SharedWorker: Inherit outside settings CSP when top-level script is data url

This CL lets SharedWorkerGlobalScope inherit outside settings CSP when response url's scheme is a local scheme. This behavior is defined here: If response’s url’s scheme is a local scheme, or if global is a DedicatedWorkerGlobalScope: ... - Insert a copy of policy into global’s CSP list. https://w3c.github.io/webappsec-csp/#initialize-global-object-csp Bug: 1056161 Change-Id: I2a41a91bf021f5dda55303dece0d49163dc7c822 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2082855 Commit-Queue: Eriko Kurimoto <elkurin@google.com> Reviewed-by: Hiroshige Hayashizaki <hiroshige@chromium.org> Reviewed-by: Hiroki Nakagawa <nhiroki@chromium.org> Cr-Commit-Position: refs/heads/master@{#747614}

SharedWorker: Inherit outside settings CSP when top-level script is data url
This CL lets SharedWorkerGlobalScope inherit outside settings CSP when response url's scheme is a local scheme. This behavior is defined here: If response’s url’s scheme is a local scheme, or if global is a DedicatedWorkerGlobalScope: ... - Insert a copy of policy into global’s CSP list. https://w3c.github.io/webappsec-csp/#initialize-global-object-csp Bug: 1056161 Change-Id: I2a41a91bf021f5dda55303dece0d49163dc7c822 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2082855 Commit-Queue: Eriko Kurimoto <elkurin@google.com> Reviewed-by: Hiroshige Hayashizaki <hiroshige@chromium.org> Reviewed-by: Hiroki Nakagawa <nhiroki@chromium.org> Cr-Commit-Position: refs/heads/master@{#747614}
e87490d6 · Eriko Kurimoto · Commit Bot · 2756923f · e87490d6 · 2756923f
Commit e87490d6 authored Mar 06, 2020 by Eriko Kurimoto Committed by Commit Bot Mar 06, 2020
49 changed files
--- a/third_party/blink/renderer/core/workers/shared_worker_global_scope.cc
+++ b/third_party/blink/renderer/core/workers/shared_worker_global_scope.cc
@@ -95,9 +95,21 @@ void SharedWorkerGlobalScope::Initialize(
  // Step 12.6. "Execute the Initialize a global object's CSP list algorithm
  // on worker global scope and response. [CSP]"
+  // SharedWorkerGlobalScope inherits the outside's CSP instead of the response
+  // CSP headers when the response's url's scheme is a local scheme. Otherwise,
+  // use the response CSP headers. Here a local scheme is defined as follows:
+  // "A local scheme is a scheme that is "about", "blob", or "data"."
+  // https://fetch.spec.whatwg.org/#local-scheme
+  //
+  // https://w3c.github.io/webappsec-csp/#initialize-global-object-csp
  // These should be called after SetAddressSpace() to correctly override the
  // address space by the "treat-as-public-address" CSP directive.
-  InitContentSecurityPolicyFromVector(response_csp_headers);
+  Vector<CSPHeaderAndType> csp_headers =
+      response_url.ProtocolIsAbout() || response_url.ProtocolIsData() ||
+              response_url.ProtocolIs("blob")
+          ? OutsideContentSecurityPolicyHeaders()
+          : response_csp_headers;
+  InitContentSecurityPolicyFromVector(csp_headers);
  BindContentSecurityPolicyToExecutionContext();
  OriginTrialContext::AddTokens(this, response_origin_trial_tokens);

--- a/third_party/blink/web_tests/external/wpt/mixed-content/gen/sharedworker-classic-data.http-rp/opt-in/fetch/cross-http.keep-scheme.https-expected.txt
+++ b/third_party/blink/web_tests/external/wpt/mixed-content/gen/sharedworker-classic-data.http-rp/opt-in/fetch/cross-http.keep-scheme.https-expected.txt
-This is a testharness.js-based test.
-FAIL Mixed-Content: Expects blocked for fetch to cross-http origin and keep-scheme redirection from https context. assert_equals: The resource request should be 'blocked'. expected "blocked" but got "allowed"
-Harness: the test ran to completion.
--- a/third_party/blink/web_tests/external/wpt/mixed-content/gen/sharedworker-classic-data.http-rp/opt-in/fetch/cross-http.no-redirect.https-expected.txt
+++ b/third_party/blink/web_tests/external/wpt/mixed-content/gen/sharedworker-classic-data.http-rp/opt-in/fetch/cross-http.no-redirect.https-expected.txt
-This is a testharness.js-based test.
-FAIL Mixed-Content: Expects blocked for fetch to cross-http origin and no-redirect redirection from https context. assert_equals: The resource request should be 'blocked'. expected "blocked" but got "allowed"
-Harness: the test ran to completion.
--- a/third_party/blink/web_tests/external/wpt/mixed-content/gen/sharedworker-classic-data.http-rp/opt-in/fetch/cross-http.swap-scheme.https-expected.txt
+++ b/third_party/blink/web_tests/external/wpt/mixed-content/gen/sharedworker-classic-data.http-rp/opt-in/fetch/cross-http.swap-scheme.https-expected.txt
-This is a testharness.js-based test.
-FAIL Mixed-Content: Expects blocked for fetch to cross-http origin and swap-scheme redirection from https context. assert_equals: The resource request should be 'blocked'. expected "blocked" but got "allowed"
-Harness: the test ran to completion.
--- a/third_party/blink/web_tests/external/wpt/mixed-content/gen/sharedworker-classic-data.http-rp/opt-in/fetch/cross-https.swap-scheme.https-expected.txt
+++ b/third_party/blink/web_tests/external/wpt/mixed-content/gen/sharedworker-classic-data.http-rp/opt-in/fetch/cross-https.swap-scheme.https-expected.txt
-This is a testharness.js-based test.
-FAIL Mixed-Content: Expects blocked for fetch to cross-https origin and swap-scheme redirection from https context. assert_equals: The resource request should be 'blocked'. expected "blocked" but got "allowed"
-Harness: the test ran to completion.
--- a/third_party/blink/web_tests/external/wpt/mixed-content/gen/sharedworker-classic-data.http-rp/opt-in/fetch/same-http.keep-scheme.https-expected.txt
+++ b/third_party/blink/web_tests/external/wpt/mixed-content/gen/sharedworker-classic-data.http-rp/opt-in/fetch/same-http.keep-scheme.https-expected.txt
-This is a testharness.js-based test.
-FAIL Mixed-Content: Expects blocked for fetch to same-http origin and keep-scheme redirection from https context. assert_equals: The resource request should be 'blocked'. expected "blocked" but got "allowed"
-Harness: the test ran to completion.
--- a/third_party/blink/web_tests/external/wpt/mixed-content/gen/sharedworker-classic-data.http-rp/opt-in/fetch/same-http.no-redirect.https-expected.txt
+++ b/third_party/blink/web_tests/external/wpt/mixed-content/gen/sharedworker-classic-data.http-rp/opt-in/fetch/same-http.no-redirect.https-expected.txt
-This is a testharness.js-based test.
-FAIL Mixed-Content: Expects blocked for fetch to same-http origin and no-redirect redirection from https context. assert_equals: The resource request should be 'blocked'. expected "blocked" but got "allowed"
-Harness: the test ran to completion.
--- a/third_party/blink/web_tests/external/wpt/mixed-content/gen/sharedworker-classic-data.http-rp/opt-in/fetch/same-http.swap-scheme.https-expected.txt
+++ b/third_party/blink/web_tests/external/wpt/mixed-content/gen/sharedworker-classic-data.http-rp/opt-in/fetch/same-http.swap-scheme.https-expected.txt
-This is a testharness.js-based test.
-FAIL Mixed-Content: Expects blocked for fetch to same-http origin and swap-scheme redirection from https context. assert_equals: The resource request should be 'blocked'. expected "blocked" but got "allowed"
-Harness: the test ran to completion.
--- a/third_party/blink/web_tests/external/wpt/mixed-content/gen/sharedworker-classic-data.http-rp/opt-in/fetch/same-https.swap-scheme.https-expected.txt
+++ b/third_party/blink/web_tests/external/wpt/mixed-content/gen/sharedworker-classic-data.http-rp/opt-in/fetch/same-https.swap-scheme.https-expected.txt
-This is a testharness.js-based test.
-FAIL Mixed-Content: Expects blocked for fetch to same-https origin and swap-scheme redirection from https context. assert_equals: The resource request should be 'blocked'. expected "blocked" but got "allowed"
-Harness: the test ran to completion.
--- a/third_party/blink/web_tests/external/wpt/mixed-content/gen/sharedworker-classic-data.http-rp/opt-in/websocket/cross-ws.no-redirect.https-expected.txt
+++ b/third_party/blink/web_tests/external/wpt/mixed-content/gen/sharedworker-classic-data.http-rp/opt-in/websocket/cross-ws.no-redirect.https-expected.txt
-This is a testharness.js-based test.
-FAIL Mixed-Content: Expects blocked for websocket to cross-ws origin and no-redirect redirection from https context. assert_equals: The resource request should be 'blocked'. expected "blocked" but got "allowed"
-Harness: the test ran to completion.
--- a/third_party/blink/web_tests/external/wpt/mixed-content/gen/sharedworker-classic-data.http-rp/opt-in/websocket/same-ws.no-redirect.https-expected.txt
+++ b/third_party/blink/web_tests/external/wpt/mixed-content/gen/sharedworker-classic-data.http-rp/opt-in/websocket/same-ws.no-redirect.https-expected.txt
-This is a testharness.js-based test.
-FAIL Mixed-Content: Expects blocked for websocket to same-ws origin and no-redirect redirection from https context. assert_equals: The resource request should be 'blocked'. expected "blocked" but got "allowed"
-Harness: the test ran to completion.
--- a/third_party/blink/web_tests/external/wpt/mixed-content/gen/sharedworker-classic-data.http-rp/opt-in/xhr/cross-http.keep-scheme.https-expected.txt
+++ b/third_party/blink/web_tests/external/wpt/mixed-content/gen/sharedworker-classic-data.http-rp/opt-in/xhr/cross-http.keep-scheme.https-expected.txt
-This is a testharness.js-based test.
-FAIL Mixed-Content: Expects blocked for xhr to cross-http origin and keep-scheme redirection from https context. assert_equals: The resource request should be 'blocked'. expected "blocked" but got "allowed"
-Harness: the test ran to completion.
--- a/third_party/blink/web_tests/external/wpt/mixed-content/gen/sharedworker-classic-data.http-rp/opt-in/xhr/cross-http.no-redirect.https-expected.txt
+++ b/third_party/blink/web_tests/external/wpt/mixed-content/gen/sharedworker-classic-data.http-rp/opt-in/xhr/cross-http.no-redirect.https-expected.txt
-This is a testharness.js-based test.
-FAIL Mixed-Content: Expects blocked for xhr to cross-http origin and no-redirect redirection from https context. assert_equals: The resource request should be 'blocked'. expected "blocked" but got "allowed"
-Harness: the test ran to completion.
--- a/third_party/blink/web_tests/external/wpt/mixed-content/gen/sharedworker-classic-data.http-rp/opt-in/xhr/cross-http.swap-scheme.https-expected.txt
+++ b/third_party/blink/web_tests/external/wpt/mixed-content/gen/sharedworker-classic-data.http-rp/opt-in/xhr/cross-http.swap-scheme.https-expected.txt
-This is a testharness.js-based test.
-FAIL Mixed-Content: Expects blocked for xhr to cross-http origin and swap-scheme redirection from https context. assert_equals: The resource request should be 'blocked'. expected "blocked" but got "allowed"
-Harness: the test ran to completion.
--- a/third_party/blink/web_tests/external/wpt/mixed-content/gen/sharedworker-classic-data.http-rp/opt-in/xhr/cross-https.swap-scheme.https-expected.txt
+++ b/third_party/blink/web_tests/external/wpt/mixed-content/gen/sharedworker-classic-data.http-rp/opt-in/xhr/cross-https.swap-scheme.https-expected.txt
-This is a testharness.js-based test.
-FAIL Mixed-Content: Expects blocked for xhr to cross-https origin and swap-scheme redirection from https context. assert_equals: The resource request should be 'blocked'. expected "blocked" but got "allowed"
-Harness: the test ran to completion.
--- a/third_party/blink/web_tests/external/wpt/mixed-content/gen/sharedworker-classic-data.http-rp/opt-in/xhr/same-http.keep-scheme.https-expected.txt
+++ b/third_party/blink/web_tests/external/wpt/mixed-content/gen/sharedworker-classic-data.http-rp/opt-in/xhr/same-http.keep-scheme.https-expected.txt
-This is a testharness.js-based test.
-FAIL Mixed-Content: Expects blocked for xhr to same-http origin and keep-scheme redirection from https context. assert_equals: The resource request should be 'blocked'. expected "blocked" but got "allowed"
-Harness: the test ran to completion.
--- a/third_party/blink/web_tests/external/wpt/mixed-content/gen/sharedworker-classic-data.http-rp/opt-in/xhr/same-http.no-redirect.https-expected.txt
+++ b/third_party/blink/web_tests/external/wpt/mixed-content/gen/sharedworker-classic-data.http-rp/opt-in/xhr/same-http.no-redirect.https-expected.txt
-This is a testharness.js-based test.
-FAIL Mixed-Content: Expects blocked for xhr to same-http origin and no-redirect redirection from https context. assert_equals: The resource request should be 'blocked'. expected "blocked" but got "allowed"
-Harness: the test ran to completion.
--- a/third_party/blink/web_tests/external/wpt/mixed-content/gen/sharedworker-classic-data.http-rp/opt-in/xhr/same-http.swap-scheme.https-expected.txt
+++ b/third_party/blink/web_tests/external/wpt/mixed-content/gen/sharedworker-classic-data.http-rp/opt-in/xhr/same-http.swap-scheme.https-expected.txt
-This is a testharness.js-based test.
-FAIL Mixed-Content: Expects blocked for xhr to same-http origin and swap-scheme redirection from https context. assert_equals: The resource request should be 'blocked'. expected "blocked" but got "allowed"
-Harness: the test ran to completion.
--- a/third_party/blink/web_tests/external/wpt/mixed-content/gen/sharedworker-classic-data.http-rp/opt-in/xhr/same-https.swap-scheme.https-expected.txt
+++ b/third_party/blink/web_tests/external/wpt/mixed-content/gen/sharedworker-classic-data.http-rp/opt-in/xhr/same-https.swap-scheme.https-expected.txt
-This is a testharness.js-based test.
-FAIL Mixed-Content: Expects blocked for xhr to same-https origin and swap-scheme redirection from https context. assert_equals: The resource request should be 'blocked'. expected "blocked" but got "allowed"
-Harness: the test ran to completion.
--- a/third_party/blink/web_tests/external/wpt/mixed-content/gen/sharedworker-classic-data.meta/opt-in/fetch/cross-http.no-redirect.https-expected.txt
+++ b/third_party/blink/web_tests/external/wpt/mixed-content/gen/sharedworker-classic-data.meta/opt-in/fetch/cross-http.no-redirect.https-expected.txt
-This is a testharness.js-based test.
-FAIL Mixed-Content: Expects blocked for fetch to cross-http origin and no-redirect redirection from https context. assert_equals: The resource request should be 'blocked'. expected "blocked" but got "allowed"
-Harness: the test ran to completion.
--- a/third_party/blink/web_tests/external/wpt/mixed-content/gen/sharedworker-classic-data.meta/opt-in/fetch/same-http.no-redirect.https-expected.txt
+++ b/third_party/blink/web_tests/external/wpt/mixed-content/gen/sharedworker-classic-data.meta/opt-in/fetch/same-http.no-redirect.https-expected.txt
-This is a testharness.js-based test.
-FAIL Mixed-Content: Expects blocked for fetch to same-http origin and no-redirect redirection from https context. assert_equals: The resource request should be 'blocked'. expected "blocked" but got "allowed"
-Harness: the test ran to completion.
--- a/third_party/blink/web_tests/external/wpt/mixed-content/gen/sharedworker-classic-data.meta/opt-in/websocket/cross-ws.no-redirect.https-expected.txt
+++ b/third_party/blink/web_tests/external/wpt/mixed-content/gen/sharedworker-classic-data.meta/opt-in/websocket/cross-ws.no-redirect.https-expected.txt
-This is a testharness.js-based test.
-FAIL Mixed-Content: Expects blocked for websocket to cross-ws origin and no-redirect redirection from https context. assert_equals: The resource request should be 'blocked'. expected "blocked" but got "allowed"
-Harness: the test ran to completion.
--- a/third_party/blink/web_tests/external/wpt/mixed-content/gen/sharedworker-classic-data.meta/opt-in/websocket/same-ws.no-redirect.https-expected.txt
+++ b/third_party/blink/web_tests/external/wpt/mixed-content/gen/sharedworker-classic-data.meta/opt-in/websocket/same-ws.no-redirect.https-expected.txt
-This is a testharness.js-based test.
-FAIL Mixed-Content: Expects blocked for websocket to same-ws origin and no-redirect redirection from https context. assert_equals: The resource request should be 'blocked'. expected "blocked" but got "allowed"
-Harness: the test ran to completion.
--- a/third_party/blink/web_tests/external/wpt/mixed-content/gen/sharedworker-classic-data.meta/opt-in/xhr/cross-http.no-redirect.https-expected.txt
+++ b/third_party/blink/web_tests/external/wpt/mixed-content/gen/sharedworker-classic-data.meta/opt-in/xhr/cross-http.no-redirect.https-expected.txt
-This is a testharness.js-based test.
-FAIL Mixed-Content: Expects blocked for xhr to cross-http origin and no-redirect redirection from https context. assert_equals: The resource request should be 'blocked'. expected "blocked" but got "allowed"
-Harness: the test ran to completion.
--- a/third_party/blink/web_tests/external/wpt/mixed-content/gen/sharedworker-classic-data.meta/opt-in/xhr/same-http.no-redirect.https-expected.txt
+++ b/third_party/blink/web_tests/external/wpt/mixed-content/gen/sharedworker-classic-data.meta/opt-in/xhr/same-http.no-redirect.https-expected.txt
-This is a testharness.js-based test.
-FAIL Mixed-Content: Expects blocked for xhr to same-http origin and no-redirect redirection from https context. assert_equals: The resource request should be 'blocked'. expected "blocked" but got "allowed"
-Harness: the test ran to completion.
--- a/third_party/blink/web_tests/external/wpt/mixed-content/gen/sharedworker-module-data.http-rp/opt-in/fetch/cross-http.keep-scheme.https-expected.txt
+++ b/third_party/blink/web_tests/external/wpt/mixed-content/gen/sharedworker-module-data.http-rp/opt-in/fetch/cross-http.keep-scheme.https-expected.txt
-This is a testharness.js-based test.
-FAIL Mixed-Content: Expects blocked for fetch to cross-http origin and keep-scheme redirection from https context. assert_equals: The resource request should be 'blocked'. expected "blocked" but got "allowed"
-Harness: the test ran to completion.
--- a/third_party/blink/web_tests/external/wpt/mixed-content/gen/sharedworker-module-data.http-rp/opt-in/fetch/cross-http.no-redirect.https-expected.txt
+++ b/third_party/blink/web_tests/external/wpt/mixed-content/gen/sharedworker-module-data.http-rp/opt-in/fetch/cross-http.no-redirect.https-expected.txt
-This is a testharness.js-based test.
-FAIL Mixed-Content: Expects blocked for fetch to cross-http origin and no-redirect redirection from https context. assert_equals: The resource request should be 'blocked'. expected "blocked" but got "allowed"
-Harness: the test ran to completion.
--- a/third_party/blink/web_tests/external/wpt/mixed-content/gen/sharedworker-module-data.http-rp/opt-in/fetch/cross-http.swap-scheme.https-expected.txt
+++ b/third_party/blink/web_tests/external/wpt/mixed-content/gen/sharedworker-module-data.http-rp/opt-in/fetch/cross-http.swap-scheme.https-expected.txt
-This is a testharness.js-based test.
-FAIL Mixed-Content: Expects blocked for fetch to cross-http origin and swap-scheme redirection from https context. assert_equals: The resource request should be 'blocked'. expected "blocked" but got "allowed"
-Harness: the test ran to completion.
--- a/third_party/blink/web_tests/external/wpt/mixed-content/gen/sharedworker-module-data.http-rp/opt-in/fetch/cross-https.swap-scheme.https-expected.txt
+++ b/third_party/blink/web_tests/external/wpt/mixed-content/gen/sharedworker-module-data.http-rp/opt-in/fetch/cross-https.swap-scheme.https-expected.txt
-This is a testharness.js-based test.
-FAIL Mixed-Content: Expects blocked for fetch to cross-https origin and swap-scheme redirection from https context. assert_equals: The resource request should be 'blocked'. expected "blocked" but got "allowed"
-Harness: the test ran to completion.
--- a/third_party/blink/web_tests/external/wpt/mixed-content/gen/sharedworker-module-data.http-rp/opt-in/fetch/same-http.keep-scheme.https-expected.txt
+++ b/third_party/blink/web_tests/external/wpt/mixed-content/gen/sharedworker-module-data.http-rp/opt-in/fetch/same-http.keep-scheme.https-expected.txt
-This is a testharness.js-based test.
-FAIL Mixed-Content: Expects blocked for fetch to same-http origin and keep-scheme redirection from https context. assert_equals: The resource request should be 'blocked'. expected "blocked" but got "allowed"
-Harness: the test ran to completion.
--- a/third_party/blink/web_tests/external/wpt/mixed-content/gen/sharedworker-module-data.http-rp/opt-in/fetch/same-http.no-redirect.https-expected.txt
+++ b/third_party/blink/web_tests/external/wpt/mixed-content/gen/sharedworker-module-data.http-rp/opt-in/fetch/same-http.no-redirect.https-expected.txt
-This is a testharness.js-based test.
-FAIL Mixed-Content: Expects blocked for fetch to same-http origin and no-redirect redirection from https context. assert_equals: The resource request should be 'blocked'. expected "blocked" but got "allowed"
-Harness: the test ran to completion.
--- a/third_party/blink/web_tests/external/wpt/mixed-content/gen/sharedworker-module-data.http-rp/opt-in/fetch/same-http.swap-scheme.https-expected.txt
+++ b/third_party/blink/web_tests/external/wpt/mixed-content/gen/sharedworker-module-data.http-rp/opt-in/fetch/same-http.swap-scheme.https-expected.txt
-This is a testharness.js-based test.
-FAIL Mixed-Content: Expects blocked for fetch to same-http origin and swap-scheme redirection from https context. assert_equals: The resource request should be 'blocked'. expected "blocked" but got "allowed"
-Harness: the test ran to completion.
--- a/third_party/blink/web_tests/external/wpt/mixed-content/gen/sharedworker-module-data.http-rp/opt-in/fetch/same-https.swap-scheme.https-expected.txt
+++ b/third_party/blink/web_tests/external/wpt/mixed-content/gen/sharedworker-module-data.http-rp/opt-in/fetch/same-https.swap-scheme.https-expected.txt
-This is a testharness.js-based test.
-FAIL Mixed-Content: Expects blocked for fetch to same-https origin and swap-scheme redirection from https context. assert_equals: The resource request should be 'blocked'. expected "blocked" but got "allowed"
-Harness: the test ran to completion.
--- a/third_party/blink/web_tests/external/wpt/mixed-content/gen/sharedworker-module-data.http-rp/opt-in/websocket/cross-ws.no-redirect.https-expected.txt
+++ b/third_party/blink/web_tests/external/wpt/mixed-content/gen/sharedworker-module-data.http-rp/opt-in/websocket/cross-ws.no-redirect.https-expected.txt
-This is a testharness.js-based test.
-FAIL Mixed-Content: Expects blocked for websocket to cross-ws origin and no-redirect redirection from https context. assert_equals: The resource request should be 'blocked'. expected "blocked" but got "allowed"
-Harness: the test ran to completion.
--- a/third_party/blink/web_tests/external/wpt/mixed-content/gen/sharedworker-module-data.http-rp/opt-in/websocket/same-ws.no-redirect.https-expected.txt
+++ b/third_party/blink/web_tests/external/wpt/mixed-content/gen/sharedworker-module-data.http-rp/opt-in/websocket/same-ws.no-redirect.https-expected.txt
-This is a testharness.js-based test.
-FAIL Mixed-Content: Expects blocked for websocket to same-ws origin and no-redirect redirection from https context. assert_equals: The resource request should be 'blocked'. expected "blocked" but got "allowed"
-Harness: the test ran to completion.
--- a/third_party/blink/web_tests/external/wpt/mixed-content/gen/sharedworker-module-data.http-rp/opt-in/xhr/cross-http.keep-scheme.https-expected.txt
+++ b/third_party/blink/web_tests/external/wpt/mixed-content/gen/sharedworker-module-data.http-rp/opt-in/xhr/cross-http.keep-scheme.https-expected.txt
-This is a testharness.js-based test.
-FAIL Mixed-Content: Expects blocked for xhr to cross-http origin and keep-scheme redirection from https context. assert_equals: The resource request should be 'blocked'. expected "blocked" but got "allowed"
-Harness: the test ran to completion.
--- a/third_party/blink/web_tests/external/wpt/mixed-content/gen/sharedworker-module-data.http-rp/opt-in/xhr/cross-http.no-redirect.https-expected.txt
+++ b/third_party/blink/web_tests/external/wpt/mixed-content/gen/sharedworker-module-data.http-rp/opt-in/xhr/cross-http.no-redirect.https-expected.txt
-This is a testharness.js-based test.
-FAIL Mixed-Content: Expects blocked for xhr to cross-http origin and no-redirect redirection from https context. assert_equals: The resource request should be 'blocked'. expected "blocked" but got "allowed"
-Harness: the test ran to completion.
--- a/third_party/blink/web_tests/external/wpt/mixed-content/gen/sharedworker-module-data.http-rp/opt-in/xhr/cross-http.swap-scheme.https-expected.txt
+++ b/third_party/blink/web_tests/external/wpt/mixed-content/gen/sharedworker-module-data.http-rp/opt-in/xhr/cross-http.swap-scheme.https-expected.txt
-This is a testharness.js-based test.
-FAIL Mixed-Content: Expects blocked for xhr to cross-http origin and swap-scheme redirection from https context. assert_equals: The resource request should be 'blocked'. expected "blocked" but got "allowed"
-Harness: the test ran to completion.
--- a/third_party/blink/web_tests/external/wpt/mixed-content/gen/sharedworker-module-data.http-rp/opt-in/xhr/cross-https.swap-scheme.https-expected.txt
+++ b/third_party/blink/web_tests/external/wpt/mixed-content/gen/sharedworker-module-data.http-rp/opt-in/xhr/cross-https.swap-scheme.https-expected.txt
-This is a testharness.js-based test.
-FAIL Mixed-Content: Expects blocked for xhr to cross-https origin and swap-scheme redirection from https context. assert_equals: The resource request should be 'blocked'. expected "blocked" but got "allowed"
-Harness: the test ran to completion.
--- a/third_party/blink/web_tests/external/wpt/mixed-content/gen/sharedworker-module-data.http-rp/opt-in/xhr/same-http.keep-scheme.https-expected.txt
+++ b/third_party/blink/web_tests/external/wpt/mixed-content/gen/sharedworker-module-data.http-rp/opt-in/xhr/same-http.keep-scheme.https-expected.txt
-This is a testharness.js-based test.
-FAIL Mixed-Content: Expects blocked for xhr to same-http origin and keep-scheme redirection from https context. assert_equals: The resource request should be 'blocked'. expected "blocked" but got "allowed"
-Harness: the test ran to completion.
--- a/third_party/blink/web_tests/external/wpt/mixed-content/gen/sharedworker-module-data.http-rp/opt-in/xhr/same-http.no-redirect.https-expected.txt
+++ b/third_party/blink/web_tests/external/wpt/mixed-content/gen/sharedworker-module-data.http-rp/opt-in/xhr/same-http.no-redirect.https-expected.txt
-This is a testharness.js-based test.
-FAIL Mixed-Content: Expects blocked for xhr to same-http origin and no-redirect redirection from https context. assert_equals: The resource request should be 'blocked'. expected "blocked" but got "allowed"
-Harness: the test ran to completion.
--- a/third_party/blink/web_tests/external/wpt/mixed-content/gen/sharedworker-module-data.http-rp/opt-in/xhr/same-http.swap-scheme.https-expected.txt
+++ b/third_party/blink/web_tests/external/wpt/mixed-content/gen/sharedworker-module-data.http-rp/opt-in/xhr/same-http.swap-scheme.https-expected.txt
-This is a testharness.js-based test.
-FAIL Mixed-Content: Expects blocked for xhr to same-http origin and swap-scheme redirection from https context. assert_equals: The resource request should be 'blocked'. expected "blocked" but got "allowed"
-Harness: the test ran to completion.
--- a/third_party/blink/web_tests/external/wpt/mixed-content/gen/sharedworker-module-data.http-rp/opt-in/xhr/same-https.swap-scheme.https-expected.txt
+++ b/third_party/blink/web_tests/external/wpt/mixed-content/gen/sharedworker-module-data.http-rp/opt-in/xhr/same-https.swap-scheme.https-expected.txt
-This is a testharness.js-based test.
-FAIL Mixed-Content: Expects blocked for xhr to same-https origin and swap-scheme redirection from https context. assert_equals: The resource request should be 'blocked'. expected "blocked" but got "allowed"
-Harness: the test ran to completion.
--- a/third_party/blink/web_tests/external/wpt/mixed-content/gen/sharedworker-module-data.meta/opt-in/fetch/cross-http.no-redirect.https-expected.txt
+++ b/third_party/blink/web_tests/external/wpt/mixed-content/gen/sharedworker-module-data.meta/opt-in/fetch/cross-http.no-redirect.https-expected.txt
-This is a testharness.js-based test.
-FAIL Mixed-Content: Expects blocked for fetch to cross-http origin and no-redirect redirection from https context. assert_equals: The resource request should be 'blocked'. expected "blocked" but got "allowed"
-Harness: the test ran to completion.
--- a/third_party/blink/web_tests/external/wpt/mixed-content/gen/sharedworker-module-data.meta/opt-in/fetch/same-http.no-redirect.https-expected.txt
+++ b/third_party/blink/web_tests/external/wpt/mixed-content/gen/sharedworker-module-data.meta/opt-in/fetch/same-http.no-redirect.https-expected.txt
-This is a testharness.js-based test.
-FAIL Mixed-Content: Expects blocked for fetch to same-http origin and no-redirect redirection from https context. assert_equals: The resource request should be 'blocked'. expected "blocked" but got "allowed"
-Harness: the test ran to completion.
--- a/third_party/blink/web_tests/external/wpt/mixed-content/gen/sharedworker-module-data.meta/opt-in/websocket/cross-ws.no-redirect.https-expected.txt
+++ b/third_party/blink/web_tests/external/wpt/mixed-content/gen/sharedworker-module-data.meta/opt-in/websocket/cross-ws.no-redirect.https-expected.txt
-This is a testharness.js-based test.
-FAIL Mixed-Content: Expects blocked for websocket to cross-ws origin and no-redirect redirection from https context. assert_equals: The resource request should be 'blocked'. expected "blocked" but got "allowed"
-Harness: the test ran to completion.
--- a/third_party/blink/web_tests/external/wpt/mixed-content/gen/sharedworker-module-data.meta/opt-in/websocket/same-ws.no-redirect.https-expected.txt
+++ b/third_party/blink/web_tests/external/wpt/mixed-content/gen/sharedworker-module-data.meta/opt-in/websocket/same-ws.no-redirect.https-expected.txt
-This is a testharness.js-based test.
-FAIL Mixed-Content: Expects blocked for websocket to same-ws origin and no-redirect redirection from https context. assert_equals: The resource request should be 'blocked'. expected "blocked" but got "allowed"
-Harness: the test ran to completion.
--- a/third_party/blink/web_tests/external/wpt/mixed-content/gen/sharedworker-module-data.meta/opt-in/xhr/cross-http.no-redirect.https-expected.txt
+++ b/third_party/blink/web_tests/external/wpt/mixed-content/gen/sharedworker-module-data.meta/opt-in/xhr/cross-http.no-redirect.https-expected.txt
-This is a testharness.js-based test.
-FAIL Mixed-Content: Expects blocked for xhr to cross-http origin and no-redirect redirection from https context. assert_equals: The resource request should be 'blocked'. expected "blocked" but got "allowed"
-Harness: the test ran to completion.
--- a/third_party/blink/web_tests/external/wpt/mixed-content/gen/sharedworker-module-data.meta/opt-in/xhr/same-http.no-redirect.https-expected.txt
+++ b/third_party/blink/web_tests/external/wpt/mixed-content/gen/sharedworker-module-data.meta/opt-in/xhr/same-http.no-redirect.https-expected.txt
-This is a testharness.js-based test.
-FAIL Mixed-Content: Expects blocked for xhr to same-http origin and no-redirect redirection from https context. assert_equals: The resource request should be 'blocked'. expected "blocked" but got "allowed"
-Harness: the test ran to completion.