Invert use of feature policy in Origin Policy WPT.

With an upcoming change to Feature/Permissions Policy, the header
alone will no longer be sufficient to delegate permissions to use
powerful features in subframes. The iframe allow attribute must
be used in conjunction with it. The header can still be used to
block delegation.

This change updates the Origin Policy WPTs to use the header to block
features, rather than to implicitly allow them, which as a test
mechanism, will work both before and after the behaviour change.

Bug: 1095641
Change-Id: I3e40480a23ebaea942df661b9a3ff233d108e495
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2425003Reviewed-by: Domenic Denicola <domenic@chromium.org>
Commit-Queue: Ian Clelland <iclelland@chromium.org>
Cr-Commit-Position: refs/heads/master@{#809801}

third_party/blink/web_tests/external/wpt/origin-policy/features/non-object.https.html

@@ -11,6 +11,6 @@
 "use strict";
 runTestsInSubframe({
   hostname: "op5",
-  testJS: "resources/no-camera-no-geolocation.mjs"
+  testJS: "resources/yes-camera-yes-geolocation.mjs"
 });
 </script>

third_party/blink/web_tests/external/wpt/origin-policy/features/non-string.https.html

@@ -11,6 +11,6 @@
 "use strict";
 runTestsInSubframe({
   hostname: "op6",
-  testJS: "resources/no-camera-no-geolocation.mjs"
+  testJS: "resources/yes-camera-yes-geolocation.mjs"
 });
 </script>

third_party/blink/web_tests/external/wpt/origin-policy/features/resources/helper.mjs

@@ -2,7 +2,7 @@
 
 export function runFPTest({ camera, geolocation }) {
   test(() => {
-    assert_equals(document.featurePolicy.allowsFeature('camera', 'https://example.com/'), camera, 'camera');
-    assert_equals(document.featurePolicy.allowsFeature('geolocation', 'https://example.com/'), geolocation, 'geolocation');
+    assert_equals(document.featurePolicy.allowsFeature('camera'), camera, 'camera');
+    assert_equals(document.featurePolicy.allowsFeature('geolocation'), geolocation, 'geolocation');
   });
 }

third_party/blink/web_tests/external/wpt/origin-policy/features/valid-with-semicolon.https.html

@@ -11,6 +11,6 @@
 "use strict";
 runTestsInSubframe({
   hostname: "op10",
-  testJS: "resources/yes-camera-yes-geolocation.mjs"
+  testJS: "resources/no-camera-yes-geolocation.mjs"
 });
 </script>

third_party/blink/web_tests/external/wpt/origin-policy/policies/op10 cspfp-valid.json

@@ -8,6 +8,6 @@
     ]
   },
   "features": {
-    "policy": "camera 'self' https://example.com/; geolocation 'self' https://example.com/"
+    "policy": "camera 'none'; geolocation 'self' https://example.com/"
   }
 }

third_party/blink/web_tests/external/wpt/origin-policy/policies/op2 cspfp-double-top-level.json

@@ -13,9 +13,9 @@
     ]
   },
   "features": {
-    "policy": "camera 'self' https://example.com/"
+    "policy": "geolocation 'none'"
   },
   "features": {
-    "policy": "geolocation 'self' https://example.com/"
+    "policy": "camera 'none'"
   }
 }

third_party/blink/web_tests/external/wpt/origin-policy/policies/op5 cspfp-non-object.json

@@ -5,5 +5,5 @@
   "content_security": [
     "script-src 'self' 'unsafe-inline'"
   ],
-  "features": "camera 'self' https://example.com/"
+  "features": "camera 'none'"
 }

third_party/blink/web_tests/external/wpt/origin-policy/policies/op6 cspfp-non-string.json

@@ -11,7 +11,7 @@
   },
   "features": {
     "policy": [
-      "camera 'self' https://example.com/"
+      "camera 'none'"
     ]
   }
 }