service worker: Add tests for canvas tainting from video.

R=horo Bug: 780435 Change-Id: Ie8ae9cf8dca55f122a7b4a984ca0a96035b0099f Reviewed-on: https://chromium-review.googlesource.com/892683Reviewed-by: Tsuyoshi Horo <horo@chromium.org> Commit-Queue: Matt Falkenhagen <falken@chromium.org> Cr-Commit-Position: refs/heads/master@{#532814}

service worker: Add tests for canvas tainting from video.
R=horo Bug: 780435 Change-Id: Ie8ae9cf8dca55f122a7b4a984ca0a96035b0099f Reviewed-on: https://chromium-review.googlesource.com/892683Reviewed-by: Tsuyoshi Horo <horo@chromium.org> Commit-Queue: Matt Falkenhagen <falken@chromium.org> Cr-Commit-Position: refs/heads/master@{#532814}
b5206977 · Matt Falkenhagen · Commit Bot · ffc086c7 · b5206977 · b5206977
Commit b5206977 authored Jan 30, 2018 by Matt Falkenhagen Committed by Commit Bot Jan 30, 2018
10 changed files
--- a/third_party/WebKit/LayoutTests/TestExpectations
+++ b/third_party/WebKit/LayoutTests/TestExpectations
@@ -681,8 +681,10 @@ crbug.com/736308 virtual/outofblink-cors/external/wpt/service-workers/service-wo
 crbug.com/736308 virtual/outofblink-cors/external/wpt/service-workers/service-worker/sandboxed-iframe-fetch-event.https.html [ Timeout ]
 # Failing tests in dictionary order.
-crbug.com/736308 virtual/outofblink-cors/external/wpt/service-workers/service-worker/fetch-canvas-tainting-cache.https.html [ Failure ]
+crbug.com/736308 virtual/outofblink-cors/external/wpt/service-workers/service-worker/fetch-canvas-tainting-image-cache.https.html [ Failure ]
-crbug.com/736308 virtual/outofblink-cors/external/wpt/service-workers/service-worker/fetch-canvas-tainting.https.html [ Failure ]
+crbug.com/736308 virtual/outofblink-cors/external/wpt/service-workers/service-worker/fetch-canvas-tainting-image.https.html [ Failure ]
+crbug.com/736308 virtual/outofblink-cors/external/wpt/service-workers/service-worker/fetch-canvas-tainting-video-cache.https.html [ Failure ]
+crbug.com/736308 virtual/outofblink-cors/external/wpt/service-workers/service-worker/fetch-canvas-tainting-video.https.html [ Failure ]
 crbug.com/736308 virtual/outofblink-cors/external/wpt/service-workers/service-worker/fetch-event-referrer-policy.https.html [ Failure ]
 crbug.com/736308 virtual/outofblink-cors/external/wpt/service-workers/service-worker/fetch-request-html-imports.https.html [ Failure ]
 crbug.com/736308 virtual/outofblink-cors/external/wpt/service-workers/service-worker/fetch-request-xhr.https.html [ Failure ]

--- a/third_party/WebKit/LayoutTests/external/wpt/service-workers/service-worker/fetch-canvas-tainting-cache.https.html
+++ b/third_party/WebKit/LayoutTests/external/wpt/service-workers/service-worker/fetch-canvas-tainting-cache.https.html
 <!DOCTYPE html>
+<meta charset="utf-8">
 <title>Service Worker: canvas tainting of the fetched image using cached responses</title>
 <script src="/resources/testharness.js"></script>
 <script src="/resources/testharnessreport.js"></script>

--- a/third_party/WebKit/LayoutTests/external/wpt/service-workers/service-worker/fetch-canvas-tainting.https.html
+++ b/third_party/WebKit/LayoutTests/external/wpt/service-workers/service-worker/fetch-canvas-tainting.https.html
 <!DOCTYPE html>
+<meta charset="utf-8">
 <title>Service Worker: canvas tainting of the fetched image</title>
 <script src="/resources/testharness.js"></script>
 <script src="/resources/testharnessreport.js"></script>

--- a/third_party/WebKit/LayoutTests/external/wpt/service-workers/service-worker/fetch-canvas-tainting-video-cache.https-expected.txt
+++ b/third_party/WebKit/LayoutTests/external/wpt/service-workers/service-worker/fetch-canvas-tainting-video-cache.https-expected.txt
+This is a testharness.js-based test.
+PASS initialize global state
+PASS url "https://web-platform.test:8444/service-workers/service-worker/resources/fetch-access-control.py?VIDEO&cache=true&reject" with crossOrigin "" should be LOAD_ERROR
+PASS url "https://web-platform.test:8444/service-workers/service-worker/resources/fetch-access-control.py?VIDEO&cache=true&reject" with crossOrigin "anonymous" should be LOAD_ERROR
+PASS url "https://web-platform.test:8444/service-workers/service-worker/resources/fetch-access-control.py?VIDEO&cache=true&reject" with crossOrigin "use-credentials" should be LOAD_ERROR
+PASS url "https://web-platform.test:8444/service-workers/service-worker/resources/fetch-access-control.py?VIDEO&cache=true&ignore" with crossOrigin "" should be NOT_TAINTED
+PASS url "https://www1.web-platform.test:8444/service-workers/service-worker/resources/fetch-access-control.py?VIDEO&cache=true&ignore" with crossOrigin "" should be TAINTED
+PASS url "https://www1.web-platform.test:8444/service-workers/service-worker/resources/fetch-access-control.py?VIDEO&cache=true&ignore" with crossOrigin "anonymous" should be LOAD_ERROR
+PASS url "https://www1.web-platform.test:8444/service-workers/service-worker/resources/fetch-access-control.py?VIDEO&cache=true&ACAOrigin=https://web-platform.test:8444&ignore" with crossOrigin "anonymous" should be NOT_TAINTED
+PASS url "https://www1.web-platform.test:8444/service-workers/service-worker/resources/fetch-access-control.py?VIDEO&cache=true&ignore" with crossOrigin "use-credentials" should be LOAD_ERROR
+PASS url "https://www1.web-platform.test:8444/service-workers/service-worker/resources/fetch-access-control.py?VIDEO&cache=true&ACAOrigin=https://web-platform.test:8444&ignore" with crossOrigin "use-credentials" should be LOAD_ERROR
+PASS url "https://www1.web-platform.test:8444/service-workers/service-worker/resources/fetch-access-control.py?VIDEO&cache=true&ACAOrigin=https://web-platform.test:8444&ACACredentials=true&ignore" with crossOrigin "use-credentials" should be NOT_TAINTED
+PASS url "https://web-platform.test:8444/service-workers/service-worker/resources/fetch-access-control.py?VIDEO&cache=true&Auth&ignore" with crossOrigin "" should be NOT_TAINTED
+PASS url "https://www1.web-platform.test:8444/service-workers/service-worker/resources/fetch-access-control.py?VIDEO&cache=true&Auth&ignore" with crossOrigin "" should be TAINTED
+PASS url "https://www1.web-platform.test:8444/service-workers/service-worker/resources/fetch-access-control.py?VIDEO&cache=true&Auth&ignore" with crossOrigin "anonymous" should be LOAD_ERROR
+PASS url "https://www1.web-platform.test:8444/service-workers/service-worker/resources/fetch-access-control.py?VIDEO&cache=true&Auth&ignore" with crossOrigin "use-credentials" should be LOAD_ERROR
+PASS url "https://www1.web-platform.test:8444/service-workers/service-worker/resources/fetch-access-control.py?VIDEO&cache=true&Auth&ACAOrigin=https://web-platform.test:8444&ignore" with crossOrigin "use-credentials" should be LOAD_ERROR
+PASS url "https://www1.web-platform.test:8444/service-workers/service-worker/resources/fetch-access-control.py?VIDEO&cache=true&Auth&ACAOrigin=https://web-platform.test:8444&ACACredentials=true&ignore" with crossOrigin "use-credentials" should be NOT_TAINTED
+PASS url "https://web-platform.test:8444/service-workers/service-worker/resources/fetch-access-control.py?VIDEO&cache=true&mode=same-origin&url=https%3A%2F%2Fweb-platform.test%3A8444%2Fservice-workers%2Fservice-worker%2Fresources%2Ffetch-access-control.py%3FVIDEO%26cache%3Dtrue" with crossOrigin "" should be NOT_TAINTED
+PASS url "https://web-platform.test:8444/service-workers/service-worker/resources/fetch-access-control.py?VIDEO&cache=true&mode=same-origin&url=https%3A%2F%2Fweb-platform.test%3A8444%2Fservice-workers%2Fservice-worker%2Fresources%2Ffetch-access-control.py%3FVIDEO%26cache%3Dtrue" with crossOrigin "anonymous" should be NOT_TAINTED
+PASS url "https://web-platform.test:8444/service-workers/service-worker/resources/fetch-access-control.py?VIDEO&cache=true&mode=same-origin&url=https%3A%2F%2Fweb-platform.test%3A8444%2Fservice-workers%2Fservice-worker%2Fresources%2Ffetch-access-control.py%3FVIDEO%26cache%3Dtrue" with crossOrigin "use-credentials" should be NOT_TAINTED
+FAIL url "https://www1.web-platform.test:8444/service-workers/service-worker/resources/fetch-access-control.py?VIDEO&cache=true&mode=same-origin&url=https%3A%2F%2Fweb-platform.test%3A8444%2Fservice-workers%2Fservice-worker%2Fresources%2Ffetch-access-control.py%3FVIDEO%26cache%3Dtrue" with crossOrigin "" should be NOT_TAINTED assert_equals: expected "NOT_TAINTED" but got "TAINTED"
+PASS url "https://www1.web-platform.test:8444/service-workers/service-worker/resources/fetch-access-control.py?VIDEO&cache=true&mode=same-origin&url=https%3A%2F%2Fweb-platform.test%3A8444%2Fservice-workers%2Fservice-worker%2Fresources%2Ffetch-access-control.py%3FVIDEO%26cache%3Dtrue" with crossOrigin "anonymous" should be NOT_TAINTED
+PASS url "https://www1.web-platform.test:8444/service-workers/service-worker/resources/fetch-access-control.py?VIDEO&cache=true&mode=same-origin&url=https%3A%2F%2Fweb-platform.test%3A8444%2Fservice-workers%2Fservice-worker%2Fresources%2Ffetch-access-control.py%3FVIDEO%26cache%3Dtrue" with crossOrigin "use-credentials" should be NOT_TAINTED
+FAIL url "https://web-platform.test:8444/service-workers/service-worker/resources/fetch-access-control.py?VIDEO&cache=true&mode=no-cors&url=https%3A%2F%2Fwww1.web-platform.test%3A8444%2Fservice-workers%2Fservice-worker%2Fresources%2Ffetch-access-control.py%3FVIDEO%26cache%3Dtrue" with crossOrigin "" should be TAINTED assert_equals: expected "TAINTED" but got "NOT_TAINTED"
+PASS url "https://web-platform.test:8444/service-workers/service-worker/resources/fetch-access-control.py?VIDEO&cache=true&mode=no-cors&url=https%3A%2F%2Fwww1.web-platform.test%3A8444%2Fservice-workers%2Fservice-worker%2Fresources%2Ffetch-access-control.py%3FVIDEO%26cache%3Dtrue" with crossOrigin "anonymous" should be LOAD_ERROR
+PASS url "https://web-platform.test:8444/service-workers/service-worker/resources/fetch-access-control.py?VIDEO&cache=true&mode=no-cors&url=https%3A%2F%2Fwww1.web-platform.test%3A8444%2Fservice-workers%2Fservice-worker%2Fresources%2Ffetch-access-control.py%3FVIDEO%26cache%3Dtrue" with crossOrigin "use-credentials" should be LOAD_ERROR
+PASS url "https://www1.web-platform.test:8444/service-workers/service-worker/resources/fetch-access-control.py?VIDEO&cache=true&mode=no-cors&url=https%3A%2F%2Fwww1.web-platform.test%3A8444%2Fservice-workers%2Fservice-worker%2Fresources%2Ffetch-access-control.py%3FVIDEO%26cache%3Dtrue" with crossOrigin "" should be TAINTED
+PASS url "https://www1.web-platform.test:8444/service-workers/service-worker/resources/fetch-access-control.py?VIDEO&cache=true&mode=no-cors&url=https%3A%2F%2Fwww1.web-platform.test%3A8444%2Fservice-workers%2Fservice-worker%2Fresources%2Ffetch-access-control.py%3FVIDEO%26cache%3Dtrue" with crossOrigin "anonymous" should be LOAD_ERROR
+PASS url "https://www1.web-platform.test:8444/service-workers/service-worker/resources/fetch-access-control.py?VIDEO&cache=true&mode=no-cors&url=https%3A%2F%2Fwww1.web-platform.test%3A8444%2Fservice-workers%2Fservice-worker%2Fresources%2Ffetch-access-control.py%3FVIDEO%26cache%3Dtrue" with crossOrigin "use-credentials" should be LOAD_ERROR
+PASS url "https://web-platform.test:8444/service-workers/service-worker/resources/fetch-access-control.py?VIDEO&cache=true&mode=cors&url=https%3A%2F%2Fwww1.web-platform.test%3A8444%2Fservice-workers%2Fservice-worker%2Fresources%2Ffetch-access-control.py%3FVIDEO%26cache%3Dtrue%26ACAOrigin%3Dhttps%3A%2F%2Fweb-platform.test%3A8444" with crossOrigin "" should be LOAD_ERROR
+PASS url "https://web-platform.test:8444/service-workers/service-worker/resources/fetch-access-control.py?VIDEO&cache=true&mode=cors&credentials=same-origin&url=https%3A%2F%2Fwww1.web-platform.test%3A8444%2Fservice-workers%2Fservice-worker%2Fresources%2Ffetch-access-control.py%3FVIDEO%26cache%3Dtrue%26ACAOrigin%3Dhttps%3A%2F%2Fweb-platform.test%3A8444" with crossOrigin "" should be NOT_TAINTED
+PASS url "https://web-platform.test:8444/service-workers/service-worker/resources/fetch-access-control.py?VIDEO&cache=true&mode=cors&url=https%3A%2F%2Fwww1.web-platform.test%3A8444%2Fservice-workers%2Fservice-worker%2Fresources%2Ffetch-access-control.py%3FVIDEO%26cache%3Dtrue%26ACAOrigin%3Dhttps%3A%2F%2Fweb-platform.test%3A8444" with crossOrigin "anonymous" should be NOT_TAINTED
+PASS url "https://web-platform.test:8444/service-workers/service-worker/resources/fetch-access-control.py?VIDEO&cache=true&mode=cors&url=https%3A%2F%2Fwww1.web-platform.test%3A8444%2Fservice-workers%2Fservice-worker%2Fresources%2Ffetch-access-control.py%3FVIDEO%26cache%3Dtrue%26ACAOrigin%3Dhttps%3A%2F%2Fweb-platform.test%3A8444" with crossOrigin "use-credentials" should be LOAD_ERROR
+PASS url "https://web-platform.test:8444/service-workers/service-worker/resources/fetch-access-control.py?VIDEO&cache=true&mode=cors&url=https%3A%2F%2Fwww1.web-platform.test%3A8444%2Fservice-workers%2Fservice-worker%2Fresources%2Ffetch-access-control.py%3FVIDEO%26cache%3Dtrue%26ACACredentials%3Dtrue%26ACAOrigin%3Dhttps%3A%2F%2Fweb-platform.test%3A8444" with crossOrigin "use-credentials" should be NOT_TAINTED
+PASS url "https://www1.web-platform.test:8444/service-workers/service-worker/resources/fetch-access-control.py?VIDEO&cache=true&mode=cors&url=https%3A%2F%2Fwww1.web-platform.test%3A8444%2Fservice-workers%2Fservice-worker%2Fresources%2Ffetch-access-control.py%3FVIDEO%26cache%3Dtrue%26ACAOrigin%3Dhttps%3A%2F%2Fweb-platform.test%3A8444" with crossOrigin "" should be LOAD_ERROR
+FAIL url "https://www1.web-platform.test:8444/service-workers/service-worker/resources/fetch-access-control.py?VIDEO&cache=true&mode=cors&credentials=same-origin&url=https%3A%2F%2Fwww1.web-platform.test%3A8444%2Fservice-workers%2Fservice-worker%2Fresources%2Ffetch-access-control.py%3FVIDEO%26cache%3Dtrue%26ACAOrigin%3Dhttps%3A%2F%2Fweb-platform.test%3A8444" with crossOrigin "" should be NOT_TAINTED assert_equals: expected "NOT_TAINTED" but got "TAINTED"
+PASS url "https://www1.web-platform.test:8444/service-workers/service-worker/resources/fetch-access-control.py?VIDEO&cache=true&mode=cors&url=https%3A%2F%2Fwww1.web-platform.test%3A8444%2Fservice-workers%2Fservice-worker%2Fresources%2Ffetch-access-control.py%3FVIDEO%26cache%3Dtrue%26ACAOrigin%3Dhttps%3A%2F%2Fweb-platform.test%3A8444" with crossOrigin "anonymous" should be NOT_TAINTED
+PASS url "https://www1.web-platform.test:8444/service-workers/service-worker/resources/fetch-access-control.py?VIDEO&cache=true&mode=cors&url=https%3A%2F%2Fwww1.web-platform.test%3A8444%2Fservice-workers%2Fservice-worker%2Fresources%2Ffetch-access-control.py%3FVIDEO%26cache%3Dtrue%26ACAOrigin%3Dhttps%3A%2F%2Fweb-platform.test%3A8444" with crossOrigin "use-credentials" should be LOAD_ERROR
+PASS url "https://www1.web-platform.test:8444/service-workers/service-worker/resources/fetch-access-control.py?VIDEO&cache=true&mode=cors&url=https%3A%2F%2Fwww1.web-platform.test%3A8444%2Fservice-workers%2Fservice-worker%2Fresources%2Ffetch-access-control.py%3FVIDEO%26cache%3Dtrue%26ACACredentials%3Dtrue%26ACAOrigin%3Dhttps%3A%2F%2Fweb-platform.test%3A8444" with crossOrigin "use-credentials" should be NOT_TAINTED
+PASS restore global state
+Harness: the test ran to completion.
--- a/third_party/WebKit/LayoutTests/external/wpt/service-workers/service-worker/fetch-canvas-tainting-video-cache.https.html
+++ b/third_party/WebKit/LayoutTests/external/wpt/service-workers/service-worker/fetch-canvas-tainting-video-cache.https.html
+<!DOCTYPE html>
+<meta charset="utf-8">
+<title>Service Worker: canvas tainting of the fetched video using cache responses</title>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+<script src="/common/get-host-info.sub.js"></script>
+<script src="resources/test-helpers.sub.js?pipe=sub"></script>
+<script src="resources/fetch-canvas-tainting-tests.js"></script>
+<body>
+<script>
+do_canvas_tainting_tests({
+  resource_path: base_path() + 'resources/fetch-access-control.py?VIDEO',
+  cache: true
+});
+</script>
+</body>
--- a/third_party/WebKit/LayoutTests/external/wpt/service-workers/service-worker/fetch-canvas-tainting-video.https-expected.txt
+++ b/third_party/WebKit/LayoutTests/external/wpt/service-workers/service-worker/fetch-canvas-tainting-video.https-expected.txt
+This is a testharness.js-based test.
+PASS initialize global state
+PASS url "https://web-platform.test:8444/service-workers/service-worker/resources/fetch-access-control.py?VIDEO&reject" with crossOrigin "" should be LOAD_ERROR
+PASS url "https://web-platform.test:8444/service-workers/service-worker/resources/fetch-access-control.py?VIDEO&reject" with crossOrigin "anonymous" should be LOAD_ERROR
+PASS url "https://web-platform.test:8444/service-workers/service-worker/resources/fetch-access-control.py?VIDEO&reject" with crossOrigin "use-credentials" should be LOAD_ERROR
+PASS url "https://web-platform.test:8444/service-workers/service-worker/resources/fetch-access-control.py?VIDEO&ignore" with crossOrigin "" should be NOT_TAINTED
+PASS url "https://www1.web-platform.test:8444/service-workers/service-worker/resources/fetch-access-control.py?VIDEO&ignore" with crossOrigin "" should be TAINTED
+PASS url "https://www1.web-platform.test:8444/service-workers/service-worker/resources/fetch-access-control.py?VIDEO&ignore" with crossOrigin "anonymous" should be LOAD_ERROR
+PASS url "https://www1.web-platform.test:8444/service-workers/service-worker/resources/fetch-access-control.py?VIDEO&ACAOrigin=https://web-platform.test:8444&ignore" with crossOrigin "anonymous" should be NOT_TAINTED
+PASS url "https://www1.web-platform.test:8444/service-workers/service-worker/resources/fetch-access-control.py?VIDEO&ignore" with crossOrigin "use-credentials" should be LOAD_ERROR
+PASS url "https://www1.web-platform.test:8444/service-workers/service-worker/resources/fetch-access-control.py?VIDEO&ACAOrigin=https://web-platform.test:8444&ignore" with crossOrigin "use-credentials" should be LOAD_ERROR
+PASS url "https://www1.web-platform.test:8444/service-workers/service-worker/resources/fetch-access-control.py?VIDEO&ACAOrigin=https://web-platform.test:8444&ACACredentials=true&ignore" with crossOrigin "use-credentials" should be NOT_TAINTED
+PASS url "https://web-platform.test:8444/service-workers/service-worker/resources/fetch-access-control.py?VIDEO&Auth&ignore" with crossOrigin "" should be NOT_TAINTED
+PASS url "https://www1.web-platform.test:8444/service-workers/service-worker/resources/fetch-access-control.py?VIDEO&Auth&ignore" with crossOrigin "" should be TAINTED
+PASS url "https://www1.web-platform.test:8444/service-workers/service-worker/resources/fetch-access-control.py?VIDEO&Auth&ignore" with crossOrigin "anonymous" should be LOAD_ERROR
+PASS url "https://www1.web-platform.test:8444/service-workers/service-worker/resources/fetch-access-control.py?VIDEO&Auth&ignore" with crossOrigin "use-credentials" should be LOAD_ERROR
+PASS url "https://www1.web-platform.test:8444/service-workers/service-worker/resources/fetch-access-control.py?VIDEO&Auth&ACAOrigin=https://web-platform.test:8444&ignore" with crossOrigin "use-credentials" should be LOAD_ERROR
+PASS url "https://www1.web-platform.test:8444/service-workers/service-worker/resources/fetch-access-control.py?VIDEO&Auth&ACAOrigin=https://web-platform.test:8444&ACACredentials=true&ignore" with crossOrigin "use-credentials" should be NOT_TAINTED
+PASS url "https://web-platform.test:8444/service-workers/service-worker/resources/fetch-access-control.py?VIDEO&mode=same-origin&url=https%3A%2F%2Fweb-platform.test%3A8444%2Fservice-workers%2Fservice-worker%2Fresources%2Ffetch-access-control.py%3FVIDEO" with crossOrigin "" should be NOT_TAINTED
+PASS url "https://web-platform.test:8444/service-workers/service-worker/resources/fetch-access-control.py?VIDEO&mode=same-origin&url=https%3A%2F%2Fweb-platform.test%3A8444%2Fservice-workers%2Fservice-worker%2Fresources%2Ffetch-access-control.py%3FVIDEO" with crossOrigin "anonymous" should be NOT_TAINTED
+PASS url "https://web-platform.test:8444/service-workers/service-worker/resources/fetch-access-control.py?VIDEO&mode=same-origin&url=https%3A%2F%2Fweb-platform.test%3A8444%2Fservice-workers%2Fservice-worker%2Fresources%2Ffetch-access-control.py%3FVIDEO" with crossOrigin "use-credentials" should be NOT_TAINTED
+FAIL url "https://www1.web-platform.test:8444/service-workers/service-worker/resources/fetch-access-control.py?VIDEO&mode=same-origin&url=https%3A%2F%2Fweb-platform.test%3A8444%2Fservice-workers%2Fservice-worker%2Fresources%2Ffetch-access-control.py%3FVIDEO" with crossOrigin "" should be NOT_TAINTED assert_equals: expected "NOT_TAINTED" but got "TAINTED"
+PASS url "https://www1.web-platform.test:8444/service-workers/service-worker/resources/fetch-access-control.py?VIDEO&mode=same-origin&url=https%3A%2F%2Fweb-platform.test%3A8444%2Fservice-workers%2Fservice-worker%2Fresources%2Ffetch-access-control.py%3FVIDEO" with crossOrigin "anonymous" should be NOT_TAINTED
+PASS url "https://www1.web-platform.test:8444/service-workers/service-worker/resources/fetch-access-control.py?VIDEO&mode=same-origin&url=https%3A%2F%2Fweb-platform.test%3A8444%2Fservice-workers%2Fservice-worker%2Fresources%2Ffetch-access-control.py%3FVIDEO" with crossOrigin "use-credentials" should be NOT_TAINTED
+FAIL url "https://web-platform.test:8444/service-workers/service-worker/resources/fetch-access-control.py?VIDEO&mode=no-cors&url=https%3A%2F%2Fwww1.web-platform.test%3A8444%2Fservice-workers%2Fservice-worker%2Fresources%2Ffetch-access-control.py%3FVIDEO" with crossOrigin "" should be TAINTED assert_equals: expected "TAINTED" but got "NOT_TAINTED"
+PASS url "https://web-platform.test:8444/service-workers/service-worker/resources/fetch-access-control.py?VIDEO&mode=no-cors&url=https%3A%2F%2Fwww1.web-platform.test%3A8444%2Fservice-workers%2Fservice-worker%2Fresources%2Ffetch-access-control.py%3FVIDEO" with crossOrigin "anonymous" should be LOAD_ERROR
+PASS url "https://web-platform.test:8444/service-workers/service-worker/resources/fetch-access-control.py?VIDEO&mode=no-cors&url=https%3A%2F%2Fwww1.web-platform.test%3A8444%2Fservice-workers%2Fservice-worker%2Fresources%2Ffetch-access-control.py%3FVIDEO" with crossOrigin "use-credentials" should be LOAD_ERROR
+PASS url "https://www1.web-platform.test:8444/service-workers/service-worker/resources/fetch-access-control.py?VIDEO&mode=no-cors&url=https%3A%2F%2Fwww1.web-platform.test%3A8444%2Fservice-workers%2Fservice-worker%2Fresources%2Ffetch-access-control.py%3FVIDEO" with crossOrigin "" should be TAINTED
+PASS url "https://www1.web-platform.test:8444/service-workers/service-worker/resources/fetch-access-control.py?VIDEO&mode=no-cors&url=https%3A%2F%2Fwww1.web-platform.test%3A8444%2Fservice-workers%2Fservice-worker%2Fresources%2Ffetch-access-control.py%3FVIDEO" with crossOrigin "anonymous" should be LOAD_ERROR
+PASS url "https://www1.web-platform.test:8444/service-workers/service-worker/resources/fetch-access-control.py?VIDEO&mode=no-cors&url=https%3A%2F%2Fwww1.web-platform.test%3A8444%2Fservice-workers%2Fservice-worker%2Fresources%2Ffetch-access-control.py%3FVIDEO" with crossOrigin "use-credentials" should be LOAD_ERROR
+PASS url "https://web-platform.test:8444/service-workers/service-worker/resources/fetch-access-control.py?VIDEO&mode=cors&url=https%3A%2F%2Fwww1.web-platform.test%3A8444%2Fservice-workers%2Fservice-worker%2Fresources%2Ffetch-access-control.py%3FVIDEO%26ACAOrigin%3Dhttps%3A%2F%2Fweb-platform.test%3A8444" with crossOrigin "" should be LOAD_ERROR
+PASS url "https://web-platform.test:8444/service-workers/service-worker/resources/fetch-access-control.py?VIDEO&mode=cors&credentials=same-origin&url=https%3A%2F%2Fwww1.web-platform.test%3A8444%2Fservice-workers%2Fservice-worker%2Fresources%2Ffetch-access-control.py%3FVIDEO%26ACAOrigin%3Dhttps%3A%2F%2Fweb-platform.test%3A8444" with crossOrigin "" should be NOT_TAINTED
+PASS url "https://web-platform.test:8444/service-workers/service-worker/resources/fetch-access-control.py?VIDEO&mode=cors&url=https%3A%2F%2Fwww1.web-platform.test%3A8444%2Fservice-workers%2Fservice-worker%2Fresources%2Ffetch-access-control.py%3FVIDEO%26ACAOrigin%3Dhttps%3A%2F%2Fweb-platform.test%3A8444" with crossOrigin "anonymous" should be NOT_TAINTED
+PASS url "https://web-platform.test:8444/service-workers/service-worker/resources/fetch-access-control.py?VIDEO&mode=cors&url=https%3A%2F%2Fwww1.web-platform.test%3A8444%2Fservice-workers%2Fservice-worker%2Fresources%2Ffetch-access-control.py%3FVIDEO%26ACAOrigin%3Dhttps%3A%2F%2Fweb-platform.test%3A8444" with crossOrigin "use-credentials" should be LOAD_ERROR
+PASS url "https://web-platform.test:8444/service-workers/service-worker/resources/fetch-access-control.py?VIDEO&mode=cors&url=https%3A%2F%2Fwww1.web-platform.test%3A8444%2Fservice-workers%2Fservice-worker%2Fresources%2Ffetch-access-control.py%3FVIDEO%26ACACredentials%3Dtrue%26ACAOrigin%3Dhttps%3A%2F%2Fweb-platform.test%3A8444" with crossOrigin "use-credentials" should be NOT_TAINTED
+PASS url "https://www1.web-platform.test:8444/service-workers/service-worker/resources/fetch-access-control.py?VIDEO&mode=cors&url=https%3A%2F%2Fwww1.web-platform.test%3A8444%2Fservice-workers%2Fservice-worker%2Fresources%2Ffetch-access-control.py%3FVIDEO%26ACAOrigin%3Dhttps%3A%2F%2Fweb-platform.test%3A8444" with crossOrigin "" should be LOAD_ERROR
+FAIL url "https://www1.web-platform.test:8444/service-workers/service-worker/resources/fetch-access-control.py?VIDEO&mode=cors&credentials=same-origin&url=https%3A%2F%2Fwww1.web-platform.test%3A8444%2Fservice-workers%2Fservice-worker%2Fresources%2Ffetch-access-control.py%3FVIDEO%26ACAOrigin%3Dhttps%3A%2F%2Fweb-platform.test%3A8444" with crossOrigin "" should be NOT_TAINTED assert_equals: expected "NOT_TAINTED" but got "TAINTED"
+PASS url "https://www1.web-platform.test:8444/service-workers/service-worker/resources/fetch-access-control.py?VIDEO&mode=cors&url=https%3A%2F%2Fwww1.web-platform.test%3A8444%2Fservice-workers%2Fservice-worker%2Fresources%2Ffetch-access-control.py%3FVIDEO%26ACAOrigin%3Dhttps%3A%2F%2Fweb-platform.test%3A8444" with crossOrigin "anonymous" should be NOT_TAINTED
+PASS url "https://www1.web-platform.test:8444/service-workers/service-worker/resources/fetch-access-control.py?VIDEO&mode=cors&url=https%3A%2F%2Fwww1.web-platform.test%3A8444%2Fservice-workers%2Fservice-worker%2Fresources%2Ffetch-access-control.py%3FVIDEO%26ACAOrigin%3Dhttps%3A%2F%2Fweb-platform.test%3A8444" with crossOrigin "use-credentials" should be LOAD_ERROR
+PASS url "https://www1.web-platform.test:8444/service-workers/service-worker/resources/fetch-access-control.py?VIDEO&mode=cors&url=https%3A%2F%2Fwww1.web-platform.test%3A8444%2Fservice-workers%2Fservice-worker%2Fresources%2Ffetch-access-control.py%3FVIDEO%26ACACredentials%3Dtrue%26ACAOrigin%3Dhttps%3A%2F%2Fweb-platform.test%3A8444" with crossOrigin "use-credentials" should be NOT_TAINTED
+PASS restore global state
+Harness: the test ran to completion.
--- a/third_party/WebKit/LayoutTests/external/wpt/service-workers/service-worker/fetch-canvas-tainting-video.https.html
+++ b/third_party/WebKit/LayoutTests/external/wpt/service-workers/service-worker/fetch-canvas-tainting-video.https.html
+<!DOCTYPE html>
+<meta charset="utf-8">
+<title>Service Worker: canvas tainting of the fetched video</title>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+<script src="/common/get-host-info.sub.js"></script>
+<script src="resources/test-helpers.sub.js?pipe=sub"></script>
+<script src="resources/fetch-canvas-tainting-tests.js"></script>
+<body>
+<script>
+do_canvas_tainting_tests({
+  resource_path: base_path() + 'resources/fetch-access-control.py?VIDEO',
+  cache: false
+});
+</script>
+</body>
--- a/third_party/WebKit/LayoutTests/external/wpt/service-workers/service-worker/resources/fetch-access-control.py
+++ b/third_party/WebKit/LayoutTests/external/wpt/service-workers/service-worker/resources/fetch-access-control.py
 import base64
 import json
+import os
+import sys
 def main(request, response):
    headers = []
@@ -31,6 +33,10 @@ def main(request, response):
                                   "jBoAAqMGDLwBDAwAEsoCTFWunmQAAAAASUVORK5CYII=")
        return headers, body
+    if "VIDEO" in request.GET:
+        headers.append(("Content-Type", "video/webm"))
+        body = open(os.path.join(request.doc_root, "media", "movie_5.ogv"), "rb").read()
+        return headers, body
    username = request.auth.username if request.auth.username else "undefined"
    password = request.auth.password if request.auth.username else "undefined"

--- a/third_party/WebKit/LayoutTests/external/wpt/service-workers/service-worker/resources/fetch-canvas-tainting-iframe.html
+++ b/third_party/WebKit/LayoutTests/external/wpt/service-workers/service-worker/resources/fetch-canvas-tainting-iframe.html
@@ -5,34 +5,65 @@ const NOT_TAINTED = 'NOT_TAINTED';
 const TAINTED = 'TAINTED';
 const LOAD_ERROR = 'LOAD_ERROR';
-// Creates an image element with src=|url| and an optional |cross_origin|
+// Creates an image/video element with src=|url| and an optional |cross_origin|
-// attibute. Tries to read from the image using a canvas element. Returns
+// attibute. Tries to read from the image/video using a canvas element. Returns
-// NOT_TAINTED if the could be read, TAINTED if it could not be read, and
+// NOT_TAINTED if it could be read, TAINTED if it could not be read, and
-// LOAD_ERROR if loading the image failed.
+// LOAD_ERROR if loading the image/video failed.
 function create_test_case_promise(url, cross_origin) {
  return new Promise(resolve => {
-      const img = document.createElement('img');
+      if (url.indexOf('PNGIMAGE') != -1) {
-      if (cross_origin != '') {
+        const img = document.createElement('img');
-        img.crossOrigin = cross_origin;
+        if (cross_origin != '') {
+          img.crossOrigin = cross_origin;
+        }
+        img.onload = function() {
+          try {
+            const canvas = document.createElement('canvas');
+            canvas.width = 100;
+            canvas.height = 100;
+            const context = canvas.getContext('2d');
+            context.drawImage(img, 0, 0);
+            context.getImageData(0, 0, 100, 100);
+            resolve(NOT_TAINTED);
+          } catch (e) {
+            resolve(TAINTED);
+          }
+        };
+        img.onerror = function() {
+          resolve(LOAD_ERROR);
+        }
+        img.src = url;
+        return;
      }
-      img.onload = function() {
-        try {
+      if (url.indexOf('VIDEO') != -1) {
-          const canvas = document.createElement('canvas');
+        const video = document.createElement('video');
-          canvas.width = 100;
+        video.autoplay = true;
-          canvas.height = 100;
+        if (cross_origin != '') {
-          const context = canvas.getContext('2d');
+          video.crossOrigin = cross_origin;
-          context.drawImage(img, 0, 0);
-          context.getImageData(0, 0, 100, 100);
-          resolve(NOT_TAINTED);
-        } catch (e) {
-          resolve(TAINTED);
        }
-      };
+        video.onplay = function() {
-      img.onerror = function() {
+          try {
-        resolve(LOAD_ERROR);
+            const canvas = document.createElement('canvas');
+            canvas.width = 100;
+            canvas.height = 100;
+            const context = canvas.getContext('2d');
+            context.drawImage(video, 0, 0);
+            context.getImageData(0, 0, 100, 100);
+            resolve(NOT_TAINTED);
+          } catch (e) {
+            resolve(TAINTED);
+          }
+        };
+        video.onerror = function() {
+          resolve(LOAD_ERROR);
+        }
+        video.src = url;
+        return;
      }
-      img.src = url;
-    });
+      resolve('unknown resource type');
+  });
 }
 </script>
 </html>
--- a/third_party/WebKit/LayoutTests/external/wpt/service-workers/service-worker/resources/fetch-canvas-tainting-tests.js
+++ b/third_party/WebKit/LayoutTests/external/wpt/service-workers/service-worker/resources/fetch-canvas-tainting-tests.js
@@ -18,7 +18,7 @@ function canvas_taint_test(url, cross_origin, expected_result) {
 // Runs all the tests. The given |params| has these properties:
-// * |resource_path|: the relative path to the (image) resource to test.
+// * |resource_path|: the relative path to the (image/video) resource to test.
 // * |cache|: when true, the service worker bounces responses into
 //   Cache Storage and back out before responding with them.
 function do_canvas_tainting_tests(params) {