Fix failing Fetch Metadata WPT

See https://wpt.fyi/results/fetch/metadata?label=experimental&label=master&aligned.

1. `xslt.tentative.https.sub.html`: delete tests for same-site and cross-site, because these requests are not allowed and has been blocked by browser behavior.

2. `redirect/multiple-redirect-https=downgrade-upgrade.tentative.sub.html` and `redirect/redirect-http-upgrade.tentative.sub.html`: removed from `NeverFixTests` and change the expectation for mode from `nasted-navigate` to `navigate`.

3. `redirect/redirect-https-downgrade.tentative.sub.html`: removed from `NeverFixTests` and change the expectation for Https downgrade script.

Bug: 1024198
Change-Id: Ia0cf0ccc2bef38c4525bebab0a050e7b1de9a5e2
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1912712Reviewed-by: Mike West <mkwst@chromium.org>
Commit-Queue: Yifan Luo <lyf@google.com>
Cr-Commit-Position: refs/heads/master@{#714940}

third_party/blink/web_tests/NeverFixTests

@@ -2067,11 +2067,6 @@ external/wpt/html/webappapis/user-prompts/print-manual.html [ Skip ]
 # But will not change the existing behavior for Blink CORS when expectations are
 # changed for the spec update, other features side-effects, and so on.
 # TODO(cbur.com/870173): Double check following failed tests later.
-crbug.com/870173 external/wpt/fetch/metadata/appcache.tentative.https.sub.html [ Skip ]
-crbug.com/870173 external/wpt/fetch/metadata/redirect/redirect-http-upgrade.tentative.sub.html [ Skip ]
-crbug.com/870173 external/wpt/fetch/metadata/redirect/multiple-redirect-https-downgrade-upgrade.tentative.sub.html [ Skip ]
-crbug.com/870173 external/wpt/fetch/metadata/sec-fetch-dest/redirect/redirect-http-upgrade.tentative.sub.html [ Skip ]
-crbug.com/870173 external/wpt/fetch/metadata/sec-fetch-dest/redirect/multiple-redirect-https-downgrade-upgrade.tentative.sub.html [ Skip ]
 crbug.com/870173 external/wpt/resource-timing/cors-preflight.any.html [ Skip ]
 crbug.com/870173 external/wpt/resource-timing/cors-preflight.any.worker.html [ Skip ]
 crbug.com/870173 http/tests/devtools/console-xhr-logging.js [ Skip ]
@@ -2086,10 +2081,6 @@ crbug.com/870173 http/tests/security/script-crossorigin-redirect-credentials.htm
 crbug.com/870173 http/tests/xmlhttprequest/cross-origin-unsupported-url.html [ Skip ]
 crbug.com/870173 http/tests/xmlhttprequest/workers/cross-origin-unsupported-url.html [ Skip ]
 crbug.com/870173 mhtml/cid_in_html_resource.html [ Skip ]
-crbug.com/870173 virtual/omt-worker-fetch/external/wpt/fetch/metadata/redirect/redirect-http-upgrade.tentative.sub.html [ Skip ]
-crbug.com/870173 virtual/omt-worker-fetch/external/wpt/fetch/metadata/redirect/multiple-redirect-https-downgrade-upgrade.tentative.sub.html [ Skip ]
-crbug.com/870173 virtual/omt-worker-fetch/external/wpt/fetch/metadata/sec-fetch-dest/redirect/redirect-http-upgrade.tentative.sub.html [ Skip ]
-crbug.com/870173 virtual/omt-worker-fetch/external/wpt/fetch/metadata/sec-fetch-dest/redirect/multiple-redirect-https-downgrade-upgrade.tentative.sub.html [ Skip ]
 crbug.com/870173 virtual/omt-worker-fetch/external/wpt/resource-timing/cors-preflight.any.html [ Skip ]
 crbug.com/870173 virtual/omt-worker-fetch/external/wpt/resource-timing/cors-preflight.any.worker.html [ Skip ]
 crbug.com/870173 virtual/omt-worker-fetch/http/tests/workers/worker-redirect.html [ Skip ]

third_party/blink/web_tests/external/wpt/fetch/metadata/redirect/redirect-https-downgrade.tentative.sub-expected.txt

-This is a testharness.js-based test.
-PASS Https downgrade iframe
-PASS Https downgrade top level navigation
-PASS Https downgrade embed
-PASS Https downgrade fetch() api
-PASS Https downgrade object
-PASS Https downgrade prefetch => No headers
-PASS Https downgrade preload
-PASS Https downgrade stylesheet
-PASS Https downgrade track
-PASS Https downgrade image => No headers
-FAIL Https downgrade script => No headers assert_equals: mode expected "no-cors" but got ""
-PASS Https downgrade font => No headers
-Harness: the test ran to completion.
-

third_party/blink/web_tests/external/wpt/fetch/metadata/redirect/redirect-https-downgrade.tentative.sub.html

@@ -30,7 +30,7 @@
         let key = "font-https-downgrade";
         fetch("/fetch/metadata/resources/record-header.py?retrieve=true&file=" + key)
           .then(response => response.text())
-          .then(text => assert_header_equals(text, expected))
+          .then(text => assert_no_headers(text))
           .then(_ => resolve())
           .catch(e => reject(e));
       });
@@ -61,7 +61,7 @@
 <script>
   test(t => {
     t.add_cleanup(_ => { header = null; });
-    assert_header_equals(header, { "site": "cross-site", "user": "", "mode": "no-cors" });
+    assert_no_headers(header);
   }, "Https downgrade script => No headers");
 </script>
 </body>

third_party/blink/web_tests/external/wpt/fetch/metadata/resources/helper.js

@@ -32,6 +32,22 @@ function assert_header_equals(value, expected, tag) {
     assert_equals(value.user, expected.user, wrap_by_tag(tag, "user"));
 }
 
+/**
+ * @param {object} value
+ * @param {string} tag
+ **/
+function assert_no_headers(value, tag) {
+  if (typeof(value) === "string"){
+    if (value == "No header has been recorded") return;
+    value = JSON.parse(value);
+  }
+
+  assert_equals(value.mode, "", wrap_by_tag(tag, "mode"));
+  assert_equals(value.site, "", wrap_by_tag(tag, "site"));
+  if (expected.hasOwnProperty("user"))
+    assert_equals(value.user, "", wrap_by_tag(tag, "user"));
+}
+
 /**
  * @param {string} header
  * @param {object} value
@@ -67,7 +83,7 @@ function assert_header_dest_equals(value, expected, tag) {
 function fetch_record_header(key, expected, assert) {
   return fetch("/fetch/metadata/resources/record-header.py?retrieve=true&file=" + key)
       .then(response => response.text())
-      .then(text => assert(text, expected))
+      .then(text => assert(text, expected));
 }
 
 /**

third_party/blink/web_tests/external/wpt/fetch/metadata/resources/redirectTestHelper.sub.js

@@ -50,7 +50,7 @@ function RunCommonRedirectTests(testNamePrefix, urlHelperMethod, expectedResults
       }
       let expectation = { ...expectedResults };
       if (expectation['mode'] != '')
-        expectation['mode'] = 'nested-navigate';
+        expectation['mode'] = 'navigate';
       assert_header_equals(e.data, expectation);
       t.done();
     }));

third_party/blink/web_tests/external/wpt/fetch/metadata/resources/xslt-test.sub.xml

 <?xml version="1.0" encoding="UTF-8"?>
 <?xml-stylesheet href="https://{{host}}:{{ports[https][0]}}/fetch/metadata/resources/record-header.py?file=xslt-same-origin{{GET[token]}}" type="text/xsl" ?>
-<?xml-stylesheet href="https://{{hosts[][www]}}:{{ports[https][0]}}/fetch/metadata/resources/record-header.py?file=xslt-same-site{{GET[token]}}" type="text/xsl" ?>
-<?xml-stylesheet href="https://{{hosts[alt][www]}}:{{ports[https][0]}}/fetch/metadata/resources/record-header.py?file=xslt-cross-site{{GET[token]}}" type="text/xsl" ?>
+<!-- Only testing same-origin XSLT because same-site and cross-site XSLT is blocked. -->
 
 <!-- postMessage parent back when the resources are loaded -->
 <script xmlns="http://www.w3.org/1999/xhtml"><![CDATA[

third_party/blink/web_tests/external/wpt/fetch/metadata/sec-fetch-dest/redirect/multiple-redirect-https-downgrade-upgrade.tentative.sub.html

@@ -19,6 +19,7 @@
     <div id="fontTest">Downgraded then upgraded font</div>
     <script>
   let nonce = "{{$id}}";
+  let expected = { "dest": "", "site": "cross-site", "user": "", "mode": "cors" };
 
   // Validate various scenarios handle a request that redirects from https => http
   // correctly and avoids disclosure of any Sec- headers.

third_party/blink/web_tests/external/wpt/fetch/metadata/sec-fetch-dest/redirect/redirect-http-upgrade.tentative.sub.html

@@ -19,6 +19,7 @@
     <div id="fontTest">Upgraded font</div>
     <script>
   let nonce = "{{$id}}";
+  let expected = { "dest": "", "site": "cross-site", "user": "", "mode": "cors" };
 
   // Validate various scenarios handle a request that redirects from http => https correctly and add the proper Sec- headers.
   RunCommonRedirectTests("Http upgrade", upgradeRedirectTo, expected);

third_party/blink/web_tests/external/wpt/fetch/metadata/sec-fetch-dest/redirect/redirect-https-downgrade.tentative.sub-expected.txt

-This is a testharness.js-based test.
-Harness Error. harness_status.status = 1 , harness_status.message = Uncaught SyntaxError: Unexpected token 'return'
-Harness: the test ran to completion.
-

third_party/blink/web_tests/external/wpt/fetch/metadata/sec-fetch-dest/redirect/redirect-https-downgrade.tentative.sub.html

@@ -19,6 +19,7 @@
   <div id="fontTest">Downgraded font</div>
   <script>
   let nonce = token();
+  let expected = { "dest": "", "site": "", "user": "", "mode": "" };
 
   // Validate various scenarios handle a request that redirects from https => http correctly and avoids disclosure of any Sec- headers.
   RunCommonRedirectTests("Https downgrade", downgradeRedirectTo, expected);
@@ -32,24 +33,26 @@
     }, "Https downgrade font => No headers");
   });
 
-  promise_test(() =>
-    return requestViaImage(secureRedirectURL + encodeURIComponent("http://{{host}}:{{ports[http][0]}}/common/security-features/subresource/image.py"))
-      .then(result => {
-         headers = result.headers;
-         got = {
-           "dest": headers["sec-fetch-dest"]
-         };
-         // Note that we're using `undefined` here, as opposed to "" elsewhere because of the way
-         // that `image.py` encodes data.
-         assert_header_dest_equals(got, undefined);
-  }), "Https downgrade image => No headers");
+  promise_test(() => {
+    return requestViaImage(secureRedirectURL + encodeURIComponent(
+        "http://{{host}}:{{ports[http][0]}}/common/security-features/subresource/image.py"))
+        .then(result => {
+          headers = result.headers;
+          got = {
+            "dest": headers["sec-fetch-dest"]
+          };
+          // Note that we're using `undefined` here, as opposed to "" elsewhere because of the way
+          // that `image.py` encodes data.
+          assert_header_dest_equals(got, undefined);
+        });
+  }, "Https downgrade image => No headers");
 </script>
 
 <script src="https://{{host}}:{{ports[https][0]}}/fetch/api/resources/redirect.py?location=http%3A%2F%2F{{host}}%3A{{ports[http][0]}}%2Ffetch%2Fmetadata%2Fresources%2Fecho-as-script.py"></script>
 <script>
   test(t => {
     t.add_cleanup(_ => { header = null; });
-    assert_header_dest_equals(header, "");
+    assert_no_headers(header);
   }, "Https downgrade script => No headers");
 </script>
 </body>

third_party/blink/web_tests/external/wpt/fetch/metadata/sec-fetch-dest/xslt.tentative.https.sub-expected.txt

-This is a testharness.js-based test.
-PASS Same-Origin xslt
-FAIL Same-site xslt assert_not_equals: got disallowed value "No header has been recorded"
-FAIL Cross-site xslt assert_not_equals: got disallowed value "No header has been recorded"
-Harness: the test ran to completion.
-

third_party/blink/web_tests/external/wpt/fetch/metadata/sec-fetch-dest/xslt.tentative.https.sub.html

@@ -17,14 +17,6 @@
       return fetch_record_header("xslt-same-origin" + nonce, "xslt", assert_header_dest_equals);
     }, "Same-Origin xslt");
 
-    promise_test(t => {
-      return fetch_record_header("xslt-same-site" + nonce, "xslt", assert_header_dest_equals);
-    }, "Same-site xslt");
-
-    promise_test(t => {
-      return fetch_record_header("xslt-cross-site" + nonce, "xslt", assert_header_dest_equals);
-    }, "Cross-site xslt");
-
     w.close();
   });
 

third_party/blink/web_tests/external/wpt/fetch/metadata/xslt.tentative.https.sub-expected.txt

-This is a testharness.js-based test.
-PASS Same-Origin xslt
-FAIL Same-site xslt assert_not_equals: got disallowed value "No header has been recorded"
-FAIL Cross-site xslt assert_not_equals: got disallowed value "No header has been recorded"
-Harness: the test ran to completion.
-

third_party/blink/web_tests/external/wpt/fetch/metadata/xslt.tentative.https.sub.html

@@ -13,6 +13,7 @@
     if (e.source != w)
       return;
 
+    // Only testing same-origin XSLT because same-site and cross-site XSLT is blocked.
     promise_test(t => {
       let expected = {"site":"same-origin", "user":"", "mode": "same-origin"};
       return fetch("/fetch/metadata/resources/record-header.py?retrieve=true&file=xslt-same-origin" + nonce)
@@ -20,20 +21,6 @@
           .then(text => assert_header_equals(text, expected));
     }, "Same-Origin xslt");
 
-    promise_test(t => {
-      let expected = {"site":"same-site", "user":"", "mode": "no-cors"};
-      return fetch("/fetch/metadata/resources/record-header.py?retrieve=true&file=xslt-same-site" + nonce)
-          .then(response => response.text())
-          .then(text => assert_header_equals(text, expected));
-    }, "Same-site xslt");
-
-    promise_test(t => {
-      let expected = {"site":"cross-site", "user":"", "mode": "no-cors"};
-      return fetch("/fetch/metadata/resources/record-header.py?retrieve=true&file=xslt-cross-site" + nonce)
-          .then(response => response.text())
-          .then(text => assert_header_equals(text, expected));
-    }, "Cross-site xslt");
-
     w.close();
   });