Fix failing Fetch Metadata WPT

See https://wpt.fyi/results/fetch/metadata?label=experimental&label=master&aligned. 1. `xslt.tentative.https.sub.html`: delete tests for same-site and cross-site, because these requests are not allowed and has been blocked by browser behavior. 2. `redirect/multiple-redirect-https=downgrade-upgrade.tentative.sub.html` and `redirect/redirect-http-upgrade.tentative.sub.html`: removed from `NeverFixTests` and change the expectation for mode from `nasted-navigate` to `navigate`. 3. `redirect/redirect-https-downgrade.tentative.sub.html`: removed from `NeverFixTests` and change the expectation for Https downgrade script. Bug: 1024198 Change-Id: Ia0cf0ccc2bef38c4525bebab0a050e7b1de9a5e2 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1912712Reviewed-by: Mike West <mkwst@chromium.org> Commit-Queue: Yifan Luo <lyf@google.com> Cr-Commit-Position: refs/heads/master@{#714940}

Fix failing Fetch Metadata WPT
See https://wpt.fyi/results/fetch/metadata?label=experimental&label=master&aligned. 1. `xslt.tentative.https.sub.html`: delete tests for same-site and cross-site, because these requests are not allowed and has been blocked by browser behavior. 2. `redirect/multiple-redirect-https=downgrade-upgrade.tentative.sub.html` and `redirect/redirect-http-upgrade.tentative.sub.html`: removed from `NeverFixTests` and change the expectation for mode from `nasted-navigate` to `navigate`. 3. `redirect/redirect-https-downgrade.tentative.sub.html`: removed from `NeverFixTests` and change the expectation for Https downgrade script. Bug: 1024198 Change-Id: Ia0cf0ccc2bef38c4525bebab0a050e7b1de9a5e2 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1912712Reviewed-by: Mike West <mkwst@chromium.org> Commit-Queue: Yifan Luo <lyf@google.com> Cr-Commit-Position: refs/heads/master@{#714940}
788a3004 · Yifan Luo · Commit Bot · f31b41f5 · 788a3004 · f31b41f5
Commit 788a3004 authored Nov 13, 2019 by Yifan Luo Committed by Commit Bot Nov 13, 2019
14 changed files
--- a/third_party/blink/web_tests/NeverFixTests
+++ b/third_party/blink/web_tests/NeverFixTests
@@ -2067,11 +2067,6 @@ external/wpt/html/webappapis/user-prompts/print-manual.html [ Skip ]
 # But will not change the existing behavior for Blink CORS when expectations are
 # changed for the spec update, other features side-effects, and so on.
 # TODO(cbur.com/870173): Double check following failed tests later.
-crbug.com/870173 external/wpt/fetch/metadata/appcache.tentative.https.sub.html [ Skip ]
-crbug.com/870173 external/wpt/fetch/metadata/redirect/redirect-http-upgrade.tentative.sub.html [ Skip ]
-crbug.com/870173 external/wpt/fetch/metadata/redirect/multiple-redirect-https-downgrade-upgrade.tentative.sub.html [ Skip ]
-crbug.com/870173 external/wpt/fetch/metadata/sec-fetch-dest/redirect/redirect-http-upgrade.tentative.sub.html [ Skip ]
-crbug.com/870173 external/wpt/fetch/metadata/sec-fetch-dest/redirect/multiple-redirect-https-downgrade-upgrade.tentative.sub.html [ Skip ]
 crbug.com/870173 external/wpt/resource-timing/cors-preflight.any.html [ Skip ]
 crbug.com/870173 external/wpt/resource-timing/cors-preflight.any.worker.html [ Skip ]
 crbug.com/870173 http/tests/devtools/console-xhr-logging.js [ Skip ]
@@ -2086,10 +2081,6 @@ crbug.com/870173 http/tests/security/script-crossorigin-redirect-credentials.htm
 crbug.com/870173 http/tests/xmlhttprequest/cross-origin-unsupported-url.html [ Skip ]
 crbug.com/870173 http/tests/xmlhttprequest/workers/cross-origin-unsupported-url.html [ Skip ]
 crbug.com/870173 mhtml/cid_in_html_resource.html [ Skip ]
-crbug.com/870173 virtual/omt-worker-fetch/external/wpt/fetch/metadata/redirect/redirect-http-upgrade.tentative.sub.html [ Skip ]
-crbug.com/870173 virtual/omt-worker-fetch/external/wpt/fetch/metadata/redirect/multiple-redirect-https-downgrade-upgrade.tentative.sub.html [ Skip ]
-crbug.com/870173 virtual/omt-worker-fetch/external/wpt/fetch/metadata/sec-fetch-dest/redirect/redirect-http-upgrade.tentative.sub.html [ Skip ]
-crbug.com/870173 virtual/omt-worker-fetch/external/wpt/fetch/metadata/sec-fetch-dest/redirect/multiple-redirect-https-downgrade-upgrade.tentative.sub.html [ Skip ]
 crbug.com/870173 virtual/omt-worker-fetch/external/wpt/resource-timing/cors-preflight.any.html [ Skip ]
 crbug.com/870173 virtual/omt-worker-fetch/external/wpt/resource-timing/cors-preflight.any.worker.html [ Skip ]
 crbug.com/870173 virtual/omt-worker-fetch/http/tests/workers/worker-redirect.html [ Skip ]

--- a/third_party/blink/web_tests/external/wpt/fetch/metadata/redirect/redirect-https-downgrade.tentative.sub-expected.txt
+++ b/third_party/blink/web_tests/external/wpt/fetch/metadata/redirect/redirect-https-downgrade.tentative.sub-expected.txt
-This is a testharness.js-based test.
-PASS Https downgrade iframe
-PASS Https downgrade top level navigation
-PASS Https downgrade embed
-PASS Https downgrade fetch() api
-PASS Https downgrade object
-PASS Https downgrade prefetch => No headers
-PASS Https downgrade preload
-PASS Https downgrade stylesheet
-PASS Https downgrade track
-PASS Https downgrade image => No headers
-FAIL Https downgrade script => No headers assert_equals: mode expected "no-cors" but got ""
-PASS Https downgrade font => No headers
-Harness: the test ran to completion.
--- a/third_party/blink/web_tests/external/wpt/fetch/metadata/redirect/redirect-https-downgrade.tentative.sub.html
+++ b/third_party/blink/web_tests/external/wpt/fetch/metadata/redirect/redirect-https-downgrade.tentative.sub.html
@@ -30,7 +30,7 @@
        let key = "font-https-downgrade";
        fetch("/fetch/metadata/resources/record-header.py?retrieve=true&file=" + key)
          .then(response => response.text())
-          .then(text => assert_header_equals(text, expected))
+          .then(text => assert_no_headers(text))
          .then(_ => resolve())
          .catch(e => reject(e));
      });
@@ -61,7 +61,7 @@
 <script>
  test(t => {
    t.add_cleanup(_ => { header = null; });
-    assert_header_equals(header, { "site": "cross-site", "user": "", "mode": "no-cors" });
+    assert_no_headers(header);
  }, "Https downgrade script => No headers");
 </script>
 </body>
--- a/third_party/blink/web_tests/external/wpt/fetch/metadata/resources/helper.js
+++ b/third_party/blink/web_tests/external/wpt/fetch/metadata/resources/helper.js
@@ -32,6 +32,22 @@ function assert_header_equals(value, expected, tag) {
    assert_equals(value.user, expected.user, wrap_by_tag(tag, "user"));
 }
+/**
+ * @param {object} value
+ * @param {string} tag
+ **/
+function assert_no_headers(value, tag) {
+  if (typeof(value) === "string"){
+    if (value == "No header has been recorded") return;
+    value = JSON.parse(value);
+  }
+  assert_equals(value.mode, "", wrap_by_tag(tag, "mode"));
+  assert_equals(value.site, "", wrap_by_tag(tag, "site"));
+  if (expected.hasOwnProperty("user"))
+    assert_equals(value.user, "", wrap_by_tag(tag, "user"));
+}
 /**
 * @param {string} header
 * @param {object} value
@@ -67,7 +83,7 @@ function assert_header_dest_equals(value, expected, tag) {
 function fetch_record_header(key, expected, assert) {
  return fetch("/fetch/metadata/resources/record-header.py?retrieve=true&file=" + key)
      .then(response => response.text())
-      .then(text => assert(text, expected))
+      .then(text => assert(text, expected));
 }
 /**

--- a/third_party/blink/web_tests/external/wpt/fetch/metadata/resources/redirectTestHelper.sub.js
+++ b/third_party/blink/web_tests/external/wpt/fetch/metadata/resources/redirectTestHelper.sub.js
@@ -50,7 +50,7 @@ function RunCommonRedirectTests(testNamePrefix, urlHelperMethod, expectedResults
      }
      let expectation = { ...expectedResults };
      if (expectation['mode'] != '')
-        expectation['mode'] = 'nested-navigate';
+        expectation['mode'] = 'navigate';
      assert_header_equals(e.data, expectation);
      t.done();
    }));

--- a/third_party/blink/web_tests/external/wpt/fetch/metadata/resources/xslt-test.sub.xml
+++ b/third_party/blink/web_tests/external/wpt/fetch/metadata/resources/xslt-test.sub.xml
 <?xml version="1.0" encoding="UTF-8"?>
 <?xml-stylesheet href="https://{{host}}:{{ports[https][0]}}/fetch/metadata/resources/record-header.py?file=xslt-same-origin{{GET[token]}}" type="text/xsl" ?>
-<?xml-stylesheet href="https://{{hosts[][www]}}:{{ports[https][0]}}/fetch/metadata/resources/record-header.py?file=xslt-same-site{{GET[token]}}" type="text/xsl" ?>
+<!-- Only testing same-origin XSLT because same-site and cross-site XSLT is blocked. -->
-<?xml-stylesheet href="https://{{hosts[alt][www]}}:{{ports[https][0]}}/fetch/metadata/resources/record-header.py?file=xslt-cross-site{{GET[token]}}" type="text/xsl" ?>
 <!-- postMessage parent back when the resources are loaded -->
 <script xmlns="http://www.w3.org/1999/xhtml"><![CDATA[

--- a/third_party/blink/web_tests/external/wpt/fetch/metadata/sec-fetch-dest/redirect/multiple-redirect-https-downgrade-upgrade.tentative.sub.html
+++ b/third_party/blink/web_tests/external/wpt/fetch/metadata/sec-fetch-dest/redirect/multiple-redirect-https-downgrade-upgrade.tentative.sub.html
@@ -19,6 +19,7 @@
    <div id="fontTest">Downgraded then upgraded font</div>
    <script>
  let nonce = "{{$id}}";
+  let expected = { "dest": "", "site": "cross-site", "user": "", "mode": "cors" };
  // Validate various scenarios handle a request that redirects from https => http
  // correctly and avoids disclosure of any Sec- headers.

--- a/third_party/blink/web_tests/external/wpt/fetch/metadata/sec-fetch-dest/redirect/redirect-http-upgrade.tentative.sub.html
+++ b/third_party/blink/web_tests/external/wpt/fetch/metadata/sec-fetch-dest/redirect/redirect-http-upgrade.tentative.sub.html
@@ -19,6 +19,7 @@
    <div id="fontTest">Upgraded font</div>
    <script>
  let nonce = "{{$id}}";
+  let expected = { "dest": "", "site": "cross-site", "user": "", "mode": "cors" };
  // Validate various scenarios handle a request that redirects from http => https correctly and add the proper Sec- headers.
  RunCommonRedirectTests("Http upgrade", upgradeRedirectTo, expected);

--- a/third_party/blink/web_tests/external/wpt/fetch/metadata/sec-fetch-dest/redirect/redirect-https-downgrade.tentative.sub-expected.txt
+++ b/third_party/blink/web_tests/external/wpt/fetch/metadata/sec-fetch-dest/redirect/redirect-https-downgrade.tentative.sub-expected.txt
-This is a testharness.js-based test.
-Harness Error. harness_status.status = 1 , harness_status.message = Uncaught SyntaxError: Unexpected token 'return'
-Harness: the test ran to completion.
--- a/third_party/blink/web_tests/external/wpt/fetch/metadata/sec-fetch-dest/redirect/redirect-https-downgrade.tentative.sub.html
+++ b/third_party/blink/web_tests/external/wpt/fetch/metadata/sec-fetch-dest/redirect/redirect-https-downgrade.tentative.sub.html
@@ -19,6 +19,7 @@
  <div id="fontTest">Downgraded font</div>
  <script>
  let nonce = token();
+  let expected = { "dest": "", "site": "", "user": "", "mode": "" };
  // Validate various scenarios handle a request that redirects from https => http correctly and avoids disclosure of any Sec- headers.
  RunCommonRedirectTests("Https downgrade", downgradeRedirectTo, expected);
@@ -32,24 +33,26 @@
    }, "Https downgrade font => No headers");
  });
-  promise_test(() =>
+  promise_test(() => {
-    return requestViaImage(secureRedirectURL + encodeURIComponent("http://{{host}}:{{ports[http][0]}}/common/security-features/subresource/image.py"))
+    return requestViaImage(secureRedirectURL + encodeURIComponent(
-      .then(result => {
+        "http://{{host}}:{{ports[http][0]}}/common/security-features/subresource/image.py"))
-         headers = result.headers;
+        .then(result => {
-         got = {
+          headers = result.headers;
-           "dest": headers["sec-fetch-dest"]
+          got = {
-         };
+            "dest": headers["sec-fetch-dest"]
-         // Note that we're using `undefined` here, as opposed to "" elsewhere because of the way
+          };
-         // that `image.py` encodes data.
+          // Note that we're using `undefined` here, as opposed to "" elsewhere because of the way
-         assert_header_dest_equals(got, undefined);
+          // that `image.py` encodes data.
-  }), "Https downgrade image => No headers");
+          assert_header_dest_equals(got, undefined);
+        });
+  }, "Https downgrade image => No headers");
 </script>
 <script src="https://{{host}}:{{ports[https][0]}}/fetch/api/resources/redirect.py?location=http%3A%2F%2F{{host}}%3A{{ports[http][0]}}%2Ffetch%2Fmetadata%2Fresources%2Fecho-as-script.py"></script>
 <script>
  test(t => {
    t.add_cleanup(_ => { header = null; });
-    assert_header_dest_equals(header, "");
+    assert_no_headers(header);
  }, "Https downgrade script => No headers");
 </script>
 </body>
--- a/third_party/blink/web_tests/external/wpt/fetch/metadata/sec-fetch-dest/xslt.tentative.https.sub-expected.txt
+++ b/third_party/blink/web_tests/external/wpt/fetch/metadata/sec-fetch-dest/xslt.tentative.https.sub-expected.txt
-This is a testharness.js-based test.
-PASS Same-Origin xslt
-FAIL Same-site xslt assert_not_equals: got disallowed value "No header has been recorded"
-FAIL Cross-site xslt assert_not_equals: got disallowed value "No header has been recorded"
-Harness: the test ran to completion.
--- a/third_party/blink/web_tests/external/wpt/fetch/metadata/sec-fetch-dest/xslt.tentative.https.sub.html
+++ b/third_party/blink/web_tests/external/wpt/fetch/metadata/sec-fetch-dest/xslt.tentative.https.sub.html
@@ -17,14 +17,6 @@
      return fetch_record_header("xslt-same-origin" + nonce, "xslt", assert_header_dest_equals);
    }, "Same-Origin xslt");
-    promise_test(t => {
-      return fetch_record_header("xslt-same-site" + nonce, "xslt", assert_header_dest_equals);
-    }, "Same-site xslt");
-    promise_test(t => {
-      return fetch_record_header("xslt-cross-site" + nonce, "xslt", assert_header_dest_equals);
-    }, "Cross-site xslt");
    w.close();
  });

--- a/third_party/blink/web_tests/external/wpt/fetch/metadata/xslt.tentative.https.sub-expected.txt
+++ b/third_party/blink/web_tests/external/wpt/fetch/metadata/xslt.tentative.https.sub-expected.txt
-This is a testharness.js-based test.
-PASS Same-Origin xslt
-FAIL Same-site xslt assert_not_equals: got disallowed value "No header has been recorded"
-FAIL Cross-site xslt assert_not_equals: got disallowed value "No header has been recorded"
-Harness: the test ran to completion.
--- a/third_party/blink/web_tests/external/wpt/fetch/metadata/xslt.tentative.https.sub.html
+++ b/third_party/blink/web_tests/external/wpt/fetch/metadata/xslt.tentative.https.sub.html
@@ -13,6 +13,7 @@
    if (e.source != w)
      return;
+    // Only testing same-origin XSLT because same-site and cross-site XSLT is blocked.
    promise_test(t => {
      let expected = {"site":"same-origin", "user":"", "mode": "same-origin"};
      return fetch("/fetch/metadata/resources/record-header.py?retrieve=true&file=xslt-same-origin" + nonce)
@@ -20,20 +21,6 @@
          .then(text => assert_header_equals(text, expected));
    }, "Same-Origin xslt");
-    promise_test(t => {
-      let expected = {"site":"same-site", "user":"", "mode": "no-cors"};
-      return fetch("/fetch/metadata/resources/record-header.py?retrieve=true&file=xslt-same-site" + nonce)
-          .then(response => response.text())
-          .then(text => assert_header_equals(text, expected));
-    }, "Same-site xslt");
-    promise_test(t => {
-      let expected = {"site":"cross-site", "user":"", "mode": "no-cors"};
-      return fetch("/fetch/metadata/resources/record-header.py?retrieve=true&file=xslt-cross-site" + nonce)
-          .then(response => response.text())
-          .then(text => assert_header_equals(text, expected));
-    }, "Cross-site xslt");
    w.close();
  });