Tests and docs for the current CORB vs <link rel="preload"> behavior.

Bug: 809261
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_mojo
Change-Id: Idafb2b4cc5da3d6c7a054e479745288cc3b86513
Reviewed-on: https://chromium-review.googlesource.com/984338
Commit-Queue: Łukasz Anforowicz <lukasza@chromium.org>
Reviewed-by: Nick Carter <nick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#547494}

services/network/cross_origin_read_blocking_explainer.md

@@ -385,9 +385,13 @@ Examples:
   * WPT test: `fetch/corb/img-png-mislabeled-as-html-nosniff.tentative.sub.html`
 
 In addition to the HTML `<img>` tag, the examples above should apply to other
-web features that consume images: `/favicon.ico`, SVG's `<image>`,
-`background-image` in stylesheets, painting images onto (potentially tainted)
-HTML's `<canvas>`, etc.
+web features that consume images - including, but not limited to:
+* `/favicon.ico`
+* SVG's `<image>`,
+* `<link rel="preload" as="image" ...>` (see WPT test:
+  `fetch/corb/preload-image-png-mislabeled-as-html-nosniff.tentative.sub.html`)
+* `background-image` in stylesheets
+* painting images onto (potentially tainted) HTML's `<canvas>`
 
 > [lukasza@chromium.org] Earlier attempts to block nosniff images with
 > incompatible MIME types

third_party/WebKit/LayoutTests/FlagExpectations/site-per-process

@@ -4,6 +4,7 @@
 # TODO(lukasza): Remove these once CORB is enabled by default.
 crbug.com/802835 external/wpt/fetch/corb/img-png-mislabeled-as-html-nosniff.tentative.sub.html [ Pass ]
 crbug.com/802835 external/wpt/fetch/corb/script-html-correctly-labeled.tentative.sub.html [ Pass ]
+crbug.com/802835 external/wpt/fetch/corb/preload-image-png-mislabeled-as-html-nosniff.tentative.sub.html [ Pass ]
 
 # https://crbug.com/793127: NOTREACHED() from clamy@ tickled by frame consolidation CL?
 crbug.com/793127 http/tests/security/upgrade-insecure-requests/iframe-upgrade.https.html [ Crash ]

third_party/WebKit/LayoutTests/TestExpectations

@@ -3288,6 +3288,8 @@ crbug.com/802835 external/wpt/fetch/corb/img-png-mislabeled-as-html-nosniff.tent
 crbug.com/802835 virtual/outofblink-cors/external/wpt/fetch/corb/img-png-mislabeled-as-html-nosniff.tentative.sub.html [ Failure ]
 crbug.com/802835 external/wpt/fetch/corb/script-html-correctly-labeled.tentative.sub.html [ Failure ]
 crbug.com/802835 virtual/outofblink-cors/external/wpt/fetch/corb/script-html-correctly-labeled.tentative.sub.html [ Failure ]
+crbug.com/802835 external/wpt/fetch/corb/preload-image-png-mislabeled-as-html-nosniff.tentative.sub.html [ Failure ]
+crbug.com/802835 virtual/outofblink-cors/external/wpt/fetch/corb/preload-image-png-mislabeled-as-html-nosniff.tentative.sub.html [ Failure ]
 
 crbug.com/813704 http/tests/images/png-partial-load-as-document.html [ Failure Pass ]
 

third_party/WebKit/LayoutTests/external/wpt/fetch/corb/preload-image-png-mislabeled-as-html-nosniff.tentative.sub.html

+<!DOCTYPE html>
+<!-- This test verifies observable CORB impact on <link rel="preload"> elements.
+-->
+<meta charset="utf-8">
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+<div id=log></div>
+
+<script>
+async_test(function(t) {
+  // With CORB the link.onerror event will be reached
+  // (because CORB will block the cross-origin preload).
+  window.preloadErrorEvent = t.step_func_done();
+
+  // Without CORB the link.onload event will be reached.
+  window.preloadLoadEvent = t.unreached_func("link/preload onload event reached.");
+});
+</script>
+
+<!-- www1 is cross-origin, so the HTTP response is CORB-eligible -->
+<link rel="preload" as="image"
+      onerror="window.preloadErrorEvent()"
+      onload="window.preloadLoadEvent()"
+      href="http://{{domains[www1]}}:{{ports[http][0]}}/fetch/corb/resources/png-mislabeled-as-html-nosniff.png">