Migrate PolicyContentScriptXHR test to different test suite.

This CL migrates BackgroundXhrWebstoreTest.PolicyContentScriptXHR to the
CrossOriginReadBlockingExtensionAllowlistingTest test suite (into new
tests, called ContentScriptVsHostBlockedByPolicy_NoSniffXml and
ContentScriptVsHostBlockedByPolicy_AllowedTextResource).

This way the tests covers the following setup aspects:
- CorbAllowlistAlsoAppliesToOorCors feature is enabled or disabled
- Extension is allowlisted or not
- OOR-CORS vs InBlinkCors

After this CL the old test can be deleted.  Note that the old test
always tested with:
- CorbAllowlistAlsoAppliesToOorCors disabled
- Non-allowlisted extension
- The default OOR-CORS state (enabled by default since r728462)

Bug: 1061567
Change-Id: Ic76ac9e48510953fd130141776e66b1fde11c404
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2107431
Commit-Queue: Łukasz Anforowicz <lukasza@chromium.org>
Reviewed-by: Karan Bhatia <karandeepb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#754013}

chrome/browser/extensions/background_xhr_browsertest.cc

@@ -9,7 +9,6 @@
 #include "base/strings/string_number_conversions.h"
 #include "base/strings/string_util.h"
 #include "base/strings/stringprintf.h"
-#include "base/test/scoped_feature_list.h"
 #include "chrome/browser/extensions/extension_apitest.h"
 #include "chrome/browser/extensions/extension_browsertest.h"
 #include "chrome/browser/extensions/extension_with_management_policy_apitest.h"
@@ -35,7 +34,6 @@
 #include "net/ssl/client_cert_store.h"
 #include "net/ssl/ssl_server_config.h"
 #include "net/test/embedded_test_server/embedded_test_server.h"
-#include "services/network/public/cpp/features.h"
 #include "url/gurl.h"
 
 namespace extensions {
@@ -107,18 +105,7 @@ IN_PROC_BROWSER_TEST_F(BackgroundXhrTest, HttpAuth) {
 
 class BackgroundXhrWebstoreTest : public ExtensionApiTestWithManagementPolicy {
  public:
-  BackgroundXhrWebstoreTest() {
-    // TODO(lukasza): https://crbug.com/1061567: Migrate tests related to
-    // cross-origin requests from content scripts into the
-    // CrossOriginReadBlockingExtensionTest suite (which already covers test
-    // matrix of various enabled/disabled features).
-    //
-    // Affected tests:
-    // - BackgroundXhrWebstoreTest.PolicyContentScriptXHR
-    scoped_feature_list_.InitAndDisableFeature(
-        network::features::kCorbAllowlistAlsoAppliesToOorCors);
-  }
-
+  BackgroundXhrWebstoreTest() = default;
   ~BackgroundXhrWebstoreTest() override = default;
 
   void SetUpCommandLine(base::CommandLine* command_line) override {
@@ -182,8 +169,6 @@ class BackgroundXhrWebstoreTest : public ExtensionApiTestWithManagementPolicy {
   }
 
  private:
-  base::test::ScopedFeatureList scoped_feature_list_;
-
   DISALLOW_COPY_AND_ASSIGN(BackgroundXhrWebstoreTest);
 };
 
@@ -253,67 +238,6 @@ IN_PROC_BROWSER_TEST_F(BackgroundXhrWebstoreTest, PolicyBlockedXHR) {
               ::testing::HasSubstr("<head><title>OK</title></head>"));
 }
 
-// Verify that policy blocklists apply to XHRs done from injected scripts.
-IN_PROC_BROWSER_TEST_F(BackgroundXhrWebstoreTest, PolicyContentScriptXHR) {
-  TestExtensionDir test_dir;
-  test_dir.WriteManifest(R"(
-    {
-      "name": "XHR Content Script Test",
-      "manifest_version": 2,
-      "version": "0.1",
-      "permissions": ["<all_urls>", "tabs"],
-      "background": {"scripts": ["background.js"]}
-    })");
-
-  constexpr char kBackgroundScript[] =
-      R"(function executeFetch(url) {
-           chrome.tabs.executeScript({code: `
-             fetch("${url}")
-             .then(response => response.text())
-             .then(text => domAutomationController.send(text))
-             .catch(err => domAutomationController.send('ERROR: ' + err));
-           `});
-         }
-      )";
-  test_dir.WriteFile(FILE_PATH_LITERAL("background.js"), kBackgroundScript);
-
-  const Extension* extension = LoadExtension(test_dir.UnpackedPath());
-  ASSERT_TRUE(extension);
-
-  // Navigate to a foo.com page.
-  content::WebContents* web_contents =
-      browser()->tab_strip_model()->GetActiveWebContents();
-  GURL page_url(embedded_test_server()->GetURL("foo.com", "/title1.html"));
-  ui_test_utils::NavigateToURL(browser(), page_url);
-  EXPECT_EQ(page_url, web_contents->GetMainFrame()->GetLastCommittedURL());
-
-  // Using "/non-corb.octet-stream" resource (instead of "/simple.html" as in
-  // most other tests here) because XHRs/fetches from content scripts are
-  // subject to CORB (which is already covered by
-  // CrossOriginReadBlockingExtensionTest) and we want to focus the test below
-  // on policy behavior (which should be independent from whether or not CORB
-  // blocks the response).
-  GURL example_url =
-      embedded_test_server()->GetURL("example.com", "/non-corb.octet-stream");
-  GURL public_example_url = embedded_test_server()->GetURL(
-      "public.example.com", "/non-corb.octet-stream");
-
-  // Sanity Check: Should be able to fetch cross origin.
-  EXPECT_EQ("octet-stream-body", ExecuteFetch(extension, example_url));
-  EXPECT_EQ("octet-stream-body", ExecuteFetch(extension, public_example_url));
-
-  {
-    ExtensionManagementPolicyUpdater pref(&policy_provider_);
-    pref.AddPolicyBlockedHost("*", "*://*.example.com");
-    pref.AddPolicyAllowedHost("*", "*://public.example.com");
-  }
-
-  // Policies apply to XHR from a content script.
-  EXPECT_EQ("ERROR: TypeError: Failed to fetch",
-            ExecuteFetch(extension, example_url));
-  EXPECT_EQ("octet-stream-body", ExecuteFetch(extension, public_example_url));
-}
-
 // Make sure the blocklist and allowlist update for both Default and Individual
 // scope policies. Testing with all host permissions granted (<all_urls>).
 IN_PROC_BROWSER_TEST_F(BackgroundXhrWebstoreTest, PolicyUpdateXHR) {