Add WPT for DedicatedWorker + COEP reporting

This CL adds tests to check the support of COEP reporting for requests initiated by a dedicated worker. So far, Chrome has a bug that the context url is the page's url where the dedicated worker is created. This bug is going to be fixed once PlzDedicatedWorker is shipped (with additional work for integration between PlzDedicatedWorker and COEP reporting). Bug: 1060837 Change-Id: I12291646c4d5a80d89c8894548acdb186f4a14be Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2100059 Commit-Queue: Makoto Shimazu <shimazu@chromium.org> Auto-Submit: Makoto Shimazu <shimazu@chromium.org> Reviewed-by: Yutaka Hirano <yhirano@chromium.org> Cr-Commit-Position: refs/heads/master@{#749623}

Add WPT for DedicatedWorker + COEP reporting
This CL adds tests to check the support of COEP reporting for requests initiated by a dedicated worker. So far, Chrome has a bug that the context url is the page's url where the dedicated worker is created. This bug is going to be fixed once PlzDedicatedWorker is shipped (with additional work for integration between PlzDedicatedWorker and COEP reporting). Bug: 1060837 Change-Id: I12291646c4d5a80d89c8894548acdb186f4a14be Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2100059 Commit-Queue: Makoto Shimazu <shimazu@chromium.org> Auto-Submit: Makoto Shimazu <shimazu@chromium.org> Reviewed-by: Yutaka Hirano <yhirano@chromium.org> Cr-Commit-Position: refs/heads/master@{#749623}
3923d8e6 · Makoto Shimazu · Commit Bot · fc9c7810 · 3923d8e6 · 3923d8e6
Commit 3923d8e6 authored Mar 12, 2020 by Makoto Shimazu Committed by Commit Bot Mar 12, 2020
3 changed files
--- a/third_party/blink/web_tests/external/wpt/html/cross-origin-embedder-policy/reporting.https-expected.txt
+++ b/third_party/blink/web_tests/external/wpt/html/cross-origin-embedder-policy/reporting.https-expected.txt
+This is a testharness.js-based test.
+PASS subresource CORP
+PASS CORP for subresource requests initiated from a service worker
+PASS navigation CORP
+PASS COEP violation on nested frame navigation
+FAIL subresource requests initiated from DedicatedWorker assert_unreached: A report whose blocked-url is https://www1.web-platform.test:8444/common/text-plain.txt?abc&subresource-corp-from-dedicated-worker and url is https://web-platform.test:8444/html/cross-origin-embedder-policy/resources/fetch-in-dedicated-worker.js is not found. Reached unreachable code
+FAIL subresource requests initiated from DedicatedWorker controlled by a passthrough service worker assert_unreached: A report whose blocked-url is https://www1.web-platform.test:8444/common/text-plain.txt?abc&subresource-corp-from-dedicated-worker-via-passthrough-sw and url is https://web-platform.test:8444/html/cross-origin-embedder-policy/resources/fetch-in-dedicated-worker.js is not found. Reached unreachable code
+PASS subresource CORP in a passthrough iframe hosted by a service worker without COEP
+PASS subresource CORP in a respondWith(fetch) iframe hosted by a service worker without COEP
+Harness: the test ran to completion.
--- a/third_party/blink/web_tests/external/wpt/html/cross-origin-embedder-policy/reporting.https.html
+++ b/third_party/blink/web_tests/external/wpt/html/cross-origin-embedder-policy/reporting.https.html
@@ -318,6 +318,103 @@ async_test(async (t) => {
  }
 }, 'COEP violation on nested frame navigation');
+async_test(async (t) => {
+  try {
+    const iframe = document.createElement('iframe');
+    t.add_cleanup(() => iframe.remove());
+    iframe.src = `resources/reporting-empty-frame.html`
+    document.body.appendChild(iframe);
+    await new Promise(resolve => {
+      iframe.addEventListener('load', resolve, {once: true});
+    });
+    const worker_url = new URL('resources/fetch-in-dedicated-worker.js', location);
+    const worker = new iframe.contentWindow.Worker(worker_url);
+    function fetchInWorker(url) {
+      const init = { mode: 'no-cors', cache: 'no-store' };
+      worker.postMessage({url, init});
+      return new Promise((resolve) => {
+        worker.addEventListener('message', resolve);
+      });
+    }
+    const suffix = 'subresource-corp-from-dedicated-worker';
+    const sameOriginUrl = `/common/text-plain.txt?${suffix}`;
+    const blockedByPureCorp = `${REMOTE_ORIGIN}${BASE}/nothing-same-origin-corp.txt?${suffix}`;
+    const blockedDueToCoep = `${REMOTE_ORIGIN}/common/text-plain.txt?abc&${suffix}`;
+    const dest = `${REMOTE_ORIGIN}/common/text-plain.txt?xyz&${suffix}`;
+    const redirect = `/common/redirect.py?location=${encodeURIComponent(dest)}&${suffix}`;
+    fetchInWorker(sameOriginUrl);
+    fetchInWorker(blockedByPureCorp);
+    fetchInWorker(blockedDueToCoep);
+    fetchInWorker(redirect);
+    // Wait 1 seconds for reports to settle.
+    await wait(1000);
+    checkReportNonExistence(reports, sameOriginUrl, worker_url.href);
+    checkReportNonExistence(reports, blockedByPureCorp, worker_url.href);
+    checkCorpReportExistence(reports, blockedDueToCoep, worker_url.href);
+    checkCorpReportExistence(reports, redirect, worker_url.href);
+    checkReportNonExistence(reports, dest, worker_url.href);
+    t.done();
+  } catch (e) {
+    t.step(() => { throw e });
+  }
+}, 'subresource requests initiated from DedicatedWorker');
+promise_test(async (t) => {
+  const suffix = 'subresource-corp-from-dedicated-worker-via-passthrough-sw';
+  const iframe_src = `resources/reporting-empty-frame.html?passthrough&${suffix}`;
+  // Register a service worker that controls an iframe.
+  const registration = await service_worker_unregister_and_register(
+      t, 'resources/sw.js', iframe_src);
+  t.add_cleanup(() => registration.unregister());
+  await wait_for_state(t, registration.installing, 'activated');
+  const iframe = document.createElement('iframe');
+  t.add_cleanup(() => iframe.remove());
+  iframe.src = iframe_src;
+  document.body.appendChild(iframe);
+  await new Promise(resolve => {
+    iframe.addEventListener('load', resolve, {once: true});
+  });
+  const worker_url = new URL('resources/fetch-in-dedicated-worker.js', location);
+  const worker = new iframe.contentWindow.Worker(worker_url);
+  function fetchInWorker(url) {
+    const init = { mode: 'no-cors', cache: 'no-store' };
+    worker.postMessage({url, init});
+    return new Promise((resolve) => {
+      worker.addEventListener('message', resolve);
+    });
+  }
+  const sameOriginUrl = `/common/text-plain.txt?${suffix}`;
+  const blockedByPureCorp = `${REMOTE_ORIGIN}${BASE}/nothing-same-origin-corp.txt?${suffix}`;
+  const blockedDueToCoep = `${REMOTE_ORIGIN}/common/text-plain.txt?abc&${suffix}`;
+  const dest = `${REMOTE_ORIGIN}/common/text-plain.txt?xyz&${suffix}`;
+  const redirect = `/common/redirect.py?location=${encodeURIComponent(dest)}&${suffix}`;
+  fetchInWorker(sameOriginUrl);
+  fetchInWorker(blockedByPureCorp);
+  fetchInWorker(blockedDueToCoep);
+  fetchInWorker(redirect);
+  // Wait 1 seconds for reports to settle.
+  await wait(1000);
+  checkReportNonExistence(reports, sameOriginUrl, worker_url.href);
+  checkReportNonExistence(reports, blockedByPureCorp, worker_url.href);
+  checkCorpReportExistence(reports, blockedDueToCoep, worker_url.href);
+  checkCorpReportExistence(reports, redirect, worker_url.href);
+  checkReportNonExistence(reports, dest, worker_url.href);
+}, 'subresource requests initiated from DedicatedWorker controlled by a passthrough service worker');
 promise_test(async (t) => {
  const iframe_src = `resources/reporting-empty-frame.html?passthrough`;
  // Register a service worker that controls an iframe.

--- a/third_party/blink/web_tests/external/wpt/html/cross-origin-embedder-policy/resources/fetch-in-dedicated-worker.js
+++ b/third_party/blink/web_tests/external/wpt/html/cross-origin-embedder-policy/resources/fetch-in-dedicated-worker.js
+self.addEventListener('message', async (e) => {
+  const param = e.data;
+  // Ignore network error.
+  await fetch(param.url, param.init).catch(() => {});
+  self.postMessage(param.url);
+});