Treat prefetches as blockable mixed content.

This aligns Blink's behavior with Firefox and the Mixed Content spec,
and updates web platform tests accordingly.

Intent to Ship: https://groups.google.com/a/chromium.org/d/msg/blink-dev/x0ROz-Io2bc/B9-sd6_dBwAJ

Bug: 785287
Change-Id: Ic50a23419b95709bab0abd370df6c2e16c3bb7b7
Reviewed-on: https://chromium-review.googlesource.com/771192Reviewed-by: Jochen Eisinger <jochen@chromium.org>
Commit-Queue: Mike West <mkwst@chromium.org>
Cr-Commit-Position: refs/heads/master@{#517773}

third_party/WebKit/LayoutTests/external/wpt/mixed-content/link-prefetch-tag/http-csp/cross-origin-http/top-level/keep-scheme-redirect/optionally-blockable/opt-in-blocks.https.html → third_party/WebKit/LayoutTests/external/wpt/mixed-content/link-prefetch-tag/http-csp/cross-origin-http/top-level/keep-scheme-redirect/blockable/opt-in-blocks.https.html

@@ -2,11 +2,11 @@
 <!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
 <html>
   <head>
-    <title>Mixed-Content: Optionally-blockable content</title>
+    <title>Mixed-Content: Blockable content</title>
     <meta charset='utf-8'>
-    <meta name="description" content="Test behavior of optionally-blockable content">
+    <meta name="description" content="Test behavior of blockable content.">
     <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
-    <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-optionally-blockable">
+    <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
     <meta name="assert" content="opt_in_method: http-csp
                                  origin: cross-origin-http
                                  source_scheme: https

third_party/WebKit/LayoutTests/external/wpt/mixed-content/link-prefetch-tag/http-csp/cross-origin-http/top-level/no-redirect/optionally-blockable/opt-in-blocks.https.html → third_party/WebKit/LayoutTests/external/wpt/mixed-content/link-prefetch-tag/http-csp/cross-origin-http/top-level/no-redirect/blockable/opt-in-blocks.https.html

@@ -2,11 +2,11 @@
 <!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
 <html>
   <head>
-    <title>Mixed-Content: Optionally-blockable content</title>
+    <title>Mixed-Content: Blockable content</title>
     <meta charset='utf-8'>
-    <meta name="description" content="Test behavior of optionally-blockable content">
+    <meta name="description" content="Test behavior of blockable content.">
     <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
-    <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-optionally-blockable">
+    <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
     <meta name="assert" content="opt_in_method: http-csp
                                  origin: cross-origin-http
                                  source_scheme: https

third_party/WebKit/LayoutTests/external/wpt/mixed-content/link-prefetch-tag/http-csp/cross-origin-http/top-level/swap-scheme-redirect/optionally-blockable/opt-in-blocks.https.html → third_party/WebKit/LayoutTests/external/wpt/mixed-content/link-prefetch-tag/http-csp/cross-origin-http/top-level/swap-scheme-redirect/blockable/opt-in-blocks.https.html

@@ -2,11 +2,11 @@
 <!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
 <html>
   <head>
-    <title>Mixed-Content: Optionally-blockable content</title>
+    <title>Mixed-Content: Blockable content</title>
     <meta charset='utf-8'>
-    <meta name="description" content="Test behavior of optionally-blockable content">
+    <meta name="description" content="Test behavior of blockable content.">
     <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
-    <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-optionally-blockable">
+    <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
     <meta name="assert" content="opt_in_method: http-csp
                                  origin: cross-origin-http
                                  source_scheme: https

third_party/WebKit/LayoutTests/external/wpt/mixed-content/link-prefetch-tag/http-csp/same-host-http/top-level/keep-scheme-redirect/optionally-blockable/opt-in-blocks.https.html → third_party/WebKit/LayoutTests/external/wpt/mixed-content/link-prefetch-tag/http-csp/same-host-http/top-level/keep-scheme-redirect/blockable/opt-in-blocks.https.html

@@ -2,11 +2,11 @@
 <!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
 <html>
   <head>
-    <title>Mixed-Content: Optionally-blockable content</title>
+    <title>Mixed-Content: Blockable content</title>
     <meta charset='utf-8'>
-    <meta name="description" content="Test behavior of optionally-blockable content">
+    <meta name="description" content="Test behavior of blockable content.">
     <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
-    <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-optionally-blockable">
+    <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
     <meta name="assert" content="opt_in_method: http-csp
                                  origin: same-host-http
                                  source_scheme: https

third_party/WebKit/LayoutTests/external/wpt/mixed-content/link-prefetch-tag/http-csp/same-host-http/top-level/no-redirect/optionally-blockable/opt-in-blocks.https.html → third_party/WebKit/LayoutTests/external/wpt/mixed-content/link-prefetch-tag/http-csp/same-host-http/top-level/no-redirect/blockable/opt-in-blocks.https.html

@@ -2,11 +2,11 @@
 <!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
 <html>
   <head>
-    <title>Mixed-Content: Optionally-blockable content</title>
+    <title>Mixed-Content: Blockable content</title>
     <meta charset='utf-8'>
-    <meta name="description" content="Test behavior of optionally-blockable content">
+    <meta name="description" content="Test behavior of blockable content.">
     <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
-    <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-optionally-blockable">
+    <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
     <meta name="assert" content="opt_in_method: http-csp
                                  origin: same-host-http
                                  source_scheme: https

third_party/WebKit/LayoutTests/external/wpt/mixed-content/link-prefetch-tag/http-csp/same-host-http/top-level/swap-scheme-redirect/optionally-blockable/opt-in-blocks.https.html → third_party/WebKit/LayoutTests/external/wpt/mixed-content/link-prefetch-tag/http-csp/same-host-http/top-level/swap-scheme-redirect/blockable/opt-in-blocks.https.html

@@ -2,11 +2,11 @@
 <!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
 <html>
   <head>
-    <title>Mixed-Content: Optionally-blockable content</title>
+    <title>Mixed-Content: Blockable content</title>
     <meta charset='utf-8'>
-    <meta name="description" content="Test behavior of optionally-blockable content">
+    <meta name="description" content="Test behavior of blockable content.">
     <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
-    <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-optionally-blockable">
+    <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
     <meta name="assert" content="opt_in_method: http-csp
                                  origin: same-host-http
                                  source_scheme: https

third_party/WebKit/LayoutTests/external/wpt/mixed-content/link-prefetch-tag/meta-csp/cross-origin-http/top-level/no-redirect/optionally-blockable/opt-in-blocks.https.html → third_party/WebKit/LayoutTests/external/wpt/mixed-content/link-prefetch-tag/meta-csp/cross-origin-http/top-level/no-redirect/blockable/opt-in-blocks.https.html

@@ -2,11 +2,11 @@
 <!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
 <html>
   <head>
-    <title>Mixed-Content: Optionally-blockable content</title>
+    <title>Mixed-Content: Blockable content</title>
     <meta charset='utf-8'>
-    <meta name="description" content="Test behavior of optionally-blockable content">
+    <meta name="description" content="Test behavior of blockable content.">
     <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
-    <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-optionally-blockable">
+    <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
     <meta name="assert" content="opt_in_method: meta-csp
                                  origin: cross-origin-http
                                  source_scheme: https

third_party/WebKit/LayoutTests/external/wpt/mixed-content/link-prefetch-tag/meta-csp/same-host-http/top-level/no-redirect/optionally-blockable/opt-in-blocks.https.html → third_party/WebKit/LayoutTests/external/wpt/mixed-content/link-prefetch-tag/meta-csp/same-host-http/top-level/no-redirect/blockable/opt-in-blocks.https.html

@@ -2,11 +2,11 @@
 <!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
 <html>
   <head>
-    <title>Mixed-Content: Optionally-blockable content</title>
+    <title>Mixed-Content: Blockable content</title>
     <meta charset='utf-8'>
-    <meta name="description" content="Test behavior of optionally-blockable content">
+    <meta name="description" content="Test behavior of blockable content.">
     <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
-    <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-optionally-blockable">
+    <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
     <meta name="assert" content="opt_in_method: meta-csp
                                  origin: same-host-http
                                  source_scheme: https

third_party/WebKit/LayoutTests/external/wpt/mixed-content/link-prefetch-tag/no-opt-in/cross-origin-http/top-level/keep-scheme-redirect/optionally-blockable/no-opt-in-allows.https.html → third_party/WebKit/LayoutTests/external/wpt/mixed-content/link-prefetch-tag/no-opt-in/cross-origin-http/top-level/keep-scheme-redirect/blockable/no-opt-in-blocks.https.html

@@ -2,18 +2,18 @@
 <!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
 <html>
   <head>
-    <title>Mixed-Content: Optionally-blockable content</title>
+    <title>Mixed-Content: Blockable content</title>
     <meta charset='utf-8'>
-    <meta name="description" content="Test behavior of optionally-blockable content">
+    <meta name="description" content="Test behavior of blockable content.">
     <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
-    <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-optionally-blockable">
+    <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
     <meta name="assert" content="opt_in_method: no-opt-in
                                  origin: cross-origin-http
                                  source_scheme: https
                                  context_nesting: top-level
                                  redirection: keep-scheme-redirect
                                  subresource: link-prefetch-tag
-                                 expectation: allowed">
+                                 expectation: blocked">
     <script src="/resources/testharness.js"></script>
     <script src="/resources/testharnessreport.js"></script>
     <script src="/mixed-content/generic/common.js"></script>
@@ -29,7 +29,7 @@
           "context_nesting": "top-level",
           "redirection": "keep-scheme-redirect",
           "subresource": "link-prefetch-tag",
-          "expectation": "allowed"
+          "expectation": "blocked"
         },
         document.querySelector("meta[name=assert]").content,
         new SanityChecker()

third_party/WebKit/LayoutTests/external/wpt/mixed-content/link-prefetch-tag/no-opt-in/cross-origin-http/top-level/no-redirect/optionally-blockable/no-opt-in-allows.https.html → third_party/WebKit/LayoutTests/external/wpt/mixed-content/link-prefetch-tag/no-opt-in/cross-origin-http/top-level/no-redirect/blockable/no-opt-in-blocks.https.html

@@ -2,18 +2,18 @@
 <!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
 <html>
   <head>
-    <title>Mixed-Content: Optionally-blockable content</title>
+    <title>Mixed-Content: Blockable content</title>
     <meta charset='utf-8'>
-    <meta name="description" content="Test behavior of optionally-blockable content">
+    <meta name="description" content="Test behavior of blockable content.">
     <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
-    <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-optionally-blockable">
+    <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
     <meta name="assert" content="opt_in_method: no-opt-in
                                  origin: cross-origin-http
                                  source_scheme: https
                                  context_nesting: top-level
                                  redirection: no-redirect
                                  subresource: link-prefetch-tag
-                                 expectation: allowed">
+                                 expectation: blocked">
     <script src="/resources/testharness.js"></script>
     <script src="/resources/testharnessreport.js"></script>
     <script src="/mixed-content/generic/common.js"></script>
@@ -29,7 +29,7 @@
           "context_nesting": "top-level",
           "redirection": "no-redirect",
           "subresource": "link-prefetch-tag",
-          "expectation": "allowed"
+          "expectation": "blocked"
         },
         document.querySelector("meta[name=assert]").content,
         new SanityChecker()

third_party/WebKit/LayoutTests/external/wpt/mixed-content/link-prefetch-tag/no-opt-in/cross-origin-http/top-level/swap-scheme-redirect/optionally-blockable/no-opt-in-allows.https.html → third_party/WebKit/LayoutTests/external/wpt/mixed-content/link-prefetch-tag/no-opt-in/cross-origin-http/top-level/swap-scheme-redirect/blockable/no-opt-in-blocks.https.html

@@ -2,18 +2,18 @@
 <!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
 <html>
   <head>
-    <title>Mixed-Content: Optionally-blockable content</title>
+    <title>Mixed-Content: Blockable content</title>
     <meta charset='utf-8'>
-    <meta name="description" content="Test behavior of optionally-blockable content">
+    <meta name="description" content="Test behavior of blockable content.">
     <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
-    <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-optionally-blockable">
+    <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
     <meta name="assert" content="opt_in_method: no-opt-in
                                  origin: cross-origin-http
                                  source_scheme: https
                                  context_nesting: top-level
                                  redirection: swap-scheme-redirect
                                  subresource: link-prefetch-tag
-                                 expectation: allowed">
+                                 expectation: blocked">
     <script src="/resources/testharness.js"></script>
     <script src="/resources/testharnessreport.js"></script>
     <script src="/mixed-content/generic/common.js"></script>
@@ -29,7 +29,7 @@
           "context_nesting": "top-level",
           "redirection": "swap-scheme-redirect",
           "subresource": "link-prefetch-tag",
-          "expectation": "allowed"
+          "expectation": "blocked"
         },
         document.querySelector("meta[name=assert]").content,
         new SanityChecker()

third_party/WebKit/LayoutTests/external/wpt/mixed-content/link-prefetch-tag/no-opt-in/same-host-http/top-level/keep-scheme-redirect/optionally-blockable/no-opt-in-allows.https.html → third_party/WebKit/LayoutTests/external/wpt/mixed-content/link-prefetch-tag/no-opt-in/same-host-http/top-level/keep-scheme-redirect/blockable/no-opt-in-blocks.https.html

@@ -2,18 +2,18 @@
 <!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
 <html>
   <head>
-    <title>Mixed-Content: Optionally-blockable content</title>
+    <title>Mixed-Content: Blockable content</title>
     <meta charset='utf-8'>
-    <meta name="description" content="Test behavior of optionally-blockable content">
+    <meta name="description" content="Test behavior of blockable content.">
     <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
-    <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-optionally-blockable">
+    <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
     <meta name="assert" content="opt_in_method: no-opt-in
                                  origin: same-host-http
                                  source_scheme: https
                                  context_nesting: top-level
                                  redirection: keep-scheme-redirect
                                  subresource: link-prefetch-tag
-                                 expectation: allowed">
+                                 expectation: blocked">
     <script src="/resources/testharness.js"></script>
     <script src="/resources/testharnessreport.js"></script>
     <script src="/mixed-content/generic/common.js"></script>
@@ -29,7 +29,7 @@
           "context_nesting": "top-level",
           "redirection": "keep-scheme-redirect",
           "subresource": "link-prefetch-tag",
-          "expectation": "allowed"
+          "expectation": "blocked"
         },
         document.querySelector("meta[name=assert]").content,
         new SanityChecker()

third_party/WebKit/LayoutTests/external/wpt/mixed-content/link-prefetch-tag/no-opt-in/same-host-http/top-level/no-redirect/optionally-blockable/no-opt-in-allows.https.html → third_party/WebKit/LayoutTests/external/wpt/mixed-content/link-prefetch-tag/no-opt-in/same-host-http/top-level/no-redirect/blockable/no-opt-in-blocks.https.html

@@ -2,18 +2,18 @@
 <!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
 <html>
   <head>
-    <title>Mixed-Content: Optionally-blockable content</title>
+    <title>Mixed-Content: Blockable content</title>
     <meta charset='utf-8'>
-    <meta name="description" content="Test behavior of optionally-blockable content">
+    <meta name="description" content="Test behavior of blockable content.">
     <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
-    <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-optionally-blockable">
+    <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
     <meta name="assert" content="opt_in_method: no-opt-in
                                  origin: same-host-http
                                  source_scheme: https
                                  context_nesting: top-level
                                  redirection: no-redirect
                                  subresource: link-prefetch-tag
-                                 expectation: allowed">
+                                 expectation: blocked">
     <script src="/resources/testharness.js"></script>
     <script src="/resources/testharnessreport.js"></script>
     <script src="/mixed-content/generic/common.js"></script>
@@ -29,7 +29,7 @@
           "context_nesting": "top-level",
           "redirection": "no-redirect",
           "subresource": "link-prefetch-tag",
-          "expectation": "allowed"
+          "expectation": "blocked"
         },
         document.querySelector("meta[name=assert]").content,
         new SanityChecker()

third_party/WebKit/LayoutTests/external/wpt/mixed-content/link-prefetch-tag/no-opt-in/same-host-http/top-level/swap-scheme-redirect/optionally-blockable/no-opt-in-allows.https.html → third_party/WebKit/LayoutTests/external/wpt/mixed-content/link-prefetch-tag/no-opt-in/same-host-http/top-level/swap-scheme-redirect/blockable/no-opt-in-blocks.https.html

@@ -2,18 +2,18 @@
 <!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
 <html>
   <head>
-    <title>Mixed-Content: Optionally-blockable content</title>
+    <title>Mixed-Content: Blockable content</title>
     <meta charset='utf-8'>
-    <meta name="description" content="Test behavior of optionally-blockable content">
+    <meta name="description" content="Test behavior of blockable content.">
     <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
-    <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-optionally-blockable">
+    <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
     <meta name="assert" content="opt_in_method: no-opt-in
                                  origin: same-host-http
                                  source_scheme: https
                                  context_nesting: top-level
                                  redirection: swap-scheme-redirect
                                  subresource: link-prefetch-tag
-                                 expectation: allowed">
+                                 expectation: blocked">
     <script src="/resources/testharness.js"></script>
     <script src="/resources/testharnessreport.js"></script>
     <script src="/mixed-content/generic/common.js"></script>
@@ -29,7 +29,7 @@
           "context_nesting": "top-level",
           "redirection": "swap-scheme-redirect",
           "subresource": "link-prefetch-tag",
-          "expectation": "allowed"
+          "expectation": "blocked"
         },
         document.querySelector("meta[name=assert]").content,
         new SanityChecker()

third_party/WebKit/LayoutTests/external/wpt/mixed-content/spec.src.json

@@ -239,13 +239,13 @@
         "a-tag",
         "object-tag",
         "picture-tag",
-        "websocket-request"
+        "websocket-request",
+        "link-prefetch-tag"
       ],
       "optionally-blockable": [
         "img-tag",
         "audio-tag",
-        "video-tag",
-        "link-prefetch-tag"
+        "video-tag"
       ]
     },
     "expectation": [

third_party/WebKit/LayoutTests/external/wpt/mixed-content/spec_json.js

-var SPEC_JSON = {"test_expansion_schema": {"origin": ["same-host-https", "same-host-http", "cross-origin-https", "cross-origin-http", "same-host-wss", "same-host-ws", "cross-origin-wss", "cross-origin-ws"], "subresource": {"blockable": ["script-tag", "link-css-tag", "xhr-request", "worker-request", "fetch-request", "a-tag", "object-tag", "picture-tag", "websocket-request"], "optionally-blockable": ["img-tag", "audio-tag", "video-tag", "link-prefetch-tag"]}, "context_nesting": ["top-level", "sub-level"], "expectation": ["allowed", "blocked"], "expansion": ["default", "override"], "redirection": ["no-redirect", "keep-scheme-redirect", "swap-scheme-redirect"], "opt_in_method": ["no-opt-in", "http-csp", "meta-csp", "img-crossorigin"], "source_scheme": ["http", "https"]}, "specification": [{"test_expansion": [{"origin": ["cross-origin-http", "same-host-http"], "name": "opt-in-blocks", "redirection": "*", "expectation": "blocked", "expansion": "default", "context_nesting": "top-level", "opt_in_method": ["http-csp", "meta-csp"], "source_scheme": "https", "subresource": {"blockable": [], "optionally-blockable": "*"}}, {"origin": ["cross-origin-http", "same-host-http"], "name": "no-opt-in-allows", "redirection": "*", "expectation": "allowed", "expansion": "default", "context_nesting": "top-level", "opt_in_method": "no-opt-in", "source_scheme": "https", "subresource": {"blockable": [], "optionally-blockable": "*"}}], "description": "Test behavior of optionally-blockable content", "specification_url": "http://www.w3.org/TR/mixed-content/#category-optionally-blockable", "name": "optionally-blockable", "title": "Optionally-blockable content"}, {"test_expansion": [{"origin": ["cross-origin-http", "same-host-http"], "name": "opt-in-blocks", "redirection": "*", "expectation": "blocked", "expansion": "default", "context_nesting": "top-level", "opt_in_method": ["http-csp", "meta-csp"], "source_scheme": "https", "subresource": {"blockable": "*", "optionally-blockable": []}}, {"origin": ["cross-origin-http", "same-host-http"], "name": "no-opt-in-blocks", "redirection": "*", "expectation": "blocked", "expansion": "default", "context_nesting": "top-level", "opt_in_method": "no-opt-in", "source_scheme": "https", "subresource": {"blockable": "*", "optionally-blockable": []}}, {"origin": ["cross-origin-ws", "same-host-ws"], "name": "ws-downgrade-blocks", "redirection": "*", "expectation": "blocked", "expansion": "default", "context_nesting": "top-level", "opt_in_method": ["no-opt-in", "http-csp", "meta-csp"], "source_scheme": "https", "subresource": {"blockable": "websocket-request", "optionally-blockable": []}}], "description": "Test behavior of blockable content.", "specification_url": "http://www.w3.org/TR/mixed-content/#category-blockable", "name": "blockable", "title": "Blockable content"}, {"test_expansion": [{"origin": ["same-host-https"], "name": "allowed", "redirection": ["no-redirect", "keep-scheme-redirect"], "expectation": "allowed", "expansion": "default", "context_nesting": "top-level", "opt_in_method": "*", "source_scheme": "https", "subresource": {"blockable": "*", "optionally-blockable": "*"}}, {"origin": ["same-host-wss"], "name": "websocket-allowed", "redirection": ["no-redirect", "keep-scheme-redirect"], "expectation": "allowed", "expansion": "default", "context_nesting": "top-level", "opt_in_method": "*", "source_scheme": "https", "subresource": {"blockable": "websocket-request", "optionally-blockable": []}}], "description": "Test behavior of allowed content.", "specification_url": "http://www.w3.org/TR/mixed-content/", "name": "allowed", "title": "Allowed content"}], "excluded_tests": [{"origin": "*", "name": "Redundant-subresources", "redirection": "*", "expectation": "*", "expansion": "*", "context_nesting": "*", "opt_in_method": "*", "source_scheme": "*", "subresource": {"blockable": ["a-tag"], "optionally-blockable": []}}, {"origin": ["same-host-https", "same-host-http", "cross-origin-https", "cross-origin-http"], "name": "Skip-origins-not-applicable-to-websockets", "redirection": "*", "expectation": "*", "expansion": "*", "context_nesting": "*", "opt_in_method": "*", "source_scheme": "*", "subresource": {"blockable": ["websocket-request"], "optionally-blockable": []}}, {"origin": "*", "name": "TODO-opt-in-method-img-cross-origin", "redirection": "*", "expectation": "*", "expansion": "*", "context_nesting": "*", "opt_in_method": "img-crossorigin", "source_scheme": "*", "subresource": {"blockable": "*", "optionally-blockable": "*"}}, {"origin": "*", "name": "Skip-redundant-for-opt-in-method", "redirection": ["keep-scheme-redirect", "swap-scheme-redirect"], "expectation": "*", "expansion": "*", "context_nesting": "*", "opt_in_method": ["meta-csp", "img-crossorigin"], "source_scheme": "*", "subresource": {"blockable": "*", "optionally-blockable": "*"}}]};
+var SPEC_JSON = {"test_expansion_schema": {"origin": ["same-host-https", "same-host-http", "cross-origin-https", "cross-origin-http", "same-host-wss", "same-host-ws", "cross-origin-wss", "cross-origin-ws"], "subresource": {"blockable": ["script-tag", "link-css-tag", "xhr-request", "worker-request", "fetch-request", "a-tag", "object-tag", "picture-tag", "websocket-request", "link-prefetch-tag"], "optionally-blockable": ["img-tag", "audio-tag", "video-tag"]}, "context_nesting": ["top-level", "sub-level"], "expectation": ["allowed", "blocked"], "expansion": ["default", "override"], "redirection": ["no-redirect", "keep-scheme-redirect", "swap-scheme-redirect"], "opt_in_method": ["no-opt-in", "http-csp", "meta-csp", "img-crossorigin"], "source_scheme": ["http", "https"]}, "specification": [{"test_expansion": [{"origin": ["cross-origin-http", "same-host-http"], "name": "opt-in-blocks", "redirection": "*", "expectation": "blocked", "expansion": "default", "context_nesting": "top-level", "opt_in_method": ["http-csp", "meta-csp"], "source_scheme": "https", "subresource": {"blockable": [], "optionally-blockable": "*"}}, {"origin": ["cross-origin-http", "same-host-http"], "name": "no-opt-in-allows", "redirection": "*", "expectation": "allowed", "expansion": "default", "context_nesting": "top-level", "opt_in_method": "no-opt-in", "source_scheme": "https", "subresource": {"blockable": [], "optionally-blockable": "*"}}], "description": "Test behavior of optionally-blockable content", "specification_url": "http://www.w3.org/TR/mixed-content/#category-optionally-blockable", "name": "optionally-blockable", "title": "Optionally-blockable content"}, {"test_expansion": [{"origin": ["cross-origin-http", "same-host-http"], "name": "opt-in-blocks", "redirection": "*", "expectation": "blocked", "expansion": "default", "context_nesting": "top-level", "opt_in_method": ["http-csp", "meta-csp"], "source_scheme": "https", "subresource": {"blockable": "*", "optionally-blockable": []}}, {"origin": ["cross-origin-http", "same-host-http"], "name": "no-opt-in-blocks", "redirection": "*", "expectation": "blocked", "expansion": "default", "context_nesting": "top-level", "opt_in_method": "no-opt-in", "source_scheme": "https", "subresource": {"blockable": "*", "optionally-blockable": []}}, {"origin": ["cross-origin-ws", "same-host-ws"], "name": "ws-downgrade-blocks", "redirection": "*", "expectation": "blocked", "expansion": "default", "context_nesting": "top-level", "opt_in_method": ["no-opt-in", "http-csp", "meta-csp"], "source_scheme": "https", "subresource": {"blockable": "websocket-request", "optionally-blockable": []}}], "description": "Test behavior of blockable content.", "specification_url": "http://www.w3.org/TR/mixed-content/#category-blockable", "name": "blockable", "title": "Blockable content"}, {"test_expansion": [{"origin": ["same-host-https"], "name": "allowed", "redirection": ["no-redirect", "keep-scheme-redirect"], "expectation": "allowed", "expansion": "default", "context_nesting": "top-level", "opt_in_method": "*", "source_scheme": "https", "subresource": {"blockable": "*", "optionally-blockable": "*"}}, {"origin": ["same-host-wss"], "name": "websocket-allowed", "redirection": ["no-redirect", "keep-scheme-redirect"], "expectation": "allowed", "expansion": "default", "context_nesting": "top-level", "opt_in_method": "*", "source_scheme": "https", "subresource": {"blockable": "websocket-request", "optionally-blockable": []}}], "description": "Test behavior of allowed content.", "specification_url": "http://www.w3.org/TR/mixed-content/", "name": "allowed", "title": "Allowed content"}], "excluded_tests": [{"origin": "*", "name": "Redundant-subresources", "redirection": "*", "expectation": "*", "expansion": "*", "context_nesting": "*", "opt_in_method": "*", "source_scheme": "*", "subresource": {"blockable": ["a-tag"], "optionally-blockable": []}}, {"origin": ["same-host-https", "same-host-http", "cross-origin-https", "cross-origin-http"], "name": "Skip-origins-not-applicable-to-websockets", "redirection": "*", "expectation": "*", "expansion": "*", "context_nesting": "*", "opt_in_method": "*", "source_scheme": "*", "subresource": {"blockable": ["websocket-request"], "optionally-blockable": []}}, {"origin": "*", "name": "TODO-opt-in-method-img-cross-origin", "redirection": "*", "expectation": "*", "expansion": "*", "context_nesting": "*", "opt_in_method": "img-crossorigin", "source_scheme": "*", "subresource": {"blockable": "*", "optionally-blockable": "*"}}, {"origin": "*", "name": "Skip-redundant-for-opt-in-method", "redirection": ["keep-scheme-redirect", "swap-scheme-redirect"], "expectation": "*", "expansion": "*", "context_nesting": "*", "opt_in_method": ["meta-csp", "img-crossorigin"], "source_scheme": "*", "subresource": {"blockable": "*", "optionally-blockable": "*"}}]};

third_party/WebKit/LayoutTests/http/tests/security/mixedContent/insecure-prefetch-in-main-frame-expected.txt

-CONSOLE WARNING: line 8: Mixed Content: The page at 'https://127.0.0.1:8443/security/mixedContent/insecure-prefetch-in-main-frame.html' was loaded over HTTPS, but requested an insecure prefetch resource 'http://example.test:8080/resources/square.png'. This content should also be served over HTTPS.
-Prefetching from insecure source must trigger a mixed content callback.

third_party/WebKit/LayoutTests/http/tests/security/mixedContent/insecure-prefetch-in-main-frame.html

-<!DOCTYPE html>
-<html>
-<body>
-<p>
-Prefetching from insecure source must trigger a mixed content callback.
-</p>
-
-<link rel="prefetch" href="http://example.test:8080/resources/square.png"  onload="prefetch_onload()" />
-
-<script>
-if (location.protocol != 'https:')
-    location = 'https://127.0.0.1:8443/security/mixedContent/insecure-prefetch-in-main-frame.html';
-
-if (window.testRunner) {
-    testRunner.waitUntilDone();
-    testRunner.dumpAsText();
-}
-
-function prefetch_onload() {
-    if (window.testRunner)
-        testRunner.notifyDone();
-}
-</script>
-</body>
-</html>

third_party/WebKit/Source/platform/exported/WebMixedContent.cpp

@@ -69,6 +69,7 @@ WebMixedContentContextType WebMixedContent::ContextTypeFromRequestContext(
     case WebURLRequest::kRequestContextManifest:
     case WebURLRequest::kRequestContextObject:
     case WebURLRequest::kRequestContextPing:
+    case WebURLRequest::kRequestContextPrefetch:
     case WebURLRequest::kRequestContextScript:
     case WebURLRequest::kRequestContextServiceWorker:
     case WebURLRequest::kRequestContextSharedWorker:
@@ -83,7 +84,6 @@ WebMixedContentContextType WebMixedContent::ContextTypeFromRequestContext(
     // FIXME: Contexts that we should block, but don't currently.
     // https://crbug.com/388650
     case WebURLRequest::kRequestContextDownload:
-    case WebURLRequest::kRequestContextPrefetch:
       return WebMixedContentContextType::kShouldBeBlockable;
 
     case WebURLRequest::kRequestContextUnspecified: