Bug 1588820 [wpt PR 19704] - Fetch Metadata: split up document dest…

…ination., a=testonly Automatic update from web-platform-tests Fetch Metadata: split up `document` destination. As discussed in w3c/webappsec-fetch-metadata#45, We have decided to shift the model around nested navigations from exposure via the request's `mode` to its `destination`. This patch splits the existing `document` destination into three parts: - `document` for top-level navigations and, for the moment, <portals>. - `iframe` for <iframe> navigations. - `frame` for <frame> navigations. Subsequent patch will remove the `nested-document` mode when we're ready to ship `Sec-Fetch-Dest`. Bug: 1011724 Change-Id: I23f23922fb49523aa050f59cbf13aabc086600bb Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1847295 Reviewed-by: Arthur Sonzogni <[email protected]> Reviewed-by: Mike West <[email protected]> Commit-Queue: Yifan Luo <[email protected]> Cr-Commit-Position: refs/heads/master@{#705527} -- wpt-commits: 9fffe2189f5c87287393486e1f1e260cf71dcddf wpt-pr: 19704
mozilla · Oct 24, 2019 · cdb5814 · cdb5814
1 parent 3716ab6
commit cdb5814
Show file tree

Hide file tree

Showing 4 changed files with 124 additions and 7 deletions.
diff --git a/testing/web-platform/tests/fetch/metadata/sec-fetch-dest/frame.tentative.https.sub.html b/testing/web-platform/tests/fetch/metadata/sec-fetch-dest/frame.tentative.https.sub.html
@@ -0,0 +1,55 @@
+<!DOCTYPE html>
+<script src=/resources/testharness.js></script>
+<script src=/resources/testharnessreport.js></script>
+<script src=/resources/testdriver.js></script>
+<script src=/resources/testdriver-vendor.js></script>
+<script src=/fetch/metadata/resources/helper.js></script>
+<script src=/common/utils.js></script>
+<body>
+<script>
+  const USER = true;
+  const FORCED = false;
+
+  function create_test(host, user_activated, expectations) {
+    async_test(t => {
+      let i = document.createElement('frame');
+      window.addEventListener('message', t.step_func(e => {
+        if (e.source != i.contentWindow)
+          return;
+
+        assert_header_dest_equals(e.data, expectations);
+        t.done();
+      }));
+
+      let url = `https://${host}/fetch/metadata/resources/post-to-owner.py`;
+      if (user_activated == FORCED) {
+        i.src = url;
+        document.body.appendChild(i);
+      } else if (user_activated == USER) {
+        let uuid = token();
+        i.name = uuid;
+        let a = document.createElement('a');
+        a.href = url;
+        a.target = uuid;
+        a.text = "This is a link!";
+
+        document.body.appendChild(i);
+        document.body.appendChild(a);
+
+        test_driver.click(a);
+      }
+    }, `{{host}} -> ${host} iframe: ${user_activated ? "user-activated" : "forced"}`);
+  }
+
+  create_test("{{host}}:{{ports[https][0]}}", FORCED, "frame");
+
+  create_test("{{hosts[][www]}}:{{ports[https][0]}}", FORCED, "frame");
+
+  create_test("{{hosts[alt][www]}}:{{ports[https][0]}}", FORCED, "frame");
+
+  create_test("{{host}}:{{ports[https][0]}}", USER, "frame");
+
+  create_test("{{hosts[][www]}}:{{ports[https][0]}}", USER, "frame");
+
+  create_test("{{hosts[alt][www]}}:{{ports[https][0]}}", USER, "frame");
+</script>
diff --git a/testing/web-platform/tests/fetch/metadata/sec-fetch-dest/frame.tentative.sub.html b/testing/web-platform/tests/fetch/metadata/sec-fetch-dest/frame.tentative.sub.html
@@ -0,0 +1,62 @@
+<!DOCTYPE html>
+<script src=/resources/testharness.js></script>
+<script src=/resources/testharnessreport.js></script>
+<script src=/fetch/metadata/resources/helper.js></script>
+<body>
+<script>
+  async_test(t => {
+    let i = document.createElement('frame');
+    i.src = "http://{{host}}:{{ports[http][0]}}/fetch/metadata/resources/post-to-owner.py";
+    window.addEventListener('message', t.step_func(e => {
+      if (e.source != i.contentWindow)
+        return;
+
+      assert_header_dest_equals(e.data, "");
+      t.done();
+    }));
+
+    document.body.appendChild(i);
+  }, "Non-secure same-origin iframe => No headers");
+
+  async_test(t => {
+    let i = document.createElement('frame');
+    i.src = "http://{{hosts[][www]}}:{{ports[http][0]}}/fetch/metadata/resources/post-to-owner.py";
+    window.addEventListener('message', t.step_func(e => {
+      if (e.source != i.contentWindow)
+        return;
+
+      assert_header_dest_equals(e.data, "");
+      t.done();
+    }));
+
+    document.body.appendChild(i);
+  }, "Non-secure same-site iframe => No headers");
+
+  async_test(t => {
+    let i = document.createElement('frame');
+    i.src = "http://{{hosts[alt][www]}}:{{ports[http][0]}}/fetch/metadata/resources/post-to-owner.py";
+    window.addEventListener('message', t.step_func(e => {
+      if (e.source != i.contentWindow)
+        return;
+
+      assert_header_dest_equals(e.data, "");
+      t.done();
+    }));
+
+    document.body.appendChild(i);
+  }, "Non-secure cross-site iframe => No headers.");
+
+  async_test(t => {
+    let i = document.createElement('frame');
+    i.src = "https://{{host}}:{{ports[https][0]}}/fetch/metadata/resources/post-to-owner.py";
+    window.addEventListener('message', t.step_func(e => {
+      if (e.source != i.contentWindow)
+        return;
+
+      assert_header_dest_equals(e.data, "frame");
+      t.done();
+    }));
+
+    document.body.appendChild(i);
+  }, "Secure, cross-site (cross-scheme, same-host) frame");
+</script>
diff --git a/testing/web-platform/tests/fetch/metadata/sec-fetch-dest/iframe.tentative.https.sub.html b/testing/web-platform/tests/fetch/metadata/sec-fetch-dest/iframe.tentative.https.sub.html
@@ -41,15 +41,15 @@
     }, `{{host}} -> ${host} iframe: ${user_activated ? "user-activated" : "forced"}`);
   }
 
-  create_test("{{host}}:{{ports[https][0]}}", FORCED, "nested-document");
+  create_test("{{host}}:{{ports[https][0]}}", FORCED, "iframe");
 
-  create_test("{{hosts[][www]}}:{{ports[https][0]}}", FORCED, "nested-document");
+  create_test("{{hosts[][www]}}:{{ports[https][0]}}", FORCED, "iframe");
 
-  create_test("{{hosts[alt][www]}}:{{ports[https][0]}}", FORCED, "nested-document");
+  create_test("{{hosts[alt][www]}}:{{ports[https][0]}}", FORCED, "iframe");
 
-  create_test("{{host}}:{{ports[https][0]}}", USER, "nested-document");
+  create_test("{{host}}:{{ports[https][0]}}", USER, "iframe");
 
-  create_test("{{hosts[][www]}}:{{ports[https][0]}}", USER, "nested-document");
+  create_test("{{hosts[][www]}}:{{ports[https][0]}}", USER, "iframe");
 
-  create_test("{{hosts[alt][www]}}:{{ports[https][0]}}", USER, "nested-document");
+  create_test("{{hosts[alt][www]}}:{{ports[https][0]}}", USER, "iframe");
 </script>
diff --git a/testing/web-platform/tests/fetch/metadata/sec-fetch-dest/iframe.tentative.sub.html b/testing/web-platform/tests/fetch/metadata/sec-fetch-dest/iframe.tentative.sub.html
@@ -53,7 +53,7 @@
       if (e.source != i.contentWindow)
         return;
 
-      assert_header_dest_equals(e.data, "nested-document");
+      assert_header_dest_equals(e.data, "iframe");
       t.done();
     }));