[WPT/common/security-features] Introduce downgrade origin types

As preparation for migrating wpt/upgrade-insecure-requests
to the /common/security-features generator framework
in https://chromium-review.googlesource.com/c/chromium/src/+/1788551,
this CL introduces `downgrade` origin type,
which is to be used to test upgrading on initial requests.

Bug: 1001422
Change-Id: Ia1f2dba1f7d894c0f2b5ba0b24835a9e86287d13
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1787570Reviewed-by: Kenichi Ishibashi <bashi@chromium.org>
Reviewed-by: Hiroki Nakagawa <nhiroki@chromium.org>
Reviewed-by: Mike West <mkwst@chromium.org>
Commit-Queue: Hiroshige Hayashizaki <hiroshige@chromium.org>
Cr-Commit-Position: refs/heads/master@{#695925}

third_party/blink/web_tests/external/wpt/common/security-features/resources/common.sub.js

@@ -968,9 +968,11 @@ function getSubresourceOrigin(originType) {
 
   // These values can evaluate to either empty strings or a ":port" string.
   const httpPort = getNormalizedPort(parseInt("{{ports[http][0]}}", 10));
-  const httpsPort = getNormalizedPort(parseInt("{{ports[https][0]}}", 10));
+  const httpsRawPort = parseInt("{{ports[https][0]}}", 10);
+  const httpsPort = getNormalizedPort(httpsRawPort);
   const wsPort = getNormalizedPort(parseInt("{{ports[ws][0]}}", 10));
-  const wssPort = getNormalizedPort(parseInt("{{ports[wss][0]}}", 10));
+  const wssRawPort = parseInt("{{ports[wss][0]}}", 10);
+  const wssPort = getNormalizedPort(wssRawPort);
 
   /**
     @typedef OriginType
@@ -992,6 +994,22 @@ function getSubresourceOrigin(originType) {
     "same-ws": wsProtocol + "://" + sameOriginHost + wsPort,
     "cross-wss": wssProtocol + "://" + crossOriginHost + wssPort,
     "cross-ws": wsProtocol + "://" + crossOriginHost + wsPort,
+
+    // The following origin types are used for upgrade-insecure-requests tests:
+    // These rely on some unintuitive cleverness due to WPT's test setup:
+    // 'Upgrade-Insecure-Requests' does not upgrade the port number,
+    // so we use URLs in the form `http://[domain]:[https-port]`,
+    // which will be upgraded to `https://[domain]:[https-port]`.
+    // If the upgrade fails, the load will fail, as we don't serve HTTP over
+    // the secure port.
+    "same-http-downgrade":
+        httpProtocol + "://" + sameOriginHost + ":" + httpsRawPort,
+    "cross-http-downgrade":
+        httpProtocol + "://" + crossOriginHost + ":" + httpsRawPort,
+    "same-ws-downgrade":
+        wsProtocol + "://" + sameOriginHost + ":" + wssRawPort,
+    "cross-ws-downgrade":
+        wsProtocol + "://" + crossOriginHost + ":" + wssRawPort,
   };
 
   return originMap[originType];

third_party/blink/web_tests/external/wpt/common/security-features/tools/spec_validator.py

@@ -211,9 +211,12 @@ def validate(spec_json, details):
     ])
     for subresource in leaf_values(test_expansion_schema['subresource']):
         assert subresource in valid_subresource_names, "Invalid subresource %s" % subresource
+    # Should be consistent with getSubresourceOrigin() in
+    # `/common/security-features/resources/common.sub.js`.
     assert_atom_or_list_items_from(test_expansion_schema, 'origin', [
         'same-http', 'same-https', 'same-ws', 'same-wss', 'cross-http',
-        'cross-https', 'cross-ws', 'cross-wss'
+        'cross-https', 'cross-ws', 'cross-wss', 'same-http-downgrade',
+        'cross-http-downgrade', 'same-ws-downgrade', 'cross-ws-downgrade'
     ])
 
     # Validate excluded tests.