Add initial document policy tests

Bug: 993790 Change-Id: Id1c780e43964ac0e8e2cc0abf49a19fb04c780ed Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1934780 Commit-Queue: Ian Clelland <iclelland@chromium.org> Reviewed-by: Jason Chase <chasej@chromium.org> Auto-Submit: Ian Clelland <iclelland@chromium.org> Cr-Commit-Position: refs/heads/master@{#720224}

Add initial document policy tests
Bug: 993790 Change-Id: Id1c780e43964ac0e8e2cc0abf49a19fb04c780ed Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1934780 Commit-Queue: Ian Clelland <iclelland@chromium.org> Reviewed-by: Jason Chase <chasej@chromium.org> Auto-Submit: Ian Clelland <iclelland@chromium.org> Cr-Commit-Position: refs/heads/master@{#720224}
e5ba5633 · Ian Clelland · Commit Bot · 501ad931 · e5ba5633 · e5ba5633
Commit e5ba5633 authored Nov 29, 2019 by Ian Clelland Committed by Commit Bot Nov 29, 2019
10 changed files
--- a/third_party/blink/web_tests/TestExpectations
+++ b/third_party/blink/web_tests/TestExpectations
@@ -5898,5 +5898,11 @@ crbug.com/1006759 http/tests/devtools/editor/php-highlighter.js [ Pass Failure ]
 crbug.com/1006759 http/tests/devtools/modules-load-network.js [ Pass Failure ]
 crbug.com/1006759 http/tests/devtools/modules-load-source.js [ Pass Failure ]

+# Failing document policy tests
+crbug.com/993790 external/wpt/document-policy/required-policy/document-policy.html [ Failure ]
+crbug.com/993790 external/wpt/document-policy/required-policy/no-document-policy.html [ Failure ]
+crbug.com/993790 external/wpt/document-policy/required-policy/required-document-policy-nested.html [ Failure ]
+crbug.com/993790 external/wpt/document-policy/required-policy/required-document-policy.html [ Failure ]
+
 # Temporary suppression to allow devtools-frontend changes
 crbug.com/1016772 http/tests/devtools/sourcemap-section-warning.js [ Pass Failure ]
--- a/third_party/blink/web_tests/external/wpt/document-policy/echo-policy-nested.html
+++ b/third_party/blink/web_tests/external/wpt/document-policy/echo-policy-nested.html
+<!DOCTYPE html>
+<body>
+<script>
+// This document will contain an iframe which will either host echo-policy.py,
+// or will host another copy of this document, with the nesting level reduced
+// by one. This way, an arbitrary nesting depth can be achieved, with the
+// final inner-most frame reporting back the advertised required policy.
+
+// The 'id' URL parameter will be passed to the nested document.
+// The 'level' URL paramater will be reduced by 1 and passed to the nested
+// document if it was at least 1. (If it was 0, then echo-policy.py will be
+// nested instead, and the level parameter will not be passed.)
+
+// This document is served with a Document Policy header that should satisfy
+// any requests that include a required policy for the
+// 'unoptimized-lossless-images' feature.
+const params = new URLSearchParams(window.location.search);
+const id = params.get('id');
+const level = params.get('level');
+
+const iframe = document.createElement('iframe');
+var hostname;
+if (level >= 1) {
+  params.set('level',level-1);
+  hostname = document.location.pathname + "?" + params.toString();
+} else {
+  params.delete('level');
+  hostname = "/document-policy/echo-policy.py?" + params.toString();
+}
+iframe.src = hostname;
+document.body.appendChild(iframe);
+</script>
--- a/third_party/blink/web_tests/external/wpt/document-policy/echo-policy-nested.html.headers
+++ b/third_party/blink/web_tests/external/wpt/document-policy/echo-policy-nested.html.headers
+Document-Policy: unoptimized-lossless-images;bpp=0.0
--- a/third_party/blink/web_tests/external/wpt/document-policy/echo-policy.py
+++ b/third_party/blink/web_tests/external/wpt/document-policy/echo-policy.py
+# This will echo the 'Sec-Required-Document-Policy' request header in the body
+# of the response, as well as in the 'Document-Policy' response header (to
+# ensure the response is loaded by a user agent which is implementing document
+# policy.)
+import json
+
+def main(request, response):
+    msg = {}
+    headers = [('Content-Type', 'text/html')]
+
+    srdp = request.headers.get('Sec-Required-Document-Policy')
+    if srdp:
+      msg['requiredPolicy'] = srdp
+      headers.append(('Document-Policy', srdp))
+
+    frameId = request.GET.first('id',None)
+    if frameId:
+      msg['id'] = frameId
+
+    content = """<!DOCTYPE html>
+<script>
+top.postMessage(%s, "*");
+</script>
+%s
+""" % (json.dumps(msg), srdp)
+
+    return (200, 'OK'), headers, content
+
--- a/third_party/blink/web_tests/external/wpt/document-policy/required-policy/document-policy.html
+++ b/third_party/blink/web_tests/external/wpt/document-policy/required-policy/document-policy.html
+<!DOCTYPE html>
+<html>
+  <head>
+    <title>Test advertised required document policy</title>
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>  </head>
+  <body>
+    <h1>Test advertised required document policy</h1>
+<script>
+// The top-level document has a document policy, but not a required document
+// policy. A request for a document in a frame should not include a
+// `Sec-Required-Document-Policy` header, unless that frame requires it
+// explicitly through the `policy` attribute.
+
+callbacks = {};
+
+window.addEventListener('message', ev => {
+  var id = ev.data.id;
+  if (id && callbacks[id]) {
+    callbacks[id](ev.data.requiredPolicy || null);
+  }
+});
+
+async_test(t => {
+  var iframe = document.createElement('iframe');
+  iframe.src = "/document-policy/echo-policy.py?id=1";
+  callbacks["1"] = t.step_func_done(result => {
+    assert_equals(result, null);
+  });
+  document.body.appendChild(iframe);
+}, "Top-level document's policy should not affect child frame requests");
+
+async_test(t => {
+  var iframe = document.createElement('iframe');
+  iframe.src = "/document-policy/echo-policy.py?id=2";
+  iframe.policy = "no-font-display-late-swap";
+  callbacks["2"] = t.step_func_done(result => {
+    assert_equals(result, "no-font-display-late-swap");
+  });
+  document.body.appendChild(iframe);
+}, "Child frame can have a required policy independent of the parent document.");
+
+async_test(t => {
+  var iframe = document.createElement('iframe');
+  iframe.src = "/document-policy/echo-policy.py?id=3";
+  iframe.policy = "unoptimized-lossless-images;bpp=4";
+  callbacks["3"] = t.step_func_done(result => {
+    assert_equals(result, "unoptimized-lossless-images;bpp=4");
+  });
+  document.body.appendChild(iframe);
+}, "Child frame can have a required policy which is less strict than the parent document's policy.");
+    </script>
+  </body>
+</html>
--- a/third_party/blink/web_tests/external/wpt/document-policy/required-policy/document-policy.html.headers
+++ b/third_party/blink/web_tests/external/wpt/document-policy/required-policy/document-policy.html.headers
+Document-Policy: unoptimized-lossless-images;bpp=1.1
--- a/third_party/blink/web_tests/external/wpt/document-policy/required-policy/no-document-policy.html
+++ b/third_party/blink/web_tests/external/wpt/document-policy/required-policy/no-document-policy.html
+<!DOCTYPE html>
+<html>
+  <head>
+    <title>Test advertised required document policy</title>
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>  </head>
+  <body>
+    <h1>Test advertised required document policy</h1>
+<script>
+// The top-level document does not have any document-policy-related headers.
+// A request for a document in a frame should not include a
+// `Sec-Required-Document-Policy` header, unless that frame requires it
+// explicitly through the `policy` attribute.
+
+callbacks = {};
+
+window.addEventListener('message', ev => {
+  var id = ev.data.id;
+  if (id && callbacks[id]) {
+    callbacks[id](ev.data.requiredPolicy || null);
+  }
+});
+
+async_test(t => {
+  var iframe = document.createElement('iframe');
+  iframe.src = "/document-policy/echo-policy.py?id=1";
+  callbacks["1"] = t.step_func_done(result => {
+    assert_equals(result, null);
+  });
+  document.body.appendChild(iframe);
+}, "Child frame should have no required policy by default.");
+
+async_test(t => {
+  var iframe = document.createElement('iframe');
+  iframe.src = "/document-policy/echo-policy.py?id=2";
+  iframe.policy = "no-font-display-late-swap";
+  callbacks["2"] = t.step_func_done(result => {
+    assert_equals(result, "no-font-display-late-swap");
+  });
+  document.body.appendChild(iframe);
+}, "Child frame can have an explicit required policy.");
+    </script>
+  </body>
+</html>
--- a/third_party/blink/web_tests/external/wpt/document-policy/required-policy/required-document-policy-nested.html
+++ b/third_party/blink/web_tests/external/wpt/document-policy/required-policy/required-document-policy-nested.html
+<!DOCTYPE html>
+<html>
+  <head>
+    <title>Test advertised required document policy</title>
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>  </head>
+  <body>
+    <h1>Test advertised required document policy</h1>
+<script>
+// The top-level document has no required document policy. Its child frames may,
+// though, and those policies should be set for any subframes.
+
+callbacks = {};
+
+window.addEventListener('message', ev => {
+  var id = ev.data.id;
+  if (id && callbacks[id]) {
+    callbacks[id](ev.data.requiredPolicy || null);
+  }
+});
+
+// Frame tree should be:
+// Top:
+//  <iframe>
+//    <iframe>
+async_test(t => {
+  var iframe = document.createElement('iframe');
+  iframe.src = "/document-policy/echo-policy-nested.html?id=1";
+  callbacks["1"] = t.step_func_done(result => {
+    assert_equals(result, null);
+  });
+  document.body.appendChild(iframe);
+}, "test nested required document policy");
+
+// Frame tree should be:
+// Top:
+//  <iframe policy="unoptimized-lossless-images;bpp=1.1">
+//    <iframe>
+async_test(t => {
+  var iframe = document.createElement('iframe');
+  iframe.src = "/document-policy/echo-policy-nested.html?id=2";
+  iframe.policy = "unoptimized-lossless-images;bpp=1.1";
+  callbacks["2"] = t.step_func_done(result => {
+    assert_equals(result, "unoptimized-lossless-images;bpp=1.1");
+  });
+  document.body.appendChild(iframe);
+}, "test nested required document policy when set by nested frame");
+
+// Frame tree should be:
+// Top:
+//  <iframe policy="unoptimized-lossless-images;bpp=1.1">
+//    <iframe>
+//      <iframe>
+async_test(t => {
+  var iframe = document.createElement('iframe');
+  iframe.src = "/document-policy/echo-policy-nested.html?id=3&level=1";
+  iframe.policy = "unoptimized-lossless-images;bpp=1.1";
+  callbacks["3"] = t.step_func_done(result => {
+    assert_equals(result, "unoptimized-lossless-images;bpp=1.1");
+  });
+  document.body.appendChild(iframe);
+}, "test nested required document policy when set by intermediate nested frame");
+    </script>
+  </body>
+</html>
--- a/third_party/blink/web_tests/external/wpt/document-policy/required-policy/required-document-policy.html
+++ b/third_party/blink/web_tests/external/wpt/document-policy/required-policy/required-document-policy.html
+<!DOCTYPE html>
+<html>
+  <head>
+    <title>Test advertised required document policy</title>
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>  </head>
+  <body>
+    <h1>Test advertised required document policy</h1>
+<script>
+// The top-level document has a required document policy. Any requests for
+// documents in child frames must be sent with a required policy header
+// indicating a required policy at least as strict. (In this case, "at least as
+// strict" means that the 'bpp' parameter must be less than or equal to the
+// parent document's required value.)
+
+callbacks = {};
+
+window.addEventListener('message', ev => {
+  var id = ev.data.id;
+  if (id && callbacks[id]) {
+    callbacks[id](ev.data.requiredPolicy || null);
+  }
+});
+
+async_test(t => {
+  var iframe = document.createElement('iframe');
+  iframe.src = "/document-policy/echo-policy.py?id=1";
+  callbacks["1"] = t.step_func_done(result => {
+    assert_equals(result, "unoptimized-lossless-images;bpp=1.1");
+  });
+  document.body.appendChild(iframe);
+}, "Child frame with no explicit policy should have the same required policy as its parent.");
+
+async_test(t => {
+  var iframe = document.createElement('iframe');
+  iframe.src = "/document-policy/echo-policy.py?id=2";
+  iframe.policy = "unoptimized-lossless-images;bpp=4";
+  callbacks["2"] = t.step_func_done(result => {
+    assert_equals(result, "unoptimized-lossless-images;bpp=1.1");
+  });
+  document.body.appendChild(iframe);
+}, "Child frame with a less strict required policy should have the stricter value from the parent's policy applied.");
+
+async_test(t => {
+  var iframe = document.createElement('iframe');
+  iframe.src = "/document-policy/echo-policy.py?id=3";
+  iframe.policy = "unoptimized-lossless-images;bpp=1.0";
+  callbacks["3"] = t.step_func_done(result => {
+    assert_equals(result, "unoptimized-lossless-images;bpp=1.0");
+  });
+  document.body.appendChild(iframe);
+}, "Child frame may have a stricter policy than the parent.");
+
+async_test(t => {
+  var iframe = document.createElement('iframe');
+  iframe.src = "/document-policy/echo-policy.py?id=4";
+  iframe.policy = "no-font-display-late-swap";
+  callbacks["4"] = t.step_func_done(result => {
+    assert_equals(result, "no-font-display-late-swap, unoptimized-lossless-images;bpp=1.1");
+  });
+  document.body.appendChild(iframe);
+}, "Any unrelated policy directives should combine with the parent's required policy.");
+    </script>
+  </body>
+</html>
--- a/third_party/blink/web_tests/external/wpt/document-policy/required-policy/required-document-policy.html.headers
+++ b/third_party/blink/web_tests/external/wpt/document-policy/required-policy/required-document-policy.html.headers
+Required-Document-Policy: unoptimized-lossless-images;bpp=1.1