <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for xhr to same-http-downgrade origin and downgrade redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "allowed", + "origin": "same-http-downgrade", + "redirection": "downgrade", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "worker-module" + } + ], + "source_scheme": "https", + "subresource": "xhr", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/xhr/same-http-downgrade.downgrade.https.html.headers b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/xhr/same-http-downgrade.downgrade.https.html.headers new file mode 100644 index 00000000000..602d9dc38d0 --- /dev/null +++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/xhr/same-http-downgrade.downgrade.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: upgrade-insecure-requests diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/xhr/same-http-downgrade.no-redirect.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/xhr/same-http-downgrade.no-redirect.https.html new file mode 100644 index 00000000000..5b345af1fb8 --- /dev/null +++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/xhr/same-http-downgrade.no-redirect.https.html @@ -0,0 +1,39 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` --> +<html> + <head> + <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title> + <meta charset='utf-8'> + <meta name="description" content="With upgrade-insecure-request"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/"> + <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for xhr to same-http-downgrade origin and no-redirect redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "allowed", + "origin": "same-http-downgrade", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "worker-module" + } + ], + "source_scheme": "https", + "subresource": "xhr", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/xhr/same-http-downgrade.no-redirect.https.html.headers b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/xhr/same-http-downgrade.no-redirect.https.html.headers new file mode 100644 index 00000000000..602d9dc38d0 --- /dev/null +++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/xhr/same-http-downgrade.no-redirect.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: upgrade-insecure-requests diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/xhr/same-https.downgrade.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/xhr/same-https.downgrade.https.html new file mode 100644 index 00000000000..0b0ed68401b --- /dev/null +++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/xhr/same-https.downgrade.https.html @@ -0,0 +1,39 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` --> +<html> + <head> + <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title> + <meta charset='utf-8'> + <meta name="description" content="With upgrade-insecure-request"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/"> + <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for xhr to same-https origin and downgrade redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "allowed", + "origin": "same-https", + "redirection": "downgrade", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "worker-module" + } + ], + "source_scheme": "https", + "subresource": "xhr", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/xhr/same-https.downgrade.https.html.headers b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/xhr/same-https.downgrade.https.html.headers new file mode 100644 index 00000000000..602d9dc38d0 --- /dev/null +++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/xhr/same-https.downgrade.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: upgrade-insecure-requests diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/unset/fetch/cross-http-downgrade.downgrade.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/unset/fetch/cross-http-downgrade.downgrade.https.html new file mode 100644 index 00000000000..112fae83b06 --- /dev/null +++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/unset/fetch/cross-http-downgrade.downgrade.https.html @@ -0,0 +1,45 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` --> +<html> + <head> + <title>Upgrade-Insecure-Requests: No upgrade-insecure-request</title> + <meta charset='utf-8'> + <meta name="description" content="No upgrade-insecure-request"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/"> + <meta name="assert" content="Upgrade-Insecure-Requests: Expects blocked for fetch to cross-http-downgrade origin and downgrade redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "blocked", + "origin": "cross-http-downgrade", + "redirection": "downgrade", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "http-rp", + "key": "upgradeInsecureRequests", + "value": "upgrade" + } + ], + "sourceContextType": "worker-module" + } + ], + "source_scheme": "https", + "subresource": "fetch", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/unset/fetch/cross-http-downgrade.no-redirect.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/unset/fetch/cross-http-downgrade.no-redirect.https.html new file mode 100644 index 00000000000..b3995f33285 --- /dev/null +++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/unset/fetch/cross-http-downgrade.no-redirect.https.html @@ -0,0 +1,45 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` --> +<html> + <head> + <title>Upgrade-Insecure-Requests: No upgrade-insecure-request</title> + <meta charset='utf-8'> + <meta name="description" content="No upgrade-insecure-request"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/"> + <meta name="assert" content="Upgrade-Insecure-Requests: Expects blocked for fetch to cross-http-downgrade origin and no-redirect redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "blocked", + "origin": "cross-http-downgrade", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "http-rp", + "key": "upgradeInsecureRequests", + "value": "upgrade" + } + ], + "sourceContextType": "worker-module" + } + ], + "source_scheme": "https", + "subresource": "fetch", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/unset/fetch/cross-https.downgrade.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/unset/fetch/cross-https.downgrade.https.html new file mode 100644 index 00000000000..643d7d22451 --- /dev/null +++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/unset/fetch/cross-https.downgrade.https.html @@ -0,0 +1,45 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` --> +<html> + <head> + <title>Upgrade-Insecure-Requests: No upgrade-insecure-request</title> + <meta charset='utf-8'> + <meta name="description" content="No upgrade-insecure-request"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/"> + <meta name="assert" content="Upgrade-Insecure-Requests: Expects blocked for fetch to cross-https origin and downgrade redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "blocked", + "origin": "cross-https", + "redirection": "downgrade", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "http-rp", + "key": "upgradeInsecureRequests", + "value": "upgrade" + } + ], + "sourceContextType": "worker-module" + } + ], + "source_scheme": "https", + "subresource": "fetch", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/unset/fetch/same-http-downgrade.downgrade.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/unset/fetch/same-http-downgrade.downgrade.https.html new file mode 100644 index 00000000000..5c7db8f9995 --- /dev/null +++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/unset/fetch/same-http-downgrade.downgrade.https.html @@ -0,0 +1,45 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` --> +<html> + <head> + <title>Upgrade-Insecure-Requests: No upgrade-insecure-request</title> + <meta charset='utf-8'> + <meta name="description" content="No upgrade-insecure-request"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/"> + <meta name="assert" content="Upgrade-Insecure-Requests: Expects blocked for fetch to same-http-downgrade origin and downgrade redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "blocked", + "origin": "same-http-downgrade", + "redirection": "downgrade", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "http-rp", + "key": "upgradeInsecureRequests", + "value": "upgrade" + } + ], + "sourceContextType": "worker-module" + } + ], + "source_scheme": "https", + "subresource": "fetch", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/unset/fetch/same-http-downgrade.no-redirect.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/unset/fetch/same-http-downgrade.no-redirect.https.html new file mode 100644 index 00000000000..fc1f4c44f87 --- /dev/null +++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/unset/fetch/same-http-downgrade.no-redirect.https.html @@ -0,0 +1,45 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` --> +<html> + <head> + <title>Upgrade-Insecure-Requests: No upgrade-insecure-request</title> + <meta charset='utf-8'> + <meta name="description" content="No upgrade-insecure-request"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/"> + <meta name="assert" content="Upgrade-Insecure-Requests: Expects blocked for fetch to same-http-downgrade origin and no-redirect redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "blocked", + "origin": "same-http-downgrade", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "http-rp", + "key": "upgradeInsecureRequests", + "value": "upgrade" + } + ], + "sourceContextType": "worker-module" + } + ], + "source_scheme": "https", + "subresource": "fetch", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/unset/fetch/same-https.downgrade.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/unset/fetch/same-https.downgrade.https.html new file mode 100644 index 00000000000..bfad8ce5824 --- /dev/null +++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/unset/fetch/same-https.downgrade.https.html @@ -0,0 +1,45 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` --> +<html> + <head> + <title>Upgrade-Insecure-Requests: No upgrade-insecure-request</title> + <meta charset='utf-8'> + <meta name="description" content="No upgrade-insecure-request"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/"> + <meta name="assert" content="Upgrade-Insecure-Requests: Expects blocked for fetch to same-https origin and downgrade redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "blocked", + "origin": "same-https", + "redirection": "downgrade", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "http-rp", + "key": "upgradeInsecureRequests", + "value": "upgrade" + } + ], + "sourceContextType": "worker-module" + } + ], + "source_scheme": "https", + "subresource": "fetch", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/unset/websocket/cross-ws-downgrade.no-redirect.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/unset/websocket/cross-ws-downgrade.no-redirect.https.html new file mode 100644 index 00000000000..5b286c2c85d --- /dev/null +++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/unset/websocket/cross-ws-downgrade.no-redirect.https.html @@ -0,0 +1,45 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` --> +<html> + <head> + <title>Upgrade-Insecure-Requests: No upgrade-insecure-request</title> + <meta charset='utf-8'> + <meta name="description" content="No upgrade-insecure-request"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/"> + <meta name="assert" content="Upgrade-Insecure-Requests: Expects blocked for websocket to cross-ws-downgrade origin and no-redirect redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "blocked", + "origin": "cross-ws-downgrade", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "http-rp", + "key": "upgradeInsecureRequests", + "value": "upgrade" + } + ], + "sourceContextType": "worker-module" + } + ], + "source_scheme": "https", + "subresource": "websocket", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/unset/websocket/same-ws-downgrade.no-redirect.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/unset/websocket/same-ws-downgrade.no-redirect.https.html new file mode 100644 index 00000000000..b257b62b377 --- /dev/null +++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/unset/websocket/same-ws-downgrade.no-redirect.https.html @@ -0,0 +1,45 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` --> +<html> + <head> + <title>Upgrade-Insecure-Requests: No upgrade-insecure-request</title> + <meta charset='utf-8'> + <meta name="description" content="No upgrade-insecure-request"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/"> + <meta name="assert" content="Upgrade-Insecure-Requests: Expects blocked for websocket to same-ws-downgrade origin and no-redirect redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "blocked", + "origin": "same-ws-downgrade", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "http-rp", + "key": "upgradeInsecureRequests", + "value": "upgrade" + } + ], + "sourceContextType": "worker-module" + } + ], + "source_scheme": "https", + "subresource": "websocket", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/unset/worker-classic/same-http-downgrade.downgrade.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/unset/worker-classic/same-http-downgrade.downgrade.https.html new file mode 100644 index 00000000000..41edcee9134 --- /dev/null +++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/unset/worker-classic/same-http-downgrade.downgrade.https.html @@ -0,0 +1,45 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` --> +<html> + <head> + <title>Upgrade-Insecure-Requests: No upgrade-insecure-request</title> + <meta charset='utf-8'> + <meta name="description" content="No upgrade-insecure-request"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/"> + <meta name="assert" content="Upgrade-Insecure-Requests: Expects blocked for worker-classic to same-http-downgrade origin and downgrade redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "blocked", + "origin": "same-http-downgrade", + "redirection": "downgrade", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "http-rp", + "key": "upgradeInsecureRequests", + "value": "upgrade" + } + ], + "sourceContextType": "worker-module" + } + ], + "source_scheme": "https", + "subresource": "worker-classic", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/unset/worker-classic/same-http-downgrade.no-redirect.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/unset/worker-classic/same-http-downgrade.no-redirect.https.html new file mode 100644 index 00000000000..c8f80ea5f8e --- /dev/null +++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/unset/worker-classic/same-http-downgrade.no-redirect.https.html @@ -0,0 +1,45 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` --> +<html> + <head> + <title>Upgrade-Insecure-Requests: No upgrade-insecure-request</title> + <meta charset='utf-8'> + <meta name="description" content="No upgrade-insecure-request"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/"> + <meta name="assert" content="Upgrade-Insecure-Requests: Expects blocked for worker-classic to same-http-downgrade origin and no-redirect redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "blocked", + "origin": "same-http-downgrade", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "http-rp", + "key": "upgradeInsecureRequests", + "value": "upgrade" + } + ], + "sourceContextType": "worker-module" + } + ], + "source_scheme": "https", + "subresource": "worker-classic", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/unset/worker-classic/same-https.downgrade.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/unset/worker-classic/same-https.downgrade.https.html new file mode 100644 index 00000000000..e62b99cfe0c --- /dev/null +++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/unset/worker-classic/same-https.downgrade.https.html @@ -0,0 +1,45 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` --> +<html> + <head> + <title>Upgrade-Insecure-Requests: No upgrade-insecure-request</title> + <meta charset='utf-8'> + <meta name="description" content="No upgrade-insecure-request"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/"> + <meta name="assert" content="Upgrade-Insecure-Requests: Expects blocked for worker-classic to same-https origin and downgrade redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "blocked", + "origin": "same-https", + "redirection": "downgrade", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "http-rp", + "key": "upgradeInsecureRequests", + "value": "upgrade" + } + ], + "sourceContextType": "worker-module" + } + ], + "source_scheme": "https", + "subresource": "worker-classic", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/unset/worker-module/same-http-downgrade.downgrade.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/unset/worker-module/same-http-downgrade.downgrade.https.html new file mode 100644 index 00000000000..9ae603af956 --- /dev/null +++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/unset/worker-module/same-http-downgrade.downgrade.https.html @@ -0,0 +1,45 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` --> +<html> + <head> + <title>Upgrade-Insecure-Requests: No upgrade-insecure-request</title> + <meta charset='utf-8'> + <meta name="description" content="No upgrade-insecure-request"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/"> + <meta name="assert" content="Upgrade-Insecure-Requests: Expects blocked for worker-module to same-http-downgrade origin and downgrade redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "blocked", + "origin": "same-http-downgrade", + "redirection": "downgrade", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "http-rp", + "key": "upgradeInsecureRequests", + "value": "upgrade" + } + ], + "sourceContextType": "worker-module" + } + ], + "source_scheme": "https", + "subresource": "worker-module", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/unset/worker-module/same-http-downgrade.no-redirect.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/unset/worker-module/same-http-downgrade.no-redirect.https.html new file mode 100644 index 00000000000..fa6db2386ff --- /dev/null +++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/unset/worker-module/same-http-downgrade.no-redirect.https.html @@ -0,0 +1,45 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` --> +<html> + <head> + <title>Upgrade-Insecure-Requests: No upgrade-insecure-request</title> + <meta charset='utf-8'> + <meta name="description" content="No upgrade-insecure-request"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/"> + <meta name="assert" content="Upgrade-Insecure-Requests: Expects blocked for worker-module to same-http-downgrade origin and no-redirect redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "blocked", + "origin": "same-http-downgrade", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "http-rp", + "key": "upgradeInsecureRequests", + "value": "upgrade" + } + ], + "sourceContextType": "worker-module" + } + ], + "source_scheme": "https", + "subresource": "worker-module", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/unset/worker-module/same-https.downgrade.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/unset/worker-module/same-https.downgrade.https.html new file mode 100644 index 00000000000..67db42fbaf7 --- /dev/null +++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/unset/worker-module/same-https.downgrade.https.html @@ -0,0 +1,45 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` --> +<html> + <head> + <title>Upgrade-Insecure-Requests: No upgrade-insecure-request</title> + <meta charset='utf-8'> + <meta name="description" content="No upgrade-insecure-request"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/"> + <meta name="assert" content="Upgrade-Insecure-Requests: Expects blocked for worker-module to same-https origin and downgrade redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "blocked", + "origin": "same-https", + "redirection": "downgrade", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "http-rp", + "key": "upgradeInsecureRequests", + "value": "upgrade" + } + ], + "sourceContextType": "worker-module" + } + ], + "source_scheme": "https", + "subresource": "worker-module", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/unset/xhr/cross-http-downgrade.downgrade.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/unset/xhr/cross-http-downgrade.downgrade.https.html new file mode 100644 index 00000000000..fd8f1d45ccd --- /dev/null +++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/unset/xhr/cross-http-downgrade.downgrade.https.html @@ -0,0 +1,45 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` --> +<html> + <head> + <title>Upgrade-Insecure-Requests: No upgrade-insecure-request</title> + <meta charset='utf-8'> + <meta name="description" content="No upgrade-insecure-request"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/"> + <meta name="assert" content="Upgrade-Insecure-Requests: Expects blocked for xhr to cross-http-downgrade origin and downgrade redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "blocked", + "origin": "cross-http-downgrade", + "redirection": "downgrade", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "http-rp", + "key": "upgradeInsecureRequests", + "value": "upgrade" + } + ], + "sourceContextType": "worker-module" + } + ], + "source_scheme": "https", + "subresource": "xhr", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/unset/xhr/cross-http-downgrade.no-redirect.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/unset/xhr/cross-http-downgrade.no-redirect.https.html new file mode 100644 index 00000000000..79a1cc703c9 --- /dev/null +++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/unset/xhr/cross-http-downgrade.no-redirect.https.html @@ -0,0 +1,45 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` --> +<html> + <head> + <title>Upgrade-Insecure-Requests: No upgrade-insecure-request</title> + <meta charset='utf-8'> + <meta name="description" content="No upgrade-insecure-request"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/"> + <meta name="assert" content="Upgrade-Insecure-Requests: Expects blocked for xhr to cross-http-downgrade origin and no-redirect redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "blocked", + "origin": "cross-http-downgrade", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "http-rp", + "key": "upgradeInsecureRequests", + "value": "upgrade" + } + ], + "sourceContextType": "worker-module" + } + ], + "source_scheme": "https", + "subresource": "xhr", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/unset/xhr/cross-https.downgrade.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/unset/xhr/cross-https.downgrade.https.html new file mode 100644 index 00000000000..9d851b1cbe6 --- /dev/null +++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/unset/xhr/cross-https.downgrade.https.html @@ -0,0 +1,45 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` --> +<html> + <head> + <title>Upgrade-Insecure-Requests: No upgrade-insecure-request</title> + <meta charset='utf-8'> + <meta name="description" content="No upgrade-insecure-request"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/"> + <meta name="assert" content="Upgrade-Insecure-Requests: Expects blocked for xhr to cross-https origin and downgrade redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "blocked", + "origin": "cross-https", + "redirection": "downgrade", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "http-rp", + "key": "upgradeInsecureRequests", + "value": "upgrade" + } + ], + "sourceContextType": "worker-module" + } + ], + "source_scheme": "https", + "subresource": "xhr", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/unset/xhr/same-http-downgrade.downgrade.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/unset/xhr/same-http-downgrade.downgrade.https.html new file mode 100644 index 00000000000..c5fd0128ae1 --- /dev/null +++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/unset/xhr/same-http-downgrade.downgrade.https.html @@ -0,0 +1,45 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` --> +<html> + <head> + <title>Upgrade-Insecure-Requests: No upgrade-insecure-request</title> + <meta charset='utf-8'> + <meta name="description" content="No upgrade-insecure-request"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/"> + <meta name="assert" content="Upgrade-Insecure-Requests: Expects blocked for xhr to same-http-downgrade origin and downgrade redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "blocked", + "origin": "same-http-downgrade", + "redirection": "downgrade", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "http-rp", + "key": "upgradeInsecureRequests", + "value": "upgrade" + } + ], + "sourceContextType": "worker-module" + } + ], + "source_scheme": "https", + "subresource": "xhr", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/unset/xhr/same-http-downgrade.no-redirect.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/unset/xhr/same-http-downgrade.no-redirect.https.html new file mode 100644 index 00000000000..f3d42434214 --- /dev/null +++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/unset/xhr/same-http-downgrade.no-redirect.https.html @@ -0,0 +1,45 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` --> +<html> + <head> + <title>Upgrade-Insecure-Requests: No upgrade-insecure-request</title> + <meta charset='utf-8'> + <meta name="description" content="No upgrade-insecure-request"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/"> + <meta name="assert" content="Upgrade-Insecure-Requests: Expects blocked for xhr to same-http-downgrade origin and no-redirect redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "blocked", + "origin": "same-http-downgrade", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "http-rp", + "key": "upgradeInsecureRequests", + "value": "upgrade" + } + ], + "sourceContextType": "worker-module" + } + ], + "source_scheme": "https", + "subresource": "xhr", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/unset/xhr/same-https.downgrade.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/unset/xhr/same-https.downgrade.https.html new file mode 100644 index 00000000000..d220e187293 --- /dev/null +++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/unset/xhr/same-https.downgrade.https.html @@ -0,0 +1,45 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` --> +<html> + <head> + <title>Upgrade-Insecure-Requests: No upgrade-insecure-request</title> + <meta charset='utf-8'> + <meta name="description" content="No upgrade-insecure-request"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/"> + <meta name="assert" content="Upgrade-Insecure-Requests: Expects blocked for xhr to same-https origin and downgrade redirection from https context."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "blocked", + "origin": "same-https", + "redirection": "downgrade", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "http-rp", + "key": "upgradeInsecureRequests", + "value": "upgrade" + } + ], + "sourceContextType": "worker-module" + } + ], + "source_scheme": "https", + "subresource": "xhr", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/upgrade/fetch/cross-http-downgrade.downgrade.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/upgrade/fetch/cross-http-downgrade.downgrade.https.html new file mode 100644 index 00000000000..fe3315e93c5 --- /dev/null +++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/upgrade/fetch/cross-http-downgrade.downgrade.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` --> +<html> + <head> + <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title> + <meta charset='utf-8'> + <meta name="description" content="With upgrade-insecure-request"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/"> + <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for fetch to cross-http-downgrade origin and downgrade redirection from https context."> + <meta http-equiv="Content-Security-Policy" content="upgrade-insecure-requests"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "allowed", + "origin": "cross-http-downgrade", + "redirection": "downgrade", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "worker-module" + } + ], + "source_scheme": "https", + "subresource": "fetch", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/upgrade/fetch/cross-http-downgrade.no-redirect.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/upgrade/fetch/cross-http-downgrade.no-redirect.https.html new file mode 100644 index 00000000000..2b116132a69 --- /dev/null +++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/upgrade/fetch/cross-http-downgrade.no-redirect.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` --> +<html> + <head> + <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title> + <meta charset='utf-8'> + <meta name="description" content="With upgrade-insecure-request"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/"> + <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for fetch to cross-http-downgrade origin and no-redirect redirection from https context."> + <meta http-equiv="Content-Security-Policy" content="upgrade-insecure-requests"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "allowed", + "origin": "cross-http-downgrade", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "worker-module" + } + ], + "source_scheme": "https", + "subresource": "fetch", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/upgrade/fetch/cross-https.downgrade.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/upgrade/fetch/cross-https.downgrade.https.html new file mode 100644 index 00000000000..218fe6ea34c --- /dev/null +++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/upgrade/fetch/cross-https.downgrade.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` --> +<html> + <head> + <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title> + <meta charset='utf-8'> + <meta name="description" content="With upgrade-insecure-request"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/"> + <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for fetch to cross-https origin and downgrade redirection from https context."> + <meta http-equiv="Content-Security-Policy" content="upgrade-insecure-requests"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "allowed", + "origin": "cross-https", + "redirection": "downgrade", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "worker-module" + } + ], + "source_scheme": "https", + "subresource": "fetch", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/upgrade/fetch/same-http-downgrade.downgrade.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/upgrade/fetch/same-http-downgrade.downgrade.https.html new file mode 100644 index 00000000000..940801d887c --- /dev/null +++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/upgrade/fetch/same-http-downgrade.downgrade.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` --> +<html> + <head> + <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title> + <meta charset='utf-8'> + <meta name="description" content="With upgrade-insecure-request"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/"> + <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for fetch to same-http-downgrade origin and downgrade redirection from https context."> + <meta http-equiv="Content-Security-Policy" content="upgrade-insecure-requests"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "allowed", + "origin": "same-http-downgrade", + "redirection": "downgrade", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "worker-module" + } + ], + "source_scheme": "https", + "subresource": "fetch", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/upgrade/fetch/same-http-downgrade.no-redirect.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/upgrade/fetch/same-http-downgrade.no-redirect.https.html new file mode 100644 index 00000000000..7cf5065260c --- /dev/null +++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/upgrade/fetch/same-http-downgrade.no-redirect.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` --> +<html> + <head> + <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title> + <meta charset='utf-8'> + <meta name="description" content="With upgrade-insecure-request"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/"> + <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for fetch to same-http-downgrade origin and no-redirect redirection from https context."> + <meta http-equiv="Content-Security-Policy" content="upgrade-insecure-requests"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "allowed", + "origin": "same-http-downgrade", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "worker-module" + } + ], + "source_scheme": "https", + "subresource": "fetch", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/upgrade/fetch/same-https.downgrade.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/upgrade/fetch/same-https.downgrade.https.html new file mode 100644 index 00000000000..4074faa3ef2 --- /dev/null +++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/upgrade/fetch/same-https.downgrade.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` --> +<html> + <head> + <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title> + <meta charset='utf-8'> + <meta name="description" content="With upgrade-insecure-request"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/"> + <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for fetch to same-https origin and downgrade redirection from https context."> + <meta http-equiv="Content-Security-Policy" content="upgrade-insecure-requests"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "allowed", + "origin": "same-https", + "redirection": "downgrade", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "worker-module" + } + ], + "source_scheme": "https", + "subresource": "fetch", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/upgrade/websocket/cross-ws-downgrade.no-redirect.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/upgrade/websocket/cross-ws-downgrade.no-redirect.https.html new file mode 100644 index 00000000000..10244a37560 --- /dev/null +++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/upgrade/websocket/cross-ws-downgrade.no-redirect.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` --> +<html> + <head> + <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title> + <meta charset='utf-8'> + <meta name="description" content="With upgrade-insecure-request"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/"> + <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for websocket to cross-ws-downgrade origin and no-redirect redirection from https context."> + <meta http-equiv="Content-Security-Policy" content="upgrade-insecure-requests"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "allowed", + "origin": "cross-ws-downgrade", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "worker-module" + } + ], + "source_scheme": "https", + "subresource": "websocket", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/upgrade/websocket/same-ws-downgrade.no-redirect.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/upgrade/websocket/same-ws-downgrade.no-redirect.https.html new file mode 100644 index 00000000000..87fc5f47dfa --- /dev/null +++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/upgrade/websocket/same-ws-downgrade.no-redirect.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` --> +<html> + <head> + <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title> + <meta charset='utf-8'> + <meta name="description" content="With upgrade-insecure-request"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/"> + <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for websocket to same-ws-downgrade origin and no-redirect redirection from https context."> + <meta http-equiv="Content-Security-Policy" content="upgrade-insecure-requests"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "allowed", + "origin": "same-ws-downgrade", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "worker-module" + } + ], + "source_scheme": "https", + "subresource": "websocket", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/upgrade/worker-classic/same-http-downgrade.downgrade.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/upgrade/worker-classic/same-http-downgrade.downgrade.https.html new file mode 100644 index 00000000000..47530942a20 --- /dev/null +++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/upgrade/worker-classic/same-http-downgrade.downgrade.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` --> +<html> + <head> + <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title> + <meta charset='utf-8'> + <meta name="description" content="With upgrade-insecure-request"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/"> + <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for worker-classic to same-http-downgrade origin and downgrade redirection from https context."> + <meta http-equiv="Content-Security-Policy" content="upgrade-insecure-requests"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "allowed", + "origin": "same-http-downgrade", + "redirection": "downgrade", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "worker-module" + } + ], + "source_scheme": "https", + "subresource": "worker-classic", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/upgrade/worker-classic/same-http-downgrade.no-redirect.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/upgrade/worker-classic/same-http-downgrade.no-redirect.https.html new file mode 100644 index 00000000000..b663ecb63ef --- /dev/null +++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/upgrade/worker-classic/same-http-downgrade.no-redirect.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` --> +<html> + <head> + <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title> + <meta charset='utf-8'> + <meta name="description" content="With upgrade-insecure-request"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/"> + <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for worker-classic to same-http-downgrade origin and no-redirect redirection from https context."> + <meta http-equiv="Content-Security-Policy" content="upgrade-insecure-requests"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "allowed", + "origin": "same-http-downgrade", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "worker-module" + } + ], + "source_scheme": "https", + "subresource": "worker-classic", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/upgrade/worker-classic/same-https.downgrade.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/upgrade/worker-classic/same-https.downgrade.https.html new file mode 100644 index 00000000000..c9a3b86de32 --- /dev/null +++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/upgrade/worker-classic/same-https.downgrade.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` --> +<html> + <head> + <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title> + <meta charset='utf-8'> + <meta name="description" content="With upgrade-insecure-request"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/"> + <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for worker-classic to same-https origin and downgrade redirection from https context."> + <meta http-equiv="Content-Security-Policy" content="upgrade-insecure-requests"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "allowed", + "origin": "same-https", + "redirection": "downgrade", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "worker-module" + } + ], + "source_scheme": "https", + "subresource": "worker-classic", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/upgrade/worker-module/same-http-downgrade.downgrade.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/upgrade/worker-module/same-http-downgrade.downgrade.https.html new file mode 100644 index 00000000000..f6845c74475 --- /dev/null +++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/upgrade/worker-module/same-http-downgrade.downgrade.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` --> +<html> + <head> + <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title> + <meta charset='utf-8'> + <meta name="description" content="With upgrade-insecure-request"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/"> + <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for worker-module to same-http-downgrade origin and downgrade redirection from https context."> + <meta http-equiv="Content-Security-Policy" content="upgrade-insecure-requests"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "allowed", + "origin": "same-http-downgrade", + "redirection": "downgrade", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "worker-module" + } + ], + "source_scheme": "https", + "subresource": "worker-module", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/upgrade/worker-module/same-http-downgrade.no-redirect.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/upgrade/worker-module/same-http-downgrade.no-redirect.https.html new file mode 100644 index 00000000000..15b88d596ae --- /dev/null +++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/upgrade/worker-module/same-http-downgrade.no-redirect.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` --> +<html> + <head> + <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title> + <meta charset='utf-8'> + <meta name="description" content="With upgrade-insecure-request"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/"> + <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for worker-module to same-http-downgrade origin and no-redirect redirection from https context."> + <meta http-equiv="Content-Security-Policy" content="upgrade-insecure-requests"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "allowed", + "origin": "same-http-downgrade", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "worker-module" + } + ], + "source_scheme": "https", + "subresource": "worker-module", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/upgrade/worker-module/same-https.downgrade.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/upgrade/worker-module/same-https.downgrade.https.html new file mode 100644 index 00000000000..ee73df98a2e --- /dev/null +++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/upgrade/worker-module/same-https.downgrade.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` --> +<html> + <head> + <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title> + <meta charset='utf-8'> + <meta name="description" content="With upgrade-insecure-request"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/"> + <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for worker-module to same-https origin and downgrade redirection from https context."> + <meta http-equiv="Content-Security-Policy" content="upgrade-insecure-requests"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "allowed", + "origin": "same-https", + "redirection": "downgrade", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "worker-module" + } + ], + "source_scheme": "https", + "subresource": "worker-module", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/upgrade/xhr/cross-http-downgrade.downgrade.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/upgrade/xhr/cross-http-downgrade.downgrade.https.html new file mode 100644 index 00000000000..496e66122cf --- /dev/null +++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/upgrade/xhr/cross-http-downgrade.downgrade.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` --> +<html> + <head> + <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title> + <meta charset='utf-8'> + <meta name="description" content="With upgrade-insecure-request"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/"> + <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for xhr to cross-http-downgrade origin and downgrade redirection from https context."> + <meta http-equiv="Content-Security-Policy" content="upgrade-insecure-requests"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "allowed", + "origin": "cross-http-downgrade", + "redirection": "downgrade", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "worker-module" + } + ], + "source_scheme": "https", + "subresource": "xhr", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/upgrade/xhr/cross-http-downgrade.no-redirect.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/upgrade/xhr/cross-http-downgrade.no-redirect.https.html new file mode 100644 index 00000000000..97f71307056 --- /dev/null +++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/upgrade/xhr/cross-http-downgrade.no-redirect.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` --> +<html> + <head> + <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title> + <meta charset='utf-8'> + <meta name="description" content="With upgrade-insecure-request"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/"> + <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for xhr to cross-http-downgrade origin and no-redirect redirection from https context."> + <meta http-equiv="Content-Security-Policy" content="upgrade-insecure-requests"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "allowed", + "origin": "cross-http-downgrade", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "worker-module" + } + ], + "source_scheme": "https", + "subresource": "xhr", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/upgrade/xhr/cross-https.downgrade.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/upgrade/xhr/cross-https.downgrade.https.html new file mode 100644 index 00000000000..3b9fa3d655b --- /dev/null +++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/upgrade/xhr/cross-https.downgrade.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` --> +<html> + <head> + <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title> + <meta charset='utf-8'> + <meta name="description" content="With upgrade-insecure-request"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/"> + <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for xhr to cross-https origin and downgrade redirection from https context."> + <meta http-equiv="Content-Security-Policy" content="upgrade-insecure-requests"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "allowed", + "origin": "cross-https", + "redirection": "downgrade", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "worker-module" + } + ], + "source_scheme": "https", + "subresource": "xhr", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/upgrade/xhr/same-http-downgrade.downgrade.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/upgrade/xhr/same-http-downgrade.downgrade.https.html new file mode 100644 index 00000000000..3e1d82ab639 --- /dev/null +++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/upgrade/xhr/same-http-downgrade.downgrade.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` --> +<html> + <head> + <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title> + <meta charset='utf-8'> + <meta name="description" content="With upgrade-insecure-request"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/"> + <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for xhr to same-http-downgrade origin and downgrade redirection from https context."> + <meta http-equiv="Content-Security-Policy" content="upgrade-insecure-requests"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "allowed", + "origin": "same-http-downgrade", + "redirection": "downgrade", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "worker-module" + } + ], + "source_scheme": "https", + "subresource": "xhr", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/upgrade/xhr/same-http-downgrade.no-redirect.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/upgrade/xhr/same-http-downgrade.no-redirect.https.html new file mode 100644 index 00000000000..8990d9e9515 --- /dev/null +++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/upgrade/xhr/same-http-downgrade.no-redirect.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` --> +<html> + <head> + <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title> + <meta charset='utf-8'> + <meta name="description" content="With upgrade-insecure-request"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/"> + <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for xhr to same-http-downgrade origin and no-redirect redirection from https context."> + <meta http-equiv="Content-Security-Policy" content="upgrade-insecure-requests"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "allowed", + "origin": "same-http-downgrade", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "worker-module" + } + ], + "source_scheme": "https", + "subresource": "xhr", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/upgrade/xhr/same-https.downgrade.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/upgrade/xhr/same-https.downgrade.https.html new file mode 100644 index 00000000000..cb7f651df88 --- /dev/null +++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/upgrade/xhr/same-https.downgrade.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` --> +<html> + <head> + <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title> + <meta charset='utf-8'> + <meta name="description" content="With upgrade-insecure-request"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/"> + <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for xhr to same-https origin and downgrade redirection from https context."> + <meta http-equiv="Content-Security-Policy" content="upgrade-insecure-requests"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + { + "expectation": "allowed", + "origin": "same-https", + "redirection": "downgrade", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "worker-module" + } + ], + "source_scheme": "https", + "subresource": "xhr", + "subresource_policy_deliveries": [] + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/generic/spec_json.js b/tests/wpt/web-platform-tests/upgrade-insecure-requests/generic/spec_json.js index c0ef9714895..fa9ace46dcb 100644 --- a/tests/wpt/web-platform-tests/upgrade-insecure-requests/generic/spec_json.js +++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/generic/spec_json.js @@ -1 +1 @@ -var SPEC_JSON = {"selection_pattern": "%(source_context_list)s.%(delivery_type)s/%(delivery_value)s/%(subresource)s/%(origin)s.%(redirection)s.%(source_scheme)s", "test_file_path_pattern": "gen/%(source_context_list)s.%(delivery_type)s/%(delivery_value)s/%(subresource)s/%(origin)s.%(redirection)s.%(source_scheme)s.html", "excluded_tests": [{"name": "Workers are same-origin only", "expansion": "*", "source_scheme": "*", "source_context_list": "*", "delivery_type": "*", "delivery_value": "*", "redirection": "*", "subresource": ["worker-classic", "worker-module", "sharedworker-classic", "sharedworker-module"], "origin": ["cross-https", "cross-http", "cross-http-downgrade", "cross-wss", "cross-ws", "cross-ws-downgrade"], "expectation": "*"}, {"name": "Workers are same-origin only (redirects)", "expansion": "*", "source_scheme": "*", "source_context_list": "*", "delivery_type": "*", "delivery_value": "*", "redirection": ["swap-origin", "swap-scheme"], "subresource": ["worker-classic", "worker-module", "sharedworker-classic", "sharedworker-module"], "origin": "*", "expectation": "*"}, {"name": "Websockets are ws/wss-only", "expansion": "*", "source_scheme": "*", "source_context_list": "*", "delivery_type": "*", "delivery_value": "*", "redirection": "*", "subresource": "websocket", "origin": ["same-https", "same-http", "same-http-downgrade", "cross-https", "cross-http", "cross-http-downgrade"], "expectation": "*"}, {"name": "Websockets are no-redirect only", "expansion": "*", "source_scheme": "*", "source_context_list": "*", "delivery_type": "*", "delivery_value": "*", "redirection": ["keep-origin", "swap-origin", "keep-scheme", "swap-scheme", "downgrade"], "subresource": "websocket", "origin": "*", "expectation": "*"}, {"name": "ws/wss are websocket-only", "expansion": "*", "source_scheme": "*", "source_context_list": "*", "delivery_type": "*", "delivery_value": "*", "redirection": "*", "subresource": ["area-tag", "a-tag", "fetch", "iframe-tag", "img-tag", "script-tag", "sharedworker-classic", "sharedworker-import-data", "sharedworker-module", "worker-classic", "worker-import-data", "worker-module", "worklet-animation", "worklet-animation-import-data", "worklet-audio", "worklet-audio-import-data", "worklet-layout", "worklet-layout-import-data", "worklet-paint", "worklet-paint-import-data", "xhr"], "origin": ["same-wss", "same-ws", "same-ws-downgrade", "cross-wss", "cross-ws", "cross-ws-downgrade"], "expectation": "*"}, {"name": "Omit secure requests", "expansion": "*", "source_scheme": "*", "source_context_list": "*", "delivery_type": "*", "delivery_value": "*", "redirection": "no-redirect", "subresource": "*", "origin": ["same-https", "cross-https", "same-wss", "cross-wss"], "expectation": "allowed"}, {"name": "For inheriting tests skip http-rp because we already have <meta> tests", "expansion": "*", "source_scheme": "*", "source_context_list": ["srcdoc-inherit", "iframe-blank-inherit", "worker-classic-data"], "delivery_type": "http-rp", "delivery_value": "*", "redirection": "*", "subresource": "*", "origin": "*", "expectation": "*"}, {"name": "source_context_list values not yet tested", "expansion": "*", "source_scheme": "*", "source_context_list": ["req", "srcdoc", "iframe", "worker-classic", "worker-module", "worker-module-data", "sharedworker-classic-data", "sharedworker-module-data"], "delivery_type": "*", "delivery_value": "*", "redirection": "*", "subresource": "*", "origin": "*", "expectation": "*"}, {"name": "subresource values not yet tested", "expansion": "*", "source_scheme": "*", "source_context_list": "*", "delivery_type": "*", "delivery_value": "*", "redirection": "*", "subresource": ["a-tag", "area-tag", "audio-tag", "beacon", "link-css-tag", "link-prefetch-tag", "object-tag", "picture-tag", "script-tag", "video-tag"], "origin": "*", "expectation": "*"}, {"name": "origins that upgrade-insecure-requests tests don't care", "expansion": "*", "source_scheme": "*", "source_context_list": "*", "delivery_type": "*", "delivery_value": "*", "redirection": "*", "origin": ["same-http", "cross-http", "same-ws", "cross-ws"], "subresource": "*", "expectation": "*"}, {"name": "redirections that upgrade-insecure-requests tests don't care", "expansion": "*", "source_scheme": "*", "source_context_list": "*", "delivery_type": "*", "delivery_value": "*", "redirection": ["keep-origin", "swap-origin", "keep-scheme", "swap-scheme"], "origin": "*", "subresource": "*", "expectation": "*"}], "source_context_schema": {"supported_subresource": {"top": "*", "iframe": "*", "iframe-blank": "*", "srcdoc": "*", "worker-classic": ["xhr", "fetch", "websocket", "worker-classic", "worker-module"], "worker-module": ["xhr", "fetch", "websocket", "worker-classic", "worker-module"], "worker-classic-data": ["xhr", "fetch", "websocket"], "worker-module-data": ["xhr", "fetch", "websocket"], "sharedworker-classic": ["xhr", "fetch", "websocket"], "sharedworker-module": ["xhr", "fetch", "websocket"], "sharedworker-classic-data": ["xhr", "fetch", "websocket"], "sharedworker-module-data": ["xhr", "fetch", "websocket"]}, "supported_delivery_type": {"top": ["http-rp", "meta"], "iframe": ["http-rp", "meta"], "iframe-blank": ["meta"], "srcdoc": ["meta"], "worker-classic": ["http-rp"], "worker-module": ["http-rp"], "worker-classic-data": [], "worker-module-data": [], "sharedworker-classic": ["http-rp"], "sharedworker-module": ["http-rp"], "sharedworker-classic-data": [], "sharedworker-module-data": []}}, "source_context_list_schema": {"top": {"description": "Policy set by the top-level Document", "sourceContextList": [{"sourceContextType": "top", "policyDeliveries": ["policy"]}], "subresourcePolicyDeliveries": []}, "req": {"description": "Subresource request's policy should override Document's policy", "sourceContextList": [{"sourceContextType": "top", "policyDeliveries": ["anotherPolicy"]}], "subresourcePolicyDeliveries": ["nonNullPolicy"]}, "srcdoc-inherit": {"description": "srcdoc iframe without its own policy should inherit parent Document's policy", "sourceContextList": [{"sourceContextType": "top", "policyDeliveries": ["policy"]}, {"sourceContextType": "srcdoc"}], "subresourcePolicyDeliveries": []}, "srcdoc": {"description": "srcdoc iframe's policy should override parent Document's policy", "sourceContextList": [{"sourceContextType": "top", "policyDeliveries": ["anotherPolicy"]}, {"sourceContextType": "srcdoc", "policyDeliveries": ["nonNullPolicy"]}], "subresourcePolicyDeliveries": []}, "iframe": {"description": "external iframe's policy should override parent Document's policy", "sourceContextList": [{"sourceContextType": "top", "policyDeliveries": ["anotherPolicy"]}, {"sourceContextType": "iframe", "policyDeliveries": ["policy"]}], "subresourcePolicyDeliveries": []}, "iframe-blank-inherit": {"description": "blank iframe should inherit parent Document's policy", "sourceContextList": [{"sourceContextType": "top", "policyDeliveries": ["policy"]}, {"sourceContextType": "iframe-blank"}], "subresourcePolicyDeliveries": []}, "worker-classic": {"description": "dedicated workers shouldn't inherit its parent's policy.", "sourceContextList": [{"sourceContextType": "top", "policyDeliveries": ["anotherPolicy"]}, {"sourceContextType": "worker-classic", "policyDeliveries": ["policy"]}], "subresourcePolicyDeliveries": []}, "worker-classic-data": {"description": "data: dedicated workers should inherit its parent's policy.", "sourceContextList": [{"sourceContextType": "top", "policyDeliveries": ["policy"]}, {"sourceContextType": "worker-classic-data", "policyDeliveries": []}], "subresourcePolicyDeliveries": []}, "worker-module": {"description": "dedicated workers shouldn't inherit its parent's policy.", "sourceContextList": [{"sourceContextType": "top", "policyDeliveries": ["anotherPolicy"]}, {"sourceContextType": "worker-module", "policyDeliveries": ["policy"]}], "subresourcePolicyDeliveries": []}, "worker-module-data": {"description": "data: dedicated workers should inherit its parent's policy.", "sourceContextList": [{"sourceContextType": "top", "policyDeliveries": ["policy"]}, {"sourceContextType": "worker-module-data", "policyDeliveries": []}], "subresourcePolicyDeliveries": []}, "sharedworker-classic-data": {"description": "data: shared workers should inherit its parent's policy.", "sourceContextList": [{"sourceContextType": "top", "policyDeliveries": ["policy"]}, {"sourceContextType": "sharedworker-classic-data", "policyDeliveries": []}], "subresourcePolicyDeliveries": []}, "sharedworker-module-data": {"description": "data: shared workers should inherit its parent's policy.", "sourceContextList": [{"sourceContextType": "top", "policyDeliveries": ["policy"]}, {"sourceContextType": "sharedworker-module-data", "policyDeliveries": []}], "subresourcePolicyDeliveries": []}}, "test_expansion_schema": {"expansion": ["default", "override"], "source_scheme": ["http", "https"], "source_context_list": ["top", "req", "srcdoc-inherit", "srcdoc", "iframe", "iframe-blank-inherit", "worker-classic", "worker-classic-data", "worker-module", "worker-module-data", "sharedworker-classic-data", "sharedworker-module-data"], "redirection": ["no-redirect", "keep-origin", "swap-origin", "keep-scheme", "swap-scheme", "downgrade"], "origin": ["same-https", "same-http", "same-http-downgrade", "cross-https", "cross-http", "cross-http-downgrade", "same-wss", "same-ws", "same-ws-downgrade", "cross-wss", "cross-ws", "cross-ws-downgrade"], "subresource": ["a-tag", "area-tag", "audio-tag", "beacon", "fetch", "iframe-tag", "img-tag", "link-css-tag", "link-prefetch-tag", "object-tag", "picture-tag", "script-tag", "sharedworker-classic", "sharedworker-import-data", "sharedworker-module", "video-tag", "websocket", "worker-classic", "worker-import-data", "worker-module", "worklet-animation", "worklet-animation-import-data", "worklet-audio", "worklet-audio-import-data", "worklet-layout", "worklet-layout-import-data", "worklet-paint", "worklet-paint-import-data", "xhr"], "delivery_type": ["http-rp", "meta"], "delivery_value": [null, "upgrade"], "expectation": ["allowed", "blocked"]}, "test_description_template": "Upgrade-Insecure-Requests: Expects %(expectation)s for %(subresource)s to %(origin)s origin and %(redirection)s redirection from %(source_scheme)s context.", "test_page_title_template": "Upgrade-Insecure-Requests: %(title)s", "specification": [{"name": "No upgrade-insecure-request", "title": "No upgrade-insecure-request", "description": "No upgrade-insecure-request", "specification_url": "https://w3c.github.io/webappsec-upgrade-insecure-requests/", "test_expansion": [{"name": "Without upgrade-insecure-request, all requests are blocked ...", "expansion": "default", "source_scheme": "https", "source_context_list": "*", "delivery_type": "meta", "delivery_value": null, "redirection": "*", "subresource": "*", "origin": "*", "expectation": "blocked"}, {"name": "... except for the secure requests listed here", "expansion": "override", "source_scheme": "https", "source_context_list": "*", "delivery_type": "meta", "delivery_value": null, "redirection": "no-redirect", "subresource": "*", "origin": ["same-https", "cross-https", "same-wss", "cross-wss"], "expectation": "allowed"}]}, {"name": "With upgrade-insecure-request", "title": "With upgrade-insecure-request", "description": "With upgrade-insecure-request", "specification_url": "https://w3c.github.io/webappsec-upgrade-insecure-requests/", "test_expansion": [{"name": "With upgrade-insecure-request, all insecure requests are upgraded and allowed.", "expansion": "default", "source_scheme": "https", "source_context_list": "*", "delivery_type": "*", "delivery_value": "upgrade", "redirection": "*", "subresource": "*", "origin": "*", "expectation": "allowed"}]}], "delivery_key": "upgradeInsecureRequests", "subresource_schema": {"supported_delivery_type": {"a-tag": [], "area-tag": [], "audio-tag": [], "beacon": [], "fetch": [], "iframe-tag": [], "img-tag": [], "link-css-tag": [], "link-prefetch-tag": [], "object-tag": [], "picture-tag": [], "script-tag": [], "sharedworker-classic": [], "sharedworker-import-data": [], "sharedworker-module": [], "video-tag": [], "websocket": [], "worker-classic": [], "worker-import-data": [], "worker-module": [], "worklet-animation": [], "worklet-animation-import-data": [], "worklet-audio": [], "worklet-audio-import-data": [], "worklet-layout": [], "worklet-layout-import-data": [], "worklet-paint": [], "worklet-paint-import-data": [], "xhr": []}}}; +var SPEC_JSON = {"selection_pattern": "%(source_context_list)s.%(delivery_type)s/%(delivery_value)s/%(subresource)s/%(origin)s.%(redirection)s.%(source_scheme)s", "test_file_path_pattern": "gen/%(source_context_list)s.%(delivery_type)s/%(delivery_value)s/%(subresource)s/%(origin)s.%(redirection)s.%(source_scheme)s.html", "excluded_tests": [{"name": "Workers are same-origin only", "expansion": "*", "source_scheme": "*", "source_context_list": "*", "delivery_type": "*", "delivery_value": "*", "redirection": "*", "subresource": ["worker-classic", "worker-module", "sharedworker-classic", "sharedworker-module"], "origin": ["cross-https", "cross-http", "cross-http-downgrade", "cross-wss", "cross-ws", "cross-ws-downgrade"], "expectation": "*"}, {"name": "Workers are same-origin only (redirects)", "expansion": "*", "source_scheme": "*", "source_context_list": "*", "delivery_type": "*", "delivery_value": "*", "redirection": ["swap-origin", "swap-scheme"], "subresource": ["worker-classic", "worker-module", "sharedworker-classic", "sharedworker-module"], "origin": "*", "expectation": "*"}, {"name": "Websockets are ws/wss-only", "expansion": "*", "source_scheme": "*", "source_context_list": "*", "delivery_type": "*", "delivery_value": "*", "redirection": "*", "subresource": "websocket", "origin": ["same-https", "same-http", "same-http-downgrade", "cross-https", "cross-http", "cross-http-downgrade"], "expectation": "*"}, {"name": "Websockets are no-redirect only", "expansion": "*", "source_scheme": "*", "source_context_list": "*", "delivery_type": "*", "delivery_value": "*", "redirection": ["keep-origin", "swap-origin", "keep-scheme", "swap-scheme", "downgrade"], "subresource": "websocket", "origin": "*", "expectation": "*"}, {"name": "ws/wss are websocket-only", "expansion": "*", "source_scheme": "*", "source_context_list": "*", "delivery_type": "*", "delivery_value": "*", "redirection": "*", "subresource": ["area-tag", "a-tag", "fetch", "iframe-tag", "img-tag", "script-tag", "sharedworker-classic", "sharedworker-import-data", "sharedworker-module", "worker-classic", "worker-import-data", "worker-module", "worklet-animation", "worklet-animation-import-data", "worklet-audio", "worklet-audio-import-data", "worklet-layout", "worklet-layout-import-data", "worklet-paint", "worklet-paint-import-data", "xhr"], "origin": ["same-wss", "same-ws", "same-ws-downgrade", "cross-wss", "cross-ws", "cross-ws-downgrade"], "expectation": "*"}, {"name": "Omit secure requests", "expansion": "*", "source_scheme": "*", "source_context_list": "*", "delivery_type": "*", "delivery_value": "*", "redirection": "no-redirect", "subresource": "*", "origin": ["same-https", "cross-https", "same-wss", "cross-wss"], "expectation": "allowed"}, {"name": "For inheriting tests skip http-rp because we already have <meta> tests", "expansion": "*", "source_scheme": "*", "source_context_list": ["srcdoc-inherit", "iframe-blank-inherit", "worker-classic-data"], "delivery_type": "http-rp", "delivery_value": "*", "redirection": "*", "subresource": "*", "origin": "*", "expectation": "*"}, {"name": "source_context_list values not yet tested", "expansion": "*", "source_scheme": "*", "source_context_list": ["req", "srcdoc", "iframe", "worker-module-data", "sharedworker-classic-data", "sharedworker-module-data"], "delivery_type": "*", "delivery_value": "*", "redirection": "*", "subresource": "*", "origin": "*", "expectation": "*"}, {"name": "source_context_list values not for CSP tests", "expansion": "*", "source_scheme": "*", "source_context_list": ["worker-classic", "worker-module"], "delivery_type": "*", "delivery_value": "*", "redirection": "*", "subresource": "*", "origin": "*", "expectation": "*"}, {"name": "subresource values not yet tested", "expansion": "*", "source_scheme": "*", "source_context_list": "*", "delivery_type": "*", "delivery_value": "*", "redirection": "*", "subresource": ["a-tag", "area-tag", "audio-tag", "beacon", "link-css-tag", "link-prefetch-tag", "object-tag", "picture-tag", "script-tag", "video-tag"], "origin": "*", "expectation": "*"}, {"name": "origins that upgrade-insecure-requests tests don't care", "expansion": "*", "source_scheme": "*", "source_context_list": "*", "delivery_type": "*", "delivery_value": "*", "redirection": "*", "origin": ["same-http", "cross-http", "same-ws", "cross-ws"], "subresource": "*", "expectation": "*"}, {"name": "redirections that upgrade-insecure-requests tests don't care", "expansion": "*", "source_scheme": "*", "source_context_list": "*", "delivery_type": "*", "delivery_value": "*", "redirection": ["keep-origin", "swap-origin", "keep-scheme", "swap-scheme"], "origin": "*", "subresource": "*", "expectation": "*"}], "source_context_schema": {"supported_subresource": {"top": "*", "iframe": "*", "iframe-blank": "*", "srcdoc": "*", "worker-classic": ["xhr", "fetch", "websocket", "worker-classic", "worker-module"], "worker-module": ["xhr", "fetch", "websocket", "worker-classic", "worker-module"], "worker-classic-data": ["xhr", "fetch", "websocket"], "worker-module-data": ["xhr", "fetch", "websocket"], "sharedworker-classic": ["xhr", "fetch", "websocket"], "sharedworker-module": ["xhr", "fetch", "websocket"], "sharedworker-classic-data": ["xhr", "fetch", "websocket"], "sharedworker-module-data": ["xhr", "fetch", "websocket"]}, "supported_delivery_type": {"top": ["http-rp", "meta"], "iframe": ["http-rp", "meta"], "iframe-blank": ["meta"], "srcdoc": ["meta"], "worker-classic": ["http-rp"], "worker-module": ["http-rp"], "worker-classic-data": [], "worker-module-data": [], "sharedworker-classic": ["http-rp"], "sharedworker-module": ["http-rp"], "sharedworker-classic-data": [], "sharedworker-module-data": []}}, "source_context_list_schema": {"top": {"description": "Policy set by the top-level Document", "sourceContextList": [{"sourceContextType": "top", "policyDeliveries": ["policy"]}], "subresourcePolicyDeliveries": []}, "req": {"description": "Subresource request's policy should override Document's policy", "sourceContextList": [{"sourceContextType": "top", "policyDeliveries": ["anotherPolicy"]}], "subresourcePolicyDeliveries": ["nonNullPolicy"]}, "srcdoc-inherit": {"description": "srcdoc iframe without its own policy should inherit parent Document's policy", "sourceContextList": [{"sourceContextType": "top", "policyDeliveries": ["policy"]}, {"sourceContextType": "srcdoc"}], "subresourcePolicyDeliveries": []}, "srcdoc": {"description": "srcdoc iframe's policy should override parent Document's policy", "sourceContextList": [{"sourceContextType": "top", "policyDeliveries": ["anotherPolicy"]}, {"sourceContextType": "srcdoc", "policyDeliveries": ["nonNullPolicy"]}], "subresourcePolicyDeliveries": []}, "iframe": {"description": "external iframe's policy should override parent Document's policy", "sourceContextList": [{"sourceContextType": "top", "policyDeliveries": ["anotherPolicy"]}, {"sourceContextType": "iframe", "policyDeliveries": ["policy"]}], "subresourcePolicyDeliveries": []}, "iframe-blank-inherit": {"description": "blank iframe should inherit parent Document's policy", "sourceContextList": [{"sourceContextType": "top", "policyDeliveries": ["policy"]}, {"sourceContextType": "iframe-blank"}], "subresourcePolicyDeliveries": []}, "worker-classic": {"description": "dedicated workers shouldn't inherit its parent's policy.", "sourceContextList": [{"sourceContextType": "top", "policyDeliveries": ["anotherPolicy"]}, {"sourceContextType": "worker-classic", "policyDeliveries": ["policy"]}], "subresourcePolicyDeliveries": []}, "worker-classic-inherit": {"description": "dedicated workers should inherit its parent's policy.", "sourceContextList": [{"sourceContextType": "top", "policyDeliveries": ["policy"]}, {"sourceContextType": "worker-classic", "policyDeliveries": ["anotherPolicy"]}], "subresourcePolicyDeliveries": []}, "worker-classic-data": {"description": "data: dedicated workers should inherit its parent's policy.", "sourceContextList": [{"sourceContextType": "top", "policyDeliveries": ["policy"]}, {"sourceContextType": "worker-classic-data", "policyDeliveries": []}], "subresourcePolicyDeliveries": []}, "worker-module": {"description": "dedicated workers shouldn't inherit its parent's policy.", "sourceContextList": [{"sourceContextType": "top", "policyDeliveries": ["anotherPolicy"]}, {"sourceContextType": "worker-module", "policyDeliveries": ["policy"]}], "subresourcePolicyDeliveries": []}, "worker-module-inherit": {"description": "dedicated workers should inherit its parent's policy.", "sourceContextList": [{"sourceContextType": "top", "policyDeliveries": ["policy"]}, {"sourceContextType": "worker-module", "policyDeliveries": ["anotherPolicy"]}], "subresourcePolicyDeliveries": []}, "worker-module-data": {"description": "data: dedicated workers should inherit its parent's policy.", "sourceContextList": [{"sourceContextType": "top", "policyDeliveries": ["policy"]}, {"sourceContextType": "worker-module-data", "policyDeliveries": []}], "subresourcePolicyDeliveries": []}, "sharedworker-classic": {"description": "shared workers shouldn't inherit its parent's policy.", "sourceContextList": [{"sourceContextType": "top", "policyDeliveries": ["anotherPolicy"]}, {"sourceContextType": "sharedworker-classic", "policyDeliveries": ["policy"]}], "subresourcePolicyDeliveries": []}, "sharedworker-classic-data": {"description": "data: shared workers should inherit its parent's policy.", "sourceContextList": [{"sourceContextType": "top", "policyDeliveries": ["policy"]}, {"sourceContextType": "sharedworker-classic-data", "policyDeliveries": []}], "subresourcePolicyDeliveries": []}, "sharedworker-module": {"description": "shared workers shouldn't inherit its parent's policy.", "sourceContextList": [{"sourceContextType": "top", "policyDeliveries": ["anotherPolicy"]}, {"sourceContextType": "sharedworker-module", "policyDeliveries": ["policy"]}], "subresourcePolicyDeliveries": []}, "sharedworker-module-data": {"description": "data: shared workers should inherit its parent's policy.", "sourceContextList": [{"sourceContextType": "top", "policyDeliveries": ["policy"]}, {"sourceContextType": "sharedworker-module-data", "policyDeliveries": []}], "subresourcePolicyDeliveries": []}}, "test_expansion_schema": {"expansion": ["default", "override"], "source_scheme": ["http", "https"], "source_context_list": ["top", "req", "srcdoc-inherit", "srcdoc", "iframe", "iframe-blank-inherit", "worker-classic", "worker-classic-inherit", "worker-classic-data", "worker-module", "worker-module-inherit", "worker-module-data", "sharedworker-classic", "sharedworker-classic-data", "sharedworker-module", "sharedworker-module-data"], "redirection": ["no-redirect", "keep-origin", "swap-origin", "keep-scheme", "swap-scheme", "downgrade"], "origin": ["same-https", "same-http", "same-http-downgrade", "cross-https", "cross-http", "cross-http-downgrade", "same-wss", "same-ws", "same-ws-downgrade", "cross-wss", "cross-ws", "cross-ws-downgrade"], "subresource": ["a-tag", "area-tag", "audio-tag", "beacon", "fetch", "iframe-tag", "img-tag", "link-css-tag", "link-prefetch-tag", "object-tag", "picture-tag", "script-tag", "sharedworker-classic", "sharedworker-import-data", "sharedworker-module", "video-tag", "websocket", "worker-classic", "worker-import-data", "worker-module", "worklet-animation", "worklet-animation-import-data", "worklet-audio", "worklet-audio-import-data", "worklet-layout", "worklet-layout-import-data", "worklet-paint", "worklet-paint-import-data", "xhr"], "delivery_type": ["http-rp", "meta"], "delivery_value": [null, "upgrade"], "expectation": ["allowed", "blocked"]}, "test_description_template": "Upgrade-Insecure-Requests: Expects %(expectation)s for %(subresource)s to %(origin)s origin and %(redirection)s redirection from %(source_scheme)s context.", "test_page_title_template": "Upgrade-Insecure-Requests: %(title)s", "specification": [{"name": "No upgrade-insecure-request", "title": "No upgrade-insecure-request", "description": "No upgrade-insecure-request", "specification_url": "https://w3c.github.io/webappsec-upgrade-insecure-requests/", "test_expansion": [{"name": "Without upgrade-insecure-request, all requests are blocked ...", "expansion": "default", "source_scheme": "https", "source_context_list": "*", "delivery_type": "meta", "delivery_value": null, "redirection": "*", "subresource": "*", "origin": "*", "expectation": "blocked"}, {"name": "... except for the secure requests listed here", "expansion": "override", "source_scheme": "https", "source_context_list": "*", "delivery_type": "meta", "delivery_value": null, "redirection": "no-redirect", "subresource": "*", "origin": ["same-https", "cross-https", "same-wss", "cross-wss"], "expectation": "allowed"}]}, {"name": "With upgrade-insecure-request", "title": "With upgrade-insecure-request", "description": "With upgrade-insecure-request", "specification_url": "https://w3c.github.io/webappsec-upgrade-insecure-requests/", "test_expansion": [{"name": "With upgrade-insecure-request, all insecure requests are upgraded and allowed.", "expansion": "default", "source_scheme": "https", "source_context_list": "*", "delivery_type": "*", "delivery_value": "upgrade", "redirection": "*", "subresource": "*", "origin": "*", "expectation": "allowed"}]}], "delivery_key": "upgradeInsecureRequests", "subresource_schema": {"supported_delivery_type": {"a-tag": [], "area-tag": [], "audio-tag": [], "beacon": [], "fetch": [], "iframe-tag": [], "img-tag": [], "link-css-tag": [], "link-prefetch-tag": [], "object-tag": [], "picture-tag": [], "script-tag": [], "sharedworker-classic": [], "sharedworker-import-data": [], "sharedworker-module": [], "video-tag": [], "websocket": [], "worker-classic": [], "worker-import-data": [], "worker-module": [], "worklet-animation": [], "worklet-animation-import-data": [], "worklet-audio": [], "worklet-audio-import-data": [], "worklet-layout": [], "worklet-layout-import-data": [], "worklet-paint": [], "worklet-paint-import-data": [], "xhr": []}}}; diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/spec.src.json b/tests/wpt/web-platform-tests/upgrade-insecure-requests/spec.src.json index d64315903aa..f5198c31897 100644 --- a/tests/wpt/web-platform-tests/upgrade-insecure-requests/spec.src.json +++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/spec.src.json @@ -103,8 +103,6 @@ "req", "srcdoc", "iframe", - "worker-classic", - "worker-module", "worker-module-data", "sharedworker-classic-data", "sharedworker-module-data" @@ -117,6 +115,21 @@ "expectation": "*" }, { + "name": "source_context_list values not for CSP tests", + "expansion": "*", + "source_scheme": "*", + "source_context_list": [ + "worker-classic", + "worker-module" + ], + "delivery_type": "*", + "delivery_value": "*", + "redirection": "*", + "subresource": "*", + "origin": "*", + "expectation": "*" + }, + { "name": "subresource values not yet tested", "expansion": "*", "source_scheme": "*", diff --git a/tests/wpt/web-platform-tests/web-animations/interfaces/Animatable/animate.html b/tests/wpt/web-platform-tests/web-animations/interfaces/Animatable/animate.html index bfe351250ff..00e68b42962 100644 --- a/tests/wpt/web-platform-tests/web-animations/interfaces/Animatable/animate.html +++ b/tests/wpt/web-platform-tests/web-animations/interfaces/Animatable/animate.html @@ -317,15 +317,17 @@ test(t => { for (const pseudo of [ '', 'before', + ':abc', '::abc', '::placeholder', ]) { test(t => { const div = createDiv(t); - assert_throws_js(TypeError, () => { + assert_throws_dom("SyntaxError", () => { div.animate(null, {pseudoElement: pseudo}); }); - }, `animate() with the invalid pseudoElement '${pseudo}' throws a TypeError`); + }, `animate() with a non-null invalid pseudoElement '${pseudo}' throws a ` + + `SyntaxError`); } </script> diff --git a/tests/wpt/web-platform-tests/web-animations/interfaces/KeyframeEffect/target.html b/tests/wpt/web-platform-tests/web-animations/interfaces/KeyframeEffect/target.html index 6951682c4d8..30b2ee6f0c8 100644 --- a/tests/wpt/web-platform-tests/web-animations/interfaces/KeyframeEffect/target.html +++ b/tests/wpt/web-platform-tests/web-animations/interfaces/KeyframeEffect/target.html @@ -251,14 +251,15 @@ for (const hasContent of [true, false]){ for (const pseudo of [ '', 'before', + ':abc', '::abc', '::placeholder', ]) { test(t => { const effect = new KeyframeEffect(null, gKeyFrames, 100 * MS_PER_SEC); - assert_throws_js(TypeError, () => effect.pseudoElement = pseudo ); - }, `Changing pseudoElement to invalid pseudo-selector '${pseudo}' throws a ` + - `TypeError`); + assert_throws_dom("SyntaxError", () => effect.pseudoElement = pseudo ); + }, `Changing pseudoElement to a non-null invalid pseudo-selector ` + + `'${pseudo}' throws a SyntaxError`); } </script> diff --git a/tests/wpt/web-platform-tests/webrtc/RTCPeerConnection-close.html b/tests/wpt/web-platform-tests/webrtc/RTCPeerConnection-close.html deleted file mode 100644 index 74f816bf3fc..00000000000 --- a/tests/wpt/web-platform-tests/webrtc/RTCPeerConnection-close.html +++ /dev/null @@ -1,18 +0,0 @@ -<!doctype html> -<meta charset=utf-8> -<title>RTCPeerConnection.prototype.close</title> -<script src="/resources/testharness.js"></script> -<script src="/resources/testharnessreport.js"></script> -<script> -'use strict'; - - promise_test(async t => { - const pc = new RTCPeerConnection(); - t.add_cleanup(() => pc.close()); - - pc.onsignalingstatechange = t.unreached_func(); - pc.close(); - assert_true(pc.signalingState === 'closed'); - await new Promise(r => t.step_timeout(r, 100)); - }, 'RTCPeerConnection.close() does not fire signalingstatechange event.'); -</script> diff --git a/tests/wpt/web-platform-tests/webxr/hit-test/ar_hittest_subscription_inputSources.https.html b/tests/wpt/web-platform-tests/webxr/hit-test/ar_hittest_subscription_inputSources.https.html new file mode 100644 index 00000000000..b13d69a0d84 --- /dev/null +++ b/tests/wpt/web-platform-tests/webxr/hit-test/ar_hittest_subscription_inputSources.https.html @@ -0,0 +1,171 @@ +<!DOCTYPE html> +<script src="/resources/testharness.js"></script> +<script src="/resources/testharnessreport.js"></script> +<script src="../resources/webxr_util.js"></script> +<script src="../resources/webxr_test_asserts.js"></script> +<script src="../resources/webxr_test_constants.js"></script> +<script src="../resources/webxr_test_constants_fake_world.js"></script> +<canvas /> + +<script> + +// 1m above world origin. +const VIEWER_ORIGIN_TRANSFORM = { + position: [0, 1, 0], + orientation: [0, 0, 0, 1], +}; + +// 0.25m above world origin. +const FLOOR_ORIGIN_TRANSFORM = { + position: [0, -0.25, 0], + orientation: [0, 0, 0, 1], +}; + +const SCREEN_POINTER_TRANSFORM = { + position: [0, 0, 0], // middle of the screen + orientation: [0, 0, 0, 1] // forward-facing +}; + +const screen_controller_init = { + handedness: "none", + targetRayMode: "screen", + pointerOrigin: SCREEN_POINTER_TRANSFORM, // aka input_from_pointer + profiles: ["generic-touchscreen",] +}; + +const fakeDeviceInitParams = { + supportedModes: ["immersive-ar"], + views: VALID_VIEWS, + floorOrigin: FLOOR_ORIGIN_TRANSFORM, // aka floor_from_mojo + viewerOrigin: VIEWER_ORIGIN_TRANSFORM, // aka mojo_from_viewer + supportedFeatures: ALL_FEATURES, + world: createFakeWorld(5.0, 2.0, 5.0), // see webxr_test_constants_fake_world.js for details +}; + +// Generates a test function given the parameters for the hit test. +// |ray| - ray that will be used to subscribe to hit test. +// |expectedPoses| - array of expected pose objects. The poses should be expressed in local space. +// Null entries in the array mean that the given entry will not be validated. +// |inputFromPointer| - input from pointer transform that will be used as the input source's +// inputFromPointer (aka pointer origin) in subsequent rAF. +// |nextFrameExpectedPoses| - array of expected pose objects. The poses should be expressed in local space. +// Null entries in the array mean that the given entry will not be validated. +let testFunctionGenerator = function(ray, expectedPoses, inputFromPointer, nextFrameExpectedPoses) { + const testFunction = function(session, fakeDeviceController, t) { + return session.requestReferenceSpace('local').then((localRefSpace) => new Promise((resolve, reject) => { + + const input_source_controller = fakeDeviceController.simulateInputSourceConnection(screen_controller_init); + + session.requestAnimationFrame((time, frame) => { + t.step(() => { + assert_equals(session.inputSources.length, 1); + }); + + const input_source = session.inputSources[0]; + const hitTestOptionsInit = { + space: input_source.targetRaySpace, + offsetRay: ray, + }; + + session.requestHitTestSource(hitTestOptionsInit).then((hitTestSource) => { + t.step(() => { + assert_not_equals(hitTestSource, null); + }); + + // We got a hit test source, now get the results in subsequent rAFcb: + session.requestAnimationFrame((time, frame) => { + const results = frame.getHitTestResults(hitTestSource); + + t.step(() => { + assert_equals(results.length, expectedPoses.length); + for(const [index, expectedPose] of expectedPoses.entries()) { + const pose = results[index].getPose(localRefSpace); + assert_true(pose != null, "Each hit test result should have a pose in local space"); + if(expectedPose != null) { + assert_transform_approx_equals(pose.transform, expectedPose, FLOAT_EPSILON, "before-move-pose: "); + } + } + }); + + input_source_controller.setPointerOrigin(inputFromPointer, false); + + session.requestAnimationFrame((time, frame) => { + const results = frame.getHitTestResults(hitTestSource); + + t.step(() => { + assert_equals(results.length, nextFrameExpectedPoses.length); + for(const [index, expectedPose] of nextFrameExpectedPoses.entries()) { + const pose = results[index].getPose(localRefSpace); + assert_true(pose != null, "Each hit test result should have a pose in local space"); + if(expectedPose != null) { + assert_transform_approx_equals(pose.transform, expectedPose, FLOAT_EPSILON, "after-move-pose: "); + } + } + }); + + resolve(); + }); + }); + }); + }); + })); + }; + + return testFunction; +}; + + +// Pose of the first expected hit test result - straight ahead of the input source, viewer-facing. +const pose_1 = { + position: {x: 0.0, y: 1.0, z: -2.5, w: 1.0}, + orientation: {x: 0.0, y: -0.707, z: -0.707, w: 0.0}, + // Hit test API will set Y axis to the surface normal at the intersection point, + // Z axis towards the ray origin and X axis to cross product of Y axis & Z axis. + // If the surface normal and Z axis would be parallel, the hit test API + // will attempt to use `up` vector ([0, 1, 0]) as the Z axis, and if it so happens that Z axis + // and the surface normal would still be parallel, it will use the `right` vector ([1, 0, 0]) as the Z axis. + // In this particular case, `up` vector will work so the resulting pose.orientation + // becomes a rotation around [0, 1, 1] vector by 180 degrees. +}; + +xr_session_promise_test("Ensures subscription to hit test works with an XRSpace from input source - no move", + testFunctionGenerator(new XRRay(), [pose_1], SCREEN_POINTER_TRANSFORM, [pose_1]), + fakeDeviceInitParams, + 'immersive-ar', { 'requiredFeatures': ['hit-test'] }); + +const moved_pointer_transform_1 = { + position: [0, 0, 0], // middle of the screen + orientation: [ 0.707, 0, 0, 0.707 ] // 90 degrees around X axis = facing up +}; + +xr_session_promise_test("Ensures subscription to hit test works with an XRSpace from input source - after move - no results", + testFunctionGenerator(new XRRay(), [pose_1], moved_pointer_transform_1, []), + fakeDeviceInitParams, + 'immersive-ar', { 'requiredFeatures': ['hit-test'] }); + +const pose_2 = { + position: {x: -1.443, y: 1.0, z: -2.5, w: 1.0}, + // Intersection point will be on the same height as the viewer, on the front + // wall. Distance from the front wall to viewer is 2.5m, and we are rotating + // to the left, so X coordinate of the intersection point will be negative + // & equal to -2.5 * tan(30 deg) ~= 1.443m. + orientation: {x: 0.5, y: 0.5, z: 0.5, w: 0.5 }, + // See comment for pose_1.orientation for details. + // In this case, the hit test pose will have Y axis facing towards world's + // positive Z axis ([0,0,1]), Z axis to the right ([1,0,0]) and X axis + // towards world's Y axis ([0,1,0]). + // This is equivalent to the rotation around [1, 1, 1] vector by 120 degrees. +}; + +const moved_pointer_transform_2 = { + position: [0, 0, 0], // middle of the screen + orientation: [ 0, 0.2588, 0, 0.9659 ] // 30 degrees around Y axis = to the left, + // creating 30-60-90 triangle with the front wall +}; + +xr_session_promise_test("Ensures subscription to hit test works with an XRSpace from input source - after move - 1 result", + testFunctionGenerator(new XRRay(), [pose_1], moved_pointer_transform_2, [pose_2]), + fakeDeviceInitParams, + 'immersive-ar', { 'requiredFeatures': ['hit-test'] }); + +</script> diff --git a/tests/wpt/web-platform-tests/webxr/hit-test/ar_hittest_subscription_refSpaces.https.html b/tests/wpt/web-platform-tests/webxr/hit-test/ar_hittest_subscription_refSpaces.https.html index d1ce3154e6c..ecdfab479c7 100644 --- a/tests/wpt/web-platform-tests/webxr/hit-test/ar_hittest_subscription_refSpaces.https.html +++ b/tests/wpt/web-platform-tests/webxr/hit-test/ar_hittest_subscription_refSpaces.https.html @@ -64,7 +64,7 @@ let testFunctionGenerator = function(ray, expectedPoses, refSpaceName) { assert_equals(hitTestResults.length, expectedPoses.length, "Results length should match expected results length"); for(const [index, expectedPose] of expectedPoses.entries()) { const pose = hitTestResults[index].getPose(localRefSpace); - assert_true(pose != null, "Each hit test result should have a pose in viewer space"); + assert_true(pose != null, "Each hit test result should have a pose in local space"); if(expectedPose != null) { assert_transform_approx_equals(pose.transform, expectedPose); } |
