Revert "Migrate PolicyContentScriptXHR test to different test suite."

This reverts commit b7c2f359.

Reason for revert: This CL caused an issue in  Linux ChromiumOS Full 
https://ci.chromium.org/p/chromium/builders/ci/Linux%20ChromiumOS%20Full/159520?

Original change's description:
> Migrate PolicyContentScriptXHR test to different test suite.
> 
> This CL migrates BackgroundXhrWebstoreTest.PolicyContentScriptXHR to the
> CrossOriginReadBlockingExtensionAllowlistingTest test suite (into new
> tests, called ContentScriptVsHostBlockedByPolicy_NoSniffXml and
> ContentScriptVsHostBlockedByPolicy_AllowedTextResource).
> 
> This way the tests covers the following setup aspects:
> - CorbAllowlistAlsoAppliesToOorCors feature is enabled or disabled
> - Extension is allowlisted or not
> - OOR-CORS vs InBlinkCors
> 
> After this CL the old test can be deleted.  Note that the old test
> always tested with:
> - CorbAllowlistAlsoAppliesToOorCors disabled
> - Non-allowlisted extension
> - The default OOR-CORS state (enabled by default since r728462)
> 
> Bug: 1061567
> Change-Id: Ic76ac9e48510953fd130141776e66b1fde11c404
> Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2107431
> Commit-Queue: Łukasz Anforowicz <lukasza@chromium.org>
> Reviewed-by: Karan Bhatia <karandeepb@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#754013}

TBR=lukasza@chromium.org,karandeepb@chromium.org

Change-Id: Idbd14b4e66190a533669159402389b738546bee6
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: 1061567
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2125472Reviewed-by: Juanmi Huertas <juanmihd@chromium.org>
Commit-Queue: Juanmi Huertas <juanmihd@chromium.org>
Cr-Commit-Position: refs/heads/master@{#754249}

chrome/browser/extensions/background_xhr_browsertest.cc

@@ -9,6 +9,7 @@
 #include "base/strings/string_number_conversions.h"
 #include "base/strings/string_util.h"
 #include "base/strings/stringprintf.h"
+#include "base/test/scoped_feature_list.h"
 #include "chrome/browser/extensions/extension_apitest.h"
 #include "chrome/browser/extensions/extension_browsertest.h"
 #include "chrome/browser/extensions/extension_with_management_policy_apitest.h"
@@ -34,6 +35,7 @@
 #include "net/ssl/client_cert_store.h"
 #include "net/ssl/ssl_server_config.h"
 #include "net/test/embedded_test_server/embedded_test_server.h"
+#include "services/network/public/cpp/features.h"
 #include "url/gurl.h"
 
 namespace extensions {
@@ -105,7 +107,18 @@ IN_PROC_BROWSER_TEST_F(BackgroundXhrTest, HttpAuth) {
 
 class BackgroundXhrWebstoreTest : public ExtensionApiTestWithManagementPolicy {
  public:
-  BackgroundXhrWebstoreTest() = default;
+  BackgroundXhrWebstoreTest() {
+    // TODO(lukasza): https://crbug.com/1061567: Migrate tests related to
+    // cross-origin requests from content scripts into the
+    // CrossOriginReadBlockingExtensionTest suite (which already covers test
+    // matrix of various enabled/disabled features).
+    //
+    // Affected tests:
+    // - BackgroundXhrWebstoreTest.PolicyContentScriptXHR
+    scoped_feature_list_.InitAndDisableFeature(
+        network::features::kCorbAllowlistAlsoAppliesToOorCors);
+  }
+
   ~BackgroundXhrWebstoreTest() override = default;
 
   void SetUpCommandLine(base::CommandLine* command_line) override {
@@ -169,6 +182,8 @@ class BackgroundXhrWebstoreTest : public ExtensionApiTestWithManagementPolicy {
   }
 
  private:
+  base::test::ScopedFeatureList scoped_feature_list_;
+
   DISALLOW_COPY_AND_ASSIGN(BackgroundXhrWebstoreTest);
 };
 
@@ -238,6 +253,67 @@ IN_PROC_BROWSER_TEST_F(BackgroundXhrWebstoreTest, PolicyBlockedXHR) {
               ::testing::HasSubstr("<head><title>OK</title></head>"));
 }
 
+// Verify that policy blocklists apply to XHRs done from injected scripts.
+IN_PROC_BROWSER_TEST_F(BackgroundXhrWebstoreTest, PolicyContentScriptXHR) {
+  TestExtensionDir test_dir;
+  test_dir.WriteManifest(R"(
+    {
+      "name": "XHR Content Script Test",
+      "manifest_version": 2,
+      "version": "0.1",
+      "permissions": ["<all_urls>", "tabs"],
+      "background": {"scripts": ["background.js"]}
+    })");
+
+  constexpr char kBackgroundScript[] =
+      R"(function executeFetch(url) {
+           chrome.tabs.executeScript({code: `
+             fetch("${url}")
+             .then(response => response.text())
+             .then(text => domAutomationController.send(text))
+             .catch(err => domAutomationController.send('ERROR: ' + err));
+           `});
+         }
+      )";
+  test_dir.WriteFile(FILE_PATH_LITERAL("background.js"), kBackgroundScript);
+
+  const Extension* extension = LoadExtension(test_dir.UnpackedPath());
+  ASSERT_TRUE(extension);
+
+  // Navigate to a foo.com page.
+  content::WebContents* web_contents =
+      browser()->tab_strip_model()->GetActiveWebContents();
+  GURL page_url(embedded_test_server()->GetURL("foo.com", "/title1.html"));
+  ui_test_utils::NavigateToURL(browser(), page_url);
+  EXPECT_EQ(page_url, web_contents->GetMainFrame()->GetLastCommittedURL());
+
+  // Using "/non-corb.octet-stream" resource (instead of "/simple.html" as in
+  // most other tests here) because XHRs/fetches from content scripts are
+  // subject to CORB (which is already covered by
+  // CrossOriginReadBlockingExtensionTest) and we want to focus the test below
+  // on policy behavior (which should be independent from whether or not CORB
+  // blocks the response).
+  GURL example_url =
+      embedded_test_server()->GetURL("example.com", "/non-corb.octet-stream");
+  GURL public_example_url = embedded_test_server()->GetURL(
+      "public.example.com", "/non-corb.octet-stream");
+
+  // Sanity Check: Should be able to fetch cross origin.
+  EXPECT_EQ("octet-stream-body", ExecuteFetch(extension, example_url));
+  EXPECT_EQ("octet-stream-body", ExecuteFetch(extension, public_example_url));
+
+  {
+    ExtensionManagementPolicyUpdater pref(&policy_provider_);
+    pref.AddPolicyBlockedHost("*", "*://*.example.com");
+    pref.AddPolicyAllowedHost("*", "*://public.example.com");
+  }
+
+  // Policies apply to XHR from a content script.
+  EXPECT_EQ("ERROR: TypeError: Failed to fetch",
+            ExecuteFetch(extension, example_url));
+  EXPECT_EQ("octet-stream-body", ExecuteFetch(extension, public_example_url));
+}
+
 // Make sure the blocklist and allowlist update for both Default and Individual
 // scope policies. Testing with all host permissions granted (<all_urls>).
 IN_PROC_BROWSER_TEST_F(BackgroundXhrWebstoreTest, PolicyUpdateXHR) {